2023-11-13 09:33:28 -05:00
|
|
|
{#
|
2023-11-13 13:18:06 -05:00
|
|
|
SPDX-FileCopyrightText: 2022 unman <unman@thirdeyesecurity.org>
|
2024-03-18 11:29:01 -04:00
|
|
|
SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
2023-11-13 09:33:28 -05:00
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
#}
|
|
|
|
|
|
|
|
{% if grains['nodename'] != 'dom0' -%}
|
|
|
|
|
2024-03-18 11:29:01 -04:00
|
|
|
include:
|
|
|
|
- utils.tools.common.update
|
2023-11-13 09:33:28 -05:00
|
|
|
|
|
|
|
"{{ slsdotpath }}-installed":
|
|
|
|
pkg.installed:
|
2024-03-18 11:29:01 -04:00
|
|
|
- require:
|
|
|
|
- sls: utils.tools.common.update
|
2023-11-13 09:33:28 -05:00
|
|
|
- install_recommends: False
|
|
|
|
- skip_suggestions: True
|
2024-08-16 08:02:53 -04:00
|
|
|
- setopt: "install_weak_deps=False"
|
2023-11-13 09:33:28 -05:00
|
|
|
- pkgs:
|
|
|
|
- openssh-server
|
2024-05-28 05:00:04 -04:00
|
|
|
- man-db
|
2023-11-13 09:33:28 -05:00
|
|
|
|
2024-06-25 16:16:26 -04:00
|
|
|
"{{ slsdotpath }}-ssh-systemd-service":
|
|
|
|
file.managed:
|
|
|
|
- name: /usr/lib/systemd/system/ssh.service.d/50_qusal.conf
|
|
|
|
- source: salt://{{ slsdotpath }}/files/server/systemd/ssh.service.d/50_qusal.conf
|
|
|
|
- mode: '0644'
|
|
|
|
- user: root
|
|
|
|
- group: root
|
|
|
|
- makedirs: True
|
2023-11-13 09:33:28 -05:00
|
|
|
|
2024-06-25 16:16:26 -04:00
|
|
|
"{{ slsdotpath }}-unmask-ssh":
|
|
|
|
service.unmasked:
|
2023-11-13 09:33:28 -05:00
|
|
|
- name: ssh
|
|
|
|
|
2024-06-25 16:16:26 -04:00
|
|
|
"{{ slsdotpath }}-enable-ssh":
|
|
|
|
service.enabled:
|
2023-11-13 09:33:28 -05:00
|
|
|
- name: ssh
|
|
|
|
|
2024-06-24 19:28:53 -04:00
|
|
|
"{{ slsdotpath }}-rpc":
|
|
|
|
file.symlink:
|
|
|
|
- name: /etc/qubes-rpc/qusal.Ssh
|
|
|
|
- target: /dev/tcp/127.0.0.1/22
|
2023-11-13 09:33:28 -05:00
|
|
|
- user: root
|
|
|
|
- group: root
|
2024-06-24 19:28:53 -04:00
|
|
|
- force: True
|
|
|
|
- makedirs: True
|
|
|
|
|
|
|
|
"{{ slsdotpath }}-rpc-config":
|
|
|
|
file.symlink:
|
|
|
|
- name: /etc/qubes/rpc-config/qusal.Ssh
|
|
|
|
- target: /etc/qubes/rpc-config/qubes.ConnectTCP
|
|
|
|
- user: root
|
|
|
|
- group: root
|
|
|
|
- force: True
|
2023-11-13 09:33:28 -05:00
|
|
|
- makedirs: True
|
|
|
|
|
|
|
|
"{{ slsdotpath }}-sshd-config":
|
|
|
|
file.managed:
|
2024-06-25 16:16:26 -04:00
|
|
|
- name: /etc/ssh/sshd_config.d/50-qusal-{{ slsdotpath }}.conf
|
|
|
|
- source: salt://{{ slsdotpath }}/files/server/sshd_config.d/50-qusal-{{ slsdotpath }}.conf
|
|
|
|
- mode: '0644'
|
2023-11-13 09:33:28 -05:00
|
|
|
- user: root
|
|
|
|
- group: root
|
|
|
|
- makedirs: True
|
|
|
|
|
|
|
|
{% endif -%}
|