init.sls 1.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. #
  2. # SSH configuration
  3. #
  4. # Install ssh server
  5. ssh:
  6. pkg.installed:
  7. - name: 'openssh-server'
  8. service.running:
  9. - enable: True
  10. - reload: True
  11. # Enforce pubkey auth (disable password auth) and reload server on config change
  12. /etc/ssh/sshd_config:
  13. file.managed:
  14. - source:
  15. - salt://ssh/sshd_config.{{ grains.os }}.{{ grains.oscodename }}
  16. - salt://ssh/sshd_config
  17. - user: root
  18. - group: root
  19. - mode: 644
  20. - watch_in:
  21. - service: ssh
  22. # Create .ssh dir for user root
  23. /root/.ssh:
  24. file.directory:
  25. - user: root
  26. - group: root
  27. - mode: 700
  28. - makedirs: True
  29. # Create authorized_keys for root (MASTER + host specific)
  30. /root/.ssh/authorized_keys:
  31. file.managed:
  32. - source: salt://ssh/authorized_keys.tmpl
  33. - template: jinja
  34. username: root
  35. - user: root
  36. - group: root
  37. - mode: 644
  38. - require:
  39. - file: /root/.ssh
  40. # Add SSH-Keys
  41. {% if 'root' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':ssh', []) %}
  42. /root/.ssh/id_rsa:
  43. file.managed:
  44. - contents_pillar: nodes:{{ grains['id'] }}:ssh:root:privkey
  45. - user: root
  46. - group: root
  47. - mode: 600
  48. - require:
  49. - file: /root/.ssh
  50. /root/.ssh/id_rsa.pub:
  51. file.managed:
  52. - contents_pillar: nodes:{{ grains['id'] }}:ssh:root:pubkey
  53. - user: root
  54. - group: root
  55. - mode: 644
  56. - require:
  57. - file: /root/.ssh
  58. {% endif %}