move sshd extra ports to class params instead of hardcoded in the template

[mirror/dsa-puppet.git] / modules / ssh / manifests / init.pp

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 3021e3a..df986bc 100644 (file)
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -1,4 +1,7 @@
-class ssh {
+# @param extraports Addresses/ports to listen on, in addition to 22
+class ssh (
+  Array[String] $extraports = [],
+) {
   package { [ 'openssh-client', 'openssh-server']:
     ensure => installed
   }
@@ -15,6 +18,7 @@ class ssh {
   }
   ferm::rule { 'dsa-ssh-sources':
     description => 'Allow SSH from DSA',
+    domain      => '(ip ip6)',
     chain       => 'ssh',
     rule        => 'saddr ($SSH_SOURCES) ACCEPT'
   }