# Manage ssh config for a particular user
define nodo::subsystem::ssh::config(
  $owner,
  $group,
  $home               = '/home/$owner',
  $ssh_localhost_auth = false
) {
  nodo::subsystem::ssh::folder { "ssh-config-${name}":
    home  => $home,
    owner => $owner,
    group => $group,
  }

  file { "${home}/.ssh/config":
    ensure  => present,
    owner   => $owner,
    group   => $group,
    mode    => '0600',
    require => File["${home}/.ssh"],
  }

  # The NoHostAuthenticationForLocalhost ssh option might be useful
  # for automated deployment environments so your ikiwiki user doesn't
  # get stuck with the fingerprint confirmation prompt when pushing
  # content via ssh in the first time it runs.
  file_line { 'NoHostAuthenticationForLocalhost-${owner}':
    path   => "${home}/.ssh/config",
    line   => "NoHostAuthenticationForLocalhost yes",
    ensure => $ssh_localhost_auth ? {
      'auto'        => present,
      'fingerprint' => absent,
      default       => absent,
    },
  }
}