Puppet Class: openssh::systemd

Defined in:
manifests/systemd.pp

Overview

Definitions for general Linux setup



3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'manifests/systemd.pp', line 3

class openssh::systemd {
  $package_name = $facts['os']['family'] ? {
    /(Debian|Ubuntu)/ => 'openssh-server',
    default           => 'openssh',
  }

  $service_name = $facts['os']['family'] ? {
    /(Debian|Ubuntu)/ => 'ssh',
    default           => 'sshd',
  }

  package { $package_name: }

  -> exec { '/usr/bin/ssh-keygen -A':
    creates => '/etc/ssh/ssh_host_ed25519_key.pub',
  }

  -> file { '/etc/ssh/sshd_config':
    ensure => file,
    source => 'puppet:///modules/openssh/sshd_config',
  }

  ~> service { $service_name:
    ensure   => running,
    enable   => true,
    provider => 'systemd',
  }

  group { 'sshaccess': }

  group { 'wheel': }

  file { '/etc/ssh/authorized_keys':
    ensure => directory,
    owner  => root,
    group  => sshaccess,
    mode   => '0755',
  }

  file { '/etc/sudoers.d/wheel':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0600',
    content => '%wheel ALL=(ALL:ALL) NOPASSWD: ALL',
  }

  $openssh::users.each |String $user, Array[String] $keys| {
    $homedir = $user ? {
      'root'  => '/root',
      default => "/home/${user}",
    }
    file { "/etc/ssh/authorized_keys/${user}":
      ensure  => file,
      content => template('openssh/authorized_keys.erb'),
    }

    $usergroups = $user in $openssh::sudoers ? {
      true  => ['sshaccess', 'wheel'],
      false => ['sshaccess'],
    }

    user { $user:
      ensure     => present,
      groups     => $usergroups,
      home       => $homedir,
      managehome => true,
      password   => '*',
    }
  }
}