From 10c9bb3f3f06d6c2a45250e23628708d8a201d57 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Thu, 9 Apr 2026 13:47:28 +0200 Subject: [PATCH 01/25] Recommit for updates in build 8 --- doc/_index.html | 153 ++++++ doc/css/common.css | 8 + doc/css/full_list.css | 58 ++ doc/css/style.css | 497 ++++++++++++++++++ doc/file.README.html | 158 ++++++ doc/frames.html | 22 + doc/index.html | 158 ++++++ doc/js/app.js | 314 +++++++++++ doc/js/full_list.js | 216 ++++++++ doc/js/jquery.js | 4 + doc/puppet_class_list.html | 106 ++++ doc/puppet_classes/confdroid_ssh.html | 121 +++++ ...droid_ssh_3A_3Afirewall_3A_3Aiptables.html | 146 +++++ .../confdroid_ssh_3A_3Amain_3A_3Aconfig.html | 130 +++++ .../confdroid_ssh_3A_3Amain_3A_3Adirs.html | 174 ++++++ .../confdroid_ssh_3A_3Amain_3A_3Afiles.html | 202 +++++++ .../confdroid_ssh_3A_3Amain_3A_3Ainstall.html | 132 +++++ .../confdroid_ssh_3A_3Amain_3A_3Aservice.html | 150 ++++++ .../confdroid_ssh_3A_3Aparams.html | 456 ++++++++++++++++ ...fdroid_ssh_3A_3Aselinux_3A_3Asemanage.html | 136 +++++ doc/top-level-namespace.html | 98 ++++ 21 files changed, 3439 insertions(+) create mode 100644 doc/_index.html create mode 100644 doc/css/common.css create mode 100644 doc/css/full_list.css create mode 100644 doc/css/style.css create mode 100644 doc/file.README.html create mode 100644 doc/frames.html create mode 100644 doc/index.html create mode 100644 doc/js/app.js create mode 100644 doc/js/full_list.js create mode 100644 doc/js/jquery.js create mode 100644 doc/puppet_class_list.html create mode 100644 doc/puppet_classes/confdroid_ssh.html create mode 100644 doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html create mode 100644 doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aconfig.html create mode 100644 doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html create mode 100644 doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html create mode 100644 doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Ainstall.html create mode 100644 doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aservice.html create mode 100644 doc/puppet_classes/confdroid_ssh_3A_3Aparams.html create mode 100644 doc/puppet_classes/confdroid_ssh_3A_3Aselinux_3A_3Asemanage.html create mode 100644 doc/top-level-namespace.html diff --git a/doc/_index.html b/doc/_index.html new file mode 100644 index 0000000..f5b0f9a --- /dev/null +++ b/doc/_index.html @@ -0,0 +1,153 @@ + + + + + + + Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Documentation by YARD 0.9.36

+
+

Alphabetic Index

+ +

Puppet Class Listing A-Z

+ + + + + + +
+ + + + +
+ + + + + + + + + +

File Listing

+ + +
+ + +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/doc/css/common.css b/doc/css/common.css new file mode 100644 index 0000000..d28b093 --- /dev/null +++ b/doc/css/common.css @@ -0,0 +1,8 @@ +/* Ensure the search bar doesn't overlap with links */ +.fixed_header { + padding-bottom: 25px; +} + +#full_list { + padding-top: 15px; +} diff --git a/doc/css/full_list.css b/doc/css/full_list.css new file mode 100644 index 0000000..fa35982 --- /dev/null +++ b/doc/css/full_list.css @@ -0,0 +1,58 @@ +body { + margin: 0; + font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; + font-size: 13px; + height: 101%; + overflow-x: hidden; + background: #fafafa; +} + +h1 { padding: 12px 10px; padding-bottom: 0; margin: 0; font-size: 1.4em; } +.clear { clear: both; } +.fixed_header { position: fixed; background: #fff; width: 100%; padding-bottom: 10px; margin-top: 0; top: 0; z-index: 9999; height: 70px; } +#search { position: absolute; right: 5px; top: 9px; padding-left: 24px; } +#content.insearch #search, #content.insearch #noresults { background: url(data:image/gif;base64,R0lGODlhEAAQAPYAAP///wAAAPr6+pKSkoiIiO7u7sjIyNjY2J6engAAAI6OjsbGxjIyMlJSUuzs7KamppSUlPLy8oKCghwcHLKysqSkpJqamvT09Pj4+KioqM7OzkRERAwMDGBgYN7e3ujo6Ly8vCoqKjY2NkZGRtTU1MTExDw8PE5OTj4+PkhISNDQ0MrKylpaWrS0tOrq6nBwcKysrLi4uLq6ul5eXlxcXGJiYoaGhuDg4H5+fvz8/KKiohgYGCwsLFZWVgQEBFBQUMzMzDg4OFhYWBoaGvDw8NbW1pycnOLi4ubm5kBAQKqqqiQkJCAgIK6urnJyckpKSjQ0NGpqatLS0sDAwCYmJnx8fEJCQlRUVAoKCggICLCwsOTk5ExMTPb29ra2tmZmZmhoaNzc3KCgoBISEiIiIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJCAAAACwAAAAAEAAQAAAHaIAAgoMgIiYlg4kACxIaACEJCSiKggYMCRselwkpghGJBJEcFgsjJyoAGBmfggcNEx0flBiKDhQFlIoCCA+5lAORFb4AJIihCRbDxQAFChAXw9HSqb60iREZ1omqrIPdJCTe0SWI09GBACH5BAkIAAAALAAAAAAQABAAAAdrgACCgwc0NTeDiYozCQkvOTo9GTmDKy8aFy+NOBA7CTswgywJDTIuEjYFIY0JNYMtKTEFiRU8Pjwygy4ws4owPyCKwsMAJSTEgiQlgsbIAMrO0dKDGMTViREZ14kYGRGK38nHguHEJcvTyIEAIfkECQgAAAAsAAAAABAAEAAAB2iAAIKDAggPg4iJAAMJCRUAJRIqiRGCBI0WQEEJJkWDERkYAAUKEBc4Po1GiKKJHkJDNEeKig4URLS0ICImJZAkuQAhjSi/wQyNKcGDCyMnk8u5rYrTgqDVghgZlYjcACTA1sslvtHRgQAh+QQJCAAAACwAAAAAEAAQAAAHZ4AAgoOEhYaCJSWHgxGDJCQARAtOUoQRGRiFD0kJUYWZhUhKT1OLhR8wBaaFBzQ1NwAlkIszCQkvsbOHL7Y4q4IuEjaqq0ZQD5+GEEsJTDCMmIUhtgk1lo6QFUwJVDKLiYJNUd6/hoEAIfkECQgAAAAsAAAAABAAEAAAB2iAAIKDhIWGgiUlh4MRgyQkjIURGRiGGBmNhJWHm4uen4ICCA+IkIsDCQkVACWmhwSpFqAABQoQF6ALTkWFnYMrVlhWvIKTlSAiJiVVPqlGhJkhqShHV1lCW4cMqSkAR1ofiwsjJyqGgQAh+QQJCAAAACwAAAAAEAAQAAAHZ4AAgoOEhYaCJSWHgxGDJCSMhREZGIYYGY2ElYebi56fhyWQniSKAKKfpaCLFlAPhl0gXYNGEwkhGYREUywag1wJwSkHNDU3D0kJYIMZQwk8MjPBLx9eXwuETVEyAC/BOKsuEjYFhoEAIfkECQgAAAAsAAAAABAAEAAAB2eAAIKDhIWGgiUlh4MRgyQkjIURGRiGGBmNhJWHm4ueICImip6CIQkJKJ4kigynKaqKCyMnKqSEK05StgAGQRxPYZaENqccFgIID4KXmQBhXFkzDgOnFYLNgltaSAAEpxa7BQoQF4aBACH5BAkIAAAALAAAAAAQABAAAAdogACCg4SFggJiPUqCJSWGgkZjCUwZACQkgxGEXAmdT4UYGZqCGWQ+IjKGGIUwPzGPhAc0NTewhDOdL7Ykji+dOLuOLhI2BbaFETICx4MlQitdqoUsCQ2vhKGjglNfU0SWmILaj43M5oEAOwAAAAAAAAAAAA==) no-repeat center left; } +#full_list { padding: 0; list-style: none; margin-left: 0; margin-top: 80px; font-size: 1.1em; } +#full_list ul { padding: 0; } +#full_list li { padding: 0; margin: 0; list-style: none; } +#full_list li .item { padding: 5px 5px 5px 12px; } +#noresults { padding: 7px 12px; background: #fff; } +#content.insearch #noresults { margin-left: 7px; } +li.collapsed ul { display: none; } +li a.toggle { cursor: default; position: relative; left: -5px; top: 4px; text-indent: -999px; width: 10px; height: 9px; margin-left: -10px; display: block; float: left; background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAASCAYAAABb0P4QAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAK8AAACvABQqw0mAAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTM5jWRgMAAAAVdEVYdENyZWF0aW9uIFRpbWUAMy8xNC8wOeNZPpQAAAE2SURBVDiNrZTBccIwEEXfelIAHUA6CZ24BGaWO+FuzZAK4k6gg5QAdGAq+Bxs2Yqx7BzyL7Llp/VfzZeQhCTc/ezuGzKKnKSzpCxXJM8fwNXda3df5RZETlIt6YUzSQDs93sl8w3wBZxCCE10GM1OcWbWjB2mWgEH4Mfdyxm3PSepBHibgQE2wLe7r4HjEidpnXMYdQPKEMJcsZ4zs2POYQOcaPfwMVOo58zsAdMt18BuoVDPxUJRacELbXv3hUIX2vYmOUvi8C8ydz/ThjXrqKqqLbDIAdsCKBd+Wo7GWa7o9qzOQHVVVXeAbs+yHHCH4aTsaCOQqunmUy1yBUAXkdMIfMlgF5EXLo2OpV/c/Up7jG4hhHcYLgWzAZXUc2b2ixsfvc/RmNNfOXD3Q/oeL9axJE1yT9IOoUu6MGUkAAAAAElFTkSuQmCC) no-repeat bottom left; } +li.collapsed a.toggle { opacity: 0.5; cursor: default; background-position: top left; } +li { color: #888; cursor: pointer; } +li.deprecated { text-decoration: line-through; font-style: italic; } +li.odd { background: #f0f0f0; } +li.even { background: #fafafa; } +.item:hover { background: #ddd; } +li small:before { content: "("; } +li small:after { content: ")"; } +li small.search_info { display: none; } +a, a:visited { text-decoration: none; color: #05a; } +li.clicked > .item { background: #05a; color: #ccc; } +li.clicked > .item a, li.clicked > .item a:visited { color: #eee; } +li.clicked > .item a.toggle { opacity: 0.5; background-position: bottom right; } +li.collapsed.clicked a.toggle { background-position: top right; } +#search input { border: 1px solid #bbb; border-radius: 3px; } +#full_list_nav { margin-left: 10px; font-size: 0.9em; display: block; color: #aaa; } +#full_list_nav a, #nav a:visited { color: #358; } +#full_list_nav a:hover { background: transparent; color: #5af; } +#full_list_nav span:after { content: ' | '; } +#full_list_nav span:last-child:after { content: ''; } + +#content h1 { margin-top: 0; } +li { white-space: nowrap; cursor: normal; } +li small { display: block; font-size: 0.8em; } +li small:before { content: ""; } +li small:after { content: ""; } +li small.search_info { display: none; } +#search { width: 170px; position: static; margin: 3px; margin-left: 10px; font-size: 0.9em; color: #888; padding-left: 0; padding-right: 24px; } +#content.insearch #search { background-position: center right; } +#search input { width: 110px; } + +#full_list.insearch ul { display: block; } +#full_list.insearch .item { display: none; } +#full_list.insearch .found { display: block; padding-left: 11px !important; } +#full_list.insearch li a.toggle { display: none; } +#full_list.insearch li small.search_info { display: block; } diff --git a/doc/css/style.css b/doc/css/style.css new file mode 100644 index 0000000..eb0dbc8 --- /dev/null +++ b/doc/css/style.css @@ -0,0 +1,497 @@ +html { + width: 100%; + height: 100%; +} +body { + font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; + font-size: 13px; + width: 100%; + margin: 0; + padding: 0; + display: flex; + display: -webkit-flex; + display: -ms-flexbox; +} + +#nav { + position: relative; + width: 100%; + height: 100%; + border: 0; + border-right: 1px dotted #eee; + overflow: auto; +} +.nav_wrap { + margin: 0; + padding: 0; + width: 20%; + height: 100%; + position: relative; + display: flex; + display: -webkit-flex; + display: -ms-flexbox; + flex-shrink: 0; + -webkit-flex-shrink: 0; + -ms-flex: 1 0; +} +#resizer { + position: absolute; + right: -5px; + top: 0; + width: 10px; + height: 100%; + cursor: col-resize; + z-index: 9999; +} +#main { + flex: 5 1; + -webkit-flex: 5 1; + -ms-flex: 5 1; + outline: none; + position: relative; + background: #fff; + padding: 1.2em; + padding-top: 0.2em; + box-sizing: border-box; +} + +@media (max-width: 920px) { + .nav_wrap { width: 100%; top: 0; right: 0; overflow: visible; position: absolute; } + #resizer { display: none; } + #nav { + z-index: 9999; + background: #fff; + display: none; + position: absolute; + top: 40px; + right: 12px; + width: 500px; + max-width: 80%; + height: 80%; + overflow-y: scroll; + border: 1px solid #999; + border-collapse: collapse; + box-shadow: -7px 5px 25px #aaa; + border-radius: 2px; + } +} + +@media (min-width: 920px) { + body { height: 100%; overflow: hidden; } + #main { height: 100%; overflow: auto; } + #search { display: none; } +} + +#main img { max-width: 100%; } +h1 { font-size: 25px; margin: 1em 0 0.5em; padding-top: 4px; border-top: 1px dotted #d5d5d5; } +h1.noborder { border-top: 0px; margin-top: 0; padding-top: 4px; } +h1.title { margin-bottom: 10px; } +h1.alphaindex { margin-top: 0; font-size: 22px; } +h2 { + padding: 0; + padding-bottom: 3px; + border-bottom: 1px #aaa solid; + font-size: 1.4em; + margin: 1.8em 0 0.5em; + position: relative; +} +h2 small { font-weight: normal; font-size: 0.7em; display: inline; position: absolute; right: 0; } +h2 small a { + display: block; + height: 20px; + border: 1px solid #aaa; + border-bottom: 0; + border-top-left-radius: 5px; + background: #f8f8f8; + position: relative; + padding: 2px 7px; +} +.clear { clear: both; } +.inline { display: inline; } +.inline p:first-child { display: inline; } +.docstring, .tags, #filecontents { font-size: 15px; line-height: 1.5145em; } +.docstring p > code, .docstring p > tt, .tags p > code, .tags p > tt { + color: #c7254e; background: #f9f2f4; padding: 2px 4px; font-size: 1em; + border-radius: 4px; +} +.docstring h1, .docstring h2, .docstring h3, .docstring h4 { padding: 0; border: 0; border-bottom: 1px dotted #bbb; } +.docstring h1 { font-size: 1.2em; } +.docstring h2 { font-size: 1.1em; } +.docstring h3, .docstring h4 { font-size: 1em; border-bottom: 0; padding-top: 10px; } +.summary_desc .object_link a, .docstring .object_link a { + font-family: monospace; font-size: 1.05em; + color: #05a; background: #EDF4FA; padding: 2px 4px; font-size: 1em; + border-radius: 4px; +} +.rdoc-term { padding-right: 25px; font-weight: bold; } +.rdoc-list p { margin: 0; padding: 0; margin-bottom: 4px; } +.summary_desc pre.code .object_link a, .docstring pre.code .object_link a { + padding: 0px; background: inherit; color: inherit; border-radius: inherit; +} + +/* style for */ +#filecontents table, .docstring table { border-collapse: collapse; } +#filecontents table th, #filecontents table td, +.docstring table th, .docstring table td { border: 1px solid #ccc; padding: 8px; padding-right: 17px; } +#filecontents table tr:nth-child(odd), +.docstring table tr:nth-child(odd) { background: #eee; } +#filecontents table tr:nth-child(even), +.docstring table tr:nth-child(even) { background: #fff; } +#filecontents table th, .docstring table th { background: #fff; } + +/* style for
a",d=q.getElementsByTagName("*"),e=q.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=q.getElementsByTagName("input")[0],b={leadingWhitespace:q.firstChild.nodeType===3,tbody:!q.getElementsByTagName("tbody").length,htmlSerialize:!!q.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:q.className!=="t",enctype:!!c.createElement("form").enctype,html5Clone:c.createElement("nav").cloneNode(!0).outerHTML!=="<:nav>",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,b.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{delete q.test}catch(s){b.deleteExpando=!1}!q.addEventListener&&q.attachEvent&&q.fireEvent&&(q.attachEvent("onclick",function(){b.noCloneEvent=!1}),q.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),b.radioValue=i.value==="t",i.setAttribute("checked","checked"),q.appendChild(i),k=c.createDocumentFragment(),k.appendChild(q.lastChild),b.checkClone=k.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=i.checked,k.removeChild(i),k.appendChild(q),q.innerHTML="",a.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",q.style.width="2px",q.appendChild(j),b.reliableMarginRight=(parseInt((a.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0);if(q.attachEvent)for(o in{submit:1,change:1,focusin:1})n="on"+o,p=n in q,p||(q.setAttribute(n,"return;"),p=typeof q[n]=="function"),b[o+"Bubbles"]=p;k.removeChild(q),k=g=h=j=q=i=null,f(function(){var a,d,e,g,h,i,j,k,m,n,o,r=c.getElementsByTagName("body")[0];!r||(j=1,k="position:absolute;top:0;left:0;width:1px;height:1px;margin:0;",m="visibility:hidden;border:0;",n="style='"+k+"border:5px solid #000;padding:0;'",o="
"+""+"
",a=c.createElement("div"),a.style.cssText=m+"width:0;height:0;position:static;top:0;margin-top:"+j+"px",r.insertBefore(a,r.firstChild),q=c.createElement("div"),a.appendChild(q),q.innerHTML="
t
",l=q.getElementsByTagName("td"),p=l[0].offsetHeight===0,l[0].style.display="",l[1].style.display="none",b.reliableHiddenOffsets=p&&l[0].offsetHeight===0,q.innerHTML="",q.style.width=q.style.paddingLeft="1px",f.boxModel=b.boxModel=q.offsetWidth===2,typeof q.style.zoom!="undefined"&&(q.style.display="inline",q.style.zoom=1,b.inlineBlockNeedsLayout=q.offsetWidth===2,q.style.display="",q.innerHTML="
",b.shrinkWrapBlocks=q.offsetWidth!==2),q.style.cssText=k+m,q.innerHTML=o,d=q.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,i={doesNotAddBorder:e.offsetTop!==5,doesAddBorderForTableAndCells:h.offsetTop===5},e.style.position="fixed",e.style.top="20px",i.fixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",i.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,i.doesNotIncludeMarginInBodyOffset=r.offsetTop!==j,r.removeChild(a),q=a=null,f.extend(b,i))});return b}();var j=/^(?:\{.*\}|\[.*\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c=="string",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c==="events";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,g=b.length;e-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}if(g){c=f.valHooks[g.nodeName.toLowerCase()]||f.valHooks[g.type];if(c&&"get"in c&&(d=c.get(g,"value"))!==b)return d;d=g.value;return typeof d=="string"?d.replace(q,""):d==null?"":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type==="select-one";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute=="undefined")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&"set"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,""+d);return d}if(h&&"get"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;h=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\.]*)?(?:\.(.+))?$/,B=/\bhover(\.\S+)?\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,G=function(a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c["class"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,"mouseenter$1 mouseleave$1")}; +f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(" ");for(k=0;k=0&&(h=h.slice(0,-1),k=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)"):null,o=h.indexOf(":")<0?"on"+h:"";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;le&&i.push({elem:this,matches:d.slice(e)});for(j=0;j0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d="sizcache"+(Math.random()+"").replace(".",""),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\/g,k=/\r\n/g,l=/\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(""),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]==="~"||w[0]==="+")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q="",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==="[object Array]")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,"")},TAG:function(a,b){return a[1].replace(j,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,"");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(j,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||n([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":!f&&m.attr?d!=null:f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return"\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\[]*\])(?![^\(]*\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\r|\n)*?)/.source+o.match[r].source.replace(/\\(\d+)/g,q));var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var e=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(o.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(o.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=m,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var k=e,l=e.getAttribute("id"),n=l||d,p=e.parentNode,q=/^\s*[+~]/.test(b);l?n=n.replace(/'/g,"\\$&"):e.setAttribute("id",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll("[id='"+n+"'] "+b),f)}catch(r){}finally{l||k.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;o.order.splice(1,0,"CLASS"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var y=function(a,b,c){var d,e=[],f="",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,"");a=o.relative[a]?a+"*":a;for(var h=0,i=g.length;h0)for(h=g;h=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V="abbr|article|aside|audio|canvas|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,"
","
"],thead:[1,"","
"],tr:[2,"","
"],td:[3,"","
"],col:[2,"","
"],area:[1,"",""],_default:[0,"",""]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,"div
","
"]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f.clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function() +{for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||!bc.test("<"+a.nodeName)?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=bg[l]||bg._default,n=m[0],o=b.createElement("div");b===c?bh.appendChild(o):U(b).appendChild(o),o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return br.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?"alpha(opacity="+b*100+")":"",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bq,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bq.test(g)?g.replace(bq,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bz(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bA=function(a,b){var c,d,e;b=b.replace(bs,"-$1").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===""&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b)));return c}),c.documentElement.currentStyle&&(bB=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f===null&&g&&(e=g[b])&&(f=e),!bt.test(f)&&bu.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b==="fontSize"?"1em":f||0,f=g.pixelLeft+"px",g.left=c,d&&(a.runtimeStyle.left=d));return f===""?"auto":f}),bz=bA||bB,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bD=/%20/g,bE=/\[\]$/,bF=/\r?\n/g,bG=/#.*$/,bH=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bI=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bJ=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bK=/^(?:GET|HEAD)$/,bL=/^\/\//,bM=/\?/,bN=/)<[^<]*)*<\/script>/gi,bO=/^(?:select|textarea)/i,bP=/\s+/,bQ=/([?&])_=[^&]*/,bR=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bS=f.fn.load,bT={},bU={},bV,bW,bX=["*/"]+["*"];try{bV=e.href}catch(bY){bV=c.createElement("a"),bV.href="",bV=bV.href}bW=bR.exec(bV.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bS)return bS.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
").append(c.replace(bN,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bO.test(this.nodeName)||bI.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bF,"\r\n")}}):{name:b.name,value:c.replace(bF,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b_(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b_(a,b);return a},ajaxSettings:{url:bV,isLocal:bJ.test(bW[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bX},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bZ(bT),ajaxTransport:bZ(bU),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?cb(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cc(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bH.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bG,"").replace(bL,bW[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bP),d.crossDomain==null&&(r=bR.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bW[1]&&r[2]==bW[2]&&(r[3]||(r[1]==="http:"?80:443))==(bW[3]||(bW[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),b$(bT,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bK.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bM.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bQ,"$1_="+x);d.url=y+(y===d.url?(bM.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bX+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=b$(bU,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)ca(g,a[g],c,e);return d.join("&").replace(bD,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cd=f.now(),ce=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cd++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ce.test(b.url)||e&&ce.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ce,l),b.url===j&&(e&&(k=k.replace(ce,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cf=a.ActiveXObject?function(){for(var a in ch)ch[a](0,1)}:!1,cg=0,ch;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ci()||cj()}:ci,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cf&&delete ch[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cg,cf&&(ch||(ch={},f(a).unload(cf)),ch[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var ck={},cl,cm,cn=/^(?:toggle|show|hide)$/,co=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cp,cq=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cr;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cu("show",3),a,b,c);for(var g=0,h=this.length;g=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cy(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cy(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,d,"padding")):this[d]():null},f.fn["outer"+c]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,d,a?"margin":"border")):this[d]():null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNumeric(j)?j:i}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window); \ No newline at end of file diff --git a/doc/puppet_class_list.html b/doc/puppet_class_list.html new file mode 100644 index 0000000..5557e96 --- /dev/null +++ b/doc/puppet_class_list.html @@ -0,0 +1,106 @@ + + + + + + + + + + + + + + + + + + Puppet Class List + + + +
+
+

Puppet Class List

+ + + +
+ + +
+ + diff --git a/doc/puppet_classes/confdroid_ssh.html b/doc/puppet_classes/confdroid_ssh.html new file mode 100644 index 0000000..8b2d550 --- /dev/null +++ b/doc/puppet_classes/confdroid_ssh.html @@ -0,0 +1,121 @@ + + + + + + + Puppet Class: confdroid_ssh + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: confdroid_ssh

+
+ + +
+
Defined in:
+
+ manifests/init.pp +
+
+
+ +

Summary

+ Class initializes the confdroid_ssh module + +

Overview

+
+
+ +

confdroid_ssh::init.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)

+ +
+
+ + + +
+ + + +
+
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'manifests/init.pp', line 6
+
+class confdroid_ssh {
+  include confdroid_ssh::params
+}
+
+ + + + + + + + \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html new file mode 100644 index 0000000..515d544 --- /dev/null +++ b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html @@ -0,0 +1,146 @@ + + + + + + + Puppet Class: confdroid_ssh::firewall::iptables + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: confdroid_ssh::firewall::iptables

+
+ +
+
Inherits:
+
confdroid_ssh::params
+
+ + +
+
Defined in:
+
+ manifests/firewall/iptables.pp +
+
+
+ +

Summary

+ Class manages firewall rules for SSH + +

Overview

+
+
+ +

confdroid_ssh::firewall::iptables.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)

+ +
+
+ + + +
+ + + +
+ + + + + +
+ 
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+ 		+ 
# File 'manifests/firewall/iptables.pp', line 6
+
+class confdroid_ssh::firewall::iptables (
+
+) inherits confdroid_ssh::params {
+  if $ssh_use_firewall {
+    firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
+      ensure => 'present',
+      proto  => 'tcp',
+      source => $ssh_source_range,
+      dport  => $ssh_fw_port,
+      jump   => 'accept',
+    }
+  }
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aconfig.html new file mode 100644 index 0000000..4748626 --- /dev/null +++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aconfig.html @@ -0,0 +1,130 @@ + + + + + + + Puppet Class: confdroid_ssh::main::config + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: confdroid_ssh::main::config

+
+ +
+
Inherits:
+
confdroid_ssh::params
+
+ + +
+
Defined in:
+
+ manifests/main/config.pp +
+
+
+ +

Summary

+ Class manages module logic + +

Overview

+
+
+ +

confdroid_ssh::main::config.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)

+ +
+
+ + + +
+ + + +
+ + + + + +
+ 
+
+
+6
+7
+8
+9
+10
+ 		+ 
# File 'manifests/main/config.pp', line 6
+
+class confdroid_ssh::main::config (
+) inherits confdroid_ssh::params {
+  require confdroid_selinux
+  include confdroid_ssh::main::service
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html new file mode 100644 index 0000000..c67a40e --- /dev/null +++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html @@ -0,0 +1,174 @@ + + + + + + + Puppet Class: confdroid_ssh::main::dirs + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: confdroid_ssh::main::dirs

+
+ +
+
Inherits:
+
confdroid_ssh::params
+
+ + +
+
Defined in:
+
+ manifests/main/dirs.pp +
+
+
+ +

Summary

+ Class manages directories + +

Overview

+
+
+ +

confdroid_ssh::main::dirs.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)

+ +
+
+ + + +
+ + + +
+ + + + + +
+ 
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+ 		+ 
# File 'manifests/main/dirs.pp', line 6
+
+class confdroid_ssh::main::dirs (
+) inherits confdroid_ssh::params {
+  require confdroid_ssh::main::install
+
+  file { $ssh_etc_path:
+    ensure   => directory,
+    path     => $ssh_etc_path,
+    owner    => $sshd_user,
+    group    => $sshd_user,
+    mode     => '0700',
+    selrange => s0,
+    selrole  => object_r,
+    seltype  => etc_t,
+    seluser  => system_u,
+  }
+
+  file { $sshd_custom_path:
+    ensure   => directory,
+    owner    => $sshd_user,
+    group    => $sshd_user,
+    mode     => '0700',
+    selrange => s0,
+    selrole  => object_r,
+    seltype  => etc_t,
+    seluser  => system_u,
+  }
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html new file mode 100644 index 0000000..8460181 --- /dev/null +++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html @@ -0,0 +1,202 @@ + + + + + + + Puppet Class: confdroid_ssh::main::files + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: confdroid_ssh::main::files

+
+ +
+
Inherits:
+
confdroid_ssh::params
+
+ + +
+
Defined in:
+
+ manifests/main/files.pp +
+
+
+ +

Summary

+ Class manages files + +

Overview

+
+
+ +

confdroid_ssh::main::files.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)

+ +
+
+ + + +
+ + + +
+ + + + + +
+ 
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+ 		+ 
# File 'manifests/main/files.pp', line 6
+
+class confdroid_ssh::main::files (
+) inherits confdroid_ssh::params {
+  require confdroid_ssh::main::dirs
+
+  file { $sshd_config_path:
+    ensure   => file,
+    path     => $sshd_config_path,
+    owner    => $sshd_user,
+    group    => $sshd_user,
+    mode     => '0640',
+    selrange => s0,
+    selrole  => object_r,
+    seltype  => etc_t,
+    seluser  => system_u,
+    content  => template($sshd_config_erb),
+    notify   => Service[$sshd_service],
+  }
+
+  if $ssh_manage_config {
+    file { $sshd_custom_conf:
+      ensure   => file,
+      path     => $sshd_custom_conf,
+      owner    => $sshd_user,
+      group    => $sshd_user,
+      mode     => '0640',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+      content  => template($sshd_custom_erb),
+      notify   => Service[$sshd_service],
+    }
+    # we want the default root login setting to be managed by the custom conf, 
+    # so we remove the default file if it exists
+    file { $sshd_root_login_file:
+      ensure => absent,
+      path   => $sshd_root_login_file,
+      notify => Service[$sshd_service],
+    }
+  }
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Ainstall.html new file mode 100644 index 0000000..8e13492 --- /dev/null +++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Ainstall.html @@ -0,0 +1,132 @@ + + + + + + + Puppet Class: confdroid_ssh::main::install + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: confdroid_ssh::main::install

+
+ +
+
Inherits:
+
confdroid_ssh::params
+
+ + +
+
Defined in:
+
+ manifests/main/install.pp +
+
+
+ +

Summary

+ Class manages installation + +

Overview

+
+
+ +

confdroid_ssh::main::install.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)

+ +
+
+ + + +
+ + + +
+ + + + + +
+ 
+
+
+6
+7
+8
+9
+10
+11
+ 		+ 
# File 'manifests/main/install.pp', line 6
+
+class confdroid_ssh::main::install (
+) inherits confdroid_ssh::params {
+  package { $ssh_reqpackages:
+    ensure => $pkg_ensure,
+  }
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aservice.html new file mode 100644 index 0000000..aea60d2 --- /dev/null +++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aservice.html @@ -0,0 +1,150 @@ + + + + + + + Puppet Class: confdroid_ssh::main::service + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: confdroid_ssh::main::service

+
+ +
+
Inherits:
+
confdroid_ssh::params
+
+ + +
+
Defined in:
+
+ manifests/main/service.pp +
+
+
+ +

Summary

+ Class manages service settings + +

Overview

+
+
+ +

confdroid_ssh::main::service.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)

+ +
+
+ + + +
+ + + +
+ + + + + +
+ 
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+ 		+ 
# File 'manifests/main/service.pp', line 6
+
+class confdroid_ssh::main::service (
+) inherits confdroid_ssh::params {
+  require confdroid_ssh::main::files
+  require confdroid_ssh::selinux::semanage
+  if $ssh_use_firewall {
+    require confdroid_ssh::firewall::iptables
+  }
+
+  service { $sshd_service:
+    ensure     => running,
+    hasstatus  => true,
+    hasrestart => true,
+    enable     => true,
+  }
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html new file mode 100644 index 0000000..d7b6f9c --- /dev/null +++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html @@ -0,0 +1,456 @@ + + + + + + + Puppet Class: confdroid_ssh::params + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: confdroid_ssh::params

+
+ + +
+
Inherited by:
+
+ + confdroid_ssh::main::dirs
+ + confdroid_ssh::main::files
+ + confdroid_ssh::main::config
+ + confdroid_ssh::main::install
+ + confdroid_ssh::main::service
+ + confdroid_ssh::selinux::semanage
+ + confdroid_ssh::firewall::iptables
+ +
+
+ +
+
Defined in:
+
+ manifests/params.pp +
+
+
+ +

Summary

+ Class contains all class parameters for confdroid_ssh + +

Overview

+
+
+ +

confdroid_ssh::params.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)

+ +
+
+ + + +
+

Parameters:

+
    + +
  • + + ssh_reqpackages + + + (Array) + + + (defaults to: ['openssh','openssh-clients','openssh-server']) + + + — +
    +

    packages to install

    +
    + +
    • + +
  • + + pkg_ensure + + + (String) + + + (defaults to: 'present') + + + — +
    +

    version to install: ‘present’ or ‘latest’

    +
    + +
    • + +
  • + + ssh_use_firewall + + + (Boolean) + + + (defaults to: true) + + + — +
    +

    whether to manage firewall settings

    +
    + +
    • + +
  • + + ssh_fw_port + + + (String) + + + (defaults to: '22') + + + — +
    +

    port to use for SSHD and in fw

    +
    + +
    • + +
  • + + ssh_fw_order + + + (String) + + + (defaults to: '50') + + + — +
    +

    order of firewall rule

    +
    + +
    • + +
  • + + ssh_source_range + + + (String) + + + (defaults to: '0.0.0.0/0') + + + — +
    +

    source range for firewall rule

    +
    + +
    • + +
  • + + ssh_manage_config + + + (Boolean) + + + (defaults to: true) + + + — +
    +

    whether to manage the configuration

    +
    + +
    • + +
  • + + ssh_address_family + + + (String) + + + (defaults to: 'any') + + + — +
    +

    AddressFamily setting for sshd_config

    +
    + +
    • + +
  • + + ssh_listen_address + + + (String) + + + (defaults to: '0.0.0.0') + + + — +
    +

    ListenAddress setting for sshd_config

    +
    + +
    • + +
  • + + ssh_root_login + + + (String) + + + (defaults to: 'prohibit-password') + + + — +
    +

    PermitRootLogin setting for sshd_config

    +
    + +
    • + +
  • + + ssh_strict_modes + + + (String) + + + (defaults to: 'yes') + + + — +
    +

    StrictModes setting for sshd_config

    +
    + +
    • + +
  • + + ssh_max_auth_tries + + + (String) + + + (defaults to: '6') + + + — +
    +

    MaxAuthTries setting for sshd_config

    +
    + +
    • + +
  • + + ssh_max_sessions + + + (String) + + + (defaults to: '10') + + + — +
    +

    MaxSessions setting for sshd_config

    +
    + +
    • + +
+ + + +
+ + + + + +
+ 
+
+
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+59
+ 		+ 
# File 'manifests/params.pp', line 19
+
+class confdroid_ssh::params (
+
+  Array $ssh_reqpackages      = ['openssh','openssh-clients','openssh-server'],
+  String $pkg_ensure          = 'present',
+
+  # firewall settings
+  Boolean $ssh_use_firewall   = true,
+  String $ssh_fw_port         = '22',
+  String $ssh_fw_order        = '50',
+  String $ssh_source_range    = '0.0.0.0/0',
+
+  # main configuration 
+  Boolean $ssh_manage_config  = true,
+  String  $ssh_address_family = 'any',
+  String  $ssh_listen_address = '0.0.0.0',
+  String  $ssh_root_login     = 'prohibit-password',
+  String  $ssh_strict_modes   = 'yes',
+  String  $ssh_max_auth_tries = '6',
+  String  $ssh_max_sessions    = '10',
+
+) {
+# default facts
+  $fqdn                     = $facts['networking']['fqdn']
+  $hostname                 = $facts['networking']['hostname']
+  $domain                   = $facts['networking']['domain']
+  $os_name                  = $facts['os']['name']
+  $os_release               = $facts['os']['release']['major']
+
+  $sshd_user                = 'root'
+  $ssh_etc_path             = '/etc/ssh'
+  $sshd_service             = 'sshd'
+  $sshd_config_path         = "${ssh_etc_path}/sshd_config"
+  $sshd_custom_path         = "${ssh_etc_path}/sshd_config.d"
+  $sshd_custom_conf         = "${sshd_custom_path}/10-custom.conf"
+  $sshd_custom_erb          = 'confdroid_ssh/sshd_custom_conf.erb'
+  $sshd_config_erb          = 'confdroid_ssh/sshd_config.erb'
+  $sshd_root_login_file     = "${sshd_custom_path}/01-permitrootlogin.conf"
+
+  # includes must be last
+  include confdroid_ssh::main::config
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aselinux_3A_3Asemanage.html b/doc/puppet_classes/confdroid_ssh_3A_3Aselinux_3A_3Asemanage.html new file mode 100644 index 0000000..a2bf44f --- /dev/null +++ b/doc/puppet_classes/confdroid_ssh_3A_3Aselinux_3A_3Asemanage.html @@ -0,0 +1,136 @@ + + + + + + + Puppet Class: confdroid_ssh::selinux::semanage + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: confdroid_ssh::selinux::semanage

+
+ +
+
Inherits:
+
confdroid_ssh::params
+
+ + +
+
Defined in:
+
+ manifests/selinux/semanage.pp +
+
+
+ +

Summary

+ Class manages SELinux semanage settings + +

Overview

+
+
+ +

confdroid_ssh::selinux::semanage.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)

+ +
+
+ + + +
+ + + +
+ + + + + +
+ 
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+ 		+ 
# File 'manifests/selinux/semanage.pp', line 6
+
+class confdroid_ssh::selinux::semanage (
+) inherits confdroid_ssh::params {
+  exec { 'semanage_port_ssh':
+    command => "semanage port -a -t ssh_port_t -p tcp ${ssh_fw_port}",
+    unless  => "semanage port -l | grep '^ssh_port_t' | grep 'tcp' | grep '${ssh_fw_port}'",
+    path    => ['/usr/bin', '/usr/sbin'],
+  }
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html new file mode 100644 index 0000000..5d6b54b --- /dev/null +++ b/doc/top-level-namespace.html @@ -0,0 +1,98 @@ + + + + + + + Top Level Namespace + + — Documentation by YARD 0.9.36 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Top Level Namespace + + + +

+
+ + + + + + + + + + + +
+ + + + + + + + + + +
+ + + +
+ + \ No newline at end of file From 28e0acd73ceac69c40dfd077a1b5ce335aef87a9 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Thu, 9 Apr 2026 14:13:43 +0200 Subject: [PATCH 02/25] Recommit for updates in build 9 --- doc/_index.html | 5 ----- doc/puppet_class_list.html | 21 +++++++------------ .../confdroid_ssh_3A_3Aparams.html | 2 -- 3 files changed, 7 insertions(+), 21 deletions(-) diff --git a/doc/_index.html b/doc/_index.html index f5b0f9a..b9c274a 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -73,11 +73,6 @@ -
  • - confdroid_ssh::firewall::iptables - -
    • -
  • confdroid_ssh::main::config diff --git a/doc/puppet_class_list.html b/doc/puppet_class_list.html index 5557e96..87e5d2f 100644 --- a/doc/puppet_class_list.html +++ b/doc/puppet_class_list.html @@ -43,56 +43,49 @@
    • -
  • -
    - confdroid_ssh::firewall::iptables -
    -
    • - - -
  • +
  • confdroid_ssh::main::config
    • -
  • +
  • confdroid_ssh::main::dirs
    • -
  • +
  • confdroid_ssh::main::files
    • -
  • +
  • confdroid_ssh::main::install
    • -
  • +
  • confdroid_ssh::main::service
    • -
  • +
  • confdroid_ssh::params
    • -
  • +
  • confdroid_ssh::selinux::semanage
    diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html index d7b6f9c..501f091 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html @@ -79,8 +79,6 @@ confdroid_ssh::selinux::semanage
    - confdroid_ssh::firewall::iptables
    - From e7ed8dd4b0909318b4ff5c78f9afef350311414a Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Thu, 9 Apr 2026 14:16:15 +0200 Subject: [PATCH 03/25] Recommit for updates in build 10 --- doc/_index.html | 5 +++++ doc/puppet_class_list.html | 21 ++++++++++++------ ...droid_ssh_3A_3Afirewall_3A_3Aiptables.html | 22 +++++++++++++++++-- .../confdroid_ssh_3A_3Aparams.html | 2 ++ 4 files changed, 41 insertions(+), 9 deletions(-) diff --git a/doc/_index.html b/doc/_index.html index b9c274a..f5b0f9a 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -73,6 +73,11 @@
    • +
  • + confdroid_ssh::firewall::iptables + +
    • +
  • confdroid_ssh::main::config diff --git a/doc/puppet_class_list.html b/doc/puppet_class_list.html index 87e5d2f..5557e96 100644 --- a/doc/puppet_class_list.html +++ b/doc/puppet_class_list.html @@ -43,49 +43,56 @@
    • -
  • +
  • +
    + confdroid_ssh::firewall::iptables +
    +
    • + + +
  • confdroid_ssh::main::config
    • -
  • +
  • confdroid_ssh::main::dirs
    • -
  • +
  • confdroid_ssh::main::files
    • -
  • +
  • confdroid_ssh::main::install
    • -
  • +
  • confdroid_ssh::main::service
    • -
  • +
  • confdroid_ssh::params
    • -
  • +
  • confdroid_ssh::selinux::semanage
    diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html index 515d544..0f23945 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html @@ -113,7 +113,16 @@ 15 16 17 -18 +18 +19 +20 +21 +22 +23 +24 +25 +26 +27 
    # File 'manifests/firewall/iptables.pp', line 6
@@ -121,7 +130,7 @@
 class confdroid_ssh::firewall::iptables (
 
 ) inherits confdroid_ssh::params {
-  if $ssh_use_firewall {
+  if $ssh_use_firewall == true {
     firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
       ensure => 'present',
       proto  => 'tcp',
@@ -130,6 +139,15 @@ class confdroid_ssh::firewall::iptables (
       jump   => 'accept',
     }
   }
+  else {
+    firewall { "${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}":
+      ensure => 'absent',
+      proto  => 'tcp',
+      source => $ssh_source_range,
+      dport  => $ssh_fw_port,
+      jump   => 'accept',
+    }
+  }
 }
    diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html index 501f091..d7b6f9c 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html @@ -79,6 +79,8 @@ confdroid_ssh::selinux::semanage
    + confdroid_ssh::firewall::iptables
    + From a5b60a4418357982c64c836545174528f3628436 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Thu, 9 Apr 2026 14:20:15 +0200 Subject: [PATCH 04/25] Recommit for updates in build 11 --- .../confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html index 0f23945..72537f1 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html @@ -139,7 +139,7 @@ class confdroid_ssh::firewall::iptables ( jump => 'accept', } } - else { + if $ssh_use_firewall == false { firewall { "${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}": ensure => 'absent', proto => 'tcp', From 8353748191b9220ec49c08ec3b0aaaf7a7e32f5d Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Thu, 9 Apr 2026 14:33:23 +0200 Subject: [PATCH 05/25] Recommit for updates in build 13 --- .../confdroid_ssh_3A_3Amain_3A_3Aservice.html | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aservice.html index aea60d2..867a2e0 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Aservice.html @@ -113,9 +113,7 @@ 15 16 17 -18 -19 -20 +18 
    # File 'manifests/main/service.pp', line 6
@@ -124,9 +122,7 @@ class confdroid_ssh::main::service (
 ) inherits confdroid_ssh::params {
   require confdroid_ssh::main::files
   require confdroid_ssh::selinux::semanage
-  if $ssh_use_firewall {
-    require confdroid_ssh::firewall::iptables
-  }
+  require confdroid_ssh::firewall::iptables
 
   service { $sshd_service:
     ensure     => running,

From fbdc21d72f083dfe18a1f8e636f5176e57d1400b Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Thu, 9 Apr 2026 14:57:52 +0200
Subject: [PATCH 06/25] Recommit for updates in build 14

---
 ...droid_ssh_3A_3Afirewall_3A_3Aiptables.html | 32 ++++++++-----------
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
index 72537f1..935ccb0 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
@@ -120,9 +120,7 @@
 22
 23
 24
-25
-26
-27
    +25 
    # File 'manifests/firewall/iptables.pp', line 6
@@ -130,23 +128,21 @@
 class confdroid_ssh::firewall::iptables (
 
 ) inherits confdroid_ssh::params {
-  if $ssh_use_firewall == true {
-    firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
-      ensure => 'present',
-      proto  => 'tcp',
-      source => $ssh_source_range,
-      dport  => $ssh_fw_port,
-      jump   => 'accept',
+  case $ssh_use_firewall {
+    true, 'true', 'yes', '1': {
+      $ssh_fw_ensure = 'present'
+    }
+    default: {
+      $ssh_fw_ensure = 'absent'
     }
   }
-  if $ssh_use_firewall == false {
-    firewall { "${ssh_fw_order}${ssh_fw_port} remove SSH on port ${ssh_fw_port}":
-      ensure => 'absent',
-      proto  => 'tcp',
-      source => $ssh_source_range,
-      dport  => $ssh_fw_port,
-      jump   => 'accept',
-    }
+
+  firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
+    ensure => $ssh_fw_ensure,
+    proto  => 'tcp',
+    source => $ssh_source_range,
+    dport  => $ssh_fw_port,
+    jump   => 'accept',
   }
 }
    From b8d581e00d72fbcee312f7594cd4472e90f39732 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Thu, 9 Apr 2026 15:01:50 +0200 Subject: [PATCH 07/25] Recommit for updates in build 15 --- ...droid_ssh_3A_3Afirewall_3A_3Aiptables.html | 22 ++----------------- .../confdroid_ssh_3A_3Aparams.html | 14 ++++++------ 2 files changed, 9 insertions(+), 27 deletions(-) diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html index 935ccb0..90696db 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html @@ -111,16 +111,7 @@ 13 14 15 -16 -17 -18 -19 -20 -21 -22 -23 -24 -25 +16 
    # File 'manifests/firewall/iptables.pp', line 6
@@ -128,17 +119,8 @@
 class confdroid_ssh::firewall::iptables (
 
 ) inherits confdroid_ssh::params {
-  case $ssh_use_firewall {
-    true, 'true', 'yes', '1': {
-      $ssh_fw_ensure = 'present'
-    }
-    default: {
-      $ssh_fw_ensure = 'absent'
-    }
-  }
-
   firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
-    ensure => $ssh_fw_ensure,
+    ensure => $ssh_use_firewall,
     proto  => 'tcp',
     source => $ssh_source_range,
     dport  => $ssh_fw_port,
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index d7b6f9c..e8a8e1f 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -151,15 +151,15 @@
         ssh_use_firewall
       
       
-        (Boolean)
+        (String)
       
       
-        (defaults to: true)
+        (defaults to: 'present')
    
-
    whether to manage firewall settings
    
+
    whether set the fw rule to present or absent.
    • @@ -355,7 +355,6 @@ 
     
 
-19
 20
 21
 22
@@ -395,10 +394,11 @@
 56
 57
 58
-59
    +59 +60 - 
    # File 'manifests/params.pp', line 19
+        
    # File 'manifests/params.pp', line 20
 
 class confdroid_ssh::params (
 
@@ -406,7 +406,7 @@ class confdroid_ssh::params (
   String $pkg_ensure          = 'present',
 
   # firewall settings
-  Boolean $ssh_use_firewall   = true,
+  String $ssh_use_firewall   = 'present',
   String $ssh_fw_port         = '22',
   String $ssh_fw_order        = '50',
   String $ssh_source_range    = '0.0.0.0/0',

From c6afa78f88728a6abd713c1cd53d430af8587872 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Thu, 9 Apr 2026 15:07:46 +0200
Subject: [PATCH 08/25] Recommit for updates in build 16

---
 .../confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html            | 2 +-
 doc/puppet_classes/confdroid_ssh_3A_3Aparams.html             | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
index 90696db..982e405 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html
@@ -120,7 +120,7 @@ class confdroid_ssh::firewall::iptables (
 
 ) inherits confdroid_ssh::params {
   firewall { "${ssh_fw_order}${ssh_fw_port} allow SSH on port ${ssh_fw_port}":
-    ensure => $ssh_use_firewall,
+    ensure => $ssh_fw_rule,
     proto  => 'tcp',
     source => $ssh_source_range,
     dport  => $ssh_fw_port,
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index e8a8e1f..b92d607 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -148,7 +148,7 @@
   
     
  • 
       
-        ssh_use_firewall
+        ssh_fw_rule
       
       
         (String)
@@ -406,7 +406,7 @@ class confdroid_ssh::params (
   String $pkg_ensure          = 'present',
 
   # firewall settings
-  String $ssh_use_firewall   = 'present',
+  String $ssh_fw_rule         = 'present',
   String $ssh_fw_port         = '22',
   String $ssh_fw_order        = '50',
   String $ssh_source_range    = '0.0.0.0/0',

From 0570348f105b7c9308fe7843f31438a6317912bf Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Mon, 13 Apr 2026 12:57:58 +0200
Subject: [PATCH 09/25] Recommit for updates in build 17

---
 .../confdroid_ssh_3A_3Aparams.html            | 194 +++++++++++++++---
 1 file changed, 167 insertions(+), 27 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index b92d607..ea0d346 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -340,6 +340,132 @@
         —
         
    
 
    MaxSessions setting for sshd_config
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_pubkey_auth
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    PubkeyAuthentication setting for sshd_config
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_auth_key_files
+      
+      
+        (String)
+      
+      
+        (defaults to: '.ssh/authorized_keys')
+      
+      
+        —
+        
    
+
    AuthorizedKeysFile setting for sshd_config
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_authorized_principals_file
+      
+      
+        (String)
+      
+      
+        (defaults to: 'none')
+      
+      
+        —
+        
    
+
    AuthorizedPrincipalsFile setting for sshd_config. Default is ‘none’ to disable this setting.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_authorized_keys_command
+      
+      
+        (String)
+      
+      
+        (defaults to: 'none')
+      
+      
+        —
+        
    
+
    AuthorizedKeysCommand setting for sshd_config. Default is ‘none’ to disable this setting.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_authorized_keys_command_user
+      
+      
+        (String)
+      
+      
+        (defaults to: 'nobody')
+      
+      
+        —
+        
    
+
    AuthorizedKeysCommandUser setting for sshd_config. Default is ‘nobody’ to use an unpriviledged user.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_use_specific_hostkey
+      
+      
+        (Boolean)
+      
+      
+        (defaults to: false)
+      
+      
+        —
+        
    
+
    whether to use a specific host key
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_hostkey_type
+      
+      
+        (String)
+      
+      
+        (defaults to: 'rsa')
+      
+      
+        —
+        
    
+
    type of host key to use if ssh_use_specific_hostkey is true
    
 
    
       
     
    • 
@@ -355,17 +481,6 @@
         
     
 
-20
-21
-22
-23
-24
-25
-26
-27
-28
-29
-30
 31
 32
 33
@@ -395,30 +510,55 @@
 57
 58
 59
-60
    
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
    
       
       
-        
    # File 'manifests/params.pp', line 20
+        
    # File 'manifests/params.pp', line 31
 
 class confdroid_ssh::params (
 
-  Array $ssh_reqpackages      = ['openssh','openssh-clients','openssh-server'],
-  String $pkg_ensure          = 'present',
+  Array $ssh_reqpackages                    = ['openssh','openssh-clients','openssh-server'],
+  String $pkg_ensure                        = 'present',
 
   # firewall settings
-  String $ssh_fw_rule         = 'present',
-  String $ssh_fw_port         = '22',
-  String $ssh_fw_order        = '50',
-  String $ssh_source_range    = '0.0.0.0/0',
+  String $ssh_fw_rule                       = 'present',
+  String $ssh_fw_port                       = '22',
+  String $ssh_fw_order                      = '50',
+  String $ssh_source_range                  = '0.0.0.0/0',
 
-  # main configuration 
-  Boolean $ssh_manage_config  = true,
-  String  $ssh_address_family = 'any',
-  String  $ssh_listen_address = '0.0.0.0',
-  String  $ssh_root_login     = 'prohibit-password',
-  String  $ssh_strict_modes   = 'yes',
-  String  $ssh_max_auth_tries = '6',
-  String  $ssh_max_sessions    = '10',
+  # sshd configuration 
+  Boolean $ssh_manage_config                = true,
+  String  $ssh_address_family               = 'any',
+  String  $ssh_listen_address               = '0.0.0.0',
+  String  $ssh_root_login                   = 'prohibit-password',
+  String  $ssh_strict_modes                 = 'yes',
+  String  $ssh_max_auth_tries               = '6',
+  String  $ssh_max_sessions                 = '10',
+  String  $ssh_pubkey_auth                  = 'yes',
+  String  $ssh_auth_key_files               = '.ssh/authorized_keys',
+  String  $ssh_authorized_principals_file   = 'none',
+  String  $ssh_authorized_keys_command      = 'none',
+  String  $ssh_authorized_keys_command_user = 'nobody',
+  Boolean $ssh_use_specific_hostkey         = false,
+  String  $ssh_hostkey_type                 = 'rsa',
 
 ) {
 # default facts

From fca3e37b09057ff6d4da5ac738865b071e1c6501 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Mon, 13 Apr 2026 13:10:40 +0200
Subject: [PATCH 10/25] Recommit for updates in build 18

---
 .../confdroid_ssh_3A_3Aparams.html            | 76 +++++++++++++++++--
 1 file changed, 68 insertions(+), 8 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index ea0d346..968712a 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -466,6 +466,60 @@
         —
         
    
 
    type of host key to use if ssh_use_specific_hostkey is true
    
+
    
+      
+    
+  
+    
  • 
+      
+        ssh_rekeylimit
+      
+      
+        (String)
+      
+      
+        (defaults to: 'default none')
+      
+      
+        —
+        
    
+
    RekeyLimit setting for sshd_config. Default is ‘default none’.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_syslog_facility
+      
+      
+        (String)
+      
+      
+        (defaults to: 'AUTH')
+      
+      
+        —
+        
    
+
    SyslogFacility setting for sshd_config. Default is ‘AUTH’.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_log_level
+      
+      
+        (String)
+      
+      
+        (defaults to: 'INFO')
+      
+      
+        —
+        
    
+
    LogLevel setting for sshd_config. Default is ‘INFO’.
    
 
    
       
     
    • 
@@ -481,12 +535,6 @@
         
     
 
-31
-32
-33
-34
-35
-36
 37
 38
 39
@@ -528,10 +576,19 @@
 75
 76
 77
-78
    
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
    
       
       
-        
    # File 'manifests/params.pp', line 31
+        
    # File 'manifests/params.pp', line 37
 
 class confdroid_ssh::params (
 
@@ -559,6 +616,9 @@ class confdroid_ssh::params (
   String  $ssh_authorized_keys_command_user = 'nobody',
   Boolean $ssh_use_specific_hostkey         = false,
   String  $ssh_hostkey_type                 = 'rsa',
+  String  $ssh_rekeylimit                   = 'default none',
+  String  $ssh_syslog_facility              = 'AUTH',
+  String  $ssh_log_level                    = 'INFO'
 
 ) {
 # default facts

From e7ac45b383f8501fe6b85fac3ec87ea9a8111117 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Mon, 13 Apr 2026 14:21:20 +0200
Subject: [PATCH 11/25] Recommit for updates in build 21

---
 .../confdroid_ssh_3A_3Aparams.html            | 92 +++++++++++++++----
 1 file changed, 76 insertions(+), 16 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index 968712a..e238d72 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -520,6 +520,60 @@
         —
         
    
 
    LogLevel setting for sshd_config. Default is ‘INFO’.
    
+
    
+      
+    
+  
+    
  • 
+      
+        ssh_password_authentication
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    PasswordAuthentication setting for sshd_config. Default is ‘no’, which requires key-based authentication. This is a recommended security setting, so passwords do not show up in logs, but can be set to ‘yes’ if password authentication is desired.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_permit_empty_passwords
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    PermitEmptyPasswords setting for sshd_config. Default is ‘no’, which is a recommended security setting and works in connection with key-based authentication, but can be set to ‘yes’ if password authentication should be allowed and empty passwords should be allowed. Again, this should be used with caution if enabled.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_kbd_interactive_auth
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’, which is a recommended security setting together with password authentication, but can be set to ‘yes’ if keyboard-interactive authentication should be allowed. (not recommended)
    
 
    
       
     
    • 
@@ -535,19 +589,6 @@
         
     
 
-37
-38
-39
-40
-41
-42
-43
-44
-45
-46
-47
-48
-49
 50
 51
 52
@@ -585,10 +626,26 @@
 84
 85
 86
-87
    
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+100
+101
+102
+103
    
       
       
-        
    # File 'manifests/params.pp', line 37
+        
    # File 'manifests/params.pp', line 50
 
 class confdroid_ssh::params (
 
@@ -618,7 +675,10 @@ class confdroid_ssh::params (
   String  $ssh_hostkey_type                 = 'rsa',
   String  $ssh_rekeylimit                   = 'default none',
   String  $ssh_syslog_facility              = 'AUTH',
-  String  $ssh_log_level                    = 'INFO'
+  String  $ssh_log_level                    = 'INFO',
+  String  $ssh_password_authentication      = 'no',
+  String  $ssh_permit_empty_passwords       = 'no',
+  String  $ssh_kbd_interactive_auth         = 'no'
 
 ) {
 # default facts

From 3f5714f6c3663d33b7edb51258fb2377d057a86a Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Mon, 13 Apr 2026 14:55:14 +0200
Subject: [PATCH 12/25] Recommit for updates in build 22

---
 .../confdroid_ssh_3A_3Aparams.html            | 314 +++++++++++++++---
 1 file changed, 268 insertions(+), 46 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index e238d72..5feebb8 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -574,6 +574,204 @@
         —
         
    
 
    setting for sshd_config. Default is ‘no’, which is a recommended security setting together with password authentication, but can be set to ‘yes’ if keyboard-interactive authentication should be allowed. (not recommended)
    
+
    
+      
+    
+  
+    
  • 
+      
+        ssh_kerberos_authentication
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. Kerberos authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to ‘yes’ if desired.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_kerberos_or_local_passwd
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to allow local password authentication as a fallback if Kerberos authentication fails, but can be set to ‘no’ if you want to only allow Kerberos authentication.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_kerberos_ticket_cleanup
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to enable ticket cleanup, but can be set to ‘no’ if you want to disable it.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_kerberos_get_afstoken
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to enable AFS token retrieval, but can be set to ‘no’ if you want to disable it.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_kerberos_use_kuserok
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to enable userok with Kerberos, but can be set to ‘no’ if you want to disable it.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_use_kerberos
+      
+      
+        (Boolean)
+      
+      
+        (defaults to: false)
+      
+      
+        —
+        
    
+
    whether to use Kerberos authentication. If true, the relevant Kerberos settings will be included in the sshd_config, otherwise they will be ignored.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_use_gssapi
+      
+      
+        (Boolean)
+      
+      
+        (defaults to: false)
+      
+      
+        —
+        
    
+
    whether to use GSSAPI authentication. If true, GSSAPI authentication will be enabled in sshd_config, otherwise it will be disabled. GSSAPI authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to true if desired.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_gssapi_authentication
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSS authentication, but can be set to ‘no’ if you want to disable it.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_gssapi_cleanup_credentials
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSS credential cleanup, but can be set to ‘no’ if you want to disable it.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_gssapi_key_exchange
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSS key exchange.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_gssapi_enablek5users
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSSAPI for k5users.
    
 
    
       
     
    • 
@@ -589,49 +787,6 @@
         
     
 
-50
-51
-52
-53
-54
-55
-56
-57
-58
-59
-60
-61
-62
-63
-64
-65
-66
-67
-68
-69
-70
-71
-72
-73
-74
-75
-76
-77
-78
-79
-80
-81
-82
-83
-84
-85
-86
-87
-88
-89
-90
-91
-92
 93
 94
 95
@@ -642,10 +797,65 @@
 100
 101
 102
-103
    
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
    
       
       
-        
    # File 'manifests/params.pp', line 50
+        
    # File 'manifests/params.pp', line 93
 
 class confdroid_ssh::params (
 
@@ -678,7 +888,19 @@ class confdroid_ssh::params (
   String  $ssh_log_level                    = 'INFO',
   String  $ssh_password_authentication      = 'no',
   String  $ssh_permit_empty_passwords       = 'no',
-  String  $ssh_kbd_interactive_auth         = 'no'
+  String  $ssh_kbd_interactive_auth         = 'no',
+  Boolean $ssh_use_kerberos                 = false,
+  String  $ssh_kerberos_authentication      = 'yes',
+  String  $ssh_kerberos_or_local_passwd     = 'yes',
+  String  $ssh_kerberos_ticket_cleanup      = 'yes',
+  String  $ssh_kerberos_get_afstoken        = 'no',
+  String  $ssh_kerberos_use_kuserok         = 'yes',
+  Boolean $ssh_use_gssapi                   = false,
+  String  $ssh_gssapi_authentication         = 'yes',
+  String  $ssh_gssapi_cleanup_credentials    = 'yes',
+  String  $ssh_gssapi_key_exchange           = 'no',
+  String  $ssh_gssapi_enablek5users          = 'no',
+
 
 ) {
 # default facts

From a648676a517363e1fa9733866957b96d7a5af6b7 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Mon, 13 Apr 2026 15:01:32 +0200
Subject: [PATCH 13/25] Recommit for updates in build 23

---
 .../confdroid_ssh_3A_3Aparams.html            | 44 +++++++++++++------
 1 file changed, 31 insertions(+), 13 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index 5feebb8..db161d4 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -772,6 +772,24 @@
         —
         
    
 
    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSSAPI for k5users.
    
+
    
+      
+    
+  
+    
  • 
+      
+        ssh_use_pam
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’. PAM is not commonly used for SSH authentication and can introduce security risks if not configured properly, so it is disabled by default. Thi setting is related to PasswordAuthentication and KbdInteractiveAuthentication, and should be set to ‘yes’ only if you want to use PAM for authentication together with those settings.
    
 
    
       
     
    • 
@@ -787,12 +805,6 @@
         
     
 
-93
-94
-95
-96
-97
-98
 99
 100
 101
@@ -852,10 +864,16 @@
 155
 156
 157
-158
    
+158
+159
+160
+161
+162
+163
+164
    
       
       
-        
    # File 'manifests/params.pp', line 93
+        
    # File 'manifests/params.pp', line 99
 
 class confdroid_ssh::params (
 
@@ -896,11 +914,11 @@ class confdroid_ssh::params (
   String  $ssh_kerberos_get_afstoken        = 'no',
   String  $ssh_kerberos_use_kuserok         = 'yes',
   Boolean $ssh_use_gssapi                   = false,
-  String  $ssh_gssapi_authentication         = 'yes',
-  String  $ssh_gssapi_cleanup_credentials    = 'yes',
-  String  $ssh_gssapi_key_exchange           = 'no',
-  String  $ssh_gssapi_enablek5users          = 'no',
-
+  String  $ssh_gssapi_authentication        = 'yes',
+  String  $ssh_gssapi_cleanup_credentials   = 'yes',
+  String  $ssh_gssapi_key_exchange          = 'no',
+  String  $ssh_gssapi_enablek5users         = 'no',
+  String  $ssh_use_pam                      = 'no',
 
 ) {
 # default facts

From 3dcd479229d3136f625d8e0b9bad8630fa3c526e Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Mon, 13 Apr 2026 15:53:09 +0200
Subject: [PATCH 14/25] Recommit for updates in build 24

---
 .../confdroid_ssh_3A_3Aparams.html            | 534 +++++++++++++++---
 1 file changed, 467 insertions(+), 67 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index db161d4..8a474e8 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -790,6 +790,366 @@
         —
         
    
 
    setting for sshd_config. Default is ‘no’. PAM is not commonly used for SSH authentication and can introduce security risks if not configured properly, so it is disabled by default. Thi setting is related to PasswordAuthentication and KbdInteractiveAuthentication, and should be set to ‘yes’ only if you want to use PAM for authentication together with those settings.
    
+
    
+      
+    
+  
+    
  • 
+      
+        ssh_allow_agent_forwarding
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘yes’, which allows SSH agent forwarding, but can be set to ‘no’ if you want to disable this feature for security reasons.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_allow_tcp_forwarding
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘yes’, which allows TCP forwarding, but can be set to ‘no’ if you want to disable this feature for security reasons.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_gateway_ports
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’, which means that remote hosts cannot connect to forwarded ports, but can be set to ‘yes’ or ‘clientspecified’ if you want to allow remote hosts to connect to forwarded ports. This setting should be used with caution if enabled, as it can introduce security risks.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_x11_forwarding
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’, which disables X11 forwarding, but can be set to ‘yes’ if you want to allow X11 forwarding. This setting should be used with caution if enabled.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_x11_display_offset
+      
+      
+        (String)
+      
+      
+        (defaults to: '10')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘10’. This setting is only relevant if X11 forwarding is enabled, and specifies the first display number available for X11 forwarding. The default of ‘10’ means that the first forwarded display will be :10, the second will be :11, and so on. This setting can be adjusted if you want to use a different range of display numbers for X11 forwarding.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_x11_use_localhost
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘yes’, which means that X11 forwarding will only be available on the loopback interface, but can be set to ‘no’ if you want to allow X11 forwarding on all network interfaces.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_permit_tty
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘yes’, which allows TTY allocation, but can be set to ‘no’ if you want to disable TTY allocation.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_print_motd
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘yes’, which means that the message of the day will be printed when users log in, but can be set to ‘no’ if you want to disable this feature.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_print_lastlog
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘yes’, which means that the last login information will be printed when users log in, but can be set to ‘no’ if you want to disable this feature.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_tcp_keepalive
+      
+      
+        (String)
+      
+      
+        (defaults to: 'yes')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘yes’, which means that TCP keepalive messages will be sent, but can be set to ‘no’ if you want to disable this feature. This setting can be useful to disable if you have issues with dropped connections, but in general it is recommended to keep it enabled.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_permit_user_environment
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’, which means that user environment variables will not be processed, but can be set to ‘yes’ if you want to allow users to specify environment variables in their ~/.ssh/environment file.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_compression
+      
+      
+        (String)
+      
+      
+        (defaults to: 'delayed')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘delayed’, which means that compression will be enabled after successful authentication, but can be set to ‘yes’ if you want to enable compression from the start of the connection. The ‘delayed’ setting is a good compromise that allows for faster authentication while still providing the benefits of compression for the rest of the session.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_client_alive_interval
+      
+      
+        (String)
+      
+      
+        (defaults to: '0')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘0’, which means that no keepalive messages will be sent by the server, but can be set to a positive integer to specify the interval in seconds between keepalive messages sent by the server to the client. This can be useful to detect and close stale connections, but should be used with caution as it can cause unexpected disconnections if set too aggressively.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_client_alive_count_max
+      
+      
+        (String)
+      
+      
+        (defaults to: '3')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘3’. This setting is only relevant if ssh_client_alive_interval is set to a positive integer, and specifies the number of consecutive keepalive messages that can be sent without receiving a response from the client before the server considers the connection to be stale and disconnects it.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_use_dns
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’, which means that the server will not perform DNS lookups on connecting clients, but can be set to ‘yes’ if you want the server to perform DNS lookups. Disabling DNS lookups can improve connection times and reduce the risk of DNS spoofing attacks, so it is generally recommended to keep this setting disabled unless you have a specific need for it.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_pid_file
+      
+      
+        (String)
+      
+      
+        (defaults to: '/var/run/sshd.pid')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘/var/run/sshd.pid’, which is the common location for the sshd PID file, but can be set to a different path if desired. This setting specifies the location of the sshd PID file.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_max_startups
+      
+      
+        (String)
+      
+      
+        (defaults to: '10:30:100')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘10:30:100’, which means that the server will allow up to 10 concurrent unauthenticated connections, and will start dropping connections with a probability that increases linearly.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_permit_tunnel
+      
+      
+        (String)
+      
+      
+        (defaults to: 'no')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘no’, which means that tunneling is not allowed, but can be set to ‘yes’ if you want to allow tunneling, or ‘point-to-point’ to allow only point-to-point tunneling. This setting should be used with caution if enabled.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_chroot_directory
+      
+      
+        (String)
+      
+      
+        (defaults to: 'none')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘none’, which means that no chroot directory will be used, but can be set to a valid directory path if you want to use chroot for SSH sessions.
    
+
    
+      
+    
    • 
+  
+    
  • 
+      
+        ssh_version_addendum
+      
+      
+        (String)
+      
+      
+        (defaults to: 'none')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘none’, which means that no version addendum will be included in the SSH banner, but can be set to a custom string if you want to include additional information in the SSH version banner. This can be used for branding purposes, but should be used with caution as it can potentially leak information about the server that could be useful to attackers.
    
 
    
       
     
    • 
@@ -805,75 +1165,95 @@
         
     
 
-99
-100
-101
-102
-103
-104
-105
-106
-107
-108
-109
-110
-111
-112
-113
-114
-115
-116
-117
-118
-119
-120
-121
-122
-123
-124
-125
-126
-127
-128
-129
-130
-131
-132
-133
-134
-135
-136
-137
-138
-139
-140
-141
-142
-143
-144
-145
-146
-147
-148
-149
-150
-151
-152
-153
-154
-155
-156
-157
-158
-159
-160
-161
-162
-163
-164
    
+188
+189
+190
+191
+192
+193
+194
+195
+196
+197
+198
+199
+200
+201
+202
+203
+204
+205
+206
+207
+208
+209
+210
+211
+212
+213
+214
+215
+216
+217
+218
+219
+220
+221
+222
+223
+224
+225
+226
+227
+228
+229
+230
+231
+232
+233
+234
+235
+236
+237
+238
+239
+240
+241
+242
+243
+244
+245
+246
+247
+248
+249
+250
+251
+252
+253
+254
+255
+256
+257
+258
+259
+260
+261
+262
+263
+264
+265
+266
+267
+268
+269
+270
+271
+272
+273
    
       
       
-        
    # File 'manifests/params.pp', line 99
+        
    # File 'manifests/params.pp', line 188
 
 class confdroid_ssh::params (
 
@@ -919,6 +1299,26 @@ class confdroid_ssh::params (
   String  $ssh_gssapi_key_exchange          = 'no',
   String  $ssh_gssapi_enablek5users         = 'no',
   String  $ssh_use_pam                      = 'no',
+  String  $ssh_allow_agent_forwarding       = 'yes',
+  String  $ssh_allow_tcp_forwarding         = 'yes',
+  String  $ssh_gateway_ports                = 'no',
+  String  $ssh_x11_forwarding               = 'no',
+  String  $ssh_x11_display_offset           = '10',
+  String  $ssh_x11_use_localhost            = 'yes',
+  String  $ssh_permit_tty                   = 'yes',
+  String  $ssh_print_motd                   = 'yes',
+  String  $ssh_print_lastlog                = 'yes',
+  String  $ssh_tcp_keepalive                = 'yes',
+  String  $ssh_permit_user_environment      = 'no',
+  String  $ssh_compression                  = 'delayed',
+  String  $ssh_client_alive_interval        = '0',
+  String  $ssh_client_alive_count_max       = '3',
+  String  $ssh_use_dns                      = 'no',
+  String  $ssh_pid_file                     = '/var/run/sshd.pid',
+  String  $ssh_max_startups                 = '10:30:100',
+  String  $ssh_permit_tunnel                = 'no',
+  String  $ssh_chroot_directory             = 'none',
+  String  $ssh_version_addendum             = 'none',
 
 ) {
 # default facts

From 9a564261f7e0a77870f2b8805ac79b5595752f72 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Mon, 13 Apr 2026 16:39:34 +0200
Subject: [PATCH 15/25] Recommit for updates in build 25

---
 .../confdroid_ssh_3A_3Aparams.html            | 36 ++++++++++++++-----
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index 8a474e8..dd5db69 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -1150,6 +1150,24 @@
         —
         
    
 
    setting for sshd_config. Default is ‘none’, which means that no version addendum will be included in the SSH banner, but can be set to a custom string if you want to include additional information in the SSH version banner. This can be used for branding purposes, but should be used with caution as it can potentially leak information about the server that could be useful to attackers.
    
+
    
+      
+    
+  
+    
  • 
+      
+        ssh_banner
+      
+      
+        (String)
+      
+      
+        (defaults to: 'none')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘none’, which means that no banner will be displayed to users when they connect, but can be set to a valid file path if you want to display a custom banner message to users when they connect. This can be used to display legal notices, security warnings, or other information to users when they connect to the SSH server.
    
 
    
       
     
    • 
@@ -1165,12 +1183,6 @@
         
     
 
-188
-189
-190
-191
-192
-193
 194
 195
 196
@@ -1250,10 +1262,17 @@
 270
 271
 272
-273
    
+273
+274
+275
+276
+277
+278
+279
+280
    
       
       
-        
    # File 'manifests/params.pp', line 188
+        
    # File 'manifests/params.pp', line 194
 
 class confdroid_ssh::params (
 
@@ -1319,6 +1338,7 @@ class confdroid_ssh::params (
   String  $ssh_permit_tunnel                = 'no',
   String  $ssh_chroot_directory             = 'none',
   String  $ssh_version_addendum             = 'none',
+  String  $ssh_banner                       = 'none',
 
 ) {
 # default facts

From c7e9800b5bb14d1534453a0129016cca17c6461f Mon Sep 17 00:00:00 2001
From: Arne Teuke <12ww1160@confdroid.com>
Date: Mon, 13 Apr 2026 17:28:14 +0200
Subject: [PATCH 16/25] Edit files.pp

---
 manifests/main/files.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index 118cf09..2c71e6b 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -23,7 +23,7 @@ class confdroid_ssh::main::files (
 
   if $ssh_manage_config {
     file { $sshd_custom_conf:
-      ensure   => file,
+      ensure   => absent,
       path     => $sshd_custom_conf,
       owner    => $sshd_user,
       group    => $sshd_user,

From ca0ec2bb84b9814c644a35feeef415a41344af5b Mon Sep 17 00:00:00 2001
From: Arne Teuke <12ww1160@confdroid.com>
Date: Tue, 14 Apr 2026 11:39:14 +0200
Subject: [PATCH 17/25] Edit files.pp

---
 manifests/main/files.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index 2c71e6b..118cf09 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -23,7 +23,7 @@ class confdroid_ssh::main::files (
 
   if $ssh_manage_config {
     file { $sshd_custom_conf:
-      ensure   => absent,
+      ensure   => file,
       path     => $sshd_custom_conf,
       owner    => $sshd_user,
       group    => $sshd_user,

From 5f6b9d8b99c81624f5a4240152fe1d9bd7d0aa98 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Tue, 14 Apr 2026 11:49:58 +0200
Subject: [PATCH 18/25] Recommit for updates in build 27

---
 .../confdroid_ssh_3A_3Amain_3A_3Adirs.html    |  4 +-
 .../confdroid_ssh_3A_3Aparams.html            | 44 ++++++++++++++-----
 2 files changed, 34 insertions(+), 14 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html
index c67a40e..61e259c 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html
@@ -141,7 +141,7 @@ class confdroid_ssh::main::dirs (
     path     => $ssh_etc_path,
     owner    => $sshd_user,
     group    => $sshd_user,
-    mode     => '0700',
+    mode     => '0755',
     selrange => s0,
     selrole  => object_r,
     seltype  => etc_t,
@@ -152,7 +152,7 @@ class confdroid_ssh::main::dirs (
     ensure   => directory,
     owner    => $sshd_user,
     group    => $sshd_user,
-    mode     => '0700',
+    mode     => '0755',
     selrange => s0,
     selrole  => object_r,
     seltype  => etc_t,
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index dd5db69..5290b75 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -532,7 +532,7 @@
         (String)
       
       
-        (defaults to: 'no')
+        (defaults to: 'yes')
       
       
         —
@@ -568,7 +568,7 @@
         (String)
       
       
-        (defaults to: 'no')
+        (defaults to: 'yes')
       
       
         —
@@ -1168,6 +1168,24 @@
         —
         
    
 
    setting for sshd_config. Default is ‘none’, which means that no banner will be displayed to users when they connect, but can be set to a valid file path if you want to display a custom banner message to users when they connect. This can be used to display legal notices, security warnings, or other information to users when they connect to the SSH server.
    
+
    
+      
+    
+  
+    
  • 
+      
+        ssh_login_grace_time
+      
+      
+        (String)
+      
+      
+        (defaults to: '2m')
+      
+      
+        —
+        
    
+
    setting for sshd_config. Default is ‘2m’, which means that users have 2 minutes to successfully authenticate before the server disconnects them, but can be set to a different time interval if desired. This setting can be used to limit the amount of time that attackers have to attempt to brute-force authentication, but should be set to a reasonable value to avoid disconnecting legitimate users who may need more time to log
    
 
    
       
     
    • 
@@ -1183,12 +1201,6 @@
         
     
 
-194
-195
-196
-197
-198
-199
 200
 201
 202
@@ -1269,10 +1281,17 @@
 277
 278
 279
-280
    
+280
+281
+282
+283
+284
+285
+286
+287
    
       
       
-        
    # File 'manifests/params.pp', line 194
+        
    # File 'manifests/params.pp', line 200
 
 class confdroid_ssh::params (
 
@@ -1289,6 +1308,7 @@ class confdroid_ssh::params (
   Boolean $ssh_manage_config                = true,
   String  $ssh_address_family               = 'any',
   String  $ssh_listen_address               = '0.0.0.0',
+  String  $ssh_login_grace_time             = '2m',
   String  $ssh_root_login                   = 'prohibit-password',
   String  $ssh_strict_modes                 = 'yes',
   String  $ssh_max_auth_tries               = '6',
@@ -1303,9 +1323,9 @@ class confdroid_ssh::params (
   String  $ssh_rekeylimit                   = 'default none',
   String  $ssh_syslog_facility              = 'AUTH',
   String  $ssh_log_level                    = 'INFO',
-  String  $ssh_password_authentication      = 'no',
+  String  $ssh_password_authentication      = 'yes',
   String  $ssh_permit_empty_passwords       = 'no',
-  String  $ssh_kbd_interactive_auth         = 'no',
+  String  $ssh_kbd_interactive_auth         = 'yes',
   Boolean $ssh_use_kerberos                 = false,
   String  $ssh_kerberos_authentication      = 'yes',
   String  $ssh_kerberos_or_local_passwd     = 'yes',

From 12e800318b9d51d47beb9595ff7f21063a2097c6 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Tue, 14 Apr 2026 12:28:53 +0200
Subject: [PATCH 19/25] Recommit for updates in build 29

---
 .../confdroid_ssh_3A_3Amain_3A_3Afiles.html   |  2 +-
 .../confdroid_ssh_3A_3Aparams.html            | 28 ++++++++++++++++---
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
index 8460181..008c095 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
@@ -166,7 +166,7 @@ class confdroid_ssh::main::files (
 
   if $ssh_manage_config {
     file { $sshd_custom_conf:
-      ensure   => file,
+      ensure   => $ssh_custom_ensure,
       path     => $sshd_custom_conf,
       owner    => $sshd_user,
       group    => $sshd_user,
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index 5290b75..9c3ea31 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -1186,6 +1186,24 @@
         —
         
    
 
    setting for sshd_config. Default is ‘2m’, which means that users have 2 minutes to successfully authenticate before the server disconnects them, but can be set to a different time interval if desired. This setting can be used to limit the amount of time that attackers have to attempt to brute-force authentication, but should be set to a reasonable value to avoid disconnecting legitimate users who may need more time to log
    
+
    
+      
+    
+  
+    
  • 
+      
+        ssh_custom_ensure
+      
+      
+        (String)
+      
+      
+        (defaults to: 'file')
+      
+      
+        —
+        
    
+
    whether the custom configuration file should be file or absent.
    
 
    
       
     
    • 
@@ -1201,8 +1219,6 @@
         
     
 
-200
-201
 202
 203
 204
@@ -1288,10 +1304,13 @@
 284
 285
 286
-287
    
+287
+288
+289
+290
    
       
       
-        
    # File 'manifests/params.pp', line 200
+        
    # File 'manifests/params.pp', line 202
 
 class confdroid_ssh::params (
 
@@ -1305,6 +1324,7 @@ class confdroid_ssh::params (
   String $ssh_source_range                  = '0.0.0.0/0',
 
   # sshd configuration 
+  String  $ssh_custom_ensure                = 'file',
   Boolean $ssh_manage_config                = true,
   String  $ssh_address_family               = 'any',
   String  $ssh_listen_address               = '0.0.0.0',

From e0dcf663ae65a820b1979dce9fcb07c5e39855ed Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Tue, 14 Apr 2026 12:34:57 +0200
Subject: [PATCH 20/25] Recommit for updates in build 30

---
 doc/puppet_classes/confdroid_ssh_3A_3Aparams.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index 9c3ea31..083dcf6 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -1198,7 +1198,7 @@
         (String)
       
       
-        (defaults to: 'file')
+        (defaults to: 'absent')
       
       
         —
@@ -1324,7 +1324,7 @@ class confdroid_ssh::params (
   String $ssh_source_range                  = '0.0.0.0/0',
 
   # sshd configuration 
-  String  $ssh_custom_ensure                = 'file',
+  String  $ssh_custom_ensure                = 'absent',
   Boolean $ssh_manage_config                = true,
   String  $ssh_address_family               = 'any',
   String  $ssh_listen_address               = '0.0.0.0',

From 72810343ece6fd05b10e365fae99733705b27539 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Tue, 14 Apr 2026 12:48:14 +0200
Subject: [PATCH 21/25] Recommit for updates in build 31

---
 doc/file.README.html                             |  6 ++++--
 doc/index.html                                   |  6 ++++--
 .../confdroid_ssh_3A_3Amain_3A_3Afiles.html      | 16 +---------------
 3 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/doc/file.README.html b/doc/file.README.html
index 92c2f45..d50ddf8 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -97,8 +97,6 @@
 
    • 
 
      install required binaries
      
 
    • 
-
      manage local custom configuration based on parameters, overriding the defaults
      
-
    • 
 
      manage selinux rules
      
 
    • 
 
      manage service
      
@@ -106,6 +104,10 @@
 
      (optional) manage firewall
      
 
    
 
+
    
+
    Note Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the ssh_custom_ensuresetting set to absent (default).
    
+
    
+
 
    Support
    
 
    • 
 
      Rocky 9 (Any RHEL 9 based OS should work but has not been tested)
      
diff --git a/doc/index.html b/doc/index.html
index f4a1c4f..b5751d3 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -97,8 +97,6 @@
 
      • 
 
        install required binaries
        
 
      • 
-
        manage local custom configuration based on parameters, overriding the defaults
        
-
      • 
 
        manage selinux rules
        
 
      • 
 
        manage service
        
@@ -106,6 +104,10 @@
 
        (optional) manage firewall
        
 
      
 
+
      
+
      Note Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the ssh_custom_ensuresetting set to absent (default).
      
+
      
+
 
      Support
      
 
      • 
 
        Rocky 9 (Any RHEL 9 based OS should work but has not been tested)
        
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
index 008c095..6ffa772 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
@@ -134,14 +134,7 @@
 36
 37
 38
-39
-40
-41
-42
-43
-44
-45
-46
    
+39
    
       
       
         
    # File 'manifests/main/files.pp', line 6
@@ -178,13 +171,6 @@ class confdroid_ssh::main::files (
       content  => template($sshd_custom_erb),
       notify   => Service[$sshd_service],
     }
-    # we want the default root login setting to be managed by the custom conf, 
-    # so we remove the default file if it exists
-    file { $sshd_root_login_file:
-      ensure => absent,
-      path   => $sshd_root_login_file,
-      notify => Service[$sshd_service],
-    }
   }
 }
    
       

From 6578688e1fc266cd063b8c35b0d758d69307d2ea Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Tue, 14 Apr 2026 13:00:52 +0200
Subject: [PATCH 22/25] Recommit for updates in build 32

---
 doc/file.README.html | 2 +-
 doc/index.html       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/file.README.html b/doc/file.README.html
index d50ddf8..e4add7a 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -121,7 +121,7 @@
 
 
    Module Deployment
    
 
-
    ALmost every puppet setup is done in very custom ways, and hence the way the modules are deployed to nodes are different. This module assumes Foreman as ENC, so the modules just have to be present on the master node and Foreman will take care for it.
    
+
    Almost every puppet setup is done in very custom ways, and hence the way the modules are deployed to nodes are different. This module assumes Foreman as ENC, so the modules just have to be present on the master node and Foreman will take care for it.
    
 
 
    Tests
    
 
    • 
diff --git a/doc/index.html b/doc/index.html
index b5751d3..3362646 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -121,7 +121,7 @@
 
 
      Module Deployment
      
 
-
      ALmost every puppet setup is done in very custom ways, and hence the way the modules are deployed to nodes are different. This module assumes Foreman as ENC, so the modules just have to be present on the master node and Foreman will take care for it.
      
+
      Almost every puppet setup is done in very custom ways, and hence the way the modules are deployed to nodes are different. This module assumes Foreman as ENC, so the modules just have to be present on the master node and Foreman will take care for it.
      
 
 
      Tests
      
 
      • 

From 4d3c86cd0c14972839f877066c3e36ee19d87429 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Tue, 14 Apr 2026 13:09:40 +0200
Subject: [PATCH 23/25] Recommit for updates in build 33

---
 doc/file.README.html                          |    4 -
 doc/index.html                                |    4 -
 .../confdroid_ssh_3A_3Amain_3A_3Afiles.html   |   34 +-
 .../confdroid_ssh_3A_3Aparams.html            | 1170 +----------------
 4 files changed, 32 insertions(+), 1180 deletions(-)

diff --git a/doc/file.README.html b/doc/file.README.html
index e4add7a..caa9f94 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -104,10 +104,6 @@
 
        (optional) manage firewall
        
 
      
 
-
      
-
      Note Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the ssh_custom_ensuresetting set to absent (default).
      
-
      
-
 
      Support
      
 
      • 
 
        Rocky 9 (Any RHEL 9 based OS should work but has not been tested)
        
diff --git a/doc/index.html b/doc/index.html
index 3362646..5b15103 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -104,10 +104,6 @@
 
        (optional) manage firewall
        
 
      
 
-
      
-
      Note Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the ssh_custom_ensuresetting set to absent (default).
      
-
      
-
 
      Support
      
 
      • 
 
        Rocky 9 (Any RHEL 9 based OS should work but has not been tested)
        
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
index 6ffa772..f2f2cae 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
@@ -118,23 +118,7 @@
 20
 21
 22
-23
-24
-25
-26
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37
-38
-39
    
+23
    
       
       
         
    # File 'manifests/main/files.pp', line 6
@@ -156,22 +140,6 @@ class confdroid_ssh::main::files (
     content  => template($sshd_config_erb),
     notify   => Service[$sshd_service],
   }
-
-  if $ssh_manage_config {
-    file { $sshd_custom_conf:
-      ensure   => $ssh_custom_ensure,
-      path     => $sshd_custom_conf,
-      owner    => $sshd_user,
-      group    => $sshd_user,
-      mode     => '0640',
-      selrange => s0,
-      selrole  => object_r,
-      seltype  => etc_t,
-      seluser  => system_u,
-      content  => template($sshd_custom_erb),
-      notify   => Service[$sshd_service],
-    }
-  }
 }
    
       
     
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index 083dcf6..27bcb46 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -214,996 +214,6 @@
         —
         
    
 
    source range for firewall rule
    
-
    
-      
-    
-  
-    
  • 
-      
-        ssh_manage_config
-      
-      
-        (Boolean)
-      
-      
-        (defaults to: true)
-      
-      
-        —
-        
    
-
    whether to manage the configuration
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_address_family
-      
-      
-        (String)
-      
-      
-        (defaults to: 'any')
-      
-      
-        —
-        
    
-
    AddressFamily setting for sshd_config
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_listen_address
-      
-      
-        (String)
-      
-      
-        (defaults to: '0.0.0.0')
-      
-      
-        —
-        
    
-
    ListenAddress setting for sshd_config
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_root_login
-      
-      
-        (String)
-      
-      
-        (defaults to: 'prohibit-password')
-      
-      
-        —
-        
    
-
    PermitRootLogin setting for sshd_config
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_strict_modes
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    StrictModes setting for sshd_config
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_max_auth_tries
-      
-      
-        (String)
-      
-      
-        (defaults to: '6')
-      
-      
-        —
-        
    
-
    MaxAuthTries setting for sshd_config
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_max_sessions
-      
-      
-        (String)
-      
-      
-        (defaults to: '10')
-      
-      
-        —
-        
    
-
    MaxSessions setting for sshd_config
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_pubkey_auth
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    PubkeyAuthentication setting for sshd_config
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_auth_key_files
-      
-      
-        (String)
-      
-      
-        (defaults to: '.ssh/authorized_keys')
-      
-      
-        —
-        
    
-
    AuthorizedKeysFile setting for sshd_config
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_authorized_principals_file
-      
-      
-        (String)
-      
-      
-        (defaults to: 'none')
-      
-      
-        —
-        
    
-
    AuthorizedPrincipalsFile setting for sshd_config. Default is ‘none’ to disable this setting.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_authorized_keys_command
-      
-      
-        (String)
-      
-      
-        (defaults to: 'none')
-      
-      
-        —
-        
    
-
    AuthorizedKeysCommand setting for sshd_config. Default is ‘none’ to disable this setting.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_authorized_keys_command_user
-      
-      
-        (String)
-      
-      
-        (defaults to: 'nobody')
-      
-      
-        —
-        
    
-
    AuthorizedKeysCommandUser setting for sshd_config. Default is ‘nobody’ to use an unpriviledged user.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_use_specific_hostkey
-      
-      
-        (Boolean)
-      
-      
-        (defaults to: false)
-      
-      
-        —
-        
    
-
    whether to use a specific host key
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_hostkey_type
-      
-      
-        (String)
-      
-      
-        (defaults to: 'rsa')
-      
-      
-        —
-        
    
-
    type of host key to use if ssh_use_specific_hostkey is true
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_rekeylimit
-      
-      
-        (String)
-      
-      
-        (defaults to: 'default none')
-      
-      
-        —
-        
    
-
    RekeyLimit setting for sshd_config. Default is ‘default none’.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_syslog_facility
-      
-      
-        (String)
-      
-      
-        (defaults to: 'AUTH')
-      
-      
-        —
-        
    
-
    SyslogFacility setting for sshd_config. Default is ‘AUTH’.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_log_level
-      
-      
-        (String)
-      
-      
-        (defaults to: 'INFO')
-      
-      
-        —
-        
    
-
    LogLevel setting for sshd_config. Default is ‘INFO’.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_password_authentication
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    PasswordAuthentication setting for sshd_config. Default is ‘no’, which requires key-based authentication. This is a recommended security setting, so passwords do not show up in logs, but can be set to ‘yes’ if password authentication is desired.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_permit_empty_passwords
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    PermitEmptyPasswords setting for sshd_config. Default is ‘no’, which is a recommended security setting and works in connection with key-based authentication, but can be set to ‘yes’ if password authentication should be allowed and empty passwords should be allowed. Again, this should be used with caution if enabled.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_kbd_interactive_auth
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’, which is a recommended security setting together with password authentication, but can be set to ‘yes’ if keyboard-interactive authentication should be allowed. (not recommended)
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_kerberos_authentication
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. Kerberos authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to ‘yes’ if desired.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_kerberos_or_local_passwd
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to allow local password authentication as a fallback if Kerberos authentication fails, but can be set to ‘no’ if you want to only allow Kerberos authentication.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_kerberos_ticket_cleanup
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to enable ticket cleanup, but can be set to ‘no’ if you want to disable it.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_kerberos_get_afstoken
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to enable AFS token retrieval, but can be set to ‘no’ if you want to disable it.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_kerberos_use_kuserok
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to enable userok with Kerberos, but can be set to ‘no’ if you want to disable it.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_use_kerberos
-      
-      
-        (Boolean)
-      
-      
-        (defaults to: false)
-      
-      
-        —
-        
    
-
    whether to use Kerberos authentication. If true, the relevant Kerberos settings will be included in the sshd_config, otherwise they will be ignored.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_use_gssapi
-      
-      
-        (Boolean)
-      
-      
-        (defaults to: false)
-      
-      
-        —
-        
    
-
    whether to use GSSAPI authentication. If true, GSSAPI authentication will be enabled in sshd_config, otherwise it will be disabled. GSSAPI authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to true if desired.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_gssapi_authentication
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSS authentication, but can be set to ‘no’ if you want to disable it.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_gssapi_cleanup_credentials
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSS credential cleanup, but can be set to ‘no’ if you want to disable it.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_gssapi_key_exchange
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSS key exchange.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_gssapi_enablek5users
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSSAPI for k5users.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_use_pam
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’. PAM is not commonly used for SSH authentication and can introduce security risks if not configured properly, so it is disabled by default. Thi setting is related to PasswordAuthentication and KbdInteractiveAuthentication, and should be set to ‘yes’ only if you want to use PAM for authentication together with those settings.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_allow_agent_forwarding
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘yes’, which allows SSH agent forwarding, but can be set to ‘no’ if you want to disable this feature for security reasons.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_allow_tcp_forwarding
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘yes’, which allows TCP forwarding, but can be set to ‘no’ if you want to disable this feature for security reasons.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_gateway_ports
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’, which means that remote hosts cannot connect to forwarded ports, but can be set to ‘yes’ or ‘clientspecified’ if you want to allow remote hosts to connect to forwarded ports. This setting should be used with caution if enabled, as it can introduce security risks.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_x11_forwarding
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’, which disables X11 forwarding, but can be set to ‘yes’ if you want to allow X11 forwarding. This setting should be used with caution if enabled.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_x11_display_offset
-      
-      
-        (String)
-      
-      
-        (defaults to: '10')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘10’. This setting is only relevant if X11 forwarding is enabled, and specifies the first display number available for X11 forwarding. The default of ‘10’ means that the first forwarded display will be :10, the second will be :11, and so on. This setting can be adjusted if you want to use a different range of display numbers for X11 forwarding.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_x11_use_localhost
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘yes’, which means that X11 forwarding will only be available on the loopback interface, but can be set to ‘no’ if you want to allow X11 forwarding on all network interfaces.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_permit_tty
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘yes’, which allows TTY allocation, but can be set to ‘no’ if you want to disable TTY allocation.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_print_motd
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘yes’, which means that the message of the day will be printed when users log in, but can be set to ‘no’ if you want to disable this feature.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_print_lastlog
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘yes’, which means that the last login information will be printed when users log in, but can be set to ‘no’ if you want to disable this feature.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_tcp_keepalive
-      
-      
-        (String)
-      
-      
-        (defaults to: 'yes')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘yes’, which means that TCP keepalive messages will be sent, but can be set to ‘no’ if you want to disable this feature. This setting can be useful to disable if you have issues with dropped connections, but in general it is recommended to keep it enabled.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_permit_user_environment
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’, which means that user environment variables will not be processed, but can be set to ‘yes’ if you want to allow users to specify environment variables in their ~/.ssh/environment file.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_compression
-      
-      
-        (String)
-      
-      
-        (defaults to: 'delayed')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘delayed’, which means that compression will be enabled after successful authentication, but can be set to ‘yes’ if you want to enable compression from the start of the connection. The ‘delayed’ setting is a good compromise that allows for faster authentication while still providing the benefits of compression for the rest of the session.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_client_alive_interval
-      
-      
-        (String)
-      
-      
-        (defaults to: '0')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘0’, which means that no keepalive messages will be sent by the server, but can be set to a positive integer to specify the interval in seconds between keepalive messages sent by the server to the client. This can be useful to detect and close stale connections, but should be used with caution as it can cause unexpected disconnections if set too aggressively.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_client_alive_count_max
-      
-      
-        (String)
-      
-      
-        (defaults to: '3')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘3’. This setting is only relevant if ssh_client_alive_interval is set to a positive integer, and specifies the number of consecutive keepalive messages that can be sent without receiving a response from the client before the server considers the connection to be stale and disconnects it.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_use_dns
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’, which means that the server will not perform DNS lookups on connecting clients, but can be set to ‘yes’ if you want the server to perform DNS lookups. Disabling DNS lookups can improve connection times and reduce the risk of DNS spoofing attacks, so it is generally recommended to keep this setting disabled unless you have a specific need for it.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_pid_file
-      
-      
-        (String)
-      
-      
-        (defaults to: '/var/run/sshd.pid')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘/var/run/sshd.pid’, which is the common location for the sshd PID file, but can be set to a different path if desired. This setting specifies the location of the sshd PID file.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_max_startups
-      
-      
-        (String)
-      
-      
-        (defaults to: '10:30:100')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘10:30:100’, which means that the server will allow up to 10 concurrent unauthenticated connections, and will start dropping connections with a probability that increases linearly.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_permit_tunnel
-      
-      
-        (String)
-      
-      
-        (defaults to: 'no')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘no’, which means that tunneling is not allowed, but can be set to ‘yes’ if you want to allow tunneling, or ‘point-to-point’ to allow only point-to-point tunneling. This setting should be used with caution if enabled.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_chroot_directory
-      
-      
-        (String)
-      
-      
-        (defaults to: 'none')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘none’, which means that no chroot directory will be used, but can be set to a valid directory path if you want to use chroot for SSH sessions.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_version_addendum
-      
-      
-        (String)
-      
-      
-        (defaults to: 'none')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘none’, which means that no version addendum will be included in the SSH banner, but can be set to a custom string if you want to include additional information in the SSH version banner. This can be used for branding purposes, but should be used with caution as it can potentially leak information about the server that could be useful to attackers.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_banner
-      
-      
-        (String)
-      
-      
-        (defaults to: 'none')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘none’, which means that no banner will be displayed to users when they connect, but can be set to a valid file path if you want to display a custom banner message to users when they connect. This can be used to display legal notices, security warnings, or other information to users when they connect to the SSH server.
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_login_grace_time
-      
-      
-        (String)
-      
-      
-        (defaults to: '2m')
-      
-      
-        —
-        
    
-
    setting for sshd_config. Default is ‘2m’, which means that users have 2 minutes to successfully authenticate before the server disconnects them, but can be set to a different time interval if desired. This setting can be used to limit the amount of time that attackers have to attempt to brute-force authentication, but should be set to a reasonable value to avoid disconnecting legitimate users who may need more time to log
    
-
    
-      
-    
    • 
-  
-    
  • 
-      
-        ssh_custom_ensure
-      
-      
-        (String)
-      
-      
-        (defaults to: 'absent')
-      
-      
-        —
-        
    
-
    whether the custom configuration file should be file or absent.
    
 
    
       
     
    • 
@@ -1219,98 +229,39 @@
         
     
 
-202
-203
-204
-205
-206
-207
-208
-209
-210
-211
-212
-213
-214
-215
-216
-217
-218
-219
-220
-221
-222
-223
-224
-225
-226
-227
-228
-229
-230
-231
-232
-233
-234
-235
-236
-237
-238
-239
-240
-241
-242
-243
-244
-245
-246
-247
-248
-249
-250
-251
-252
-253
-254
-255
-256
-257
-258
-259
-260
-261
-262
-263
-264
-265
-266
-267
-268
-269
-270
-271
-272
-273
-274
-275
-276
-277
-278
-279
-280
-281
-282
-283
-284
-285
-286
-287
-288
-289
-290
    
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
    
       
       
-        
    # File 'manifests/params.pp', line 202
+        
    # File 'manifests/params.pp', line 13
 
 class confdroid_ssh::params (
 
@@ -1323,63 +274,6 @@ class confdroid_ssh::params (
   String $ssh_fw_order                      = '50',
   String $ssh_source_range                  = '0.0.0.0/0',
 
-  # sshd configuration 
-  String  $ssh_custom_ensure                = 'absent',
-  Boolean $ssh_manage_config                = true,
-  String  $ssh_address_family               = 'any',
-  String  $ssh_listen_address               = '0.0.0.0',
-  String  $ssh_login_grace_time             = '2m',
-  String  $ssh_root_login                   = 'prohibit-password',
-  String  $ssh_strict_modes                 = 'yes',
-  String  $ssh_max_auth_tries               = '6',
-  String  $ssh_max_sessions                 = '10',
-  String  $ssh_pubkey_auth                  = 'yes',
-  String  $ssh_auth_key_files               = '.ssh/authorized_keys',
-  String  $ssh_authorized_principals_file   = 'none',
-  String  $ssh_authorized_keys_command      = 'none',
-  String  $ssh_authorized_keys_command_user = 'nobody',
-  Boolean $ssh_use_specific_hostkey         = false,
-  String  $ssh_hostkey_type                 = 'rsa',
-  String  $ssh_rekeylimit                   = 'default none',
-  String  $ssh_syslog_facility              = 'AUTH',
-  String  $ssh_log_level                    = 'INFO',
-  String  $ssh_password_authentication      = 'yes',
-  String  $ssh_permit_empty_passwords       = 'no',
-  String  $ssh_kbd_interactive_auth         = 'yes',
-  Boolean $ssh_use_kerberos                 = false,
-  String  $ssh_kerberos_authentication      = 'yes',
-  String  $ssh_kerberos_or_local_passwd     = 'yes',
-  String  $ssh_kerberos_ticket_cleanup      = 'yes',
-  String  $ssh_kerberos_get_afstoken        = 'no',
-  String  $ssh_kerberos_use_kuserok         = 'yes',
-  Boolean $ssh_use_gssapi                   = false,
-  String  $ssh_gssapi_authentication        = 'yes',
-  String  $ssh_gssapi_cleanup_credentials   = 'yes',
-  String  $ssh_gssapi_key_exchange          = 'no',
-  String  $ssh_gssapi_enablek5users         = 'no',
-  String  $ssh_use_pam                      = 'no',
-  String  $ssh_allow_agent_forwarding       = 'yes',
-  String  $ssh_allow_tcp_forwarding         = 'yes',
-  String  $ssh_gateway_ports                = 'no',
-  String  $ssh_x11_forwarding               = 'no',
-  String  $ssh_x11_display_offset           = '10',
-  String  $ssh_x11_use_localhost            = 'yes',
-  String  $ssh_permit_tty                   = 'yes',
-  String  $ssh_print_motd                   = 'yes',
-  String  $ssh_print_lastlog                = 'yes',
-  String  $ssh_tcp_keepalive                = 'yes',
-  String  $ssh_permit_user_environment      = 'no',
-  String  $ssh_compression                  = 'delayed',
-  String  $ssh_client_alive_interval        = '0',
-  String  $ssh_client_alive_count_max       = '3',
-  String  $ssh_use_dns                      = 'no',
-  String  $ssh_pid_file                     = '/var/run/sshd.pid',
-  String  $ssh_max_startups                 = '10:30:100',
-  String  $ssh_permit_tunnel                = 'no',
-  String  $ssh_chroot_directory             = 'none',
-  String  $ssh_version_addendum             = 'none',
-  String  $ssh_banner                       = 'none',
-
 ) {
 # default facts
   $fqdn                     = $facts['networking']['fqdn']
@@ -1393,8 +287,6 @@ class confdroid_ssh::params (
   $sshd_service             = 'sshd'
   $sshd_config_path         = "${ssh_etc_path}/sshd_config"
   $sshd_custom_path         = "${ssh_etc_path}/sshd_config.d"
-  $sshd_custom_conf         = "${sshd_custom_path}/10-custom.conf"
-  $sshd_custom_erb          = 'confdroid_ssh/sshd_custom_conf.erb'
   $sshd_config_erb          = 'confdroid_ssh/sshd_config.erb'
   $sshd_root_login_file     = "${sshd_custom_path}/01-permitrootlogin.conf"
 

From b629a265bdc16a717a13109fa1bcd9a6b7785d55 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Tue, 14 Apr 2026 13:34:17 +0200
Subject: [PATCH 24/25] Recommit for updates in build 34

---
 doc/file.README.html | 6 +++++-
 doc/index.html       | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/doc/file.README.html b/doc/file.README.html
index caa9f94..011ce0b 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -97,13 +97,17 @@
 
    • 
 
      install required binaries
      
 
    • 
-
      manage selinux rules
      
+
      manage required files and directories including selinux context
      
 
    • 
 
      manage service
      
 
    • 
 
      (optional) manage firewall
      
 
    
 
+
    
+
    ToDo: Define for custom drop-in configurations
    
+
    
+
 
    Support
    
 
    • 
 
      Rocky 9 (Any RHEL 9 based OS should work but has not been tested)
      
diff --git a/doc/index.html b/doc/index.html
index 5b15103..fee4d4b 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -97,13 +97,17 @@
 
      • 
 
        install required binaries
        
 
      • 
-
        manage selinux rules
        
+
        manage required files and directories including selinux context
        
 
      • 
 
        manage service
        
 
      • 
 
        (optional) manage firewall
        
 
      
 
+
      
+
      ToDo: Define for custom drop-in configurations
      
+
      
+
 
      Support
      
 
      • 
 
        Rocky 9 (Any RHEL 9 based OS should work but has not been tested)
        

From 99f37cf02c7f2b74c80ff3718acab8b6b0217c54 Mon Sep 17 00:00:00 2001
From: Jenkins Server 
Date: Tue, 14 Apr 2026 16:22:11 +0200
Subject: [PATCH 25/25] Recommit for updates in build 38

---
 doc/_index.html                               |  24 +++
 doc/puppet_class_list.html                    |   4 +
 doc/puppet_defined_type_list.html             |  54 +++++
 ...id_ssh_3A_3Acustom_3A_3Acustom_config.html | 199 ++++++++++++++++++
 4 files changed, 281 insertions(+)
 create mode 100644 doc/puppet_defined_type_list.html
 create mode 100644 doc/puppet_defined_types/confdroid_ssh_3A_3Acustom_3A_3Acustom_config.html

diff --git a/doc/_index.html b/doc/_index.html
index f5b0f9a..9f20f6d 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -122,6 +122,30 @@
 
 
 
+
        Defined Type Listing A-Z
        
+
+  
+
+  
+    
+  
+
        
+  
+    
+      
+  
+    
        
+
 
 
 
diff --git a/doc/puppet_class_list.html b/doc/puppet_class_list.html
index 5557e96..a8531c9 100644
--- a/doc/puppet_class_list.html
+++ b/doc/puppet_class_list.html
@@ -28,6 +28,10 @@
               Puppet Classes
             
           
+            
+              Defined Types
+            
+          
         
 
         
diff --git a/doc/puppet_defined_type_list.html b/doc/puppet_defined_type_list.html
new file mode 100644
index 0000000..26dd691
--- /dev/null
+++ b/doc/puppet_defined_type_list.html
@@ -0,0 +1,54 @@
+
+
+  
+    
+    
+    
+      
+    
+      
+    
+
+    
+      
+    
+      
+    
+
+    Defined Type List
+    
+  
+  
+    
        
+      
        
+        
        Defined Type List
        
+        
+
+        
+      
        
+
+      
+    
        
+  
+
diff --git a/doc/puppet_defined_types/confdroid_ssh_3A_3Acustom_3A_3Acustom_config.html b/doc/puppet_defined_types/confdroid_ssh_3A_3Acustom_3A_3Acustom_config.html
new file mode 100644
index 0000000..2affcb7
--- /dev/null
+++ b/doc/puppet_defined_types/confdroid_ssh_3A_3Acustom_3A_3Acustom_config.html
@@ -0,0 +1,199 @@
+
+
+  
+    
+
+
+  Defined Type: confdroid_ssh::custom::custom_config
+  
+    — Documentation by YARD 0.9.36
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
        
+      
+      
        
+    
        
+
+    
        
+      
+
+      
        Defined Type: confdroid_ssh::custom::custom_config
        
+
        
+  
        
+    
        Defined in:
        
+    
        
+      manifests/custom/custom_config.pp
+    
        
+  
        
+
        
+
+  
        Summary
        
+  Class manages custom configurations for SSH
+
+
        Overview
        
+
        
+  
        
+    
+
        confdroid_ssh::custom::custom_config.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)
        
+
+  
        
+
        
+
+
+
+
        
+  
        Parameters:
        
+
          
+  
+    
        • 
+      
+        config_name
+      
+      
+        (String)
+      
+      
+      
+        —
+        
          
+
          name of the custom configuration file (without .conf extension)
          
+
          
+      
+    
          • 
+  
+    
        • 
+      
+        config_content
+      
+      
+        (Array[String])
+      
+      
+      
+        —
+        
          
+
          array of configuration lines to include in the custom config
          
+
          
+      
+    
          • 
+  
+
        
+
+
+
+
        
+  
+    
+      
+      
+    
+  
        
+        
        +
+
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
        
+              		
+        
        # File 'manifests/custom/custom_config.pp', line 10
+
+define confdroid_ssh::custom::custom_config (
+
+  String $config_name,
+  Array[String] $config_content,
+
+) {
+  $sshd_custom_path  = $confdroid_ssh::params::sshd_custom_path
+  $sshd_service      = $confdroid_ssh::params::sshd_service
+  $custom_config_erb = 'confdroid_ssh/custom_config.erb'
+  $config_basename   = regsubst($config_name, '\\.conf$', '')
+  $config_file       = "${config_basename}.conf"
+
+  file { "${sshd_custom_path}/${config_file}":
+    ensure   => file,
+    content  => template($custom_config_erb),
+    owner    => 'root',
+    group    => 'root',
+    mode     => '0600',
+    selrange => s0,
+    selrole  => object_r,
+    seltype  => etc_t,
+    seluser  => system_u,
+    notify   => Service[$sshd_service],
+  }
+}
        
+      
        
+
        
+
        
+
+      
+
+    
        
+  
+
\ No newline at end of file