Drop cleanup code

[chef.git] / cookbooks / openssh / recipes / default.rb

diff --git a/cookbooks/openssh/recipes/default.rb b/cookbooks/openssh/recipes/default.rb
index 190db29c45ef8d5c6903b369977f2fade8b439d9..8b57aaaef75ef5e799b1ab08be8e6440cc811817 100644 (file)
--- a/cookbooks/openssh/recipes/default.rb
+++ b/cookbooks/openssh/recipes/default.rb
@@ -23,55 +23,57 @@ include_recipe "networking"
 package "openssh-client"
 package "openssh-server"
 
+template "/etc/ssh/sshd_config.d/chef.conf" do
+  source "sshd_config.conf.erb"
+  owner "root"
+  group "root"
+  mode "644"
+  notifies :restart, "service[ssh]"
+  only_if { Dir.exist?("/etc/ssh/sshd_config.d") }
+end
+
 service "ssh" do
   action [:enable, :start]
   supports :status => true, :restart => true, :reload => true
 end
 
 hosts = search(:node, "networking:interfaces").sort_by { |n| n[:hostname] }.collect do |node|
-  names = [node[:hostname]]
+  name = node.name.split(".").first
 
-  node.interfaces(:role => :external).each do |interface|
-    names |= ["#{node[:hostname]}.openstreetmap.org"]
-    names |= ["#{node[:hostname]}.#{interface[:zone]}.openstreetmap.org"]
-  end
+  names = [name]
 
   unless node.interfaces(:role => :internal).empty?
-    names |= ["#{node[:hostname]}.#{node[:networking][:roles][:external][:zone]}.openstreetmap.org"]
+    names.unshift("#{name}.#{node[:networking][:roles][:external][:zone]}.openstreetmap.org")
+  end
+
+  unless node.interfaces(:role => :external).empty?
+    names.unshift("#{name}.openstreetmap.org")
   end
 
   keys = {
-    "ssh-rsa" => node[:keys][:ssh][:host_rsa_public],        # ~FC039
-    "ssh-dss" => node[:keys][:ssh][:host_dsa_public]         # ~FC039
+    "ssh-rsa" => node[:keys][:ssh][:host_rsa_public]
   }
 
-  if node[:keys][:ssh][:host_ecdsa_public]                   # ~FC039
-    ecdsa_type = node[:keys][:ssh][:host_ecdsa_type]         # ~FC039
+  if node[:keys][:ssh][:host_ecdsa_public]
+    ecdsa_type = node[:keys][:ssh][:host_ecdsa_type]
 
-    keys[ecdsa_type] = node[:keys][:ssh][:host_ecdsa_public] # ~FC039
+    keys[ecdsa_type] = node[:keys][:ssh][:host_ecdsa_public]
   end
 
-  if node[:keys][:ssh][:host_ed25519_public]                      # ~FC039
-    keys["ssh-ed25519"] = node[:keys][:ssh][:host_ed25519_public] # ~FC039
+  if node[:keys][:ssh][:host_ed25519_public]
+    keys["ssh-ed25519"] = node[:keys][:ssh][:host_ed25519_public]
   end
 
   Hash[
-    :names => names.sort,
+    :names => names,
     :addresses => node.ipaddresses.sort,
     :keys => keys
   ]
 end
 
-template "/etc/ssh/ssh_config" do
-  source "ssh_config.erb"
-  mode 0o644
-  owner "root"
-  group "root"
-end
-
 template "/etc/ssh/ssh_known_hosts" do
   source "ssh_known_hosts.erb"
-  mode 0o444
+  mode "444"
   owner "root"
   group "root"
   backup false
@@ -82,8 +84,7 @@ end
 
 firewall_rule "accept-ssh" do
   action :accept
-  source "net"
-  dest "fw"
-  proto "tcp:syn"
+  context :incoming
+  protocol :tcp
   dest_ports node[:openssh][:port]
 end