diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/base.pp | 22 | ||||
| -rw-r--r-- | manifests/client.pp | 4 | ||||
| -rw-r--r-- | manifests/client/base.pp | 5 | ||||
| -rw-r--r-- | manifests/init.pp | 9 |
4 files changed, 29 insertions, 11 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 2ac2385..848e547 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -10,18 +10,24 @@ class sshd::base { } # Now add the key, if we've got one - case $sshrsakey_key { + case $sshrsakey { '': { info("no sshrsakey on $fqdn") } default: { - @@sshkey{"$hostname.$domain": - type => ssh-rsa, - key => $sshrsakey_key, + @@sshkey{"$fqdn": + tag => "fqdn", + type => ssh-rsa, + key => $sshrsakey, ensure => present, } - @@sshkey{"$ipaddress": - type => ssh-rsa, - key => $sshrsakey, - ensure => present, + # In case the node has uses a shared network address, + # we don't define a sshkey resource using an IP address + if $sshd_shared_ip == "no" { + @@sshkey{"$ipaddress": + tag => "ipaddress", + type => ssh-rsa, + key => $sshrsakey, + ensure => present, + } } } } diff --git a/manifests/client.pp b/manifests/client.pp index b650244..0d1d198 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -2,11 +2,11 @@ class sshd::client { case $operatingsystem { - debian: { include sshd::client::debian } + debian,ubuntu: { include sshd::client::debian } default: { case $kernel { linux: { include sshd::client::linux } - default: { include sshd::client::base } + default: { include sshd::client::base } } } } diff --git a/manifests/client/base.pp b/manifests/client/base.pp index 33d9f9e..7329f55 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -5,5 +5,8 @@ class sshd::client::base { } # Now collect all server keys - Sshkey <<||>> + case $sshd_shared_ip { + no: { Sshkey <<||>> } + yes: { Sshkey <<| tag == "fqdn" |>> } + } } diff --git a/manifests/init.pp b/manifests/init.pp index 90b7c64..3d2a5b9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -250,6 +250,15 @@ class sshd { case $sshd_ensure_version { '': { $sshd_ensure_version = "present" } } + case $sshd_print_motd { + '': { $sshd_print_motd = "yes" } + } + case $sshd_shared_ip { + '': { $sshd_shared_ip = "no" } + } + case $sshd_perfect_forward_secrecy { + '': { $sshd_perfect_forward_secrecy = "no" } + } include sshd::client |