--- /dev/null
+# wrapper for ssh setup for statichosts
+class roles::static::ssh(
+ Variant[Array[String], String] $add_tag,
+ String $collect_tag,
+ )
+{
+ ssh::keygen {'staticsync': }
+
+ ssh::authorized_key_add { 'staticsync':
+ target_user => 'staticsync',
+ command => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
+ key => $facts['staticsync_key'],
+ restrict => 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc',
+ collect_tag => $add_tag,
+ }
+ ssh::authorized_key_collect { 'staticsync':
+ target_user => 'staticsync',
+ collect_tag => $collect_tag,
+ }
+}