move sshd extra ports to class params instead of hardcoded in the template

diff --git a/data/nodes/paradis.debian.org.yaml b/data/nodes/paradis.debian.org.yaml
index 642bf1a..774ea74 100644 (file)
--- a/data/nodes/paradis.debian.org.yaml
+++ b/data/nodes/paradis.debian.org.yaml
@@ -3,3 +3,4 @@ classes:
   - roles::people
 
 roles::people::listen_addr: ['209.87.16.67', '2607:f8f0:614:1::1274:67']
+ssh::extraports: ['0.0.0.0:22', '[::]:22', '209.87.16.68:443', '[2607:f8f0:614:1::1274:68]:443']

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index bd3600e..df986bc 100644 (file)
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -1,4 +1,7 @@
-class ssh {
+# @param extraports Addresses/ports to listen on, in addition to 22
+class ssh (
+  Array[String] $extraports = [],
+) {
   package { [ 'openssh-client', 'openssh-server']:
     ensure => installed
   }

diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index 06d6721..59f5fc6 100644 (file)
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -4,16 +4,9 @@
 ##
 
 Port 22
-<%= extraports = case @fqdn
-                        when "paradis.debian.org" then "
-ListenAddress 0.0.0.0:22
-ListenAddress [::]:22
-ListenAddress 209.87.16.68:443
-ListenAddress [2607:f8f0:614:1::1274:68]:443
-"
-                 end
-extraports
-%>
+<% @extraports.each do |port| -%>
+ListenAddress <%= $port %>
+<% end -%>
 # Use these options to restrict which interfaces/protocols sshd will bind to
 Protocol 2