class nodo {
  include lsb
  include sudo
  include users::admin
  include motd
  include utils
  include cron
  include hosts
  include locales
  include tunnel
  include profile
  include domain
  include concat::setup

  if !defined('puppetd') {
    class { 'puppetd': }
  }

  #
  # Backup
  #
  class { 'backup': }

  $local_backup = hiera('nodo::backup::localhost', false)

  # Local encrypted backup
  case $local_backup {
    true,enabled,present: {
      backup::duplicity { "localhost":
        encryptkey => hiera('nodo::backup::encryptkey'),
        password   => hiera('nodo::backup::password'),
      }
    }
    absent {
      backup::duplicity { "localhost":
        encryptkey => hiera('nodo::backup::encryptkey'),
        password   => hiera('nodo::backup::password'),
        ensure     => absent,
      }
    }
    default { }
  }

  # Does not work well inside vservers
  class { 'runit': ensure => absent }

  # Set timezone and ntp config
  #
  # We config those here but leave class inclusion elsewhere
  # as ntp config differ from server to vserver.
  #
  $ntp_timezone = "Brazil/East"
  $ntp_pool     = "south-america.pool.ntp.org"
  $ntp_servers  = [ 'a.ntp.br', 'b.ntp.br', 'c.ntp.br' ]

  # Email delivery configuration
  case hiera('nodo::mail_delivery', 'exim') {
    'tunnel': {              
      $mail_hostname = hiera('nodo::mail_hostname')
      tunnel::mail { "$mail_hostname":
        sshport   => hiera('nodo::mail_ssh_port'),
      }
    }
    'postfix': { }
    '','exim',default: { include exim::tls }
  }

  # Apt configuration
  if $use_apt != false {
    class { 'apt':
      include_src      => hiera('nodo::apt_include_src', false),
      use_next_release => hiera('nodo::apt_use_next_release', false),
    }

    include apt::unattended_upgrades

    apt::sources_list { "$domain.list":
      source => "puppet:///modules/site_apt/sources.list.d/$operatingsystem/$domain.list",
      ensure => $apt_domain_source ? {
        true    => present,
        default => absent,
      }
    }

    # Preferences file can't have dots in the filename
    $apt_domain_preferences = regsubst($domain, '\.', '-', 'G')

    file { "/etc/apt/preferences.d/$apt_domain_preferences":
      source => [ "puppet:///modules/site_apt/preferences.d/$operatingsystem/$domain",
                  "puppet:///modules/nodo/preferences.d/custom" ],
      ensure => $apt_domain_source ? {
        true    => present,
        default => absent,
      }
    }

    package { 'apt-transport-https':
      ensure => present,
    }
  }

  # Default SSH configuration
  $sshd_password_authentication = "yes"
  $sshd_shared_ip               = "yes"
  $sshd_tcp_forwarding          = "yes"
  $sshd_hardened_ssl            = "yes"
  $sshd_print_motd              = "yes"

  # SSH Server
  #
  # We need to restrict listen address so multiple instances
  # can live together in the same physical host.
  #
  case $sshd_listen_address {
    '': { $sshd_listen_address = [ "$ipaddress", '127.0.0.1' ] }
  }

  class { 'sshd':
    listen_address          => $sshd_listen_address,
    password_authentication => $sshd_password_authentication,
    shared_ip               => $sshd_shared_ip,
    tcp_forwarding          => $sshd_tcp_forwarding,
    hardened_ssl            => $sshd_hardened_ssl,
    print_motd              => $sshd_print_motd,
    ports                   => $sshd_ports,
    use_pam                 => $sshd_use_pam,
  }

  file { "/etc/hostname":
    owner   => "root",
    group   => "root",
    mode    => 0644,
    ensure  => present,
    content => "$fqdn\n",
  }

  file { "/etc/rc.local":
    source  => "puppet:///modules/nodo/etc/rc.local",
    owner   => "root",
    group   => "root",
    mode    => 0755,
    ensure  => present,
  }
}