diff options
| -rw-r--r-- | manifests/init.pp | 23 | ||||
| -rw-r--r-- | templates/sshd_config/CentOS.erb | 10 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_etch.erb | 8 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_lenny.erb | 8 | ||||
| -rw-r--r-- | templates/sshd_config/Gentoo.erb | 10 | ||||
| -rw-r--r-- | templates/sshd_config/OpenBSD.erb | 10 |
6 files changed, 41 insertions, 28 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 0480fee..b7ae200 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -113,10 +113,17 @@ # Might be interesting for sftponly usage # Default: empty -> no change of the default # -# sshd_additional_options: Set this to any additional sshd_options which aren't listed above. -# As well this option might be usefull to define complexer Match Blocks -# This string is going to be included, like it is defined. So take care! -# Default: empty -> not added. +# sshd_head_additional_options: Set this to any additional sshd_options which aren't listed above. +# Anything set here will be added to the beginning of the sshd_config file. +# This option might be useful to define complicated Match Blocks +# This string is going to be included, like it is defined. So take care! +# Default: empty -> not added. +# +# sshd_tail_additional_options: Set this to any additional sshd_options which aren't listed above. +# Anything set here will be added to the end of the sshd_config file. +# This option might be useful to define complicated Match Blocks +# This string is going to be included, like it is defined. So take care! +# Default: empty -> not added. class sshd { include sshd::client @@ -195,8 +202,12 @@ class sshd::base { case $sshd_sftp_subsystem { '': { $sshd_sftp_subsystem = '' } } - case $sshd_additional_options { - '': { $sshd_additional_options = '' } + case $sshd_head_additional_options { + '': { $sshd_head_additional_options = '' } + } + case $sshd_tail_additional_options { + '': { $sshd_tail_additional_options = '' } + } } file { 'sshd_config': diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb index 27880cb..a3a9a52 100644 --- a/templates/sshd_config/CentOS.erb +++ b/templates/sshd_config/CentOS.erb @@ -10,10 +10,8 @@ # possible, but leave them commented. Uncommented options change a # default value. -<%- unless sshd_port.to_s.empty? then %> -Port <%= sshd_port %> -<%- else %> -Port 22 +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> <%- end %> # Use these options to restrict which interfaces/protocols sshd will bind to @@ -200,7 +198,7 @@ AllowGroups <%= sshd_allowed_groups %> <%- end %> -<%- unless sshd_additional_options.to_s.empty? then %> -<%= sshd_additional_options %> +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> <%- end %> diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb index f030a62..2524172 100644 --- a/templates/sshd_config/Debian_etch.erb +++ b/templates/sshd_config/Debian_etch.erb @@ -1,6 +1,10 @@ # Package generated configuration file # See the sshd(8) manpage for details +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> +<%- end %> + # What ports, IPs and protocols we listen for <%- unless sshd_port.to_s.empty? then -%> Port <%= sshd_port -%> @@ -170,7 +174,7 @@ AllowGroups <%= sshd_allowed_groups %> PrintMotd no -<%- unless sshd_additional_options.to_s.empty? then %> -<%= sshd_additional_options %> +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> <%- end %> diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb index 1762da3..c7f4ab4 100644 --- a/templates/sshd_config/Debian_lenny.erb +++ b/templates/sshd_config/Debian_lenny.erb @@ -1,6 +1,10 @@ # Package generated configuration file # See the sshd(8) manpage for details +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> +<%- end %> + # What ports, IPs and protocols we listen for <%- unless sshd_port.to_s.empty? then -%> Port <%= sshd_port -%> @@ -176,7 +180,7 @@ AllowGroups <%= sshd_allowed_groups %> PrintMotd no -<%- unless sshd_additional_options.to_s.empty? then %> -<%= sshd_additional_options %> +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> <%- end %> diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb index 77ed378..ad15031 100644 --- a/templates/sshd_config/Gentoo.erb +++ b/templates/sshd_config/Gentoo.erb @@ -10,10 +10,8 @@ # possible, but leave them commented. Uncommented options change a # default value. -<%- unless sshd_port.to_s.empty? then %> -Port <%= sshd_port %> -<%- else %> -Port 22 +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> <%- end %> # Use these options to restrict which interfaces/protocols sshd will bind to @@ -203,8 +201,8 @@ AllowGroups <%= sshd_allowed_groups %> <%- end %> -<%- unless sshd_additional_options.to_s.empty? then %> -<%= sshd_additional_options %> +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> <%- end %> diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb index a6e0763..045d9ba 100644 --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@ -8,10 +8,8 @@ # possible, but leave them commented. Uncommented options change a # default value. -<%- unless sshd_port.to_s.empty? then %> -Port <%= sshd_port %> -<%- else %> -Port 22 +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> <%- end %> # Use these options to restrict which interfaces/protocols sshd will bind to @@ -178,6 +176,6 @@ AllowGroups <%= sshd_allowed_groups %> # AllowTcpForwarding no # ForceCommand cvs server -<%- unless sshd_additional_options.to_s.empty? then %> -<%= sshd_additional_options %> +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> <%- end %> |