module-sshd/manifests/init.pp

#
# ssh module
#
# Copyright 2008-2009, micah@riseup.net
# Copyright 2008, admin(at)immerda.ch
# Copyright 2008, Puzzle ITC GmbH
# Marcel Härry haerry+puppet(at)puzzle.ch
# Simon Josi josi+puppet(at)puzzle.ch
#
# This program is free software; you can redistribute 
# it and/or modify it under the terms of the GNU 
# General Public License version 3 as published by 
# the Free Software Foundation.
#
# Deploy authorized_keys file with the define
#     sshd::ssh_authorized_key
# 
# sshd-config:
#
# The configuration of the sshd is rather strict and might not fit all
# needs. However there are a bunch of variables, which you might
# consider configuring.
#
# To set any of the following, simply set them as variables in your manifests
# before the class is included, for example:
#
# $sshd_listen_address = ['10.0.0.1 192.168.0.1']
# $sshd_use_pam = yes
# include sshd
#
# If you need to install a version of the ssh daemon or client package other than
# the default one that would be installed by 'ensure => installed', then you can
# set the following variables:
#
# $sshd_ensure_version = "1:5.2p2-6"
# $ssh_ensure_version = "1:5.2p2-6"
#
# To have nagios checks setup automatically for sshd services, simply
# set $use_nagios = true before the class is included. If you want to
# disable ssh nagios checking for a particular node (such as when ssh
# is firewalled), then you can set $nagios_check_ssh to false and that
# node will not be monitored.
# NOTE: this requires that you are using the nagios puppet module
# which supports the nagios native types via nagios::service 
#
# The following is a list of the currently available variables:
#
# sshd_listen_address:          specify the addresses sshd should listen on
#                               set this to ['10.0.0.1 192.168.0.1'] to have it listen on both
#                               addresses, or leave it unset to listen on all
#                               Default: empty -> results in listening on 0.0.0.0
#
# sshd_allowed_users:           list of usernames separated by spaces. 
#                               set this for example to "foobar root"
#                               to ensure that only user foobar and root
#                               might login. 
#                               Default: empty -> no restriction is set
#
# sshd_allowed_groups           list of groups separated by spaces.
#                               set this for example to "wheel sftponly"
#                               to ensure that only users in the groups
#                               wheel and sftponly might login.
#                               Default: empty -> no restriction is set
#                               Note: This is set after sshd_allowed_users,
#                                     take care of the behaviour if you use
#                                     these 2 options together.
# 
# sshd_use_pam:                 if you want to use pam or not for authenticaton
#                               Values: no or yes. 
#                               Default: no
#
# sshd_permit_root_login:       If you want to allow root logins or not.
#                               Valid values: yes, no, without-password, forced-commands-only
#                               Default: without-password
#
# sshd_password_authentication: If you want to enable password authentication or not
#                               Valid values: yes or no
#                               Default: no
#				
# sshd_challenge_response_authentication: If you want to enable ChallengeResponseAuthentication or not
# 				When disabled, s/key passowords are disabled
# 				Valid values: yes or no
#				Default: no
# 
# sshd_tcp_forwarding:		If you want to enable TcpForwarding
# 				Valid Values: yes or no
#				Default: no
#
# sshd_x11_forwarding:          If you want to enable x11 forwarding 
#                               Valid Values: yes or no
#                               Default: no
#
# sshd_agent_forwarding:	If you want to allow ssh-agent forwarding
# 				Valid Values: yes or no
#				Default: no
#
# sshd_pubkey_authentication:	If you want to enable public key authentication
# 				Valid Values: yes or no
#				Default: yes
#
# sshd_rsa_authentication:	If you want to enable RSA Authentication
# 				Valid Values: yes or no
#				Default: no
#				
# sshd_rhosts_rsa_authentication:	If you want to enable rhosts RSA Authentication
# 				Valid Values: yes or no
#				Default: no
#
# sshd_hostbased_authentication: If you want to enable HostbasedAuthentication
# 				 Valid Values: yes or no
#				 Default: no
#				
# sshd_strict_modes:		If you want to set StrictModes (check file modes/ownership before accepting login)
# 				Valid Values: yes or no
#				Default: yes
#
# sshd_permit_empty_passwords:	If you want enable PermitEmptyPasswords to allow empty passwords
# 				Valid Values: yes or no
#				Default: no
#
# sshd_port:                    Deprecated, use sshd_ports instead.
#
# sshd_ports:                   If you want to specify a list of ports other than the default 22
#                               Default: [22]
#
#
# sshd_authorized_keys_file:    Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u)
#                               Default: AuthorizedKeysFile	%h/.ssh/authorized_keys
#
# sshd_sftp_subsystem:  Set a different sftp-subystem than the default one.
#                       Might be interesting for sftponly usage
#                       Default: empty -> no change of the default
#
# sshd_head_additional_options:  Set this to any additional sshd_options which aren't listed above.
#                                Anything set here will be added to the beginning of the sshd_config file.
#                                This option might be useful to define complicated Match Blocks
#                                This string is going to be included, like it is defined. So take care!
#                                Default: empty -> not added.
#
# sshd_tail_additional_options:  Set this to any additional sshd_options which aren't listed above.
#                                Anything set here will be added to the end of the sshd_config file.
#                                This option might be useful to define complicated Match Blocks
#                                This string is going to be included, like it is defined. So take care!
#                                Default: empty -> not added.

class sshd {
   # prepare variables to use in templates
  case $sshd_listen_address {
    '': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
  }
  case $sshd_allowed_users {
    '': { $sshd_allowed_users = '' }
  }
  case $sshd_allowed_groups {
    '': { $sshd_allowed_groups = '' }
  }
  case $sshd_use_pam {
    '': { $sshd_use_pam = 'no' }
  }
  case $sshd_permit_root_login {
    '': { $sshd_permit_root_login = 'without-password' }
  }
  case $sshd_password_authentication {
    '': { $sshd_password_authentication = 'no' }
  }
  case $sshd_tcp_forwarding {
    '': { $sshd_tcp_forwarding = 'no' }
  }
  case $sshd_x11_forwarding {
    '': { $sshd_x11_forwarding = 'no' }
  }
  case $sshd_agent_forwarding {
    '': { $sshd_agent_forwarding = 'no' }
  }
  case $sshd_challenge_response_authentication {
    '': { $sshd_challenge_response_authentication = 'no' }
  }
  case $sshd_pubkey_authentication {
    '': { $sshd_pubkey_authentication = 'yes' }
  }
  case $sshd_rsa_authentication {
    '': { $sshd_rsa_authentication = 'no' }
  }
  case $sshd_strict_modes {
    '': { $sshd_strict_modes = 'yes' }
  }
  case $sshd_ignore_rhosts {
    '': { $sshd_ignore_rhosts = 'yes' }
  }
  case $sshd_rhosts_rsa_authentication {
    '': { $sshd_rhosts_rsa_authentication = 'no' }
  }
  case $sshd_hostbased_authentication {
    '': { $sshd_hostbased_authentication = 'no' }
  }
  case $sshd_permit_empty_passwords {
    '': { $sshd_permit_empty_passwords = 'no' }
  }
  if ( $sshd_port != '' ) and ( $sshd_ports != []) {
      err("Cannot use sshd_port and sshd_ports at the same time.")
  }
  if $sshd_port != '' {
      $sshd_ports = [ $sshd_port ]
  }
  elsif ! $sshd_ports {
      $sshd_ports = [ 22 ]
  }
  case $sshd_authorized_keys_file {
    '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
  }
  case $sshd_sftp_subsystem {
    '': { $sshd_sftp_subsystem = '' }
  }
  case $sshd_head_additional_options {
    '': { $sshd_head_additional_options = '' }
  }
  case $sshd_tail_additional_options {
    '': { $sshd_tail_additional_options = '' }
  }
  case $sshd_ensure_version {
    '': { $sshd_ensure_version = "present" }
  }

  include sshd::client 

  case $operatingsystem {
    gentoo: { include sshd::gentoo }
    redhat,centos: { include sshd::redhat }
    centos: { include sshd::centos }
    openbsd: { include sshd::openbsd }
    debian,ubuntu: { include sshd::debian }
    default: { include sshd::default }
  }

  if $use_nagios {
    case $nagios_check_ssh {
      false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) }
      default: { sshd::nagios{$sshd_ports:} }
    }
  }

  if $use_shorewall{
    include shorewall::rules::ssh
  }
}
factored out ssh and sshd in seperate modules, as well added first stuff for euskal git-svn-id: https://svn/ipuppet/trunk/modules/sshd@289 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2007-12-21 18:52:01 +01:00			`#`
merged with puzzle git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-06-13 23:01:39 +02:00			`# ssh module`
			`#`
fix the comments section so that the include isn't misleading. if you use 'include sshd::debian', then none of the variables are set, and you will fail to parse the templates 2009-12-19 09:30:16 +01:00			`# Copyright 2008-2009, micah@riseup.net`
merged with puzzle git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-06-13 23:01:39 +02:00			`# Copyright 2008, admin(at)immerda.ch`
			`# Copyright 2008, Puzzle ITC GmbH`
			`# Marcel Härry haerry+puppet(at)puzzle.ch`
			`# Simon Josi josi+puppet(at)puzzle.ch`
			`#`
			`# This program is free software; you can redistribute`
			`# it and/or modify it under the terms of the GNU`
			`# General Public License version 3 as published by`
			`# the Free Software Foundation.`
			`#`
			`# Deploy authorized_keys file with the define`
remove deprecated define git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2317 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-10-03 00:04:31 +02:00			`# sshd::ssh_authorized_key`
merged with puzzle git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-06-13 23:01:39 +02:00			`#`
added exporting and collecting of ssh keys Taken from David Schmitts ssh module: http://git.black.co.at/?p=module-ssh git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1877 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-07-17 20:17:52 +02:00			`# sshd-config:`
merged with puzzle git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-06-13 23:01:39 +02:00			`#`
merged with riseup git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-09-30 00:37:26 +02:00			`# The configuration of the sshd is rather strict and might not fit all`
			`# needs. However there are a bunch of variables, which you might`
			`# consider configuring.`
			`#`
			`# To set any of the following, simply set them as variables in your manifests`
			`# before the class is included, for example:`
			`#`
			`# $sshd_listen_address = ['10.0.0.1 192.168.0.1']`
			`# $sshd_use_pam = yes`
fix the comments section so that the include isn't misleading. if you use 'include sshd::debian', then none of the variables are set, and you will fail to parse the templates 2009-12-19 09:30:16 +01:00			`# include sshd`
merged with riseup git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-09-30 00:37:26 +02:00			`#`
fix previous change which took the client/server packages out of the linux class and instead allow for a version change through an if variable. thanks ng! 2009-07-09 18:15:10 +02:00			`# If you need to install a version of the ssh daemon or client package other than`
			`# the default one that would be installed by 'ensure => installed', then you can`
			`# set the following variables:`
			`#`
			`# $sshd_ensure_version = "1:5.2p2-6"`
			`# $ssh_ensure_version = "1:5.2p2-6"`
			`#`
update comments to include information about how to use the nagios checks and the pre-requirements 2009-12-21 21:00:10 +01:00			`# To have nagios checks setup automatically for sshd services, simply`
			`# set $use_nagios = true before the class is included. If you want to`
			`# disable ssh nagios checking for a particular node (such as when ssh`
			`# is firewalled), then you can set $nagios_check_ssh to false and that`
			`# node will not be monitored.`
			`# NOTE: this requires that you are using the nagios puppet module`
			`# which supports the nagios native types via nagios::service`
			`#`
merged with riseup git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-09-30 00:37:26 +02:00			`# The following is a list of the currently available variables:`
			`#`
			`# sshd_listen_address: specify the addresses sshd should listen on`
			`# set this to ['10.0.0.1 192.168.0.1'] to have it listen on both`
			`# addresses, or leave it unset to listen on all`
			`# Default: empty -> results in listening on 0.0.0.0`
merged with puzzle git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-06-13 23:01:39 +02:00			`#`
			`# sshd_allowed_users: list of usernames separated by spaces.`
			`# set this for example to "foobar root"`
			`# to ensure that only user foobar and root`
			`# might login.`
			`# Default: empty -> no restriction is set`
new options, cleaned up real_ hack git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2527 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-10-21 00:46:50 +02:00			`#`
			`# sshd_allowed_groups list of groups separated by spaces.`
			`# set this for example to "wheel sftponly"`
			`# to ensure that only users in the groups`
			`# wheel and sftponly might login.`
			`# Default: empty -> no restriction is set`
			`# Note: This is set after sshd_allowed_users,`
			`# take care of the behaviour if you use`
			`# these 2 options together.`
merged with puzzle git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-06-13 23:01:39 +02:00			`#`
			`# sshd_use_pam: if you want to use pam or not for authenticaton`
			`# Values: no or yes.`
			`# Default: no`
			`#`
			`# sshd_permit_root_login: If you want to allow root logins or not.`
			`# Valid values: yes, no, without-password, forced-commands-only`
			`# Default: without-password`
			`#`
			`# sshd_password_authentication: If you want to enable password authentication or not`
			`# Valid values: yes or no`
			`# Default: no`
merged with riseup git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-09-30 00:37:26 +02:00			`#`
			`# sshd_challenge_response_authentication: If you want to enable ChallengeResponseAuthentication or not`
			`# When disabled, s/key passowords are disabled`
			`# Valid values: yes or no`
			`# Default: no`
merged with puzzle git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-06-13 23:01:39 +02:00			`#`
merged with riseup git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-09-30 00:37:26 +02:00			`# sshd_tcp_forwarding: If you want to enable TcpForwarding`
			`# Valid Values: yes or no`
			`# Default: no`
			`#`
merged with puzzle git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-06-13 23:01:39 +02:00			`# sshd_x11_forwarding: If you want to enable x11 forwarding`
			`# Valid Values: yes or no`
			`# Default: no`
			`#`
merged with riseup git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-09-30 00:37:26 +02:00			`# sshd_agent_forwarding: If you want to allow ssh-agent forwarding`
			`# Valid Values: yes or no`
			`# Default: no`
			`#`
			`# sshd_pubkey_authentication: If you want to enable public key authentication`
			`# Valid Values: yes or no`
			`# Default: yes`
			`#`
			`# sshd_rsa_authentication: If you want to enable RSA Authentication`
			`# Valid Values: yes or no`
			`# Default: no`
			`#`
			`# sshd_rhosts_rsa_authentication: If you want to enable rhosts RSA Authentication`
			`# Valid Values: yes or no`
			`# Default: no`
			`#`
			`# sshd_hostbased_authentication: If you want to enable HostbasedAuthentication`
			`# Valid Values: yes or no`
			`# Default: no`
			`#`
			`# sshd_strict_modes: If you want to set StrictModes (check file modes/ownership before accepting login)`
			`# Valid Values: yes or no`
			`# Default: yes`
			`#`
			`# sshd_permit_empty_passwords: If you want enable PermitEmptyPasswords to allow empty passwords`
			`# Valid Values: yes or no`
			`# Default: no`
			`#`
New option sshd_ports that obsoletes sshd_port. Backward compatibility is preserved. 2010-10-16 16:05:00 +02:00			`# sshd_port: Deprecated, use sshd_ports instead.`
			`#`
			`# sshd_ports: If you want to specify a list of ports other than the default 22`
			`# Default: [22]`
			`#`
merged with riseup git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-09-30 00:37:26 +02:00			`#`
			`# sshd_authorized_keys_file: Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u)`
			`# Default: AuthorizedKeysFile %h/.ssh/authorized_keys`
			`#`
new options, cleaned up real_ hack git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2527 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-10-21 00:46:50 +02:00			`# sshd_sftp_subsystem: Set a different sftp-subystem than the default one.`
			`# Might be interesting for sftponly usage`
			`# Default: empty -> no change of the default`
			`#`
replace the sshd_additional_options variable with two, one called sshd_head_additional_options and one called sshd_tail_additional_options. the first puts the value at the beginning of the file, and the second at the end. This is necessary due to some option ordering requiring things to be before others 2009-07-08 02:52:40 +02:00			`# sshd_head_additional_options: Set this to any additional sshd_options which aren't listed above.`
			`# Anything set here will be added to the beginning of the sshd_config file.`
			`# This option might be useful to define complicated Match Blocks`
			`# This string is going to be included, like it is defined. So take care!`
			`# Default: empty -> not added.`
			`#`
			`# sshd_tail_additional_options: Set this to any additional sshd_options which aren't listed above.`
			`# Anything set here will be added to the end of the sshd_config file.`
			`# This option might be useful to define complicated Match Blocks`
			`# This string is going to be included, like it is defined. So take care!`
			`# Default: empty -> not added.`
factored out ssh and sshd in seperate modules, as well added first stuff for euskal git-svn-id: https://svn/ipuppet/trunk/modules/sshd@289 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2007-12-21 18:52:01 +01:00
			`class sshd {`
merged with riseup module, various cleaning up 2009-12-10 23:15:07 +01:00			`# prepare variables to use in templates`
update formatting to be consistent with upstream puppet emacs mode, if this is different from the vim mode, then there is a difference between these two editor's formatting that needs to be resolved 2008-10-23 21:04:47 +02:00			`case $sshd_listen_address {`
			`'': { $sshd_listen_address = [ '0.0.0.0', '::' ] }`
			`}`
			`case $sshd_allowed_users {`
			`'': { $sshd_allowed_users = '' }`
			`}`
			`case $sshd_allowed_groups {`
			`'': { $sshd_allowed_groups = '' }`
			`}`
			`case $sshd_use_pam {`
			`'': { $sshd_use_pam = 'no' }`
			`}`
			`case $sshd_permit_root_login {`
			`'': { $sshd_permit_root_login = 'without-password' }`
			`}`
			`case $sshd_password_authentication {`
			`'': { $sshd_password_authentication = 'no' }`
			`}`
			`case $sshd_tcp_forwarding {`
			`'': { $sshd_tcp_forwarding = 'no' }`
			`}`
			`case $sshd_x11_forwarding {`
			`'': { $sshd_x11_forwarding = 'no' }`
			`}`
			`case $sshd_agent_forwarding {`
			`'': { $sshd_agent_forwarding = 'no' }`
			`}`
			`case $sshd_challenge_response_authentication {`
			`'': { $sshd_challenge_response_authentication = 'no' }`
			`}`
			`case $sshd_pubkey_authentication {`
			`'': { $sshd_pubkey_authentication = 'yes' }`
			`}`
			`case $sshd_rsa_authentication {`
			`'': { $sshd_rsa_authentication = 'no' }`
			`}`
			`case $sshd_strict_modes {`
			`'': { $sshd_strict_modes = 'yes' }`
			`}`
			`case $sshd_ignore_rhosts {`
			`'': { $sshd_ignore_rhosts = 'yes' }`
			`}`
			`case $sshd_rhosts_rsa_authentication {`
			`'': { $sshd_rhosts_rsa_authentication = 'no' }`
			`}`
			`case $sshd_hostbased_authentication {`
			`'': { $sshd_hostbased_authentication = 'no' }`
			`}`
			`case $sshd_permit_empty_passwords {`
			`'': { $sshd_permit_empty_passwords = 'no' }`
			`}`
bugfix 2010-10-16 21:54:24 +02:00			`if ( $sshd_port != '' ) and ( $sshd_ports != []) {`
New option sshd_ports that obsoletes sshd_port. Backward compatibility is preserved. 2010-10-16 16:05:00 +02:00			`err("Cannot use sshd_port and sshd_ports at the same time.")`
			`}`
			`if $sshd_port != '' {`
			`$sshd_ports = [ $sshd_port ]`
			`}`
Bugfix 2010-10-18 19:13:59 +02:00			`elsif ! $sshd_ports {`
New option sshd_ports that obsoletes sshd_port. Backward compatibility is preserved. 2010-10-16 16:05:00 +02:00			`$sshd_ports = [ 22 ]`
update formatting to be consistent with upstream puppet emacs mode, if this is different from the vim mode, then there is a difference between these two editor's formatting that needs to be resolved 2008-10-23 21:04:47 +02:00			`}`
			`case $sshd_authorized_keys_file {`
			`'': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }`
			`}`
			`case $sshd_sftp_subsystem {`
			`'': { $sshd_sftp_subsystem = '' }`
			`}`
replace the sshd_additional_options variable with two, one called sshd_head_additional_options and one called sshd_tail_additional_options. the first puts the value at the beginning of the file, and the second at the end. This is necessary due to some option ordering requiring things to be before others 2009-07-08 02:52:40 +02:00			`case $sshd_head_additional_options {`
			`'': { $sshd_head_additional_options = '' }`
			`}`
			`case $sshd_tail_additional_options {`
			`'': { $sshd_tail_additional_options = '' }`
			`}`
make it possible to override what version of openssh-server and client are installed by providing the variable $sshd_ensure_version, which defaults to the previous value of present when not specified 2009-07-08 02:55:01 +02:00			`case $sshd_ensure_version {`
			`'': { $sshd_ensure_version = "present" }`
			`}`
added exporting and collecting of ssh keys Taken from David Schmitts ssh module: http://git.black.co.at/?p=module-ssh git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1877 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-07-17 20:17:52 +02:00
merged with riseup module, various cleaning up 2009-12-10 23:15:07 +01:00			`include sshd::client`
factored out ssh and sshd in seperate modules, as well added first stuff for euskal git-svn-id: https://svn/ipuppet/trunk/modules/sshd@289 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2007-12-21 18:52:01 +01:00
merged with riseup module, various cleaning up 2009-12-10 23:15:07 +01:00			`case $operatingsystem {`
			`gentoo: { include sshd::gentoo }`
			`redhat,centos: { include sshd::redhat }`
			`centos: { include sshd::centos }`
			`openbsd: { include sshd::openbsd }`
			`debian,ubuntu: { include sshd::debian }`
			`default: { include sshd::default }`
update formatting to be consistent with upstream puppet emacs mode, if this is different from the vim mode, then there is a difference between these two editor's formatting that needs to be resolved 2008-10-23 21:04:47 +02:00			`}`
Merge commit 'puzzle/development' git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2092 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-07-30 01:30:05 +02:00
Merge commit 'ng/master' Conflicts: manifests/init.pp Conflict due to indentation formatting differences 2008-12-07 18:12:33 +01:00			`if $use_nagios {`
			`case $nagios_check_ssh {`
false != 'false' 2009-12-11 09:45:35 +01:00			`false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) }`
bugfix 2010-10-16 21:55:44 +02:00			`default: { sshd::nagios{$sshd_ports:} }`
Merge commit 'puzzle/development' git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2092 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-07-30 01:30:05 +02:00			`}`
Merge commit 'ng/master' Conflicts: manifests/init.pp Conflict due to indentation formatting differences 2008-12-07 18:12:33 +01:00			`}`
re-add shorewall in rule :/ 2009-12-10 23:45:12 +01:00
			`if $use_shorewall{`
			`include shorewall::rules::ssh`
			`}`
Merge commit 'puzzle/development' git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2092 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 2008-07-30 01:30:05 +02:00			`}`