itamae/cookbooks/base/ssh.rb

73 lines
1.3 KiB
Ruby

# ToDo: `iptables` setting must be here:
execute 'ufw allow 10022' do
user 'root'
not_if 'LANG=c ufw status | grep 10022'
notifies :run, 'execute[ufw reload-or-enable]'
end
# Deploy the `sshd` configuration file:
case node['platform_version']
when "24.04"
remote_file '/etc/ssh/sshd_config' do
user 'root'
owner 'root'
group 'root'
mode '644'
source 'files/etc/ssh/sshd_config.2404'
end
when "22.04"
remote_file '/etc/ssh/sshd_config' do
user 'root'
owner 'root'
group 'root'
mode '644'
source 'files/etc/ssh/sshd_config.2204'
end
when "20.04"
remote_file '/etc/ssh/sshd_config' do
user 'root'
owner 'root'
group 'root'
mode '644'
source 'files/etc/ssh/sshd_config.2004'
end
when "18.04"
remote_file '/etc/ssh/sshd_config' do
user 'root'
owner 'root'
group 'root'
mode '644'
source 'files/etc/ssh/sshd_config.1804'
end
else
remote_file '/etc/ssh/sshd_config' do
user 'root'
owner 'root'
group 'root'
mode '644'
end
end
case node['platform_version']
when "24.04"
execute 'systemctl disable --now ssh.socket'
execute 'systemctl enable --now ssh.service'
execute 'systemctl daemon-reload'
end
# Apply the changes:
execute 'systemctl restart ssh.service ' do
action :nothing
subscribes :run, 'remote_file[/etc/ssh/sshd_config]'
end