#
# Cookbook:: esh_system
# Recipe:: sshd
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

template '/etc/ssh/sshd_config' do
  owner 'root'
  group 'root'
  mode '0444'
  variables port: node['esh']['system']['sshd']['port'],
    permitrootlogin: node['esh']['system']['sshd']['permitrootlogin'],
    passwordauthentication: node['esh']['system']['sshd']['passwordauthentication'],
    maxauthtries: node['esh']['system']['sshd']['maxauthtries'],
    maxsessions: node['esh']['system']['sshd']['maxsessions'],
    otp: node['esh']['system']['sshd']['otp']
  action :create
  notifies :reload, 'service[sshd]', :delayed
end

template '/etc/pam.d/sshd' do
  source 'pam.d.sshd.erb'
  owner 'root'
  group 'root'
  mode '0644'
  variables otp: node['esh']['system']['sshd']['otp']
  action :create
  notifies :reload, 'service[sshd]', :delayed
end

service 'sshd' do
  action :nothing
end