From 4c822ba8445242ebc871bcd92a4b9779b6083e3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Gr=C3=A9goire?= <pg@pgregoire.xyz>
Date: Thu, 23 Aug 2018 16:16:07 -0400
Subject: [PATCH] Debian: Create privilege separation directory

On Debian-based system, the privilege separation directory is
`/run/sshd`. Since `/run` is a tmpfs filesystem, the init script is
responsible for creating the directory when starting `sshd`. However,
this directory might not exist if the `ssh` service has not been
started yet.

This patch ensures that the directory exists before storing the
configuration file. It is required to prevent the `check_cmd` from
failing; specifically, to prevent `sshd` from complaining that the
directory does not exist.
---
 openssh/config.sls | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/openssh/config.sls b/openssh/config.sls
index eb721e9..96f1df8 100644
--- a/openssh/config.sls
+++ b/openssh/config.sls
@@ -6,6 +6,16 @@ include:
   - openssh
 
 {% if manage_sshd_config %}
+{% if 'Debian' == salt['grains.get']('os_family') %}
+/run/sshd:
+  file.directory:
+    - user: 0
+    - group: 0
+    - mode: 0755
+    - require_in:
+        - file: sshd_config
+{% endif %}
+
 sshd_config:
   file.managed:
     - name: {{ openssh.sshd_config }}