Attempt to partition staticsync ssh setup

[mirror/dsa-puppet.git] / modules / roles / manifests / static / ssh.pp

diff --git a/modules/roles/manifests/static/ssh.pp b/modules/roles/manifests/static/ssh.pp
new file mode 100644 (file)
index 0000000..0023543
--- /dev/null
+++ b/modules/roles/manifests/static/ssh.pp
@@ -0,0 +1,20 @@
+# wrapper for ssh setup for statichosts
+class roles::static::ssh(
+  Variant[Array[String], String] $add_tag,
+  String                         $collect_tag,
+  )
+{
+  ssh::keygen {'staticsync': }
+
+  ssh::authorized_key_add { 'staticsync':
+    target_user => 'staticsync',
+    command     => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
+    key         => $facts['staticsync_key'],
+    restrict    => 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc',
+    collect_tag => $add_tag,
+  }
+  ssh::authorized_key_collect { 'staticsync':
+    target_user => 'staticsync',
+    collect_tag => $collect_tag,
+  }
+}