updated ssh state

2023-03-10 00:08:08 +01:00 · 2023-03-10 00:08:08 +01:00 · 866f0a7015
commit 866f0a7015
parent 33cf48ce01
5 changed files with 19 additions and 25 deletions
--- a/states/ssh/config.sls
+++ b/states/ssh/config.sls
@ -2,7 +2,7 @@
 ssh-ssh-config:
  file.managed:
    - name: /etc/ssh/ssh_config
-    - source: salt://ssh/ssh_config.j2
+    - source: salt://ssh/templates/ssh_config.j2
    - template: jinja
    - user: root
    - mode: 0644
@ -10,7 +10,7 @@ ssh-ssh-config:
 ssh-sshd-config:
  file.managed:
    - name: /etc/ssh/sshd_config
-    - source: salt://ssh/sshd_config.j2
+    - source: salt://ssh/templates/sshd_config.j2
    - template: jinja
    - user: root
    - mode: 0644
--- a/states/ssh/map.jinja
+++ b/states/ssh/map.jinja
@ -2,4 +2,6 @@

 {%- set defaults = salt['grains.filter_by'](default_settings, default='ssh') -%}

-{%- set ssh = salt['pillar.get']('ssh', default=defaults, merge=True) %}
+{%- set ssh = salt['pillar.get']('ssh', default=defaults, merge=True) %}
+
+{%- set net = salt['pillar.get']('net', default=defaults, merge=True) -%}
--- a/states/ssh/sshd_config.j2
+++ b/states/ssh/sshd_config.j2
@ -1,21 +0,0 @@
-## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-
-{%- from "ssh/map.jinja" import ssh with context %}
-
-{%- set net4=[] %}
-{%- for key, value in salt['pillar.get']('net:ipv4_networks').items() -%}
-{%- do net4.append( value.ip + "/" + value.mask ) -%}
-{%- endfor -%}
-
-{%- set net6=[] -%}
-{%- for key, value in salt['pillar.get']('net:ipv6_networks').items() -%}
-{%- do net6.append( value.ip + "/" + value.mask ) -%}
-{%- endfor -%}
-
-{%- for key, value in ssh.sshd_config.items() %}
-{{ key }} {{ value }}
-{%- endfor %}
-Match Address {{ net4|join(',') }}
- PasswordAuthentication yes
-Match Address {{ net6|join(',') }}
- PasswordAuthentication yes
--- a/states/ssh/templates/ssh_config.j2
+++ b/states/ssh/templates/ssh_config.j2
@ -4,4 +4,4 @@

 {%- for key, value in ssh.ssh_config.items() %}
 {{ key }} {{ value }}
-{%- endfor %}
+{%- endfor %}
--- a/states/ssh/templates/sshd_config.j2
+++ b/states/ssh/templates/sshd_config.j2
@ -0,0 +1,13 @@
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+
+{%- from "ssh/map.jinja" import ssh with context %}
+
+{%- for key, value in ssh.sshd_config.items() %}
+{{ key }} {{ value }}
+{%- endfor %}
+
+Match Address {{ salt['pillar.get']('net:ip_networks')|join(',') }}
+  PasswordAuthentication yes
+
+Match Address {{ salt['pillar.get']('net:ip_networks')|join(',') }}
+  PasswordAuthentication yes