Parameterize the sshd port

manifests/profile/networking/sshd.pp

@@ -14,6 +14,7 @@
 class nebula::profile::networking::sshd (
   Array[String] $whitelist,
   String $addon_directives = '',
+  Integer $port = 22,
 ) {
 
   # This will do nothing if the keytab doesn't exist

spec/classes/profile/networking/sshd_spec.rb

@@ -25,6 +25,7 @@ def contain_sshd
       end
 
       [
+        %r{^#Port 22$},
         %r{^PermitRootLogin (prohibit|without)-password$},
         %r{^PubkeyAuthentication no$},
         %r{^PasswordAuthentication no$},
@@ -97,6 +98,20 @@ class { 'nebula::profile::networking::keytab':
           .with_target('/etc/pam.d/sshd')
           .with_content(%r{@include sshd-defaults})
       end
+
+      context 'with port set to 44' do
+        let(:params) { { port: 44 } }
+
+        it { is_expected.not_to contain_sshd.with_content(%r{^#Port 22$}) }
+        it { is_expected.to contain_sshd.with_content(%r{^Port 44$}) }
+      end
+
+      context 'with port set to 333' do
+        let(:params) { { port: 333 } }
+
+        it { is_expected.not_to contain_sshd.with_content(%r{^#Port 22$}) }
+        it { is_expected.to contain_sshd.with_content(%r{^Port 333$}) }
+      end
     end
   end
 end

templates/profile/networking/sshd_config.erb

@@ -12,7 +12,11 @@
 # possible, but leave them commented.  Uncommented options override the
 # default value.
 
+<% if @port == 22 -%>
 #Port 22
+<% else -%>
+Port <%= @port %>
+<% end -%>
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::