From 40c517b334bd99fec985959f97e48c775ae6da3a Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 22 Jan 2013 18:11:54 -0200
Subject: Moving all sshd declarations to nodo class

---
 manifests/nodo.pp | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

(limited to 'manifests/nodo.pp')

diff --git a/manifests/nodo.pp b/manifests/nodo.pp
index 873c075..8d746d0 100644
--- a/manifests/nodo.pp
+++ b/manifests/nodo.pp
@@ -40,12 +40,6 @@ class nodo {
 
   # Apt configuration
   if $use_apt != false {
-    # TODO: remove this in the future after all old nodes
-    #       have applied the catalog.
-    file { '/etc/apt/sources.list.d/debian-backports.list':
-      ensure => absent,
-    }
-
     class { 'apt':
       include_src      => hiera('nodo::apt_include_src', false),
       use_next_release => hiera('nodo::apt_use_next_release', false),
@@ -85,6 +79,26 @@ class nodo {
   $sshd_hardened_ssl            = "yes"
   $sshd_print_motd              = "yes"
 
+  # SSH Server
+  #
+  # We need to restrict listen address so multiple instances
+  # can live together in the same physical host.
+  #
+  case $sshd_listen_address {
+    '': { $sshd_listen_address = [ "$ipaddress", '127.0.0.1' ] }
+  }
+
+  class { 'sshd':
+    listen_address          => $sshd_listen_address,
+    password_authentication => $sshd_password_authentication,
+    shared_ip               => $sshd_shared_ip,
+    tcp_forwarding          => $sshd_tcp_forwarding,
+    hardened_ssl            => $sshd_hardened_ssl,
+    print_motd              => $sshd_print_motd,
+    ports                   => $sshd_ports,
+    use_pam                 => $sshd_use_pam,
+  }
+
   file { "/etc/hostname":
     owner   => "root",
     group   => "root",
@@ -94,7 +108,7 @@ class nodo {
   }
 
   file { "/etc/rc.local":
-    source  => "puppet://$server/modules/nodo/etc/rc.local",
+    source  => "puppet:///modules/nodo/etc/rc.local",
     owner   => "root",
     group   => "root",
     mode    => 0755,
-- 
cgit v1.2.3