# Manage known_hosts for a particular user
define nodo::subsystem::ssh::known_host(
  $owner,
  $home               = '/home/$owner',
  $ssh_localhost_auth = false
) {
  nodo::subsystem::ssh::folder { "ssh_known_host-${name}":
    home  => $home,
    owner => $owner,
    group => $group,
  }

  file { "${home}/.ssh/known_hosts":
    ensure  => present,
    owner   => $owner,
    group   => $group,
    mode    => '0600',
    require => File["${home}/.ssh"],
  }

  # You can choose to include the host's fingeprints
  # directly into the known_hosts file.
  if $::sshrsakey != '' {
    file_line { 'known_hosts-localhost-rsa-${owner}':
      path   => "${home}/.ssh/known_hosts",
      line   => "localhost ssh-rsa ${::sshrsakey}",
      ensure => $ssh_localhost_auth ? {
        'fingerprint' => present,
        'auto'        => undef,
        default       => undef,
      },
    }
  }

  if $::sshdsakey != '' {
    file_line { 'known_hosts-localhost-dsa-${owner}':
      path   => "${home}/.ssh/known_hosts",
      line   => "localhost ssh-dss ${::sshdsakey}",
      ensure => $ssh_localhost_auth ? {
        'fingerprint' => present,
        'auto'        => undef,
        default       => undef,
      },
    }
  }

  if $::sshecdsakey != '' {
    file_line { 'known_hosts-localhost-ecdsa-${owner}':
      path   => "${home}/.ssh/known_hosts",
      line   => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
      ensure => $ssh_localhost_auth ? {
        'fingerprint' => present,
        'auto'        => undef,
        default       => undef,
      },
    }
  }
}