From f1fb9345410b0599c9f55cbb3ce43541d81de794 Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Tue, 24 Sep 2019 12:12:24 +0200 Subject: [PATCH] move sshd extra ports to class params instead of hardcoded in the template --- data/nodes/paradis.debian.org.yaml | 1 + modules/ssh/manifests/init.pp | 5 ++++- modules/ssh/templates/sshd_config.erb | 13 +++---------- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/data/nodes/paradis.debian.org.yaml b/data/nodes/paradis.debian.org.yaml index 642bf1a04..774ea7439 100644 --- a/data/nodes/paradis.debian.org.yaml +++ b/data/nodes/paradis.debian.org.yaml @@ -3,3 +3,4 @@ classes: - roles::people roles::people::listen_addr: ['209.87.16.67', '2607:f8f0:614:1::1274:67'] +ssh::extraports: ['0.0.0.0:22', '[::]:22', '209.87.16.68:443', '[2607:f8f0:614:1::1274:68]:443'] diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp index bd3600eeb..df986bc23 100644 --- a/modules/ssh/manifests/init.pp +++ b/modules/ssh/manifests/init.pp @@ -1,4 +1,7 @@ -class ssh { +# @param extraports Addresses/ports to listen on, in addition to 22 +class ssh ( + Array[String] $extraports = [], +) { package { [ 'openssh-client', 'openssh-server']: ensure => installed } diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb index 06d672124..59f5fc62d 100644 --- a/modules/ssh/templates/sshd_config.erb +++ b/modules/ssh/templates/sshd_config.erb @@ -4,16 +4,9 @@ ## Port 22 -<%= extraports = case @fqdn - when "paradis.debian.org" then " -ListenAddress 0.0.0.0:22 -ListenAddress [::]:22 -ListenAddress 209.87.16.68:443 -ListenAddress [2607:f8f0:614:1::1274:68]:443 -" - end -extraports -%> +<% @extraports.each do |port| -%> +ListenAddress <%= $port %> +<% end -%> # Use these options to restrict which interfaces/protocols sshd will bind to Protocol 2 -- 2.20.1