confdroid/confdroid_ssh
1
0
Fork 0
Code Issues Projects Wiki Activity

OP#78 define is added and tested working

Browse Source
This commit is contained in:
Arne Teuke
2026-04-14 17:01:44 +02:00
parent 5508f5a51f
commit af538bb0e9
2 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@@ -7,6 +7,7 @@
- [Synopsis](#synopsis) - [Synopsis](#synopsis)
- [WARNING](#warning) - [WARNING](#warning)
- [Features](#features) - [Features](#features)
- [Adding custom configurations](#adding-custom-configurations)
- [Support](#support) - [Support](#support)
- [Parameter Inheritance](#parameter-inheritance) - [Parameter Inheritance](#parameter-inheritance)
- [Module Deployment](#module-deployment) - [Module Deployment](#module-deployment)
@@ -29,7 +30,29 @@
- manage service - manage service
- (optional) manage firewall - (optional) manage firewall
> ToDo: Define for custom drop-in configurations ## Adding custom configurations
Custom configuration files live in `/etc/ssh/sshd_config.d/`. IN order to create a custom config file, add a stanza like this in your control repo:
```puppet
confdroid_ssh::custom::custom_config { '30-my-custom-rule':
config_name => '30-custom-rule',
config_content => ['PasswordAuthentication no'],
}
```
This will create a file /etc/ssh/sshd_config.d/30-custom-rule.conf with this content:
```puppet
###############################################################################
##### DO NOT EDIT THIS FILE MANUALLY #
##### This file is managed by Puppet. Any changes to this file will be #
##### overwritten. Update the Puppet define input instead. #
###############################################################################
PasswordAuthentication no
```
Note that the value for config_content **has to be an array**, even if only one key pair is in there. This field is designed to hold multiple values, which create one line in the config file each.
## Support ## Support

11
manifests/custom/custom_config.pp
View File

@@ -6,6 +6,13 @@
# (without .conf extension) # (without .conf extension)
# @param [Array[String]] config_content array of configuration lines to # @param [Array[String]] config_content array of configuration lines to
# include in the custom config # include in the custom config
# @example
# confdroid_ssh::custom::custom_config { '50-test':
# config_name => '50-test',
# config_content => ['PasswordAuthentication no'],
# }
# this will create a file called /etc/ssh/sshd_config.d/50-test.conf with the content:
# PasswordAuthentication no and notify the sshd service to reload the configuration
############################################################################## ##############################################################################
define confdroid_ssh::custom::custom_config ( define confdroid_ssh::custom::custom_config (
@@ -17,11 +24,10 @@ define confdroid_ssh::custom::custom_config (
$sshd_service = $confdroid_ssh::params::sshd_service $sshd_service = $confdroid_ssh::params::sshd_service
$custom_config_erb = 'confdroid_ssh/custom_config.erb' $custom_config_erb = 'confdroid_ssh/custom_config.erb'
$config_basename = regsubst($config_name, '\\.conf$', '') $config_basename = regsubst($config_name, '\\.conf$', '')
$config_file = "${config_basename}.conf" $config_file = "${config_name}.conf"
file { "${sshd_custom_path}/${config_file}": file { "${sshd_custom_path}/${config_file}":
ensure => file, ensure => file,
content => template($custom_config_erb),
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
@@ -29,6 +35,7 @@ define confdroid_ssh::custom::custom_config (
selrole => object_r, selrole => object_r,
seltype => etc_t, seltype => etc_t,
seluser => system_u, seluser => system_u,
content => template($custom_config_erb),
notify => Service[$sshd_service], notify => Service[$sshd_service],
} }
} }