2015-06-02 22:52:59 +02:00
|
|
|
{## Start with defaults from defaults.yaml ##}
|
|
|
|
{% import_yaml "openssh/defaults.yaml" as default_settings %}
|
|
|
|
|
2017-07-28 00:06:27 +02:00
|
|
|
{##
|
2015-06-02 22:52:59 +02:00
|
|
|
Setup variable using grains['os_family'] based logic, only add key:values here
|
|
|
|
that differ from whats in defaults.yaml
|
|
|
|
##}
|
|
|
|
{% set os_family_map = salt['grains.filter_by']({
|
2015-03-23 14:55:40 +01:00
|
|
|
'Arch': {
|
2015-06-02 22:52:59 +02:00
|
|
|
'server': 'openssh',
|
|
|
|
'client': 'openssh',
|
2015-06-07 15:03:22 +02:00
|
|
|
'service': 'sshd',
|
2016-10-15 00:25:56 +02:00
|
|
|
'dig_pkg': 'bind-tools',
|
2014-01-04 01:54:51 +01:00
|
|
|
},
|
2015-03-23 14:55:40 +01:00
|
|
|
'Debian': {
|
2015-06-02 22:52:59 +02:00
|
|
|
'server': 'openssh-server',
|
|
|
|
'client': 'openssh-client',
|
|
|
|
'service': 'ssh',
|
2014-01-04 01:54:51 +01:00
|
|
|
},
|
2015-03-23 14:55:40 +01:00
|
|
|
'FreeBSD': {
|
2015-06-02 22:52:59 +02:00
|
|
|
'service': 'sshd',
|
|
|
|
'dig_pkg': 'bind-tools',
|
2017-03-04 14:19:52 +01:00
|
|
|
'sshd_config_group': 'wheel',
|
|
|
|
'ssh_config_group': 'wheel',
|
2015-03-23 14:55:40 +01:00
|
|
|
},
|
2016-05-10 05:44:20 +02:00
|
|
|
'OpenBSD': {
|
|
|
|
'service': 'sshd',
|
2017-03-04 14:19:52 +01:00
|
|
|
'sshd_config_group': 'wheel',
|
|
|
|
'ssh_config_group': 'wheel',
|
2016-05-10 05:44:20 +02:00
|
|
|
},
|
2015-03-23 14:56:12 +01:00
|
|
|
'Gentoo': {
|
2015-06-02 22:52:59 +02:00
|
|
|
'server': 'net-misc/openssh',
|
|
|
|
'client': 'net-misc/openssh',
|
|
|
|
'service': 'sshd',
|
|
|
|
'dig_pkg': 'net-dns/bind-tools',
|
2015-03-23 14:56:12 +01:00
|
|
|
},
|
2015-03-23 14:55:40 +01:00
|
|
|
'RedHat': {
|
2015-06-02 22:52:59 +02:00
|
|
|
'server': 'openssh-server',
|
2016-07-02 07:53:00 +02:00
|
|
|
'client': 'openssh-clients',
|
2015-06-02 22:52:59 +02:00
|
|
|
'service': 'sshd',
|
|
|
|
'dig_pkg': 'bind-utils',
|
2015-01-01 00:44:17 +01:00
|
|
|
},
|
2015-03-23 14:55:40 +01:00
|
|
|
'Suse': {
|
2015-06-02 22:52:59 +02:00
|
|
|
'server': 'openssh',
|
|
|
|
'client': 'openssh',
|
|
|
|
'service': 'sshd',
|
|
|
|
'dig_pkg': 'bind-utils',
|
|
|
|
},
|
|
|
|
}
|
|
|
|
, grain="os_family"
|
|
|
|
, merge=salt['pillar.get']('openssh:lookup'))
|
|
|
|
%}
|
|
|
|
|
|
|
|
{## Merge the flavor_map to the default settings ##}
|
|
|
|
{% do default_settings.openssh.update(os_family_map) %}
|
|
|
|
|
|
|
|
{## Merge in openssh:lookup pillar ##}
|
|
|
|
{% set openssh = salt['pillar.get'](
|
|
|
|
'openssh',
|
|
|
|
default=default_settings.openssh,
|
|
|
|
merge=True
|
|
|
|
)
|
|
|
|
%}
|
|
|
|
|
2016-04-18 17:46:10 +02:00
|
|
|
{% set os_family_map = salt['grains.filter_by']({
|
|
|
|
'FreeBSD': {
|
|
|
|
'Subsystem': 'sftp /usr/libexec/sftp-server',
|
|
|
|
},
|
2016-05-10 05:44:20 +02:00
|
|
|
'OpenBSD': {
|
|
|
|
'Subsystem': 'sftp /usr/libexec/sftp-server',
|
|
|
|
},
|
2016-04-18 17:46:10 +02:00
|
|
|
'Suse': {
|
|
|
|
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
|
|
|
|
},
|
2016-10-30 05:06:02 +01:00
|
|
|
'Arch': {
|
|
|
|
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
|
|
|
|
},
|
2017-01-25 00:17:15 +01:00
|
|
|
'RedHat': {
|
|
|
|
'Subsystem': 'sftp /usr/libexec/openssh/sftp-server',
|
|
|
|
},
|
2016-04-18 17:46:10 +02:00
|
|
|
'default': {}
|
|
|
|
}
|
|
|
|
, grain="os_family"
|
|
|
|
, merge=salt['pillar.get']('sshd_config:lookup'))
|
|
|
|
%}
|
|
|
|
|
2017-08-01 14:50:08 +02:00
|
|
|
{% set os_finger_map = salt['grains.filter_by']({
|
|
|
|
'CentOS-6': {
|
|
|
|
'UsePrivilegeSeparation': 'yes',
|
|
|
|
},
|
|
|
|
'default': {}
|
|
|
|
}
|
|
|
|
, grain="osfinger"
|
|
|
|
, merge=salt['pillar.get']('sshd_config:lookup'))
|
|
|
|
%}
|
|
|
|
|
2016-04-18 17:46:10 +02:00
|
|
|
|
|
|
|
{## Merge the flavor_map to the default settings ##}
|
|
|
|
{% do default_settings.sshd_config.update(os_family_map) %}
|
2017-08-01 14:50:08 +02:00
|
|
|
{% do default_settings.sshd_config.update(os_finger_map) %}
|
2016-04-18 17:46:10 +02:00
|
|
|
|
|
|
|
{## Merge in sshd_config:lookup pillar ##}
|
|
|
|
{% set sshd_config = salt['pillar.get'](
|
|
|
|
'sshd_config',
|
|
|
|
default=default_settings.sshd_config,
|
|
|
|
merge=True
|
|
|
|
)
|
|
|
|
%}
|