#!/usr/bin/env -S generatorsh
#  $HeadURL$ $LastChangedRevision$
#  vim: filetype=sh

#  Includes
. $(miniade) || { echo "${0##*/}: ERROR: miniade failed (hint: run 'miniade' to see error)" >&2; exit 1; }

main()
{
    #  Sanity checks and derivations
    [[ $HOST_OS =~ ^(debian10|debian11|debian12|debian13) ]] || miniade_error "$HOST_OS: invalid value for HOST_OS"
    
    #  Guts
    echo "AuthenticationMethods publickey"
    echo "X11Forwarding yes"
    echo "AcceptEnv LANG LC_*"
    echo "AllowTcpForwarding yes"
    echo "Subsystem sftp /usr/lib/openssh/sftp-server"
    #  Previously, virtualisation servers restricted login to root, but they're not LDAP clients
    #  so I think this is superfluous. Besides which, there is no environment variable set by pcms
    #  to indicate whether this restriction would be desired.  
    #echo "AllowUsers root"

    #  Debian 13 complains when I try to set PubkeyAcceptedKeyTypes.
    if [[ $HOST_OS =~ ^debian(10|11|12)$ ]]; then
        echo "PubkeyAcceptedKeyTypes ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512"
    elif [ $HOST_OS = debian13 ]; then
        :
    else
        miniade_error "$HOST_OS: unexpected value for HOST_OS"
    fi
}

main "$@"