From f93235356b0a6a47a562b6d5f21086c56addc570 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Fri, 26 Jun 2020 14:26:13 +0100
Subject: [PATCH] Configure port for sshd

---
 cookbooks/openssh/recipes/default.rb                     | 9 +++++++++
 cookbooks/openssh/templates/default/sshd_config.conf.erb | 3 +++
 2 files changed, 12 insertions(+)
 create mode 100644 cookbooks/openssh/templates/default/sshd_config.conf.erb

diff --git a/cookbooks/openssh/recipes/default.rb b/cookbooks/openssh/recipes/default.rb
index 13bc8f517..78df22c5e 100644
--- a/cookbooks/openssh/recipes/default.rb
+++ b/cookbooks/openssh/recipes/default.rb
@@ -23,6 +23,15 @@ include_recipe "networking"
 package "openssh-client"
 package "openssh-server"
 
+template "/etc/ssh/sshd_config.d/chef.conf" do
+  source "sshd_config.conf.erb"
+  owner "root"
+  group "root"
+  mode 0o644
+  notifies :restart, "service[ssh]"
+  only_if { Dir.exist?("/etc/ssh/sshd_config.d") }
+end
+
 service "ssh" do
   action [:enable, :start]
   supports :status => true, :restart => true, :reload => true
diff --git a/cookbooks/openssh/templates/default/sshd_config.conf.erb b/cookbooks/openssh/templates/default/sshd_config.conf.erb
new file mode 100644
index 000000000..00a540a5e
--- /dev/null
+++ b/cookbooks/openssh/templates/default/sshd_config.conf.erb
@@ -0,0 +1,3 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+Port <%= node[:openssh][:port] %>
-- 
2.39.5