summaryrefslogtreecommitdiffstats
path: root/aconf/modules/openssh.lua
blob: c1db8b9a0db471c65c89b6fead0e431e43a4aed4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
--[[
Copyright (c) 2013 Natanael Copa <ncopa@alpinelinux.org>
Copyright (c) 2013-2015 Kaarle Ritvanen
See LICENSE file for license details
--]]

local M = require('aconf.model')

local SshKey = M.new()
SshKey.type = M.String{
   required=true,
   choice={
      {'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp256'},
      {'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp384'},
      {'ecdsa-sha2-nistp521', 'ecdsa-sha2-nistp521'},
      {'ssh-dss', 'ssh-dss'},
      {'ssh-rsa', 'ssh-rsa'}
   }
}
SshKey.key = M.String{be_mode='parent-value'}
SshKey.comment = M.String

local Sshd = M.service('sshd')
Sshd.root_login = M.Boolean{
   addr='PermitRootLogin', ui_name='Permit root login', default=true
}
Sshd.password_auth = M.Boolean{
   addr='PasswordAuthentication',
   ui_name='Password authentication',
   default=true
}
Sshd.use_dns = M.Boolean{addr='UseDNS', ui_name='Use DNS', default=true}
Sshd.agent_forward = M.Boolean{
   addr='AllowAgentForwarding', ui_name='Allow agent forwarding', default=true
}
Sshd.root_auth_keys = M.List{
   type=SshKey,
   addr='/augeas/root/.ssh/authorized_keys/key',
   be_mode='enumerate',
   ui_name='Root login keys',
   ui_member='Key'
}

M.register(
   'sshd',
   Sshd,
   {addr='/augeas/etc/ssh/sshd_config', ui_name='SSH daemon'}
)
M.permission.defaults('/sshd')