From 33062c3ec6feea8e6b951ef6ae9be0a1c0a4a7c9 Mon Sep 17 00:00:00 2001 From: mwiegand Date: Sun, 27 Mar 2022 17:02:33 +0200 Subject: [PATCH] use skip instead of if --- bundles/ssh/items.py | 133 +++++++++++++++++++++++-------------------- 1 file changed, 70 insertions(+), 63 deletions(-) diff --git a/bundles/ssh/items.py b/bundles/ssh/items.py index 3fc5013..feee9ff 100644 --- a/bundles/ssh/items.py +++ b/bundles/ssh/items.py @@ -1,65 +1,72 @@ -if not node.metadata.get('FIXME_dont_touch_sshd', False): - # on debian bullseye raspberry images, starting the systemd ssh - # daemon seems to collide with an existing sysv daemon - directories = { - '/etc/ssh': { - 'purge': True, - 'mode': '0755', - } - } - - files = { - '/etc/ssh/moduli': { - 'content_type': 'any', - }, - '/etc/ssh/ssh_config': { - 'triggers': [ - 'svc_systemd:ssh:restart' - ], - }, - '/etc/ssh/ssh_config': { - 'content_type': 'mako', - 'context': { - }, - 'triggers': [ - 'svc_systemd:ssh:restart' - ], - }, - '/etc/ssh/sshd_config': { - 'content_type': 'mako', - 'context': { - 'users': sorted(node.metadata.get('ssh/allow_users')), - }, - 'triggers': [ - 'svc_systemd:ssh:restart' - ], - }, - '/etc/ssh/ssh_host_ed25519_key': { - 'content': node.metadata.get('ssh/host_key/private') + '\n', - 'mode': '0600', - 'triggers': [ - 'svc_systemd:ssh:restart' - ], - }, - '/etc/ssh/ssh_host_ed25519_key.pub': { - 'content': node.metadata.get('ssh/host_key/public') + '\n', - 'mode': '0644', - 'triggers': [ - 'svc_systemd:ssh:restart' - ], - }, - '/etc/ssh/ssh_known_hosts': { - 'content': '\n'.join( - repo.libs.ssh.known_hosts_entry_for(other_node) - for other_node in sorted(repo.nodes) - if other_node != node - and other_node.has_bundle('ssh') - ) + '\n', - }, - } +# on debian bullseye raspberry images, starting the systemd ssh +# daemon seems to collide with an existing sysv daemon +dont_touch_sshd = node.metadata.get('FIXME_dont_touch_sshd', False), - svc_systemd['ssh'] = { - 'needs': [ - 'tag:ssh_users', - ], +directories = { + '/etc/ssh': { + 'purge': True, + 'mode': '0755', + 'skip': dont_touch_sshd, } +} + +files = { + '/etc/ssh/moduli': { + 'content_type': 'any', + 'skip': dont_touch_sshd, + }, + '/etc/ssh/ssh_config': { + 'triggers': [ + 'svc_systemd:ssh:restart' + ], + 'skip': dont_touch_sshd, + }, + '/etc/ssh/ssh_config': { + 'content_type': 'mako', + 'context': { + }, + 'triggers': [ + 'svc_systemd:ssh:restart' + ], + 'skip': dont_touch_sshd, + }, + '/etc/ssh/sshd_config': { + 'content_type': 'mako', + 'context': { + 'users': sorted(node.metadata.get('ssh/allow_users')), + }, + 'triggers': [ + 'svc_systemd:ssh:restart' + ], + 'skip': dont_touch_sshd, + }, + '/etc/ssh/ssh_host_ed25519_key': { + 'content': node.metadata.get('ssh/host_key/private') + '\n', + 'mode': '0600', + 'triggers': [ + 'svc_systemd:ssh:restart' + ], + }, + '/etc/ssh/ssh_host_ed25519_key.pub': { + 'content': node.metadata.get('ssh/host_key/public') + '\n', + 'mode': '0644', + 'triggers': [ + 'svc_systemd:ssh:restart' + ], + }, + '/etc/ssh/ssh_known_hosts': { + 'content': '\n'.join( + repo.libs.ssh.known_hosts_entry_for(other_node) + for other_node in sorted(repo.nodes) + if other_node != node + and other_node.has_bundle('ssh') + ) + '\n', + }, +} + +svc_systemd['ssh'] = { + 'needs': [ + 'tag:ssh_users', + ], + 'skip': dont_touch_sshd, +}