diff --git a/openssh/defaults.yaml b/openssh/defaults.yaml index aaa1bcb..ccf2229 100644 --- a/openssh/defaults.yaml +++ b/openssh/defaults.yaml @@ -8,6 +8,8 @@ openssh: ssh_known_hosts: /etc/ssh/ssh_known_hosts dig_pkg: dnsutils ssh_moduli: /etc/ssh/moduli + root_group: root +sshd_config: {} ssh_config: Hosts: '*': diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config index 286200b..62ce97b 100644 --- a/openssh/files/sshd_config +++ b/openssh/files/sshd_config @@ -1,4 +1,4 @@ -{%- set sshd_config = pillar.get('sshd_config', {}) -%} +{% from "openssh/map.jinja" import sshd_config with context %} {#- present in sshd_config and known in actual file options -#} {%- set processed_options = [] -%} diff --git a/openssh/known_hosts.sls b/openssh/known_hosts.sls index 8f8d2a8..af22f6b 100644 --- a/openssh/known_hosts.sls +++ b/openssh/known_hosts.sls @@ -1,8 +1,14 @@ {% from "openssh/map.jinja" import openssh with context %} +check for existing dig: + cmd.run: + - name: which dig + ensure dig is available: pkg.installed: - name: {{ openssh.dig_pkg }} + - onfail: + - cmd: check for existing dig manage ssh_known_hosts file: file.managed: @@ -10,7 +16,7 @@ manage ssh_known_hosts file: - source: salt://openssh/files/ssh_known_hosts - template: jinja - user: root - - group: root + - group: {{ openssh.root_group }} - mode: 644 - require: - pkg: ensure dig is available diff --git a/openssh/map.jinja b/openssh/map.jinja index 89e0c5a..3d7a4ab 100644 --- a/openssh/map.jinja +++ b/openssh/map.jinja @@ -19,7 +19,7 @@ that differ from whats in defaults.yaml 'FreeBSD': { 'service': 'sshd', 'dig_pkg': 'bind-tools', - 'Subsystem': 'sftp /usr/libexec/sftp-server', + 'root_group': 'wheel', }, 'Gentoo': { 'server': 'net-misc/openssh', @@ -38,7 +38,6 @@ that differ from whats in defaults.yaml 'client': 'openssh', 'service': 'sshd', 'dig_pkg': 'bind-utils', - 'Subsystem': 'sftp /usr/lib/ssh/sftp-server', }, } , grain="os_family" @@ -56,3 +55,27 @@ that differ from whats in defaults.yaml ) %} +{% set os_family_map = salt['grains.filter_by']({ + 'FreeBSD': { + 'Subsystem': 'sftp /usr/libexec/sftp-server', + }, + 'Suse': { + 'Subsystem': 'sftp /usr/lib/ssh/sftp-server', + }, + 'default': {} + } + , grain="os_family" + , merge=salt['pillar.get']('sshd_config:lookup')) +%} + + +{## Merge the flavor_map to the default settings ##} +{% do default_settings.sshd_config.update(os_family_map) %} + +{## Merge in sshd_config:lookup pillar ##} +{% set sshd_config = salt['pillar.get']( + 'sshd_config', + default=default_settings.sshd_config, + merge=True + ) +%}