aboutsummaryrefslogtreecommitdiff
path: root/manifests/defines/ssh_config.pp
blob: 79d96350a6ea80db803e0017cdf528a2a234d71a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Manage ssh config for a particular user
define ssh_config(
  $owner,
  $home               = '/home/$owner',
  $ssh_localhost_auth = false
) {
  include nodo::subsystem::ssh_folder

  file { "${home}/.ssh/config":
    ensure  => present,
    owner   => $owner,
    group   => $group,
    mode    => 0600,
    require => File["${home}/.ssh"],
  }

  # The NoHostAuthenticationForLocalhost ssh option might be useful
  # for automated deployment environments so your ikiwiki user doesn't
  # get stuck with the fingerprint confirmation prompt when pushing
  # content via ssh in the first time it runs.
  line { 'NoHostAuthenticationForLocalhost-${owner}':
    file   => "${home}/.ssh/config",
    line   => "NoHostAuthenticationForLocalhost yes",
    ensure => $ssh_localhost_auth ? {
      'auto'        => present,
      'fingerprint' => absent,
      default       => absent,
    },
  }
}