Setup ssh for busting.

2 files changed, 35 insertions, 1 deletions

diff --git a/manifests/site.pp b/manifests/site.pp
index 8ba8b9a..1a068f5 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -6,6 +6,10 @@ node 'busting.adrift.space' {
     path   => '/etc/hosts',
   }
 
+  class { 'ssh':
+    permit_root_login => true,
+  }
+
   ensure_packages(['ruby'])
 
   class { 'puppet':
@@ -63,11 +67,11 @@ node 'busting.adrift.space' {
     python_loglevel   => 'debug',
   }
 
-
   class { 'puppetboard::apache::vhost':
     vhost_name => $::fqdn,
     port       => 80,
   }
+}
 
 node 'gandalf.adrift.space' {
   profiles::remarkable { 'any name':
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
new file mode 100644
index 0000000..8db8eef
--- /dev/null
+++ b/modules/ssh/manifests/init.pp
@@ -0,0 +1,30 @@
+class ssh (
+  Variant[Enum['prohibit-password'], Boolean] $permit_root_login = false,
+) {
+
+  $pkgs = $facts['os']['family'] ? {
+    'Debian' => ['openssh-server'],
+    'Archlinux' => ['openssh'],
+  }
+
+  ensure_packages($pkgs)
+
+  $root_login = $permit_root_login ? {
+    'prohibit-password' => 'prohibit-password',
+    true                => 'yes',
+    false               => 'no',
+  }
+
+  file_line { 'sshd permit_root_login':
+    ensure => present,
+    path   => '/etc/ssh/sshd_config',
+    line   => "PermitRootLogin ${root_login}",
+    match  => '^#? *PermitRootLogin ',
+  }
+
+
+  # file { '/etc/ssh/sshd_config':
+  #   ensure  => file,
+  #   content => epp('ssh/sshd_config.epp'),
+  # }
+}