X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fssh%2Fmanifests%2Finit.pp;h=df986bc236ac9c0544ccbcb97a652f0d8c465396;hb=b3860cc0dc0257e1561fd71a5e7397b508a76c01;hp=43d89df0159c22a724965ce997b11fff2210174a;hpb=f7eae20be1b64c3688676bac3db082e43a0823cb;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 43d89df01..df986bc23 100644
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -1,4 +1,7 @@
-class ssh {
+# @param extraports Addresses/ports to listen on, in addition to 22
+class ssh (
+  Array[String] $extraports = [],
+) {
   package { [ 'openssh-client', 'openssh-server']:
     ensure => installed
   }
@@ -15,9 +18,11 @@ class ssh {
   }
   ferm::rule { 'dsa-ssh-sources':
     description => 'Allow SSH from DSA',
+    domain      => '(ip ip6)',
     chain       => 'ssh',
     rule        => 'saddr ($SSH_SOURCES) ACCEPT'
   }
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::nagios' |>>
 
   file { '/etc/ssh/ssh_config':
     content => template('ssh/ssh_config.erb'),
@@ -47,13 +52,13 @@ class ssh {
   }
 
   if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
-    if ! $has_etc_ssh_ssh_host_ed25519_key {
+    if ! $facts['has_etc_ssh_ssh_host_ed25519_key'] {
       exec { 'create-ed25519-host-key':
         command => 'ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -q -P "" -t ed25519',
       }
     }
 
-    if $systemd {
+    if $facts['systemd'] {
       package { [ 'libpam-systemd' ]:
         ensure => installed
       }