class nodo::role::master {
  $main        = hiera('nodo::role::master::main',        false)
  $db_password = hiera('nodo::role::master::db_password', '')

  case $db_password {
    '': { fail("Please set nodo::master::db_password in your config") }
  }

  if $main == true {
    # Puppetmaster should be included before nodo::vserver
    class { 'puppet::master':
      main => true,
    }

    include munin::host
    include munin::plugins::muninhost

    # The main master has a host entry pointing to itself, other
    # masters still retrieve catalogs from the main master.
    #
    # For that we're relying just on DNS entries.
    host { "puppet":
      ensure       => absent,
      ip           => "127.0.0.1",
      host_aliases => ["puppet.${::domain}"],
    }
  } else {
    class { 'puppet::master':
      main => false,
    }

    host { "puppet":
      ensure => absent,
    }

    # Quick and dirty way to keep munin disabled
    package { 'munin':
      ensure => purged,
    }
  }

  # These should be included after puppetmaster
  include nodo::role::vserver
  include database
  include git::daemon
  include websites::admin
  include nagios::headless
  include nagios::defaults
  include nodo::subsystem::monitor::master

  # Nagios apache workaround
  file { "/etc/apache2/conf.d/nagios3.conf":
    ensure => absent,
  }

  # Update master's puppet.conf if you change here
  database::instance { "puppet":
    password => "${db_password}",
  }

  # Used for trac dependency graphs
  package { "graphviz":
    ensure => present,
  }

  # Check domain registration
  domain_check::instance { $::domain: }
}