replace the sshd_additional_options variable with two, one called

sshd_head_additional_options and one called sshd_tail_additional_options. the first puts the value at the beginning of the file, and the second at the end. This is necessary due to some option ordering requiring things to be before others
author: Micah Anderson <micah@riseup.net> 2009-07-07 20:52:40 -0400
committer: Micah Anderson <micah@riseup.net> 2009-07-07 20:52:40 -0400
commit: f44776cbbf1f825e0961c6aedecf67f6652859a6 (patch)
tree: 5a97a355ac6472f1e23a187b5adb730ce93068a1
parent: 60eb9319d3d1c4697de349485326a9ab019f5856 (diff)
6 files changed, 41 insertions, 28 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 0480fee..b7ae200 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -113,10 +113,17 @@
 #                       Might be interesting for sftponly usage
 #                       Default: empty -> no change of the default
 #
-# sshd_additional_options:  Set this to any additional sshd_options which aren't listed above.
-#                           As well this option might be usefull to define complexer Match Blocks
-#                           This string is going to be included, like it is defined. So take care!
-#                           Default: empty -> not added.
+# sshd_head_additional_options:  Set this to any additional sshd_options which aren't listed above.
+#                                Anything set here will be added to the beginning of the sshd_config file.
+#                                This option might be useful to define complicated Match Blocks
+#                                This string is going to be included, like it is defined. So take care!
+#                                Default: empty -> not added.
+#
+# sshd_tail_additional_options:  Set this to any additional sshd_options which aren't listed above.
+#                                Anything set here will be added to the end of the sshd_config file.
+#                                This option might be useful to define complicated Match Blocks
+#                                This string is going to be included, like it is defined. So take care!
+#                                Default: empty -> not added.
 
 class sshd {
   include sshd::client 
@@ -195,8 +202,12 @@ class sshd::base {
   case $sshd_sftp_subsystem {
     '': { $sshd_sftp_subsystem = '' }
   }
-  case $sshd_additional_options {
-    '': { $sshd_additional_options = '' }
+  case $sshd_head_additional_options {
+    '': { $sshd_head_additional_options = '' }
+  }
+  case $sshd_tail_additional_options {
+    '': { $sshd_tail_additional_options = '' }
+  }
   }
   
   file { 'sshd_config':
diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb
index 27880cb..a3a9a52 100644
--- a/templates/sshd_config/CentOS.erb
+++ b/templates/sshd_config/CentOS.erb
@@ -10,10 +10,8 @@
 # possible, but leave them commented.  Uncommented options change a
 # default value.
 
-<%- unless sshd_port.to_s.empty? then %>
-Port <%= sshd_port %>
-<%- else %>
-Port 22
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
 <%- end %>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
@@ -200,7 +198,7 @@ AllowGroups <%= sshd_allowed_groups %>
 <%- end %>
 
 
-<%- unless sshd_additional_options.to_s.empty? then %>
-<%= sshd_additional_options %>
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
 <%- end %>
 
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index f030a62..2524172 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -1,6 +1,10 @@
 # Package generated configuration file
 # See the sshd(8) manpage for details
 
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
+<%- end %>
+
 # What ports, IPs and protocols we listen for
 <%- unless sshd_port.to_s.empty? then -%>
 Port <%= sshd_port -%>
@@ -170,7 +174,7 @@ AllowGroups <%= sshd_allowed_groups %>
 
 PrintMotd no
 
-<%- unless sshd_additional_options.to_s.empty? then %>
-<%= sshd_additional_options %>
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
 <%- end %>
 
diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index 1762da3..c7f4ab4 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -1,6 +1,10 @@
 # Package generated configuration file
 # See the sshd(8) manpage for details
 
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
+<%- end %>
+
 # What ports, IPs and protocols we listen for
 <%- unless sshd_port.to_s.empty? then -%>
 Port <%= sshd_port -%>
@@ -176,7 +180,7 @@ AllowGroups <%= sshd_allowed_groups %>
 
 PrintMotd no
 
-<%- unless sshd_additional_options.to_s.empty? then %>
-<%= sshd_additional_options %>
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
 <%- end %>
 
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 77ed378..ad15031 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -10,10 +10,8 @@
 # possible, but leave them commented.  Uncommented options change a
 # default value.
 
-<%- unless sshd_port.to_s.empty? then %>
-Port <%= sshd_port %>
-<%- else %>
-Port 22
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
 <%- end %>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
@@ -203,8 +201,8 @@ AllowGroups <%= sshd_allowed_groups %>
 <%- end %>
 
 
-<%- unless sshd_additional_options.to_s.empty? then %>
-<%= sshd_additional_options %>
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
 <%- end %>
 
 
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index a6e0763..045d9ba 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -8,10 +8,8 @@
 # possible, but leave them commented.  Uncommented options change a
 # default value.
 
-<%- unless sshd_port.to_s.empty? then %>
-Port <%= sshd_port %>
-<%- else %>
-Port 22
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
 <%- end %>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
@@ -178,6 +176,6 @@ AllowGroups <%= sshd_allowed_groups %>
 #	AllowTcpForwarding no
 #	ForceCommand cvs server
 
-<%- unless sshd_additional_options.to_s.empty? then %>
-<%= sshd_additional_options %>
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
 <%- end %>
author	Micah Anderson <micah@riseup.net>	2009-07-07 20:52:40 -0400
committer	Micah Anderson <micah@riseup.net>	2009-07-07 20:52:40 -0400
commit	f44776cbbf1f825e0961c6aedecf67f6652859a6 (patch)
tree	5a97a355ac6472f1e23a187b5adb730ce93068a1
parent	60eb9319d3d1c4697de349485326a9ab019f5856 (diff)