--- /dev/null
+# wrapper for ssh setup for statichosts
+class roles::static::ssh(
+ Variant[Array[String], String] $add_tag,
+ String $collect_tag,
+ )
+{
+ ssh::keygen {'staticsync': }
+
+ ssh::authorized_key_add { 'staticsync':
+ target_user => 'staticsync',
+ command => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
+ key => $facts['staticsync_key'],
+ options => ['restrict', 'pty'],
+ collect_tag => $add_tag,
+ }
+ ssh::authorized_key_collect { 'staticsync':
+ target_user => 'staticsync',
+ collect_tag => $collect_tag,
+ }
+}