diff options
Diffstat (limited to 'manifests/subsystems/ssh.pp')
| -rw-r--r-- | manifests/subsystems/ssh.pp | 101 |
1 files changed, 0 insertions, 101 deletions
diff --git a/manifests/subsystems/ssh.pp b/manifests/subsystems/ssh.pp deleted file mode 100644 index f15931d..0000000 --- a/manifests/subsystems/ssh.pp +++ /dev/null @@ -1,101 +0,0 @@ -# Base class -class ssh_folder { - if !defined(File["${home}/.ssh"]) { - file { "${home}/.ssh": - ensure => directory, - owner => $owner, - group => $group, - mode => 0700, - } - } -} - -# Manage ssh config for a particular user -define ssh_config($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { - include ssh_folder - - file { "${home}/.ssh/config": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # The NoHostAuthenticationForLocalhost ssh option might be useful - # for automated deployment environments so your ikiwiki user doesn't - # get stuck with the fingerprint confirmation prompt when pushing - # content via ssh in the first time it runs. - line { 'NoHostAuthenticationForLocalhost-${owner}': - file => "${home}/.ssh/config", - line => "NoHostAuthenticationForLocalhost yes", - ensure => $ssh_localhost_auth ? { - 'auto' => present, - 'fingerprint' => absent, - default => absent, - }, - } -} - -# Manage known_hosts for a particular user -define ssh_known_host($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { - include ssh_folder - - file { "${home}/.ssh/known_hosts": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # You can choose to include the host's fingeprints - # directly into the known_hosts file. - if $::sshrsakey != '' { - line { 'known_hosts-localhost-rsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-rsa ${::sshrsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshdsakey != '' { - line { 'known_hosts-localhost-dsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-dss ${::sshdsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshecdsakey != '' { - line { 'known_hosts-localhost-ecdsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } -} - -define ssh_create_key($owner, $group, $keyfile = 'id_rsa', $home = '/home/$owner') { - include ssh_folder - - exec { "ssh-keygen-${owner}": - command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/${keyfile}", - creates => "${home}/.ssh/${keyfile}", - user => $owner, - group => $group, - require => File["${home}/.ssh"], - } -} |