Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa...
[mirror/dsa-puppet.git] / modules / ssh / manifests / init.pp
1 class ssh {
2
3         package { [ 'openssh-client', 'openssh-server']:
4                 ensure => installed
5         }
6
7         service { 'ssh':
8                 ensure  => running,
9                 require => Package['openssh-server']
10         }
11
12         @ferm::rule { 'dsa-ssh':
13                 description => 'Allow SSH from DSA',
14                 rule        => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)'
15         }
16         @ferm::rule { 'dsa-ssh-v6':
17                 description => 'Allow SSH from DSA',
18                 domain      => 'ip6',
19                 rule        => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)'
20         }
21
22         file { '/etc/ssh/ssh_config':
23                 content => template('ssh/ssh_config.erb'),
24                 require => Package['openssh-client']
25         }
26         file { '/etc/ssh/sshd_config':
27                 content => template('ssh/sshd_config.erb'),
28                 require => Package['openssh-server'],
29                 notify  => Service['ssh']
30         }
31         file { '/etc/ssh/userkeys':
32                 ensure  => directory,
33                 mode    => '0755',
34                 require => Package['openssh-server']
35         }
36         file { '/etc/ssh/userkeys/root':
37                 content => template('ssh/authorized_keys.erb'),
38         }
39
40         if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
41                 if ! $has_etc_ssh_ssh_host_ed25519_key {
42                         exec { 'create-ed25519-host-key':
43                                 command => 'ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -q -P "" -t ed25519',
44                         }
45                 }
46
47                 if $systemd {
48                         package { [ 'libpam-systemd' ]:
49                                 ensure => installed
50                         }
51                 }
52         }
53 }