From af538bb0e989169e168cdab4610dff2596be4f1a Mon Sep 17 00:00:00 2001 From: 12ww1160 <12ww1160@confdroid.com> Date: Tue, 14 Apr 2026 17:01:44 +0200 Subject: [PATCH 1/2] OP#78 define is added and tested working --- README.md | 25 ++++++++++++++++++++++++- manifests/custom/custom_config.pp | 11 +++++++++-- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7f754d6..74bafbd 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,7 @@ - [Synopsis](#synopsis) - [WARNING](#warning) - [Features](#features) + - [Adding custom configurations](#adding-custom-configurations) - [Support](#support) - [Parameter Inheritance](#parameter-inheritance) - [Module Deployment](#module-deployment) @@ -29,7 +30,29 @@ - manage service - (optional) manage firewall -> ToDo: Define for custom drop-in configurations +## Adding custom configurations + +Custom configuration files live in `/etc/ssh/sshd_config.d/`. IN order to create a custom config file, add a stanza like this in your control repo: + +```puppet +confdroid_ssh::custom::custom_config { '30-my-custom-rule': + config_name => '30-custom-rule', + config_content => ['PasswordAuthentication no'], +} +``` + +This will create a file /etc/ssh/sshd_config.d/30-custom-rule.conf with this content: + +```puppet +############################################################################### +##### DO NOT EDIT THIS FILE MANUALLY # +##### This file is managed by Puppet. Any changes to this file will be # +##### overwritten. Update the Puppet define input instead. # +############################################################################### +PasswordAuthentication no +``` + +Note that the value for config_content **has to be an array**, even if only one key pair is in there. This field is designed to hold multiple values, which create one line in the config file each. ## Support diff --git a/manifests/custom/custom_config.pp b/manifests/custom/custom_config.pp index db514a8..aaf4a3a 100644 --- a/manifests/custom/custom_config.pp +++ b/manifests/custom/custom_config.pp @@ -6,6 +6,13 @@ # (without .conf extension) # @param [Array[String]] config_content array of configuration lines to # include in the custom config +# @example +# confdroid_ssh::custom::custom_config { '50-test': +# config_name => '50-test', +# config_content => ['PasswordAuthentication no'], +# } +# this will create a file called /etc/ssh/sshd_config.d/50-test.conf with the content: +# PasswordAuthentication no and notify the sshd service to reload the configuration ############################################################################## define confdroid_ssh::custom::custom_config ( @@ -17,11 +24,10 @@ define confdroid_ssh::custom::custom_config ( $sshd_service = $confdroid_ssh::params::sshd_service $custom_config_erb = 'confdroid_ssh/custom_config.erb' $config_basename = regsubst($config_name, '\\.conf$', '') - $config_file = "${config_basename}.conf" + $config_file = "${config_name}.conf" file { "${sshd_custom_path}/${config_file}": ensure => file, - content => template($custom_config_erb), owner => 'root', group => 'root', mode => '0600', @@ -29,6 +35,7 @@ define confdroid_ssh::custom::custom_config ( selrole => object_r, seltype => etc_t, seluser => system_u, + content => template($custom_config_erb), notify => Service[$sshd_service], } } From cc7f06d8762c4a86211ec5d62bbbf3fc0ef53c0c Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Tue, 14 Apr 2026 17:02:59 +0200 Subject: [PATCH 2/2] Recommit for updates in build 39 --- doc/file.README.html | 26 ++++++++++++-- doc/index.html | 26 ++++++++++++-- ...id_ssh_3A_3Acustom_3A_3Acustom_config.html | 36 ++++++++++++------- 3 files changed, 69 insertions(+), 19 deletions(-) diff --git a/doc/file.README.html b/doc/file.README.html index 011ce0b..407b1fc 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -70,6 +70,8 @@

  • Features

  • +

    Adding custom configurations

    +

  • Support

  • Parameter Inheritance

    @@ -104,9 +106,27 @@

    (optional) manage firewall

    • -
    -

    ToDo: Define for custom drop-in configurations

    -
    +

    Adding custom configurations

    + +

    Custom configuration files live in /etc/ssh/sshd_config.d/. IN order to create a custom config file, add a stanza like this in your control repo:

    + +
    confdroid_ssh::custom::custom_config { '30-my-custom-rule':
+  config_name    => '30-custom-rule',
+  config_content => ['PasswordAuthentication no'],
+}
+
    + +

    This will create a file /etc/ssh/sshd_config.d/30-custom-rule.conf with this content:

    + +
    ###############################################################################
+##### DO NOT EDIT THIS FILE MANUALLY                                          #
+##### This file is managed by Puppet. Any changes to this file will be        #
+##### overwritten. Update the Puppet define input instead.                    #
+###############################################################################
+PasswordAuthentication no
+
    + +

    Note that the value for config_content has to be an array, even if only one key pair is in there. This field is designed to hold multiple values, which create one line in the config file each.

    Support

    -
    -

    ToDo: Define for custom drop-in configurations

    -
    +

    Adding custom configurations

    + +

    Custom configuration files live in /etc/ssh/sshd_config.d/. IN order to create a custom config file, add a stanza like this in your control repo:

    + +
    confdroid_ssh::custom::custom_config { '30-my-custom-rule':
+  config_name    => '30-custom-rule',
+  config_content => ['PasswordAuthentication no'],
+}
+
    + +

    This will create a file /etc/ssh/sshd_config.d/30-custom-rule.conf with this content:

    + +
    ###############################################################################
+##### DO NOT EDIT THIS FILE MANUALLY                                          #
+##### This file is managed by Puppet. Any changes to this file will be        #
+##### overwritten. Update the Puppet define input instead.                    #
+###############################################################################
+PasswordAuthentication no
+
    + +

    Note that the value for config_content has to be an array, even if only one key pair is in there. This field is designed to hold multiple values, which create one line in the config file each.

    Support