From: Julien Cristau <jcristau@debian.org>
Date: Tue, 24 Sep 2019 10:12:24 +0000 (+0200)
Subject: move sshd extra ports to class params instead of hardcoded in the template
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=f1fb9345410b0599c9f55cbb3ce43541d81de794

move sshd extra ports to class params instead of hardcoded in the template
---

diff --git a/data/nodes/paradis.debian.org.yaml b/data/nodes/paradis.debian.org.yaml
index 642bf1a04..774ea7439 100644
--- a/data/nodes/paradis.debian.org.yaml
+++ b/data/nodes/paradis.debian.org.yaml
@@ -3,3 +3,4 @@ classes:
   - roles::people
 
 roles::people::listen_addr: ['209.87.16.67', '2607:f8f0:614:1::1274:67']
+ssh::extraports: ['0.0.0.0:22', '[::]:22', '209.87.16.68:443', '[2607:f8f0:614:1::1274:68]:443']
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index bd3600eeb..df986bc23 100644
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -1,4 +1,7 @@
-class ssh {
+# @param extraports Addresses/ports to listen on, in addition to 22
+class ssh (
+  Array[String] $extraports = [],
+) {
   package { [ 'openssh-client', 'openssh-server']:
     ensure => installed
   }
diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index 06d672124..59f5fc62d 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -4,16 +4,9 @@
 ##
 
 Port 22
-<%= extraports = case @fqdn
-                        when "paradis.debian.org" then "
-ListenAddress 0.0.0.0:22
-ListenAddress [::]:22
-ListenAddress 209.87.16.68:443
-ListenAddress [2607:f8f0:614:1::1274:68]:443
-"
-                 end
-extraports
-%>
+<% @extraports.each do |port| -%>
+ListenAddress <%= $port %>
+<% end -%>
 # Use these options to restrict which interfaces/protocols sshd will bind to
 Protocol 2