X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fssh%2Fmanifests%2Finit.pp;h=367cae68dc3dda6ae0c9f579436fc124899e4e27;hb=d5ce68a830c42fd613e08e377ace6348a2799e9d;hp=4d40154e5dcbdbea33023d3083ea96c84ad7aa00;hpb=e4951b80994442be4318eaff1de4a856c85af59b;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 4d40154e5..367cae68d 100644
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -1,8 +1,5 @@
 class ssh {
 
-	#nodes = hiera('nodes', nil, {'cluster' => hiera('cluster')})
-	#$rootkeys = nodes.collect{|x| hiera('rootkey', nil, {'hostname' => x})}
-
 	package { [ 'openssh-client', 'openssh-server']:
 		ensure => installed
 	}
@@ -12,11 +9,11 @@ class ssh {
 		require => Package['openssh-server']
 	}
 
-	@ferm::rule { 'dsa-ssh':
+	ferm::rule { 'dsa-ssh':
 		description => 'Allow SSH from DSA',
 		rule        => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)'
 	}
-	@ferm::rule { 'dsa-ssh-v6':
+	ferm::rule { 'dsa-ssh-v6':
 		description => 'Allow SSH from DSA',
 		domain      => 'ip6',
 		rule        => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)'
@@ -36,7 +33,30 @@ class ssh {
 		mode    => '0755',
 		require => Package['openssh-server']
 	}
+	file { '/etc/ssh/puppetkeys':
+		ensure  => directory,
+		mode    => '0755',
+		purge   => true,
+		recurse => true,
+		force   => true,
+		source  => 'puppet:///files/empty/',
+		require => Package['openssh-server']
+	}
 	file { '/etc/ssh/userkeys/root':
 		content => template('ssh/authorized_keys.erb'),
 	}
+
+	if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
+		if ! $has_etc_ssh_ssh_host_ed25519_key {
+			exec { 'create-ed25519-host-key':
+				command => 'ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -q -P "" -t ed25519',
+			}
+		}
+
+		if $systemd {
+			package { [ 'libpam-systemd' ]:
+				ensure => installed
+			}
+		}
+	}
 }