when "paradis.debian.org" then "
ListenAddress 0.0.0.0:22
ListenAddress [::]:22
-ListenAddress 5.153.231.31:443
-ListenAddress [2001:41c8:1000:21::21:31]:443
+ListenAddress 209.87.16.68:443
+ListenAddress [2607:f8f0:614:1::1274:68]:443
"
end
extraports
<%- if has_variable?("has_etc_ssh_ssh_host_ed25519_key") && @has_etc_ssh_ssh_host_ed25519_key -%>
HostKey /etc/ssh/ssh_host_ed25519_key
<% end %>
-<% if scope.function_has_role(['ssh.upload.d.o']) -%>
+<% if classes.include?("roles::ssh_upload") -%>
# On ssh upload hosts we have many clients doing ssh connections to us.
# sshd has - by default - a limit of 10 on the number of currently
# unauthenticated (or not yet authenticated) connections. Raise that limit.
UsePAM yes
-AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more
+AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more /etc/ssh/puppetkeys/%u
PasswordAuthentication no
<%=
- allnodeinfo = scope.lookupvar('site::allnodeinfo')
+ allnodeinfo = scope.lookupvar('deprecated::allnodeinfo')
out = ''
settings = '# Banner "You are coming from a debian.org host."'
allnodeinfo.keys.sort.each do |node|
next unless allnodeinfo[node].has_key?('ipHostNumber')
- out += "# Match Address # #{node}"
+ out += "# Match Address "
out += allnodeinfo[node]['ipHostNumber'].collect do |ipnum|
if ipnum =~ /:/
"#{ipnum}/128"
"#{ipnum}/32"
end
end.join(',')
+ out += " # #{node}"
out += "\n"
out += settings
+ out += "\n\n"
end
out
%>
projects / mirror / dsa-puppet.git / blobdiff