1 files changed, 102 insertions, 85 deletions

diff --git a/manifests/init.pp b/manifests/init.pp
index 8489a6a..83b26c1 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -28,6 +28,13 @@
 # $sshd_use_pam = yes
 # include sshd::debian
 #
+# If you need to install a version of the ssh daemon or client package other than
+# the default one that would be installed by 'ensure => installed', then you can
+# set the following variables:
+#
+# $sshd_ensure_version = "1:5.2p2-6"
+# $ssh_ensure_version = "1:5.2p2-6"
+#
 # The following is a list of the currently available variables:
 #
 # sshd_listen_address:          specify the addresses sshd should listen on
@@ -113,95 +120,105 @@
 #                       Might be interesting for sftponly usage
 #                       Default: empty -> no change of the default
 #
-# sshd_additional_options:  Set this to any additional sshd_options which aren't listed above.
-#                           As well this option might be usefull to define complexer Match Blocks
-#                           This string is going to be included, like it is defined. So take care!
-#                           Default: empty -> not added.
+# sshd_head_additional_options:  Set this to any additional sshd_options which aren't listed above.
+#                                Anything set here will be added to the beginning of the sshd_config file.
+#                                This option might be useful to define complicated Match Blocks
+#                                This string is going to be included, like it is defined. So take care!
+#                                Default: empty -> not added.
+#
+# sshd_tail_additional_options:  Set this to any additional sshd_options which aren't listed above.
+#                                Anything set here will be added to the end of the sshd_config file.
+#                                This option might be useful to define complicated Match Blocks
+#                                This string is going to be included, like it is defined. So take care!
+#                                Default: empty -> not added.
 
 class sshd {
-    # prepare variables to use in templates
-    case $sshd_listen_address {
-      '': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
-    }
-    case $sshd_allowed_users {
-        '': { $sshd_allowed_users = '' }
-    }
-    case $sshd_allowed_groups {
-      '': { $sshd_allowed_groups = '' }
-    }
-    case $sshd_use_pam {
-        '': { $sshd_use_pam = 'no' }
-    }
-    case $sshd_permit_root_login {
-        '': { $sshd_permit_root_login = 'without-password' }
-    }
-    case $sshd_password_authentication {
-        '': { $sshd_password_authentication = 'no' }
-    }
-    case $sshd_tcp_forwarding {
-    	'': { $sshd_tcp_forwarding = 'no' }
-    }
-    case $sshd_x11_forwarding {
-        '': { $sshd_x11_forwarding = 'no' }
-    }
-    case $sshd_agent_forwarding {
-    	'': { $sshd_agent_forwarding = 'no' }
-    }
-    case $sshd_challenge_response_authentication {
-        '': { $sshd_challenge_response_authentication = 'no' }
-    }
-    case $sshd_pubkey_authentication {
-    	'': { $sshd_pubkey_authentication = 'yes' }
-    }
-    case $sshd_rsa_authentication {
-    	'': { $sshd_rsa_authentication = 'no' }
-    }
-    case $sshd_strict_modes {
-    	'': { $sshd_strict_modes = 'yes' }
-    }
-    case $sshd_ignore_rhosts {
-        '': { $sshd_ignore_rhosts = 'yes' }
-    }
-    case $sshd_rhosts_rsa_authentication {
-    	'': { $sshd_rhosts_rsa_authentication = 'no' }
-    }
-    case $sshd_hostbased_authentication {
-    	'': { $sshd_hostbased_authentication = 'no' }
-    }
-    case $sshd_permit_empty_passwords {
-    	'': { $sshd_permit_empty_passwords = 'no' }
-    }
-    case $sshd_port {
-      '': { $sshd_port = 22 }
-    }
-    case $sshd_authorized_keys_file {
-      '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
-    }
-    case $sshd_sftp_subsystem {
-        '': { $sshd_sftp_subsystem = '' }
-    }
-    case $sshd_additional_options {
-        '': { $sshd_additional_options = '' }
-    }
- 
-    include sshd::client 
+   # prepare variables to use in templates
+  case $sshd_listen_address {
+    '': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
+  }
+  case $sshd_allowed_users {
+    '': { $sshd_allowed_users = '' }
+  }
+  case $sshd_allowed_groups {
+    '': { $sshd_allowed_groups = '' }
+  }
+  case $sshd_use_pam {
+    '': { $sshd_use_pam = 'no' }
+  }
+  case $sshd_permit_root_login {
+    '': { $sshd_permit_root_login = 'without-password' }
+  }
+  case $sshd_password_authentication {
+    '': { $sshd_password_authentication = 'no' }
+  }
+  case $sshd_tcp_forwarding {
+    '': { $sshd_tcp_forwarding = 'no' }
+  }
+  case $sshd_x11_forwarding {
+    '': { $sshd_x11_forwarding = 'no' }
+  }
+  case $sshd_agent_forwarding {
+    '': { $sshd_agent_forwarding = 'no' }
+  }
+  case $sshd_challenge_response_authentication {
+    '': { $sshd_challenge_response_authentication = 'no' }
+  }
+  case $sshd_pubkey_authentication {
+    '': { $sshd_pubkey_authentication = 'yes' }
+  }
+  case $sshd_rsa_authentication {
+    '': { $sshd_rsa_authentication = 'no' }
+  }
+  case $sshd_strict_modes {
+    '': { $sshd_strict_modes = 'yes' }
+  }
+  case $sshd_ignore_rhosts {
+    '': { $sshd_ignore_rhosts = 'yes' }
+  }
+  case $sshd_rhosts_rsa_authentication {
+    '': { $sshd_rhosts_rsa_authentication = 'no' }
+  }
+  case $sshd_hostbased_authentication {
+    '': { $sshd_hostbased_authentication = 'no' }
+  }
+  case $sshd_permit_empty_passwords {
+    '': { $sshd_permit_empty_passwords = 'no' }
+  }
+  case $sshd_port {
+    '': { $sshd_port = 22 }
+  }
+  case $sshd_authorized_keys_file {
+    '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
+  }
+  case $sshd_sftp_subsystem {
+    '': { $sshd_sftp_subsystem = '' }
+  }
+  case $sshd_head_additional_options {
+    '': { $sshd_head_additional_options = '' }
+  }
+  case $sshd_tail_additional_options {
+    '': { $sshd_tail_additional_options = '' }
+  }
+  case $sshd_ensure_version {
+    '': { $sshd_ensure_version = "present" }
+  }
 
-    case $operatingsystem {
-        gentoo: { include sshd::gentoo }
-        redhat,centos: { include sshd::redhat }
-        centos: { include sshd::centos }
-        openbsd: { include sshd::openbsd }
-        debian,ubuntu: { include sshd::debian }
-        default: { include sshd::default }
-    }
+  include sshd::client 
 
-    if $use_nagios {
-        if $nagios_check_ssh {
-            nagios::service{ "ssh_${fqdn}_port_${sshd_port}": check_command => "ssh_port!$sshd_port" }
-        }
-    }
+  case $operatingsystem {
+    gentoo: { include sshd::gentoo }
+    redhat,centos: { include sshd::redhat }
+    centos: { include sshd::centos }
+    openbsd: { include sshd::openbsd }
+    debian,ubuntu: { include sshd::debian }
+    default: { include sshd::default }
+  }
 
-    if $use_shorewall{
-      include shorewall::rules::ssh
+  if $use_nagios {
+    case $nagios_check_ssh {
+      'false': { info("We don't do nagioschecks for ssh on ${fqdn}" ) }
+      default: { nagios::service{ "ssh_${fqdn}_port_${sshd_port}": check_command => "ssh_port!$sshd_port" } }
     }
+  }
 }