diff --git a/.puppet-lint.rc b/.puppet-lint.rc deleted file mode 100644 index 269b058..0000000 --- a/.puppet-lint.rc +++ /dev/null @@ -1,3 +0,0 @@ ---no-variable_scope-check ---no-top_scope_facts ---no-140chars-check \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index ff0a9cd..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,129 +0,0 @@ -pipeline { - agent { - label 'puppet' - } - - post { - always { - deleteDir() /* clean up our workspace */ - } - success { - updateGitlabCommitStatus state: 'success' - } - failure { - updateGitlabCommitStatus state: 'failed' - step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true]) - } - } - - options { - gitLabConnection('gitlab.confdroid.com') - } - - stages { - - stage('pull master') { - steps { - sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) { - sh ''' - git config user.name "Jenkins Server" - git config user.email jenkins@confdroid.com - # Ensure we're on the development branch (triggered by push) - git checkout development - # Create jenkins branch from development - git checkout -b jenkins-build-$BUILD_NUMBER - # Optionally merge master into jenkins to ensure compatibility - git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; } - ''' - } - } - } - - stage('puppet parser') { - steps { - sh '''for file in $(find . -iname \'*.pp\'); do - /opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1; - done;''' - } - } - - stage('check templates') { - steps{ - sh '''for file in $(find . -iname \'*.erb\'); - do erb -P -x -T "-" $file | ruby -c || exit 1; - done;''' - } - } - - stage('puppet-lint') { - steps { - sh '''/usr/local/bin/puppet-lint . \\ - --no-variable_scope-check \\ - || { echo "Puppet lint failed"; exit 1; } - ''' - } - } - - stage('SonarScan') { - steps { - withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { - sh ''' - /opt/sonar-scanner/bin/sonar-scanner \ - -Dsonar.projectKey=confdroid_ssh \ - -Dsonar.sources=. \ - -Dsonar.host.url=https://sonarqube.confdroid.com \ - -Dsonar.token=$SONAR_TOKEN - ''' - } - } - } - - stage('create Puppet documentation') { - steps { - sh '/opt/puppetlabs/bin/puppet strings' - } - } - - stage('update repo') { - steps { - sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) { - sh ''' - git config user.name "Jenkins Server" - git config user.email jenkins@confdroid.com - git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit" - git push -o merge_request.create \ - -o merge_request.target=master \ - -o merge_request.title="Auto-merge for build $BUILD_NUMBER" \ - -o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \ - -o merge_request.merge_when_pipeline_succeeds=true \ - origin jenkins-build-$BUILD_NUMBER - ''' - } - } - } - stage('Mirror to Gitea') { - steps { - withCredentials([usernamePassword( - credentialsId: 'Jenkins-gitea', - usernameVariable: 'GITEA_USER', - passwordVariable: 'GITEA_TOKEN')]) { - script { - // Checkout from GitLab (already done implicitly) - sh ''' - git checkout master - git pull origin master - git branch -D development - git branch -D jenkins-build-$BUILD_NUMBER - git rm -f Jenkinsfile - git rm -r --cached .vscode || echo "No .vscode to remove from git" - git commit --amend --no-edit --allow-empty - git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_ssh.git - git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \ - push master --mirror - ''' - } - } - } - } - } -} \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html index 8a474e8..dd5db69 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html @@ -1150,6 +1150,24 @@ —

setting for sshd_config. Default is ‘none’, which means that no version addendum will be included in the SSH banner, but can be set to a custom string if you want to include additional information in the SSH version banner. This can be used for branding purposes, but should be used with caution as it can potentially leak information about the server that could be useful to attackers.

+
+ + + +
  • + + ssh_banner + + + (String) + + + (defaults to: 'none') + + + — +
    +

    setting for sshd_config. Default is ‘none’, which means that no banner will be displayed to users when they connect, but can be set to a valid file path if you want to display a custom banner message to users when they connect. This can be used to display legal notices, security warnings, or other information to users when they connect to the SSH server.

    • @@ -1165,12 +1183,6 @@ 
     
 
-188
-189
-190
-191
-192
-193
 194
 195
 196
@@ -1250,10 +1262,17 @@
 270
 271
 272
-273
    +273 +274 +275 +276 +277 +278 +279 +280 - 
    # File 'manifests/params.pp', line 188
+        
    # File 'manifests/params.pp', line 194
 
 class confdroid_ssh::params (
 
@@ -1319,6 +1338,7 @@ class confdroid_ssh::params (
   String  $ssh_permit_tunnel                = 'no',
   String  $ssh_chroot_directory             = 'none',
   String  $ssh_version_addendum             = 'none',
+  String  $ssh_banner                       = 'none',
 
 ) {
 # default facts
diff --git a/manifests/params.pp b/manifests/params.pp
index 7eb6436..6161639 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -184,6 +184,12 @@
 #   additional information in the SSH version banner. This can be used for
 #   branding purposes, but should be used with caution as it can potentially
 #   leak information about the server that could be useful to attackers.
+# @param [String] ssh_banner setting for sshd_config.
+#   Default is 'none', which means that no banner will be displayed to users
+#   when they connect, but can be set to a valid file path if you want to
+#   display a custom banner message to users when they connect. This can be used
+#   to display legal notices, security warnings, or other information to users when
+#   they connect to the SSH server.
 ##############################################################################
 class confdroid_ssh::params (
 
@@ -249,6 +255,7 @@ class confdroid_ssh::params (
   String  $ssh_permit_tunnel                = 'no',
   String  $ssh_chroot_directory             = 'none',
   String  $ssh_version_addendum             = 'none',
+  String  $ssh_banner                       = 'none',
 
 ) {
 # default facts
diff --git a/templates/sshd_custom_conf.erb b/templates/sshd_custom_conf.erb
index 453bc98..530322a 100644
--- a/templates/sshd_custom_conf.erb
+++ b/templates/sshd_custom_conf.erb
@@ -67,4 +67,6 @@ PidFile <%= @ssh_pid_file %>
 MaxStartups <%= @ssh_max_startups %>
 PermitTunnel <%= @ssh_permit_tunnel %>
 ChrootDirectory <%= @ssh_chroot_directory %>
-VersionAddendum <%= @ssh_version_addendum %>
\ No newline at end of file
+VersionAddendum <%= @ssh_version_addendum %>
+
+Banner <%= @ssh_banner %>
\ No newline at end of file