class nodo::physical inherits nodo {
  include syslog-ng
  include initramfs
  include modprobe
  include firewire
  include sysctl
  include ups
  include utils::physical
  include smartmontools
  include resolver
  include monkeysphere_nodo

  # SSL computational DoS mitigation
  # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
  $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
    ''      => $firewall_global_ssl_ratelimit ? {
      ''      => '-',
      default => $firewall_global_ssl_ratelimit,
    },
    default => $firewall_ssl_ratelimit,
  }

  # Firewall configuration
  include firewall

  # Vserver configuration
  $vserver_vdirbase = "/var/vservers"
  include vserver::host

  if $use_nagios != false {
    if $use_nagios_fqdn == true {
      include nagios::target::fqdn
    }
    else {
      include nagios::target
    }
    nagios::service::ping { "$fqdn": }
  }

  # Time configuration
  case $ntpdate {
    false:   { include timezone }
    default: { include ntpdate  }
  }

  # SSH Server
  #
  # We need to restrict listen address so multiple instances
  # can live together in the same physical host.
  #
  case $sshd_listen_address {
    '': { $sshd_listen_address = [ "$ipaddress" ] }
  }
  include sshd

  backupninja::sys { "sys":
    ensure => present,
  }

  # Munin configuration
  munin_node { "$hostname":
    port => '4900',
  }

  # SMART monitoring
  include munin::plugins::smart
  munin::plugin { "smart_sda":
    ensure => "smart_",
    config => "user root\ngroup disk",
  }

  # Removable media folder
  file { [ "/media/usb", "/media/cdrom" ]:
    ensure => directory,
    mode   => 0755,
  }

  # Entropy key
  if $ekey_masterkey != '' {
    class { "ekeyd":
      ekeyd_masterkey => $ekey_masterkey,
    }
  }
}