ExternalMirrors
/
openssh-formula
mirror of https://github.com/saltstack-formulas/openssh-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 27 Wiki Activity
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
178 Commits
3 Branches
Tree: 038a51cdc8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '038a51cdc8'
${ noResults }
openssh-formula/openssh/config.sls

70 lines
2.0KB
Raw Blame History 

  1. {% from "openssh/map.jinja" import openssh with context %}

  2. 

  3. include:

  4.   - openssh

  5. 

  6. {% if salt['pillar.get']('sshd_config', False) %}

  7. sshd_config:

  8.   file.managed:

  9.     - name: {{ openssh.sshd_config }}

  10.     - source: {{ openssh.sshd_config_src }}

  11.     - template: jinja

  12.     - user: root

  13.     - mode: 644

  14.     - watch_in:

  15.       - service: openssh

  16. {% endif %}

  17. 

  18. {% if salt['pillar.get']('ssh_config', False) %}

  19. ssh_config:

  20.   file.managed:

  21.     - name: {{ openssh.ssh_config }}

  22.     - source: {{ openssh.ssh_config_src }}

  23.     - template: jinja

  24.     - user: root

  25.     - mode: 644

  26. {% endif %}

  27. 

  28. {% for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}

  29. {% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}

  30. ssh_generate_host_{{ keyType }}_key:

  31.   cmd.run:

  32.     {%- if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}

  33.     {%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', 4096) %}

  34.     - name: ssh-keygen -t {{ keyType }} -b {{ keySize }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key

  35.     {%- else %}

  36.     - name: ssh-keygen -t {{ keyType }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key

  37.     {%- endif %}

  38.     - creates: /etc/ssh/ssh_host_{{ keyType }}_key

  39.     - user: root

  40. 

  41. {% elif salt['pillar.get']('openssh:absent_' ~ keyType ~ '_keys', False) %}

  42. ssh_host_{{ keyType }}_key:

  43.   file.absent:

  44.     - name: /etc/ssh/ssh_host_{{ keyType }}_key

  45. 

  46. ssh_host_{{ keyType }}_key.pub:

  47.   file.absent:

  48.     - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub

  49. 

  50. {% elif salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}

  51. ssh_host_{{ keyType }}_key:

  52.   file.managed:

  53.     - name: /etc/ssh/ssh_host_{{ keyType }}_key

  54.     - contents_pillar: 'openssh:{{ keyType }}:private_key'

  55.     - user: root

  56.     - mode: 600

  57.     - require_in:

  58.       - service: {{ openssh.service }}

  59. 

  60. ssh_host_{{ keyType }}_key.pub:

  61.   file.managed:

  62.     - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub

  63.     - contents_pillar: 'openssh:{{ keyType }}:public_key'

  64.     - user: root

  65.     - mode: 600

  66.     - require_in:

  67.       - service: {{ openssh.service }}

  68. {% endif %}

  69. {% endfor %}