summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_config/files/xterm-title.sh (renamed from puppet/modules/site_sshd/files/xterm-title.sh)0
-rw-r--r--puppet/modules/site_config/manifests/shell.pp12
-rw-r--r--puppet/modules/site_sshd/manifests/authorized_keys.pp19
-rw-r--r--puppet/modules/site_sshd/manifests/deploy_authorized_keys.pp9
-rw-r--r--puppet/modules/site_sshd/manifests/init.pp38
-rw-r--r--puppet/modules/site_sshd/manifests/mosh.pp21
-rw-r--r--puppet/modules/site_sshd/manifests/ssh_key.pp3
-rw-r--r--puppet/modules/site_sshd/templates/authorized_keys.erb6
8 files changed, 81 insertions, 27 deletions
diff --git a/puppet/modules/site_sshd/files/xterm-title.sh b/puppet/modules/site_config/files/xterm-title.sh
index 3cff0e3a..3cff0e3a 100644
--- a/puppet/modules/site_sshd/files/xterm-title.sh
+++ b/puppet/modules/site_config/files/xterm-title.sh
diff --git a/puppet/modules/site_config/manifests/shell.pp b/puppet/modules/site_config/manifests/shell.pp
index b1a65389..5b8c025d 100644
--- a/puppet/modules/site_config/manifests/shell.pp
+++ b/puppet/modules/site_config/manifests/shell.pp
@@ -7,4 +7,16 @@ class site_config::shell {
owner => root,
group => root;
}
+
+ ##
+ ## XTERM TITLE
+ ##
+
+ file { '/etc/profile.d/xterm-title.sh':
+ source => 'puppet:///modules/site_config/xterm-title.sh',
+ owner => root,
+ group => 0,
+ mode => '0644';
+ }
+
}
diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp
new file mode 100644
index 00000000..c18f691c
--- /dev/null
+++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp
@@ -0,0 +1,19 @@
+define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
+ # This line allows default homedir based on $title variable.
+ # If $home is empty, the default is used.
+ $homedir = $home ? {'' => "/home/${title}", default => $home}
+ file {
+ "${homedir}/.ssh":
+ ensure => 'directory',
+ owner => $title,
+ group => $title,
+ mode => '0700';
+ "${homedir}/.ssh/authorized_keys":
+ ensure => $ensure,
+ owner => $ensure ? {'present' => $title, default => undef },
+ group => $ensure ? {'present' => $title, default => undef },
+ mode => '0600',
+ require => File["${homedir}/.ssh"],
+ content => template('site_sshd/authorized_keys.erb');
+ }
+}
diff --git a/puppet/modules/site_sshd/manifests/deploy_authorized_keys.pp b/puppet/modules/site_sshd/manifests/deploy_authorized_keys.pp
new file mode 100644
index 00000000..97ca058f
--- /dev/null
+++ b/puppet/modules/site_sshd/manifests/deploy_authorized_keys.pp
@@ -0,0 +1,9 @@
+class site_sshd::deploy_authorized_keys ( $keys ) {
+ tag 'leap_authorized_keys'
+
+ site_sshd::authorized_keys {'root':
+ keys => $keys,
+ home => '/root'
+ }
+
+}
diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index c1c4d3b3..90dd2d0e 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -2,12 +2,13 @@ class site_sshd {
$ssh = hiera_hash('ssh')
##
- ## XTERM TITLE
+ ## SETUP AUTHORIZED KEYS
##
- file {'/etc/profile.d/xterm-title.sh':
- source => "puppet://$server/modules/site_sshd/xterm-title.sh",
- owner => root, group => 0, mode => 0644;
+ $authorized_keys = $ssh['authorized_keys']
+
+ class { 'site_sshd::deploy_authorized_keys':
+ keys => $authorized_keys
}
##
@@ -15,27 +16,16 @@ class site_sshd {
##
$mosh = $ssh['mosh']
- $mosh_ports = $mosh['ports']
- if $ssh['mosh']['enabled'] {
- $mosh_ensure = present
- } else {
- $mosh_ensure = absent
- }
- package { 'mosh':
- ensure => $mosh_ensure;
- }
- file { '/etc/shorewall/macro.mosh':
- ensure => $mosh_ensure,
- content => "PARAM - - udp $mosh_ports",
- notify => Service['shorewall'],
- require => Package['shorewall'];
+ if $mosh['enabled'] {
+ class { 'site_sshd::mosh':
+ ensure => present,
+ ports => $mosh['ports']
+ }
}
- shorewall::rule { 'net2fw-mosh':
- ensure => $mosh_ensure,
- source => 'net',
- destination => '$FW',
- action => 'mosh(ACCEPT)',
- order => 200;
+ else {
+ class { 'site_sshd::mosh':
+ ensure => absent
+ }
}
}
diff --git a/puppet/modules/site_sshd/manifests/mosh.pp b/puppet/modules/site_sshd/manifests/mosh.pp
new file mode 100644
index 00000000..49f56ca0
--- /dev/null
+++ b/puppet/modules/site_sshd/manifests/mosh.pp
@@ -0,0 +1,21 @@
+class site_sshd::mosh ( $ensure = present, $ports = '60000-61000' ) {
+
+ package { 'mosh':
+ ensure => $ensure
+ }
+
+ file { '/etc/shorewall/macro.mosh':
+ ensure => $ensure,
+ content => "PARAM - - udp ${ports}",
+ notify => Service['shorewall'],
+ require => Package['shorewall'];
+ }
+
+ shorewall::rule { 'net2fw-mosh':
+ ensure => $ensure,
+ source => 'net',
+ destination => '$FW',
+ action => 'mosh(ACCEPT)',
+ order => 200;
+ }
+}
diff --git a/puppet/modules/site_sshd/manifests/ssh_key.pp b/puppet/modules/site_sshd/manifests/ssh_key.pp
deleted file mode 100644
index b47b2ebd..00000000
--- a/puppet/modules/site_sshd/manifests/ssh_key.pp
+++ /dev/null
@@ -1,3 +0,0 @@
-define site_sshd::ssh_key($key) {
- # ... todo: deploy ssh_key
-}
diff --git a/puppet/modules/site_sshd/templates/authorized_keys.erb b/puppet/modules/site_sshd/templates/authorized_keys.erb
new file mode 100644
index 00000000..3c65e8ab
--- /dev/null
+++ b/puppet/modules/site_sshd/templates/authorized_keys.erb
@@ -0,0 +1,6 @@
+# NOTICE: This file is autogenerated by Puppet
+# all manually added keys will be overridden
+
+<% keys.sort.each do |user, hash| -%>
+<%=hash['type']-%> <%=hash['key']%> <%=user%>
+<% end -%>
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 21:07:44 +0000