salt
/
openssh-formula
forked from ExternalMirrors/openssh-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
194 Commits
1 Branch
Tree: 0c363d284e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0c363d284e'
${ noResults }
openssh-formula/openssh/config.sls

87 lines
2.7KB
Raw Blame History 

  1. {% from "openssh/map.jinja" import openssh with context %}

  2. 

  3. include:

  4.   - openssh

  5. 

  6. {% if salt['pillar.get']('sshd_config', False) %}

  7. sshd_config:

  8.   file.managed:

  9.     - name: {{ openssh.sshd_config }}

  10.     - source: {{ openssh.sshd_config_src }}

  11.     - template: jinja

  12.     - user: {{ openssh.sshd_config_user }}

  13.     - group: {{ openssh.sshd_config_group }}

  14.     - mode: {{ openssh.sshd_config_mode }}

  15.     - watch_in:

  16.       - service: {{ openssh.service }}

  17. {% endif %}

  18. 

  19. {% if salt['pillar.get']('ssh_config', False) %}

  20. ssh_config:

  21.   file.managed:

  22.     - name: {{ openssh.ssh_config }}

  23.     - source: {{ openssh.ssh_config_src }}

  24.     - template: jinja

  25.     - user: {{ openssh.ssh_config_user }}

  26.     - group: {{ openssh.ssh_config_group }}

  27.     - mode: {{ openssh.ssh_config_mode }}

  28. {% endif %}

  29. 

  30. {%- for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}

  31. {%-   set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}

  32. {%-   set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}

  33. {%-   if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}

  34. {%-     if keySize and salt['pillar.get']('openssh:enforce_' ~ keyType ~ '_size', False) %}

  35. ssh_remove_short_{{ keyType }}_key:

  36.   cmd.run:

  37.     - name: "rm -f {{ keyFile }} {{ keyFile }}.pub"

  38.     - onlyif: "test -f {{ keyFile }}.pub && test `ssh-keygen -l -f {{ keyFile }}.pub 2>/dev/null | awk '{print $1}'` -lt {{ keySize }}"

  39.     - require_in:

  40.         - cmd: ssh_generate_host_{{ keyType }}_key

  41. {%-     endif %}

  42. ssh_generate_host_{{ keyType }}_key:

  43.   cmd.run:

  44.     {%- if keySize %}

  45.     - name: ssh-keygen -t {{ keyType }} -b {{ keySize }} -N '' -f {{ keyFile }}

  46.     {%- else %}

  47.     - name: ssh-keygen -t {{ keyType }} -N '' -f {{ keyFile }}

  48.     {%- endif %}

  49.     - creates: /etc/ssh/ssh_host_{{ keyType }}_key

  50.     - user: root

  51.     - watch_in:

  52.       - service: {{ openssh.service }}

  53. 

  54. {%-   elif salt['pillar.get']('openssh:absent_' ~ keyType ~ '_keys', False) %}

  55. ssh_host_{{ keyType }}_key:

  56.   file.absent:

  57.     - name: {{ keyFile }}

  58.     - watch_in:

  59.       - service: {{ openssh.service }}

  60. 

  61. ssh_host_{{ keyType }}_key.pub:

  62.   file.absent:

  63.     - name: {{ keyFile }}.pub

  64.     - watch_in:

  65.       - service: {{ openssh.service }}

  66. 

  67. {%-   elif salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}

  68. ssh_host_{{ keyType }}_key:

  69.   file.managed:

  70.     - name: {{ keyFile }}

  71.     - contents_pillar: 'openssh:{{ keyType }}:private_key'

  72.     - user: root

  73.     - mode: 600

  74.     - watch_in:

  75.       - service: {{ openssh.service }}

  76. 

  77. ssh_host_{{ keyType }}_key.pub:

  78.   file.managed:

  79.     - name: {{ keyFile }}.pub

  80.     - contents_pillar: 'openssh:{{ keyType }}:public_key'

  81.     - user: root

  82.     - mode: 600

  83.     - watch_in:

  84.       - service: {{ openssh.service }}

  85. {%-   endif %}

  86. {%- endfor %}