Saltstack Official OpenSSH Formula

config.sls 2.2KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
  1. {% from "openssh/map.jinja" import openssh with context %}
  2. include:
  3. - openssh
  4. {% if salt['pillar.get']('sshd_config', False) %}
  5. sshd_config:
  6. file.managed:
  7. - name: {{ openssh.sshd_config }}
  8. - source: {{ openssh.sshd_config_src }}
  9. - template: jinja
  10. - user: {{ openssh.sshd_config_user }}
  11. - group: {{ openssh.sshd_config_group }}
  12. - mode: {{ openssh.sshd_config_mode }}
  13. - watch_in:
  14. - service: openssh
  15. {% endif %}
  16. {% if salt['pillar.get']('ssh_config', False) %}
  17. ssh_config:
  18. file.managed:
  19. - name: {{ openssh.ssh_config }}
  20. - source: {{ openssh.ssh_config_src }}
  21. - template: jinja
  22. - user: {{ openssh.ssh_config_user }}
  23. - group: {{ openssh.ssh_config_group }}
  24. - mode: {{ openssh.ssh_config_mode }}
  25. {% endif %}
  26. {% for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
  27. {% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
  28. ssh_generate_host_{{ keyType }}_key:
  29. cmd.run:
  30. {%- if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}
  31. {%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', 4096) %}
  32. - name: ssh-keygen -t {{ keyType }} -b {{ keySize }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
  33. {%- else %}
  34. - name: ssh-keygen -t {{ keyType }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
  35. {%- endif %}
  36. - creates: /etc/ssh/ssh_host_{{ keyType }}_key
  37. - user: root
  38. {% elif salt['pillar.get']('openssh:absent_' ~ keyType ~ '_keys', False) %}
  39. ssh_host_{{ keyType }}_key:
  40. file.absent:
  41. - name: /etc/ssh/ssh_host_{{ keyType }}_key
  42. ssh_host_{{ keyType }}_key.pub:
  43. file.absent:
  44. - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub
  45. {% elif salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}
  46. ssh_host_{{ keyType }}_key:
  47. file.managed:
  48. - name: /etc/ssh/ssh_host_{{ keyType }}_key
  49. - contents_pillar: 'openssh:{{ keyType }}:private_key'
  50. - user: root
  51. - mode: 600
  52. - require_in:
  53. - service: {{ openssh.service }}
  54. ssh_host_{{ keyType }}_key.pub:
  55. file.managed:
  56. - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub
  57. - contents_pillar: 'openssh:{{ keyType }}:public_key'
  58. - user: root
  59. - mode: 600
  60. - require_in:
  61. - service: {{ openssh.service }}
  62. {% endif %}
  63. {% endfor %}