aboutsummaryrefslogtreecommitdiff
path: root/manifests/init.pp
blob: 69b5f86ff1711551de91d58854dd338d59756ab2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

# modules/ssh/manifests/init.pp - manage ssh stuff
# Copyright (C) 2007 admin@immerda.ch
#

#modules_dir { "sshd": }

class sshd {

	case $operatingsystem {
		OpenBSD: {
			exec{sshd_refresh:
        	    command => "/bin/kill -HUP `/bin/cat /var/run/sshd.pid`",
	            refreshonly => true,
            }
		}
		default: {
			service{'sshd':
                name => $operatingsystem ? {
                    debian => 'ssh',
                    ubuntu => 'ssh',
                    default => 'sshd',
                },
                enable => true,
                ensure => running,
				require => Package[openssh],
            }
            
			package{openssh:
                name => $operatingsystem ? {
                    debian => 'openssh-server',
                    ubuntu => 'openssh-server',
                    redhat => 'openssh-server',
                    centos => 'openssh-server',
                    default => 'openssh',
                },
                category => $operatingsystem ? {
	                gentoo => 'net-misc',
		        	default => '',
	            },
		        ensure => present,
			}

		}
	}

	$real_sshd_config_source = $sshd_config_source ? {
	    '' => "sshd/sshd_config/${operatingsystem}_normal.erb",
    	default => $source,
	}

    notice("sshd_allowed_users is set to ${sshd_allowed_users}")

    $real_sshd_allowed_users = $sshd_allowed_users ? {
        ''  => 'root',
    	default => $sshd_allowed_users,
    }

    file { 'sshd_config':
        path => '/etc/ssh/sshd_config',
        owner => root,
        group => 0,
        mode => 600,
        content => template("${real_sshd_config_source}"),
    	notify => $operatingsystem ? { 
	        openbsd => Exec[sshd_refresh],
		    default => Service[sshd],
    	},
    }
}

define sshd::deploy_auth_key(
        $source = '', 
        $user = 'root', 
        $target_dir = '/root/.ssh/', 
        $group = '' ) {

        $real_target = $target_dir ? {
                '' => "/home/$user/.ssh/",
                default => $target_dir,
        }

        $real_group = $group ? {
                '' => 0,
                default => $group,
        }

        $real_source = $source ? {
            '' => [ "sshd/authorized_keys/${name}",
                    "dist/sshd/authorized_keys/${name}"],
            default => $source,
        }

        file {$real_target:
                ensure => directory,
                owner => $user,
                group => $real_group,
                mode => 700,
        }

        file {"authorized_keys_${user}":
                path => "$real_target/authorized_keys",
                owner => $user,
                group => $real_group,
                mode => 600,
                source => "puppet://$server/$real_source",
        }
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 06:48:59 +0000