From 5695f4258e1fc5d36a13e8d6d478fd3614834653 Mon Sep 17 00:00:00 2001 From: Miguel Jacq Date: Tue, 12 May 2026 12:23:41 +1000 Subject: [PATCH] Add support for ssh configs as templates, via JinjaTurtle --- debian/changelog | 6 ++++++ enroll/jinjaturtle.py | 6 ++++++ tests/test_jinjaturtle.py | 12 ++++++++++++ 3 files changed, 24 insertions(+) diff --git a/debian/changelog b/debian/changelog index 6fa0d96..ee732b6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +enroll (0.5.0) unstable; urgency=medium + + * Add ssh config support where JinjaTurtle is used + + -- Miguel Jacq Tue, 12 May 2026 12:00 +1000 + enroll (0.4.4) unstable; urgency=medium * Add capability to handle passphrases on encrypted SSH private keys. Prompting can be forced with `--ask-key-passphrase` or automated (e.g for CI) with `--ssh-key-passphrase env SOMEVAR` diff --git a/enroll/jinjaturtle.py b/enroll/jinjaturtle.py index 6a13fa1..7a2702e 100644 --- a/enroll/jinjaturtle.py +++ b/enroll/jinjaturtle.py @@ -46,6 +46,12 @@ def infer_other_formats(dest_path: str) -> Optional[str]: # systemd units if suffix in SYSTEMD_SUFFIXES: return "systemd" + # OpenSSH system config files and snippets + parts = {part.lower() for part in p.parts} + if name in {"sshd_config", "ssh_config"}: + return "ssh" + if suffix == ".conf" and {"sshd_config.d", "ssh_config.d"} & parts: + return "ssh" return None diff --git a/tests/test_jinjaturtle.py b/tests/test_jinjaturtle.py index c0447b1..b2c9022 100644 --- a/tests/test_jinjaturtle.py +++ b/tests/test_jinjaturtle.py @@ -131,3 +131,15 @@ def test_manifest_uses_jinjaturtle_templates_and_does_not_copy_raw( encoding="utf-8" ) assert "foo_key: 1" in defaults + + +def test_openssh_paths_are_jinjaturtle_supported_and_forced_to_ssh() -> None: + from enroll.jinjaturtle import can_jinjify_path, infer_other_formats + + assert infer_other_formats("/etc/ssh/sshd_config") == "ssh" + assert infer_other_formats("/etc/ssh/ssh_config") == "ssh" + assert infer_other_formats("/etc/ssh/sshd_config.d/50-hardening.conf") == "ssh" + assert infer_other_formats("/etc/ssh/ssh_config.d/99-proxy.conf") == "ssh" + + assert can_jinjify_path("/etc/ssh/sshd_config") + assert can_jinjify_path("/etc/ssh/ssh_config")