#
# User module based on git://git.puppet.immerda.ch/module-user.git
#
# Password hash can be generated with mkpasswd provided by whois
# debian package: mkpasswd -m sha-256, see crypt(3) for details
# on supported hashes.
#
class user {

  define manage( 
    $ensure           = present,
    $uid              = 'absent',
    $gid              = 'uid',
    $groups           = [],
    $managehome       = true,
    $homedir_mode     = '0750',
    $comment          = 'absent',
    $homedir          = 'absent',
    $password         = 'absent',
    $shell            = 'absent',
    $sshkey           = 'absent',
    $sshkey_type      = 'absent',
    $membership       = 'minimum',
    $ticket           = false,
    $tag              = false) {

    if $password != 'absent' {

      $real_groups = $groups ? {
        '' => [ "$title", ],
        default => $groups,
      }

      $real_homedir = $homedir ? {
        'absent' => "/home/$name",
        default  => $homedir,
      }
  
      $real_name_comment = $comment ? {
        'absent' => $name,
        default  => $comment,
      }
  
      $real_sshkey_type = $sshkey_type ? {
        'absent' => "ssh-dss",
        default  => $sshkey_type,
      }

      $real_shell = $shell ? {
        'absent' =>  $operatingsystem ? {
                       openbsd => "/usr/local/bin/bash",
                       default => "/bin/bash",
                      },
        default => $shell,
      }

      if $managehome {
          if $ensure == 'absent' {
              file{"$real_homedir":
                  ensure => absent,
                  purge => true,
                  force => true,
                  recurse => true,
              }
          } else {
              file{"$real_homedir":
                  ensure => directory,
                  require => User[$name],
                  owner => $name, mode => $homedir_mode;
              }
              case $gid {
                  'absent','uid': {
                      File[$real_homedir]{
                          group => $name,
                      }
                  }
                  default: {
                      File[$real_homedir]{
                          group => $gid,
                      }
                  }
              }
          }
      }

      if $uid != 'absent' {
        $real_uid = $uid
      } else {
        $real_uid = undef
      }
  
      if $gid != 'absent' {
        if $gid == 'uid' {
          if $uid != 'absent' {
            $real_gid = $uid
          } else {
            $real_gid = undef
          }
        } else {
          $real_gid = $gid
        }
      } else {
        $real_gid = undef
      }

      user { "$title":
        ensure     => $ensure,
        allowdupe  => false,
        comment    => "$real_name_comment",
        home       => $real_homedir,
        managehome => $managehome,
        shell      => $real_shell,
        groups     => $real_groups,
        membership => $membership,
        password   => $password,
        uid        => $real_uid,
        gid        => $real_gid,
        tag        => $tag,
      }

      # lots of bugs preventing a good implementation for ssh keys
      # http://projects.reductivelabs.com/issues/1409
      # http://projects.reductivelabs.com/issues/2004
      # http://projects.reductivelabs.com/issues/2020
      # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot
      if $sshkey != 'absent' {
        ssh_authorized_key { "$title":
          ensure  => $ensure,
          key     => $sshkey,
          tag     => $tag,
          user    => $title,
          type    => $real_sshkey_type,
          target  => "$real_homedir/.ssh/authorized_keys",
          require => User["$title"],
        }
      }
    }
  }
}