diff options
| -rw-r--r-- | puppet/modules/site_config/files/xterm-title.sh (renamed from puppet/modules/site_sshd/files/xterm-title.sh) | 0 | ||||
| -rw-r--r-- | puppet/modules/site_config/manifests/shell.pp | 12 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/manifests/authorized_keys.pp | 19 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/manifests/deploy_authorized_keys.pp | 9 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/manifests/init.pp | 38 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/manifests/mosh.pp | 21 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/manifests/ssh_key.pp | 3 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/templates/authorized_keys.erb | 6 |
8 files changed, 81 insertions, 27 deletions
diff --git a/puppet/modules/site_sshd/files/xterm-title.sh b/puppet/modules/site_config/files/xterm-title.sh index 3cff0e3a..3cff0e3a 100644 --- a/puppet/modules/site_sshd/files/xterm-title.sh +++ b/puppet/modules/site_config/files/xterm-title.sh diff --git a/puppet/modules/site_config/manifests/shell.pp b/puppet/modules/site_config/manifests/shell.pp index b1a65389..5b8c025d 100644 --- a/puppet/modules/site_config/manifests/shell.pp +++ b/puppet/modules/site_config/manifests/shell.pp @@ -7,4 +7,16 @@ class site_config::shell { owner => root, group => root; } + + ## + ## XTERM TITLE + ## + + file { '/etc/profile.d/xterm-title.sh': + source => 'puppet:///modules/site_config/xterm-title.sh', + owner => root, + group => 0, + mode => '0644'; + } + } diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp new file mode 100644 index 00000000..c18f691c --- /dev/null +++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp @@ -0,0 +1,19 @@ +define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') { + # This line allows default homedir based on $title variable. + # If $home is empty, the default is used. + $homedir = $home ? {'' => "/home/${title}", default => $home} + file { + "${homedir}/.ssh": + ensure => 'directory', + owner => $title, + group => $title, + mode => '0700'; + "${homedir}/.ssh/authorized_keys": + ensure => $ensure, + owner => $ensure ? {'present' => $title, default => undef }, + group => $ensure ? {'present' => $title, default => undef }, + mode => '0600', + require => File["${homedir}/.ssh"], + content => template('site_sshd/authorized_keys.erb'); + } +} diff --git a/puppet/modules/site_sshd/manifests/deploy_authorized_keys.pp b/puppet/modules/site_sshd/manifests/deploy_authorized_keys.pp new file mode 100644 index 00000000..97ca058f --- /dev/null +++ b/puppet/modules/site_sshd/manifests/deploy_authorized_keys.pp @@ -0,0 +1,9 @@ +class site_sshd::deploy_authorized_keys ( $keys ) { + tag 'leap_authorized_keys' + + site_sshd::authorized_keys {'root': + keys => $keys, + home => '/root' + } + +} diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp index c1c4d3b3..90dd2d0e 100644 --- a/puppet/modules/site_sshd/manifests/init.pp +++ b/puppet/modules/site_sshd/manifests/init.pp @@ -2,12 +2,13 @@ class site_sshd { $ssh = hiera_hash('ssh') ## - ## XTERM TITLE + ## SETUP AUTHORIZED KEYS ## - file {'/etc/profile.d/xterm-title.sh': - source => "puppet://$server/modules/site_sshd/xterm-title.sh", - owner => root, group => 0, mode => 0644; + $authorized_keys = $ssh['authorized_keys'] + + class { 'site_sshd::deploy_authorized_keys': + keys => $authorized_keys } ## @@ -15,27 +16,16 @@ class site_sshd { ## $mosh = $ssh['mosh'] - $mosh_ports = $mosh['ports'] - if $ssh['mosh']['enabled'] { - $mosh_ensure = present - } else { - $mosh_ensure = absent - } - package { 'mosh': - ensure => $mosh_ensure; - } - file { '/etc/shorewall/macro.mosh': - ensure => $mosh_ensure, - content => "PARAM - - udp $mosh_ports", - notify => Service['shorewall'], - require => Package['shorewall']; + if $mosh['enabled'] { + class { 'site_sshd::mosh': + ensure => present, + ports => $mosh['ports'] + } } - shorewall::rule { 'net2fw-mosh': - ensure => $mosh_ensure, - source => 'net', - destination => '$FW', - action => 'mosh(ACCEPT)', - order => 200; + else { + class { 'site_sshd::mosh': + ensure => absent + } } } diff --git a/puppet/modules/site_sshd/manifests/mosh.pp b/puppet/modules/site_sshd/manifests/mosh.pp new file mode 100644 index 00000000..49f56ca0 --- /dev/null +++ b/puppet/modules/site_sshd/manifests/mosh.pp @@ -0,0 +1,21 @@ +class site_sshd::mosh ( $ensure = present, $ports = '60000-61000' ) { + + package { 'mosh': + ensure => $ensure + } + + file { '/etc/shorewall/macro.mosh': + ensure => $ensure, + content => "PARAM - - udp ${ports}", + notify => Service['shorewall'], + require => Package['shorewall']; + } + + shorewall::rule { 'net2fw-mosh': + ensure => $ensure, + source => 'net', + destination => '$FW', + action => 'mosh(ACCEPT)', + order => 200; + } +} diff --git a/puppet/modules/site_sshd/manifests/ssh_key.pp b/puppet/modules/site_sshd/manifests/ssh_key.pp deleted file mode 100644 index b47b2ebd..00000000 --- a/puppet/modules/site_sshd/manifests/ssh_key.pp +++ /dev/null @@ -1,3 +0,0 @@ -define site_sshd::ssh_key($key) { - # ... todo: deploy ssh_key -} diff --git a/puppet/modules/site_sshd/templates/authorized_keys.erb b/puppet/modules/site_sshd/templates/authorized_keys.erb new file mode 100644 index 00000000..3c65e8ab --- /dev/null +++ b/puppet/modules/site_sshd/templates/authorized_keys.erb @@ -0,0 +1,6 @@ +# NOTICE: This file is autogenerated by Puppet +# all manually added keys will be overridden + +<% keys.sort.each do |user, hash| -%> +<%=hash['type']-%> <%=hash['key']%> <%=user%> +<% end -%> |