Saltstack Official OpenSSH Formula

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152
  1. {% from "openssh/map.jinja" import openssh with context %}
  2. include:
  3. - openssh
  4. sshd_config:
  5. file.managed:
  6. - name: {{ openssh.sshd_config }}
  7. - source: {{ openssh.sshd_config_src }}
  8. - template: jinja
  9. - user: root
  10. - mode: 644
  11. - watch_in:
  12. - service: openssh
  13. {% for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
  14. {% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
  15. ssh_generate_host_{{ keyType }}_key:
  16. cmd.run:
  17. - name: ssh-keygen -t {{ keyType }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
  18. - creates: /etc/ssh/ssh_host_{{ keyType }}_key
  19. - user: root
  20. {% elif salt['pillar.get']('openssh:absent_' ~ keyType ~ '_keys', False) %}
  21. ssh_host_{{ keyType }}_key:
  22. file.absent:
  23. - name: /etc/ssh/ssh_host_{{ keyType }}_key
  24. ssh_host_{{ keyType }}_key.pub:
  25. file.absent:
  26. - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub
  27. {% elif salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}
  28. ssh_host_{{ keyType }}_key:
  29. file.managed:
  30. - name: /etc/ssh/ssh_host_{{ keyType }}_key
  31. - contents_pillar: 'openssh:{{ keyType }}:private_key'
  32. - user: root
  33. - mode: 600
  34. - require_in:
  35. - service: {{ openssh.service }}
  36. ssh_host_{{ keyType }}_key.pub:
  37. file.managed:
  38. - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub
  39. - contents_pillar: 'openssh:{{ keyType }}:public_key'
  40. - user: root
  41. - mode: 600
  42. - require_in:
  43. - service: {{ openssh.service }}
  44. {% endif %}
  45. {% endfor %}