Browse Source

public: Added sudo and sshconfig configurations

Sebastien Badia 8 years ago
parent
commit
567b4b0845
2 changed files with 92 additions and 3 deletions
  1. 42 3
      manifests/common.pp
  2. 50 0
      manifests/sshconfigline.pp

+ 42 - 3
manifests/common.pp

@@ -43,11 +43,20 @@ class public::common {
     'man-db','vim','zsh','bash','iputils-ping','dnsutils',
     'python-apt','aptitude','debian-goodies','molly-guard'])
 
-  # TODO, sudo / sudo-ldap
-  # TODO, sudo %puppetdev
-  # TODO, ssh_auth_sock
   # TODO, backup user
 
+  include '::sudo'
+
+  sudo::conf { 'ssh_auth_sock':
+    priority => 90,
+    content  => 'Defaults env_reset, env_keep += "SSH_AUTH_SOCK"',
+  }
+
+  sudo::conf { 'puppetdev':
+    priority =>  10,
+    content  => '%puppetdev ALL=(ALL) NOPASSWD: /usr/bin/puppet',
+  }
+
   file {
     '/usr/local/bin/cronic':
       ensure => file,
@@ -67,6 +76,36 @@ class public::common {
       target => '/bin/dash';
   }
 
+  package { 'openssh-server': ensure => present; }
+  service { 'ssh':
+    ensure     => running,
+    hasstatus  => true,
+    hasrestart => true,
+    enable     => true,
+  }
+
+  # Setup ssh
+  public::common::sshconfigline {
+    'Port':
+      value => '2222';
+    'PermitRootLogin':
+      value => 'no';
+    'LoginGraceTime':
+      value => '60';
+    'UsePrivilegeSeparation':
+      value => 'yes';
+    'PermitEmptyPasswords':
+      value => 'no';
+    'PasswordAuthentication':
+      value => 'no';
+    'StrictModes':
+      value => 'yes';
+    'UseDNS':
+      value => 'no';
+    'MaxStartups':
+      value => '10:30:60';
+  }
+
   file {
     '/etc/hostname':
       ensure  => file,

+ 50 - 0
manifests/sshconfigline.pp

@@ -0,0 +1,50 @@
+# Module:: public::common
+# Manifest:: sshconfigline.pp
+#
+# Author:: Sebastien Badia (<seb@sebian.fr>)
+# Date:: 2013-08-25 20:15:45 +0200
+# Maintainer:: Sebastien Badia (<seb@sebian.fr>)
+#
+
+# Define:: public::common::sshconfigline
+# Args::
+#   $ensure = present,
+#   $value  = false,
+#
+define public::common::sshconfigline(
+  $ensure = present,
+  $value = false
+) {
+
+  Augeas {
+    context => '/files/etc/ssh/sshd_config',
+    notify  => Service['ssh'],
+  }
+
+  case $ensure {
+    present: {
+      augeas { "sshd_config_${name}":
+        changes => "set ${name} ${value}",
+        onlyif  => "get ${name} != ${value}",
+      }
+    }
+    add: {
+      augeas { "sshd_config_${name}":
+        onlyif  => "get ${name}[. = '${value}'] != ${value}",
+        changes => [
+          "ins ${name} after ${name}[last()]",
+          "set ${name}[last()] ${value}"
+        ],
+      }
+    }
+    absent: {
+      augeas { "sshd_config_${name}":
+        changes => "rm ${name}",
+        onlyif  => "get ${name}",
+      }
+    }
+    default: {
+      fail("ensure value must be present, add or absent, not ${ensure}")
+    }
+  }
+} # Define: public::common::sshconfigline