class sshd::base { file { 'sshd_config': path => '/etc/ssh/sshd_config', content => $::lsbdistcodename ? { '' => template("sshd/sshd_config/${::operatingsystem}.erb"), default => template ("sshd/sshd_config/${::operatingsystem}_${::lsbdistcodename}.erb"), }, notify => Service[sshd], owner => root, group => 0, mode => 600; } # Now add the key, if we've got one case $::sshrsakey { '': { info("no sshrsakey on ${::fqdn}") } default: { @@sshkey{ "${::fqdn}-rsa": tag => "fqdn", type => ssh-rsa, key => $::sshrsakey, ensure => present, } # TODO: how to determine key type? @@sshkey{ "${::fqdn}-ecdsa": tag => "fqdn", type => ecdsa-sha2-nistp256, key => $::sshecdsakey, ensure => present, } # In case the node has uses a shared network address, # we don't define a sshkey resource using an IP address if $sshd::shared_ip == "no" { @@sshkey{ "${::ipaddress}-rsa": tag => "ipaddress", type => ssh-rsa, key => $::sshrsakey, ensure => present, } # TODO: how to determine key type? @@sshkey{ "${::ipaddress}-ecdsa": tag => "ipaddress", type => ecdsa-sha2-nistp256, key => $::sshecdsakey, ensure => present, } } } } service{'sshd': name => 'sshd', enable => true, ensure => running, hasstatus => true, require => File[sshd_config], } }