move sshd extra ports to class params instead of hardcoded in the template

[mirror/dsa-puppet.git] / modules / ssh / manifests / init.pp

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 32442f6..df986bc 100644 (file)
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -1,4 +1,7 @@
-class ssh {
+# @param extraports Addresses/ports to listen on, in addition to 22
+class ssh (
+  Array[String] $extraports = [],
+) {
   package { [ 'openssh-client', 'openssh-server']:
     ensure => installed
   }
@@ -15,9 +18,11 @@ class ssh {
   }
   ferm::rule { 'dsa-ssh-sources':
     description => 'Allow SSH from DSA',
+    domain      => '(ip ip6)',
     chain       => 'ssh',
     rule        => 'saddr ($SSH_SOURCES) ACCEPT'
   }
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::nagios' |>>
 
   file { '/etc/ssh/ssh_config':
     content => template('ssh/ssh_config.erb'),