Saltstack Official OpenSSH Formula

config.sls 1.9KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. {% from "openssh/map.jinja" import openssh with context %}
  2. include:
  3. - openssh
  4. sshd_config:
  5. file.managed:
  6. - name: {{ openssh.sshd_config }}
  7. - source: {{ openssh.sshd_config_src }}
  8. - template: jinja
  9. - user: root
  10. - mode: 644
  11. - watch_in:
  12. - service: openssh
  13. ssh_config:
  14. file.managed:
  15. - name: {{ openssh.ssh_config }}
  16. - source: {{ openssh.ssh_config_src }}
  17. - template: jinja
  18. - user: root
  19. - mode: 644
  20. {% for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
  21. {% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
  22. ssh_generate_host_{{ keyType }}_key:
  23. cmd.run:
  24. {%- if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}
  25. {%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', 4096) %}
  26. - name: ssh-keygen -t {{ keyType }} -b {{ keySize }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
  27. {%- else %}
  28. - name: ssh-keygen -t {{ keyType }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
  29. {%- endif %}
  30. - creates: /etc/ssh/ssh_host_{{ keyType }}_key
  31. - user: root
  32. {% elif salt['pillar.get']('openssh:absent_' ~ keyType ~ '_keys', False) %}
  33. ssh_host_{{ keyType }}_key:
  34. file.absent:
  35. - name: /etc/ssh/ssh_host_{{ keyType }}_key
  36. ssh_host_{{ keyType }}_key.pub:
  37. file.absent:
  38. - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub
  39. {% elif salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}
  40. ssh_host_{{ keyType }}_key:
  41. file.managed:
  42. - name: /etc/ssh/ssh_host_{{ keyType }}_key
  43. - contents_pillar: 'openssh:{{ keyType }}:private_key'
  44. - user: root
  45. - mode: 600
  46. - require_in:
  47. - service: {{ openssh.service }}
  48. ssh_host_{{ keyType }}_key.pub:
  49. file.managed:
  50. - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub
  51. - contents_pillar: 'openssh:{{ keyType }}:public_key'
  52. - user: root
  53. - mode: 600
  54. - require_in:
  55. - service: {{ openssh.service }}
  56. {% endif %}
  57. {% endfor %}