From 2a68ccac1ade68f1c3ee6cd6e3dfba42b5dfaf6e Mon Sep 17 00:00:00 2001
From: Niels Abspoel <aboe76@gmail.com>
Date: Sun, 7 Jun 2015 20:37:33 +0200
Subject: [PATCH] Add option to remove ssh_host_keys

---
 openssh/config.sls | 9 +++++++++
 pillar.example     | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/openssh/config.sls b/openssh/config.sls
index 13c3e96..e336fac 100644
--- a/openssh/config.sls
+++ b/openssh/config.sls
@@ -21,6 +21,15 @@ ssh_generate_host_{{ keyType }}_key:
     - creates: /etc/ssh/ssh_host_{{ keyType }}_key
     - user: root
 
+{% elif salt['pillar.get']('openssh:absent_' ~ keyType ~ '_keys', False) %}
+ssh_host_{{ keyType }}_key:
+  file.absent:
+    - name: /etc/ssh/ssh_host_{{ keyType }}_key
+
+ssh_host_{{ keyType }}_key.pub:
+  file.absent:
+    - name: /etc/ssh/ssh_host_{{ keyType }}_key.pub
+
 {% elif salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}
 ssh_host_{{ keyType }}_key:
   file.managed:
diff --git a/pillar.example b/pillar.example
index e6af833..269eb08 100644
--- a/pillar.example
+++ b/pillar.example
@@ -65,6 +65,7 @@ openssh:
         comment: obsolete key - removed
 
   generate_dsa_keys: False
+  absent_dsa_keys: False
   provide_dsa_keys: False
   dsa:
     private_key: |
@@ -75,6 +76,7 @@ openssh:
       ssh-dss NOT_DEFINED
 
   generate_ecdsa_keys: False
+  absent_ecdsa_keys: False
   provide_ecdsa_keys: False
   ecdsa:
     private_key: |
@@ -85,6 +87,7 @@ openssh:
       ecdsa-sha2-nistp256 NOT_DEFINED
 
   generate_rsa_keys: False
+  absent_rsa_keys: False
   provide_rsa_keys: False
   rsa:
     private_key: |
@@ -95,6 +98,7 @@ openssh:
       ssh-rsa NOT_DEFINED
 
   generate_ed25519_keys: False
+  absent_ed25519_keys: False
   provide_ed25519_keys: False
   ed25519:
     private_key: |