class tunnel {

  User <<| tag == "autossh-$fqdn" |>>
  File <<| tag == "autossh-$fqdn" |>>

  # TODO: user setup should be put somewhere
  define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') {
    $dir     = "/var/backups/remote/$user.$domain"
    $tag     = "autossh-$host"
    $ssh_dir = "$dir/.ssh"

    autossh::tunnel { $name:
      ensure      => $ensure,
      user        => 'root',
      remote_user => $user,
      port        => $localport,
      hostport    => $hostport,
      host        => $host,
      remote_host => $host,
      sshport     => $sshport,
    }

    if !defined(File["$dir"]) {
      @@file { "$dir":
        ensure => directory,
        mode   => 0750,
        owner  => $user,
        group  => 0,
        tag    => "$tag",
      }
    }

    if !defined(File["$ssh_dir"]) {
      @@file { "$ssh_dir":
        ensure  => directory,
        mode    => 0700,
        owner   => $user,
        group   => 0,
        require => [User[$user], File["$dir"]],
        tag     => "$tag",
      }
    }

    if !defined(File["${ssh_dir}/authorized_keys"]) {
      @@file { "${ssh_dir}/authorized_keys":
        ensure  => present,
        mode    => 0644,
        owner   => 0,
        group   => 0,
        source  => "puppet://$server/files/keys/${user}_id_${keytype}.pub",
        require => File["${ssh_dir}"],
        tag     => "$tag",
      }
    }

    if !defined(User["$user"]) {
      @@user { "$user":
        ensure     => "present",
        comment    => "$name backup sandbox",
        home       => "$dir",
        gid        => "backupninjas",
        managehome => true,
        shell      => "/bin/sh",
        password   => '*',
        require    => Group['backupninjas'],
        tag        => "$tag"
      }
    }
  }

  define mail ($sshport = '22') {
    package { "nullmailer":
      ensure => installed,
    }

    service { "nullmailer":
      ensure  => 'running',
      require => Package['nullmailer'],
    }

    file { "/etc/mailname":
      ensure  => present,
      owner   => root,
      group   => root,
      mode    => 0644,
      content => "$fqdn\n",
      notify  => Service["nullmailer"],
    }

    file { "/etc/nullmailer":
      ensure => directory,
      owner   => root,
      group   => root,
      mode   => 0755,
    }

    file { "/etc/nullmailer/remotes":
      ensure  => present,
      owner   => root,
      group   => root,
      mode    => 0644,
      content => "localhost smtp --port=2525\n",
      notify  => Service["nullmailer"],
      require => File["/etc/nullmailer"],
    }

    file { "/etc/nullmailer/adminaddr":
      ensure  => present,
      owner   => root,
      group   => root,
      mode    => 0644,
      content => "$root_mail_recipient\n",
      require => File["/etc/nullmailer"],
    }

    tunnel::setup { "smtp":
      host      => "$name.$domain",
      sshport   => "$sshport",
      localport => '2525',
      hostport  => '25',
    }
  }
}