# Export and collect public host keys.
#
class ssh::known_hosts {

    file { "/etc/ssh/ssh_known_hosts":
        ensure => present,
        mode   => "0644",
        owner  => root,
        group  => $operatingsystem ? {
            OpenBSD => wheel,
            default => root,
        },
    }

    @@sshkey { $homename:
        ensure       => present,
        type         => rsa,
        key          => $sshrsakey,
        host_aliases => inline_template("<%= homename.split('.')[0] %>"),
        require      => File["/etc/ssh/ssh_known_hosts"],
    }

    Sshkey <<| |>>

}


# Install SSH host keys.
#
class ssh::hostkeys {

    tag("bootstrap")

    file { "/etc/ssh/ssh_host_dsa_key":
        ensure => present,
        source => "puppet:///private/ssh_host_dsa_key",
        mode   => "0600",
        owner  => root,
        group  => $operatingsystem ? {
            openbsd => wheel,
            default => root,
        },
    }
    file { "/etc/ssh/ssh_host_dsa_key.pub":
        ensure => present,
        source => "puppet:///private/ssh_host_dsa_key.pub",
        mode   => "0644",
        owner  => root,
        group  => $operatingsystem ? {
            openbsd => wheel,
            default => root,
        },
    }

    file { "/etc/ssh/ssh_host_rsa_key":
        ensure => present,
        source => "puppet:///private/ssh_host_rsa_key",
        mode   => "0600",
        owner  => root,
        group  => $operatingsystem ? {
            openbsd => wheel,
            default => root,
        },
    }
    file { "/etc/ssh/ssh_host_rsa_key.pub":
        ensure => present,
        source => "puppet:///private/ssh_host_rsa_key.pub",
        mode   => "0644",
        owner  => root,
        group  => $operatingsystem ? {
            openbsd => wheel,
            default => root,
        },
    }

    file { "/etc/ssh/ssh_host_key":
        ensure => present,
        source => "puppet:///private/ssh_host_key",
        mode   => "0600",
        owner  => root,
        group  => $operatingsystem ? {
            openbsd => wheel,
            default => root,
        },
    }
    file { "/etc/ssh/ssh_host_key.pub":
        ensure => present,
        source => "puppet:///private/ssh_host_key.pub",
        mode   => "0644",
        owner  => root,
        group  => $operatingsystem ? {
            openbsd => wheel,
            default => root,
        },
    }

}


# Disable SSH server.
#
class ssh::disable {

    case $operatingsystem {
        ubuntu: {
            # fix ssh init, the sysv-rc script
            # doesn't work together with upstart
            file { "/etc/init.d/ssh":
                ensure => link,
                force  => true,
                target => "/lib/init/upstart-job",
                backup => ".orig",
                before => Service["sshd"],
            }
            file { "/etc/init/ssh.conf":
                ensure => present,
                mode   => "0644",
                owner  => root,
                group  => root,
                source => "puppet:///modules/ssh/ssh.disabled.conf",
            }
        }
    }

    service { "sshd":
        name   => $operatingsystem ? {
            ubuntu  => "ssh",
            default => "sshd",
        },
        ensure => stopped,
        enable => false,
    }

}