From 707c7e2448a5ad747101f2c032e7b50aa0d8f4af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Wed, 29 Dec 2021 20:32:35 +0100
Subject: Setup ssh for busting.

---
 modules/ssh/manifests/init.pp | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 modules/ssh/manifests/init.pp

(limited to 'modules')

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
new file mode 100644
index 0000000..8db8eef
--- /dev/null
+++ b/modules/ssh/manifests/init.pp
@@ -0,0 +1,30 @@
+class ssh (
+  Variant[Enum['prohibit-password'], Boolean] $permit_root_login = false,
+) {
+
+  $pkgs = $facts['os']['family'] ? {
+    'Debian' => ['openssh-server'],
+    'Archlinux' => ['openssh'],
+  }
+
+  ensure_packages($pkgs)
+
+  $root_login = $permit_root_login ? {
+    'prohibit-password' => 'prohibit-password',
+    true                => 'yes',
+    false               => 'no',
+  }
+
+  file_line { 'sshd permit_root_login':
+    ensure => present,
+    path   => '/etc/ssh/sshd_config',
+    line   => "PermitRootLogin ${root_login}",
+    match  => '^#? *PermitRootLogin ',
+  }
+
+
+  # file { '/etc/ssh/sshd_config':
+  #   ensure  => file,
+  #   content => epp('ssh/sshd_config.epp'),
+  # }
+}
-- 
cgit v1.2.3