diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-11-18 02:20:04 -0500 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-11-18 02:29:32 -0500 |
commit | 8743ff69bfef8a740b0b7488998571a5f109dacc (patch) | |
tree | bf1386fb0231be67cd52775d9b06045b0199f7dd | |
parent | 3805989ff79484c3e6696824358b2b6219cd89bb (diff) | |
download | puppet-tozt-8743ff69bfef8a740b0b7488998571a5f109dacc.tar.gz puppet-tozt-8743ff69bfef8a740b0b7488998571a5f109dacc.zip |
manage sshd config with puppet
-rw-r--r-- | modules/base/manifests/services.pp | 1 | ||||
-rw-r--r-- | modules/sshd/files/00base | 8 | ||||
-rw-r--r-- | modules/sshd/manifests/configsection.pp | 6 | ||||
-rw-r--r-- | modules/sshd/manifests/init.pp | 30 |
4 files changed, 45 insertions, 0 deletions
diff --git a/modules/base/manifests/services.pp b/modules/base/manifests/services.pp index f1c10bf..e2f533a 100644 --- a/modules/base/manifests/services.pp +++ b/modules/base/manifests/services.pp @@ -1,4 +1,5 @@ class base::services { include locate include ntp + include sshd } diff --git a/modules/sshd/files/00base b/modules/sshd/files/00base new file mode 100644 index 0000000..bbf2ec8 --- /dev/null +++ b/modules/sshd/files/00base @@ -0,0 +1,8 @@ +PermitRootLogin yes +AuthorizedKeysFile .ssh/authorized_keys +ChallengeResponseAuthentication no +UsePAM yes +PrintMotd no +Subsystem sftp /usr/lib/ssh/sftp-server + +# vim:ft=sshdconfig diff --git a/modules/sshd/manifests/configsection.pp b/modules/sshd/manifests/configsection.pp new file mode 100644 index 0000000..4376d1e --- /dev/null +++ b/modules/sshd/manifests/configsection.pp @@ -0,0 +1,6 @@ +define sshd::configsection($source) { + file { "/etc/ssh/sshd_config.d/$name": + source => $source, + require => File['/etc/ssh/sshd_config.d']; + } +} diff --git a/modules/sshd/manifests/init.pp b/modules/sshd/manifests/init.pp new file mode 100644 index 0000000..542758d --- /dev/null +++ b/modules/sshd/manifests/init.pp @@ -0,0 +1,30 @@ +class sshd { + package { 'openssh': + ensure => installed; + } + + service { 'sshd': + enable => true, + ensure => running; + } + + file { + '/etc/ssh/sshd_config.d': + ensure => directory, + require => Package['openssh']; + } + + sshd::configsection { '00base': + source => 'puppet:///modules/sshd/00base'; + } + + exec { 'assemble sshd_config': + provider => 'shell', + command => 'cat $(ls /etc/ssh/sshd_config.d/) > /etc/ssh/sshd_config', + refreshonly => true; + } + + File['/etc/ssh/sshd_config.d'] -> Sshd::Configsection<| |> + Sshd::Configsection<| |> ~> Exec['assemble sshd_config'] + Exec['assemble sshd_config'] ~> Service['sshd'] +} |