Setup ssh for busting.

author: Hugo Hörnquist <hugo@lysator.liu.se> 2021-12-29 20:32:35 +0100
committer: Hugo Hörnquist <hugo@lysator.liu.se> 2021-12-29 20:38:02 +0100
commit: 707c7e2448a5ad747101f2c032e7b50aa0d8f4af (patch)
tree: efe17adccddc83113cef5ed71c5989ef0f087887 /modules
parent: Repair gitmodules file. (diff)
download: webdav_server-707c7e2448a5ad747101f2c032e7b50aa0d8f4af.tar.gz
webdav_server-707c7e2448a5ad747101f2c032e7b50aa0d8f4af.tar.xz
1 files changed, 30 insertions, 0 deletions
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
new file mode 100644
index 0000000..8db8eef
--- /dev/null
+++ b/modules/ssh/manifests/init.pp
@@ -0,0 +1,30 @@
+class ssh (
+  Variant[Enum['prohibit-password'], Boolean] $permit_root_login = false,
+) {
+
+  $pkgs = $facts['os']['family'] ? {
+    'Debian' => ['openssh-server'],
+    'Archlinux' => ['openssh'],
+  }
+
+  ensure_packages($pkgs)
+
+  $root_login = $permit_root_login ? {
+    'prohibit-password' => 'prohibit-password',
+    true                => 'yes',
+    false               => 'no',
+  }
+
+  file_line { 'sshd permit_root_login':
+    ensure => present,
+    path   => '/etc/ssh/sshd_config',
+    line   => "PermitRootLogin ${root_login}",
+    match  => '^#? *PermitRootLogin ',
+  }
+
+
+  # file { '/etc/ssh/sshd_config':
+  #   ensure  => file,
+  #   content => epp('ssh/sshd_config.epp'),
+  # }
+}
author	Hugo Hörnquist <hugo@lysator.liu.se>	2021-12-29 20:32:35 +0100
committer	Hugo Hörnquist <hugo@lysator.liu.se>	2021-12-29 20:38:02 +0100
commit	707c7e2448a5ad747101f2c032e7b50aa0d8f4af (patch)
tree	efe17adccddc83113cef5ed71c5989ef0f087887 /modules
parent	Repair gitmodules file. (diff)
download	webdav_server-707c7e2448a5ad747101f2c032e7b50aa0d8f4af.tar.gz webdav_server-707c7e2448a5ad747101f2c032e7b50aa0d8f4af.tar.xz