class nodo::kvm inherits nodo {
  include syslog-ng
  include initramfs
  include modprobe
  include firewire
  include sysctl
  include ups
  include utils::physical
  include resolver
  include monkeysphere_nodo

  # SSL computational DoS mitigation
  # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
  $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
    ''      => $firewall_global_ssl_ratelimit ? {
      ''      => '-',
      default => $firewall_global_ssl_ratelimit,
    },
    default => $firewall_ssl_ratelimit,
  }

  # Firewall configuration
  include firewall

  # Vserver configuration
  $vserver_vdirbase = "/var/vservers"
  include vserver::host

  if $use_nagios != false {
    if $use_nagios_fqdn == true {
      include nagios::target::fqdn
    }
    else {
      include nagios::target
    }
    nagios::service::ping { "$fqdn": }
  }

  # Time configuration
  case $ntpdate {
    false:   { include timezone }
    default: { include ntpdate  }
  }

  # SSH Server
  #
  # We need to restrict listen address so multiple instances
  # can live together in the same physical host.
  #
  case $sshd_listen_address {
    '': { $sshd_listen_address = [ "$ipaddress" ] }
  }
  include sshd

  backupninja::sys { "sys":
    ensure => present,
  }

  # Munin configuration
  munin_node { "$hostname":
    port => '4900',
  }

  # Removable media folder
  file { [ "/media/usb", "/media/cdrom" ]:
    ensure => directory,
    mode   => 0755,
  }

  # fstab
  file { "/etc/fstab":
    source  => "puppet://$server/modules/nodo/etc/fstab/kvm",
    owner   => "root",
    group   => "root",
    mode    => 0644,
    ensure  => present,
    notify  => Exec['update-initramfs'],
  }

  # crypttab
  file { "/etc/crypttab":
    source  => "puppet://$server/modules/nodo/etc/crypttab/kvm",
    owner   => "root",
    group   => "root",
    mode    => 0644,
    ensure  => present,
    notify  => Exec['update-initramfs'],
  }
}