Add support for ssh configs as templates, via JinjaTurtle

debian/changelog

@@ -1,3 +1,9 @@
+enroll (0.5.0) unstable; urgency=medium
+
+ * Add ssh config support where JinjaTurtle is used
+
+ -- Miguel Jacq <mig@mig5.net>  Tue, 12 May 2026 12:00 +1000
+
 enroll (0.4.4) unstable; urgency=medium
 
  * Add capability to handle passphrases on encrypted SSH private keys. Prompting can be forced with `--ask-key-passphrase` or automated (e.g for CI) with `--ssh-key-passphrase env SOMEVAR`

enroll/jinjaturtle.py

@@ -46,6 +46,12 @@ def infer_other_formats(dest_path: str) -> Optional[str]:
     # systemd units
     if suffix in SYSTEMD_SUFFIXES:
         return "systemd"
+    # OpenSSH system config files and snippets
+    parts = {part.lower() for part in p.parts}
+    if name in {"sshd_config", "ssh_config"}:
+        return "ssh"
+    if suffix == ".conf" and {"sshd_config.d", "ssh_config.d"} & parts:
+        return "ssh"
     return None
 
 

tests/test_jinjaturtle.py

@@ -131,3 +131,15 @@ def test_manifest_uses_jinjaturtle_templates_and_does_not_copy_raw(
         encoding="utf-8"
     )
     assert "foo_key: 1" in defaults
+
+
+def test_openssh_paths_are_jinjaturtle_supported_and_forced_to_ssh() -> None:
+    from enroll.jinjaturtle import can_jinjify_path, infer_other_formats
+
+    assert infer_other_formats("/etc/ssh/sshd_config") == "ssh"
+    assert infer_other_formats("/etc/ssh/ssh_config") == "ssh"
+    assert infer_other_formats("/etc/ssh/sshd_config.d/50-hardening.conf") == "ssh"
+    assert infer_other_formats("/etc/ssh/ssh_config.d/99-proxy.conf") == "ssh"
+
+    assert can_jinjify_path("/etc/ssh/sshd_config")
+    assert can_jinjify_path("/etc/ssh/ssh_config")