OP#78 define is added and tested working

2026-04-14 17:01:44 +02:00
parent 5508f5a51f
commit af538bb0e9
2 changed files with 33 additions and 3 deletions
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@
  - [Synopsis](#synopsis)
  - [WARNING](#warning)
  - [Features](#features)
+  - [Adding custom configurations](#adding-custom-configurations)
  - [Support](#support)
  - [Parameter Inheritance](#parameter-inheritance)
  - [Module Deployment](#module-deployment)
@@ -29,7 +30,29 @@
 - manage service
 - (optional) manage firewall

-> ToDo: Define for custom drop-in configurations
+## Adding custom configurations
+
+Custom configuration files live in  `/etc/ssh/sshd_config.d/`. IN order to create a custom config file, add a stanza like this in your control repo:
+
+```puppet
+confdroid_ssh::custom::custom_config { '30-my-custom-rule':
+  config_name    => '30-custom-rule',
+  config_content => ['PasswordAuthentication no'],
+}
+```
+
+This will create a file /etc/ssh/sshd_config.d/30-custom-rule.conf with this content:
+
+```puppet
+###############################################################################
+##### DO NOT EDIT THIS FILE MANUALLY                                          #
+##### This file is managed by Puppet. Any changes to this file will be        #
+##### overwritten. Update the Puppet define input instead.                    #
+###############################################################################
+PasswordAuthentication no
+```
+
+Note that the value for config_content **has to be an array**, even if only one key pair is in there. This field is designed to hold multiple values, which create one line in the config file each.

 ## Support

--- a/manifests/custom/custom_config.pp
+++ b/manifests/custom/custom_config.pp
@@ -6,6 +6,13 @@
 #   (without .conf extension)
 # @param [Array[String]] config_content array of configuration lines to 
 #   include in the custom config
+# @example
+#   confdroid_ssh::custom::custom_config { '50-test':
+#    config_name    => '50-test',
+#    config_content => ['PasswordAuthentication no'],
+#  }
+# this will create a file called /etc/ssh/sshd_config.d/50-test.conf with the content:
+#   PasswordAuthentication no and notify the sshd service to reload the configuration
 ##############################################################################
 define confdroid_ssh::custom::custom_config (

@@ -17,11 +24,10 @@ define confdroid_ssh::custom::custom_config (
  $sshd_service      = $confdroid_ssh::params::sshd_service
  $custom_config_erb = 'confdroid_ssh/custom_config.erb'
  $config_basename   = regsubst($config_name, '\\.conf$', '')
-  $config_file       = "${config_basename}.conf"
+  $config_file       = "${config_name}.conf"

  file { "${sshd_custom_path}/${config_file}":
    ensure   => file,
-    content  => template($custom_config_erb),
    owner    => 'root',
    group    => 'root',
    mode     => '0600',
@@ -29,6 +35,7 @@ define confdroid_ssh::custom::custom_config (
    selrole  => object_r,
    seltype  => etc_t,
    seluser  => system_u,
+    content  => template($custom_config_erb),
    notify   => Service[$sshd_service],
  }
 }