# Class: profiles::base
# =====================
#
# This class defines the base profile that is valid for all puppet managed
# CAcert hosts and should therefore be included in any host role class in the
# roles module.
#
# Parameters
# ----------
#
# @param admins a list of admin users for the node
#
# @param users a hash containing user information
#
# Examples
# --------
#
# @example
#   class roles::myhost {
#     include profiles::base
#   }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2016 Jan Dittberner
#
class profiles::base (
  Array[String] $admins = [],
  Hash[String, Data] $users = {},
) {
  # ensure admin users for this container
  $admins.each |String $username| {
    $user = $users[$username]
    $osusername = $user['username']
    group { $user['username']:
      ensure => present,
    } ->
    user { $osusername:
      ensure         => present,
      comment        => $user['fullname'],
      gid            => $osusername,
      groups         => ['sudo', 'adm'],
      password       => $user['password'],
      uid            => $user['uid'],
      home           => "/home/${osusername}",
      shell          => $user['shell'],
      purge_ssh_keys => true,
      managehome     => true,
    }
    $user['ssh_keys'].each |Hash[String, Data] $keydata| {
      $keyname    = $keydata['name']
      ssh_authorized_key { "${osusername}@${keyname}":
        ensure  => present,
        user    => $user['username'],
        type    => $keydata['type'],
        key     => $keydata['key'],
        require => User[$osusername],
      }
    }
  }

  file { '/etc/init.d/puppet':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
    source => 'puppet:///modules/profiles/puppet.init',
  }

  file { '/etc/apt/apt.conf.d/03proxy':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0644',
    source => 'puppet:///modules/profiles/base/apt_proxy.conf',
  }

  package { 'lsb-release':
    ensure => present,
  }

  file { '/etc/apt/sources.list':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => epp(
      'profiles/base/apt_sources.list.epp',
      {'oscodename' => $facts['os']['distro']['codename']}),
    require => Package['lsb-release'],
  }
  file { '/etc/apt/sources.list.d/puppetlabs-pc1.list':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => epp(
      'profiles/base/apt_sources_puppetlabs.list.epp',
      {'oscodename' => $facts['os']['distro']['codename']}),
    require => Package['lsb-release'],
  }
}