# manage a git repo that updates /etc/puppet
class puppet::repo(
  $ensure = present,
  $method  = hiera('puppet::update::method', 'cron')
) {
  include puppet

  # make sure we have a puppet repo
  exec { "make-puppet-repo":
    command => "/bin/sh -c 'mkdir -p /var/git/repositories/puppet.git && cd /var/git/repositories/puppet.git && git --bare init'",
    unless  => "/bin/sh -c '[ -e /var/git/repositories/puppet.git ]'",
    user    => git,
    require => [ User['git'], File['/var/git/repositories'] ],
  }

  # use a post-update hook
  file { '/var/git/repositories/puppet.git/hooks/post-update':
    mode    => 0750,
    owner   => git,
    group   => git,
    ensure  => $method ? {
      'cron'  => absent,
      default => $ensure,
    },
    source  => "puppet:///modules/puppet/post-update.sh",
    require => Exec['make-puppet-repo'],
  }

  # sudo configuration for the post-update hook
  file { '/etc/sudoers.d/puppet-update':
    owner   => root,
    group   => root,
    mode    => 0440,
    ensure  => $method ? {
      'cron'  => absent,
      default => $ensure,
    },
    source  => "puppet:///modules/puppet/sudoers",
    require => Package['sudo'],
  }

  # needed by the post-update hook above
  if !defined(Package['procmail']) {
    package { 'procmail':
      ensure => present,
    }
  }

  class { 'puppet::repo::update':
    method => $method,
  }
}