updated ssh state

This commit is contained in:
Paul 2023-03-10 00:08:08 +01:00
parent 33cf48ce01
commit 866f0a7015
5 changed files with 19 additions and 25 deletions

View File

@ -2,7 +2,7 @@
ssh-ssh-config: ssh-ssh-config:
file.managed: file.managed:
- name: /etc/ssh/ssh_config - name: /etc/ssh/ssh_config
- source: salt://ssh/ssh_config.j2 - source: salt://ssh/templates/ssh_config.j2
- template: jinja - template: jinja
- user: root - user: root
- mode: 0644 - mode: 0644
@ -10,7 +10,7 @@ ssh-ssh-config:
ssh-sshd-config: ssh-sshd-config:
file.managed: file.managed:
- name: /etc/ssh/sshd_config - name: /etc/ssh/sshd_config
- source: salt://ssh/sshd_config.j2 - source: salt://ssh/templates/sshd_config.j2
- template: jinja - template: jinja
- user: root - user: root
- mode: 0644 - mode: 0644

View File

@ -2,4 +2,6 @@
{%- set defaults = salt['grains.filter_by'](default_settings, default='ssh') -%} {%- set defaults = salt['grains.filter_by'](default_settings, default='ssh') -%}
{%- set ssh = salt['pillar.get']('ssh', default=defaults, merge=True) %} {%- set ssh = salt['pillar.get']('ssh', default=defaults, merge=True) %}
{%- set net = salt['pillar.get']('net', default=defaults, merge=True) -%}

View File

@ -1,21 +0,0 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "ssh/map.jinja" import ssh with context %}
{%- set net4=[] %}
{%- for key, value in salt['pillar.get']('net:ipv4_networks').items() -%}
{%- do net4.append( value.ip + "/" + value.mask ) -%}
{%- endfor -%}
{%- set net6=[] -%}
{%- for key, value in salt['pillar.get']('net:ipv6_networks').items() -%}
{%- do net6.append( value.ip + "/" + value.mask ) -%}
{%- endfor -%}
{%- for key, value in ssh.sshd_config.items() %}
{{ key }} {{ value }}
{%- endfor %}
Match Address {{ net4|join(',') }}
PasswordAuthentication yes
Match Address {{ net6|join(',') }}
PasswordAuthentication yes

View File

@ -4,4 +4,4 @@
{%- for key, value in ssh.ssh_config.items() %} {%- for key, value in ssh.ssh_config.items() %}
{{ key }} {{ value }} {{ key }} {{ value }}
{%- endfor %} {%- endfor %}

View File

@ -0,0 +1,13 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "ssh/map.jinja" import ssh with context %}
{%- for key, value in ssh.sshd_config.items() %}
{{ key }} {{ value }}
{%- endfor %}
Match Address {{ salt['pillar.get']('net:ip_networks')|join(',') }}
PasswordAuthentication yes
Match Address {{ salt['pillar.get']('net:ip_networks')|join(',') }}
PasswordAuthentication yes