finish up idm_server hostclass

1 files changed, 40 insertions, 0 deletions

diff --git a/scripts/os/freebsd/41-ssh b/scripts/os/freebsd/41-ssh
new file mode 100644
index 0000000..7352fc3
--- /dev/null
+++ b/scripts/os/freebsd/41-ssh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# Install and use ssh from ports.
+pkg install -y openssh-portable
+
+# Disable base sshd and enable the one from ports.
+sysrc -v \
+  sshd_enable=NO \
+  openssh_enable=YES
+
+# Create state dataset to persist SSH host keys across OS rebuilds.
+create_dataset -o "mountpoint=${ssh_host_key_dir}" "${state_dataset}/ssh"
+
+# If the state dataset contains existing host keys, symlink them into
+# /etc/ssh.
+#
+# If not, this is the first time we are building this box, so copy the
+# autogenerated host keys to the state partition.
+service openssh keygen
+for key in  \
+  ssh_host_ecdsa_key \
+  ssh_host_ed25519_key \
+  ssh_host_rsa_key
+do
+  [ -f "${ssh_host_key_dir}/${key}" ] || \
+    mv -v "/usr/local/etc/ssh/${key}" "/usr/local/etc/ssh/${key}.pub" "$ssh_host_key_dir"
+
+  ln -snvf "${ssh_host_key_dir}/${key}"     "/usr/local/etc/ssh/${key}"
+  ln -snvf "${ssh_host_key_dir}/${key}.pub" "/usr/local/etc/ssh/${key}.pub"
+done
+
+# Copy SSH configs.
+install_directory -m 0755 /usr/local/etc/ssh/sshd_config.d
+install_template -m 0644 \
+  /usr/local/etc/ssh/sshd_config \
+  /usr/local/etc/ssh/ssh_config
+
+# Stop base sshd and start the one from ports.
+service sshd stop
+service openssh restart