# manage a git repo that updates /etc/puppet
class puppet::repo {
  include puppet

  # make sure we have a puppet repo
  exec { "make-puppet-repo":
    command => "/bin/sh -c 'mkdir -p /var/git/repositories/puppet.git && cd /var/git/repositories/puppet.git && git --bare init'",
    unless  => "/bin/sh -c '[ -e /var/git/repositories/puppet.git ]'",
    user    => gitolite,
    require => [ User['gitolite'], File['/var/git/repositories'] ],
  }

  # use a post-update hook
  file { '/var/git/repositories/puppet.git/hooks/post-update':
    mode    => 0750,
    owner   => gitolite,
    group   => gitolite,
    ensure  => $method ? {
      'cron'  => $ensure,
      default => present,
    },
    source  => "puppet:///modules/puppet/post-update.sh",
    require => Exec['make-puppet-repo'],
  }

  # sudo configuration for the post-update hook
  file { '/etc/sudoers.d/puppet-update':
    owner   => root,
    group   => root,
    mode    => 0440,
    ensure  => $method ? {
      'cron'  => $ensure,
      default => present,
    },
    source  => "puppet:///modules/puppet/sudoers",
    require => Package['sudo'],
  }

  # needed by the post-update hook above
  if !defined(Package['procmail']) {
    package { 'procmail':
      ensure => present,
    }
  }
}

class puppet::repo::update(
  $ensure  = present,
  $method  = hiera('puppet::update::method', 'cron')
) {
  include puppet::repo

  # puppet update script
  file { "/usr/local/sbin/update-puppet-conf.sh":
    source => "puppet:///modules/puppet/update-puppet-conf.sh",
    owner  => "puppet",
    group  => "puppet",
    mode   => 0750,
    ensure => present,
  }

  # cron rule to update puppet config repository every 5 minutes
  cron { "puppet-update":
    command  => "/usr/local/sbin/update-puppet-conf.sh > /dev/null 2>&1",
    user     => puppet,
    minute   => "*/5",
    ensure   => $method ? {
      'cron'  => $ensure,
      default => absent,
    },
    require  => [ File["/usr/local/sbin/update-puppet-conf.sh"], User["puppet"] ],
  }

}