# Define a vm instance
define nodo::vm::instance(
 $context,
 $distro                = 'jessie',
 $ensure                = 'running',
 $proxy                 = false,
 $puppetmaster          = false,
 $gitd                  = false,
 $mail                  = false,
 $icecast               = false,
 $sound                 = false,
 $tor                   = false,
 $ticket                = false,
 $dns                   = false,
 $jabber                = false,
 $mumble                = false,
 $gobby                 = false,
 $yacy                  = false,
 $rsync                 = false,
 $avahi                 = false,
 $munin_port            = false,
 $monkeysphere_ssh_port = false,
 $network_prefix        = hiera("nodo::vm::network_prefix", "192.168.0"),
 $puppetmaster_port     = '8140',
 $puppetmaster_nonssl_port = '8141',
) {

  # Instance id
  if $context <= 9 {
    $id = "0$context"
  } else {
    $id = $context
  }

  # Tor port
  case $tor_port {
    '': { $tor_port = "9001" }
  }

  $dev = hiera('nodo::vm::interface', 'eth0')

  # Apply firewall rules just for running vservers
  case $ensure {
    'running': {
      firewall::vserver::ssh { "$name":
        destination => "$network_prefix.$context",
        port_orig => "22$id",
        port_dest => "22",
      }

      firewall::vserver::munin { "$name":
        destination => "$network_prefix.$context",
        port_orig   => "49$id",
        port_dest   => "49$id",
        zone        => 'vm',
      }

      if $proxy {
        class {
          "firewall::vserver::http":  destination => "$network_prefix.$context";
          "firewall::vserver::https": destination => "$network_prefix.$context";
        }
      }

      if $puppetmaster {
        class {
          "firewall::vserver::puppetmaster":
            destination              => "$network_prefix.$context",
            puppetmaster_port        => $puppetmaster_port,
            puppetmaster_nonssl_port => $puppetmaster_nonssl_port,
            zone                     => 'vm',
        }
      }

      if $gitd {
        class {
          "firewall::vserver::gitd":
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }

      if $icecast {
        class {
          "firewall::vserver::icecast": 
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }

      if $mail {
        class {
          "firewall::vserver::mail":
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }

      if $dns {
        class {
          "firewall::vserver::dns": destination => "$network_prefix.$context";
        }
      }

      if $tor {
        class {
          "firewall::vserver::tor":
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }

      if $jabber {
        class {
          "firewall::vserver::jabber":
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }

      if $mumble {
        class {
          "firewall::vserver::mumble":
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }

      if $gobby {
        class {
          "firewall::vserver::gobby":
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }

      if $yacy {
        class {
          "firewall::vserver::yacy":
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }

      if $rsync {
        class {
          "firewall::vserver::rsync":
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }

      if $avahi {
        class {
          "firewall::vserver::mdns":
            destination => "$network_prefix.$context",
            zone        => 'vm',
        }
      }
    }
  }
}