En rédaction

softwares/secure_tunnel.sls

@@ -19,6 +19,14 @@ secure_tunnel_systemd_file:
     - name: /etc/systemd/system/secure-tunnel.service
     - user: root
     - group: root
+    - template: jinja
 
+secure_tunnel_default_file:
+  file.managed:
+    - source: salt://templates/secure-tunnel.dft
+    - name: /etc/default/secure-tunnel
+    - user: root
+    - group: root
+    - template: jinja
 
 {% endif %}

templates/secure-tunnel.service

@@ -1,15 +1,12 @@
 # Must be sent to /etc/systemd/system
 [Unit]
-Description=Setup a secure tunnel to %I
+Description=Setup a secure tunnel to {{ANS_ADDR_TARGET}}
 After=network.target
 
 [Service]
-User=ansusr
-Environment="LOCAL_ADDR=localhost"
-EnvironmentFile=/etc/default/secure-tunnel@%i
-#ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${LOCAL_ADDR}:${LOCAL_PORT}:localhost:${REMOTE_PORT} ${TARGET}
-#ExecStart=/usr/bin/ssh -p ${REMOTE_PORT} -NT -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${RTARGET_PORT}:localhost:22 ${TARGET}
-ExecStart=/usr/bin/ssh -p ${REMOTE_PORT} -NT -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${RTARGET_PORT}:localhost:22 ${TARGET}
+User=${ANS_TARGET_USER}
+EnvironmentFile=/etc/default/secure-tunnel
+ExecStart=/usr/bin/ssh -p ${REMOTE_PORT} -NT -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${RTARGET_PORT}:localhost:22 ${ANS_TARGET_USER}@${TARGET}
 
 # Restart every >2 seconds to avoid StartLimitInterval failure
 RestartSec=5