Saltstack Official OpenSSH Formula

config.sls 2.1KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. {% from "openssh/map.jinja" import openssh with context %}
  2. include:
  3. - openssh
  4. sshd_config:
  5. file.managed:
  6. - name: {{ openssh.sshd_config }}
  7. - source: {{ openssh.sshd_config_src }}
  8. - template: jinja
  9. - user: {{ openssh.sshd_config_user }}
  10. - group: {{ openssh.sshd_config_group }}
  11. - mode: {{ openssh.sshd_config_mode }}
  12. - watch_in:
  13. - service: openssh
  14. ssh_config:
  15. file.managed:
  16. - name: {{ openssh.ssh_config }}
  17. - source: {{ openssh.ssh_config_src }}
  18. - template: jinja
  19. - user: {{ openssh.ssh_config_user }}
  20. - group: {{ openssh.ssh_config_group }}
  21. - mode: {{ openssh.ssh_config_mode }}
  22. {% for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
  23. {% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
  24. ssh_generate_host_{{ keyType }}_key:
  25. cmd.run:
  26. {%- if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}
  27. {%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', 4096) %}
  28. - name: ssh-keygen -t {{ keyType }} -b {{ keySize }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
  29. {%- else %}
  30. - name: ssh-keygen -t {{ keyType }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
  31. {%- endif %}
  32. - creates: /etc/ssh/ssh_host_{{ keyType }}_key
  33. - user: root
  34. {% elif salt['pillar.get']('openssh:absent_' ~ keyType ~ '_keys', False) %}
  35. ssh_host_{{ keyType }}_key:
  36. file.absent:
  37. - name: /etc/ssh/ssh_host_{{ keyType }}_key
  38. ssh_host_{{ keyType }}_key.pub:
  39. file.absent:
  40. - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub
  41. {% elif salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}
  42. ssh_host_{{ keyType }}_key:
  43. file.managed:
  44. - name: /etc/ssh/ssh_host_{{ keyType }}_key
  45. - contents_pillar: 'openssh:{{ keyType }}:private_key'
  46. - user: root
  47. - mode: 600
  48. - require_in:
  49. - service: {{ openssh.service }}
  50. ssh_host_{{ keyType }}_key.pub:
  51. file.managed:
  52. - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub
  53. - contents_pillar: 'openssh:{{ keyType }}:public_key'
  54. - user: root
  55. - mode: 600
  56. - require_in:
  57. - service: {{ openssh.service }}
  58. {% endif %}
  59. {% endfor %}