# autossh tunnel interface
#
# TODO: User handling should be put somewhere. Here we are duplicating
#       code from backupninja module. Further developments should consider
#       have an unified user handling, maybe at puppet-user.
#
#       For now, it's important to preserve the 'backupninja-' like tag
#       otherwise the behavior of this code will conflict with backupninja
#       and we'll see strange things like exported resources not being
#       realized.

# this define realizes all needed resources for a hosted tunnel
define tunnel_server_realize($host) {
  User               <<| tag == "backupninja-$host" |>>
  File               <<| tag == "backupninja-$host" |>>
  Ssh_authorized_key <<| tag == "backupninja-$host" |>>
}

class tunnel {

  # collect all resources from hosted tunnels
  Tunnel_server_realize <<| tag == "$fqdn" |>>

  define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa') {
    $dir     = "/var/backups/remote/$user.$domain"
    $tag     = "backupninja-$fqdn"
    $ssh_dir = "$dir/.ssh"

    autossh::tunnel { $name:
      ensure      => $ensure,
      user        => 'root',
      remote_user => $user,
      port        => $localport,
      hostport    => $hostport,
      host        => $host,
      remote_host => $host,
      sshport     => $sshport,
    }

    if !defined(Tunnel_server_realize["${fqdn}@${real_host}"]) {
      # this defines just maps that $host host an user environment for $fdqn
      @@tunnel_server_realize { "${fqdn}@${real_host}":
        host => $fqdn,
        tag  => $host,
      }
    }

    if !defined(File["$dir"]) {
      @@file { "$dir":
        ensure => directory,
        mode   => 0750,
        owner  => $user,
        group  => 0,
        tag    => "$tag",
      }
    }

    if !defined(File["$ssh_dir"]) {
      @@file { "$ssh_dir":
        ensure  => directory,
        mode    => 0700,
        owner   => $user,
        group   => 0,
        require => [User[$user], File["$dir"]],
        tag     => "$tag",
      }
    }

    if !defined(File["${ssh_dir}/authorized_keys"]) {
      @@file { "${ssh_dir}/authorized_keys":
        ensure  => present,
        mode    => 0644,
        owner   => 0,
        group   => 0,
        source  => "puppet:///modules/site-keys/${user}_id_${keytype}.pub",
        require => File["${ssh_dir}"],
        tag     => "$tag",
      }
    }

    if !defined(User["$user"]) {
      @@user { "$user":
        ensure     => "present",
        comment    => "$user backup sandbox",
        home       => "$dir",
        gid        => "backupninjas",
        managehome => true,
        shell      => "/bin/sh",
        password   => '*',
        require    => Group['backupninjas'],
        tag        => "$tag"
      }
    }
  }

  define mail ($sshport = '22') {
    package { "nullmailer":
      ensure => installed,
    }

    service { "nullmailer":
      ensure  => 'running',
      require => Package['nullmailer'],
    }

    file { "/etc/mailname":
      ensure  => present,
      owner   => root,
      group   => root,
      mode    => 0644,
      content => "$fqdn\n",
      notify  => Service["nullmailer"],
    }

    file { "/etc/nullmailer":
      ensure => directory,
      owner   => root,
      group   => root,
      mode   => 0755,
    }

    file { "/etc/nullmailer/remotes":
      ensure  => present,
      owner   => root,
      group   => root,
      mode    => 0644,
      content => "localhost smtp --port=2525\n",
      notify  => Service["nullmailer"],
      require => File["/etc/nullmailer"],
    }

    file { "/etc/nullmailer/adminaddr":
      ensure  => present,
      owner   => root,
      group   => root,
      mode    => 0644,
      content => "$root_mail_recipient\n",
      require => File["/etc/nullmailer"],
    }

    tunnel::setup { "smtp":
      host      => "$name.$domain",
      sshport   => "$sshport",
      localport => '2525',
      hostport  => '25',
    }
  }
}