73 lines
1.3 KiB
Ruby
73 lines
1.3 KiB
Ruby
# ToDo: `iptables` setting must be here:
|
|
execute 'ufw allow 10022' do
|
|
user 'root'
|
|
|
|
not_if 'LANG=c ufw status | grep 10022'
|
|
|
|
notifies :run, 'execute[ufw reload-or-enable]'
|
|
end
|
|
|
|
# Deploy the `sshd` configuration file:
|
|
case node['platform_version']
|
|
when "24.04"
|
|
remote_file '/etc/ssh/sshd_config' do
|
|
user 'root'
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
|
|
source 'files/etc/ssh/sshd_config.2404'
|
|
end
|
|
|
|
when "22.04"
|
|
remote_file '/etc/ssh/sshd_config' do
|
|
user 'root'
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
|
|
source 'files/etc/ssh/sshd_config.2204'
|
|
end
|
|
|
|
when "20.04"
|
|
remote_file '/etc/ssh/sshd_config' do
|
|
user 'root'
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
|
|
source 'files/etc/ssh/sshd_config.2004'
|
|
end
|
|
|
|
when "18.04"
|
|
remote_file '/etc/ssh/sshd_config' do
|
|
user 'root'
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
|
|
source 'files/etc/ssh/sshd_config.1804'
|
|
end
|
|
|
|
else
|
|
remote_file '/etc/ssh/sshd_config' do
|
|
user 'root'
|
|
owner 'root'
|
|
group 'root'
|
|
mode '644'
|
|
end
|
|
end
|
|
|
|
case node['platform_version']
|
|
when "24.04"
|
|
execute 'systemctl disable --now ssh.socket'
|
|
execute 'systemctl enable --now ssh.service'
|
|
execute 'systemctl daemon-reload'
|
|
end
|
|
|
|
# Apply the changes:
|
|
execute 'systemctl restart ssh.service ' do
|
|
action :nothing
|
|
subscribes :run, 'remote_file[/etc/ssh/sshd_config]'
|
|
end
|