class nodo {
  include lsb
  include sudo
  include users::admin
  include motd
  include utils
  include cron
  include locales
  include tunnel
  include profile
  include domain
  include concat::setup

  class { 'hosts': }

  # then include puppet class
  if !defined('puppet::daemon') {
    class { 'puppet::daemon': }
  }

  #
  # Backup
  #
  class { 'backup': }

  $local_backup = hiera('nodo::backup::localhost', false)

  # Local encrypted backup
  case $local_backup {
    true,enabled,present: {
      backup::duplicity { "localhost":
        encryptkey => hiera('nodo::backup::encryptkey'),
        password   => hiera('nodo::backup::password'),
      }
    }
    absent: {
      backup::duplicity { "localhost":
        encryptkey => hiera('nodo::backup::encryptkey'),
        password   => hiera('nodo::backup::password'),
        ensure     => absent,
      }
    }
    default: { }
  }

  # Does not work well inside vservers
  class { 'runit': ensure => absent }

  # Email delivery configuration
  $mail_delivery = hiera('nodo::mail_delivery', 'exim')
  case $mail_delivery {
    'tunnel': {              
      $mail_hostname = hiera('nodo::mail_hostname')
      tunnel::mail { "$mail_hostname":
        sshport   => hiera('nodo::mail_ssh_port'),
      }
    }
    'postfix': { }
    '','exim',default: { include exim::tls }
  }

  #
  # Apt configuration
  #
  class { 'apt':
    include_src      => hiera('nodo::apt_include_src',      false),
    use_next_release => hiera('nodo::apt_use_next_release', false),
    custom_key_dir   => hiera('nodo::apt_custom_key_dir',   'puppet:///modules/site_apt/keys.d')
  }

  include apt::unattended_upgrades

  $apt_domain_source = hiera('nodo::apt_domain_source', false)

  apt::sources_list { "${::domain}.list":
    source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list",
                "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ],
    ensure => $apt_domain_source ? {
      true    => present,
      default => absent,
    }
  }

  # Preferences file can't have dots in the filename
  $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G')

  file { "/etc/apt/preferences.d/${apt_domain_preferences}":
    source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}",
                "puppet:///modules/nodo/preferences.d/custom" ],
    ensure => $apt_domain_source ? {
      true    => present,
      default => absent,
    }
  }

  $apt_proxy = hiera('nodo::apt_proxy', false)

  if $apt_proxy != false {
    class { 'apt::proxy_client':
      proxy => $apt_proxy,
      port  => hiera('nodo::apt_proxy_port', ''),
    }
  }

  package { 'apt-transport-https':
    ensure => present,
  }

  # SSH Server
  #
  # We need to restrict listen address by default so multiple
  # instances can live together in the same physical host.
  #
  class { 'sshd':
    manage_nagios           => hiera('nodo::sshd_manage_nagios',           false),      
    listen_address          => hiera('nodo::sshd_listen_address',          [ "${::ipaddress}", '127.0.0.1' ]),
    password_authentication => hiera('nodo::sshd_password_authentication', 'yes'),
    shared_ip               => hiera('nodo::sshd_shared_ip',               'yes'),
    tcp_forwarding          => hiera('nodo::sshd_tcp_forwarding',          'yes'),
    hardened_ssl            => hiera('nodo::sshd_hardened_ssl',            'yes'),
    print_motd              => hiera('nodo::sshd_print_motd',              'no'),
    ports                   => hiera('nodo::sshd_ports',                   [ 22 ]),
    use_pam                 => hiera('nodo::sshd_use_pam',                 'no'),
  }

  file { "/etc/hostname":
    owner   => "root",
    group   => "root",
    mode    => 0644,
    ensure  => present,
    content => "${::fqdn}\n",
  }

  file { "/etc/rc.local":
    source  => "puppet:///modules/nodo/etc/rc.local",
    owner   => "root",
    group   => "root",
    mode    => 0755,
    ensure  => present,
  }
}