SSH key management should be done elsewhere

diff --git a/manifests/auth.pp b/manifests/auth.pp
deleted file mode 100644 (file)
index 6bbd65b..0000000
--- a/manifests/auth.pp
+++ /dev/null
@@ -1,70 +0,0 @@
-# This has probably to be removed from this module
-define ikiwiki::auth($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
-  file { "${home}/.ssh/config":
-    ensure  => present,
-    owner   => $owner,
-    group   => $group,
-    mode    => 0600,
-    require => File["${home}/.ssh"],
-  }
-
-  file { "${home}/.ssh/known_hosts":
-    ensure  => present,
-    owner   => $owner,
-    group   => $group,
-    mode    => 0600,
-    require => File["${home}/.ssh"],
-  }
-
-  # The NoHostAuthenticationForLocalhost ssh option might be useful
-  # for automated deployment environments so your ikiwiki user doesn't
-  # get stuck with the fingerprint confirmation prompt when pushing
-  # content via ssh in the first time it runs.
-  line { 'NoHostAuthenticationForLocalhost-${owner}':
-    file   => "${home}/.ssh/config",
-    line   => "NoHostAuthenticationForLocalhost yes",
-    ensure => $ssh_localhost_auth ? {
-      'auto'        => present,
-      'fingerprint' => absent,
-      default       => absent,
-    },
-  }
-
-  # Alternativelly, you can choose to include the host's fingeprints
-  # directly into the known_hosts file.
-  if $::sshrsakey != '' {
-    line { 'known_hosts-localhost-rsa-${owner}':
-      file   => "${home}/.ssh/known_hosts",
-      line   => "localhost ssh-rsa ${::sshrsakey}",
-      ensure => $ssh_localhost_auth ? {
-        'fingerprint' => present,
-        'auto'        => undef,
-        default       => undef,
-      },
-    }
-  }
-
-  if $::sshdsakey != '' {
-    line { 'known_hosts-localhost-dsa-${owner}':
-      file   => "${home}/.ssh/known_hosts",
-      line   => "localhost ssh-dss ${::sshdsakey}",
-      ensure => $ssh_localhost_auth ? {
-        'fingerprint' => present,
-        'auto'        => undef,
-        default       => undef,
-      },
-    }
-  }
-
-  if $::sshecdsakey != '' {
-    line { 'known_hosts-localhost-ecdsa-${owner}':
-      file   => "${home}/.ssh/known_hosts",
-      line   => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
-      ensure => $ssh_localhost_auth ? {
-        'fingerprint' => present,
-        'auto'        => undef,
-        default       => undef,
-      },
-    }
-  }
-}

diff --git a/manifests/instance.pp b/manifests/instance.pp
index d51755f895cc07b9fb2bfd74c492e7f1d8a8df51..068b2dfd37610bd712966960f422fe929cb2618e 100644 (file)
--- a/manifests/instance.pp
+++ b/manifests/instance.pp
@@ -10,8 +10,7 @@ define ikiwiki::instance(
   $protocol                  = 'https',
   $owner                     = $name,
   $group                     = $name,
-  $home                      = "/home/$owner",
-  $create_ssh_key            = false
+  $home                      = "/home/$owner"
 ) {
   case $ensure {
     'present': {
@@ -77,25 +76,6 @@ define ikiwiki::instance(
                         "${ikiwiki::sites_folder}/${name}/ikiwiki",
                         "${ikiwiki::sites_folder}/${name}/ikiwiki_src"],
       }
-
-      if $create_ssh_key == true {
-        if !defined(File["${home}/.ssh"]) {
-          file { "${home}/.ssh":
-            ensure  => directory,
-            owner   => $owner,
-            group   => $group,
-            mode    => 0700,
-          }
-        }
-
-        exec { "ssh-keygen-ikiwiki-${owner}":
-          command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/id_rsa",
-          creates => "${home}/.ssh/id_rsa",
-          user    => $owner,
-          group   => $group,
-          require => File["${home}/.ssh"],
-        }
-      }
     }
     'absent': {
       file { "/etc/ikiwiki/$name.setup":