#
# User module based on git://git.puppet.immerda.ch/module-user.git
#
# Password hash can be generated with mkpasswd provided by whois
# debian package: mkpasswd -m sha-256, see crypt(3) for details
# on supported hashes.
#
define user::manage(
  $password,
  $ensure          = present,
  $uid             = false,
  $gid             = 'uid',
  $groups          = [],
  $managehome      = true,
  $homedir_mode    = '0750',
  $comment         = 'absent',
  $homedir         = 'absent',
  $shell           = 'absent',
  $sshkey          = 'absent',
  $sshkey_options  = [],
  $sshkey_type     = 'absent',
  $membership      = 'minimum',
  $ticket          = false) {

  $real_groups = $groups ? {
    ''      => [ "$title", ],
    default => $groups,
  }

  $real_homedir = $homedir ? {
    'absent' => "/home/$name",
    default  => $homedir,
  }

  $real_name_comment = $comment ? {
    'absent' => $name,
    default  => $comment,
  }

  $real_sshkey_type = $sshkey_type ? {
    'absent' => "ssh-rsa",
    default  => $sshkey_type,
  }

  $real_shell = $shell ? {
    'absent' => $operatingsystem ? {
      openbsd => "/usr/local/bin/bash",
      default => "/bin/bash",
    },
    default => $shell,
  }

  if $managehome == true {
    $real_managehome = true

    if $ensure == 'absent' {
      file{ "$real_homedir":
        ensure  => absent,
        purge   => true,
        force   => true,
        recurse => true,
      }
    } else {
      file{ "$real_homedir":
        ensure  => directory,
        require => User[$name],
        owner   => $name,
        mode    => $homedir_mode;
      }
      case $gid {
        'absent','uid': {
          File[$real_homedir]{
            group => $name,
          }
        }
        default: {
          File[$real_homedir]{
            group => $gid,
          }
        }
      }
    }
  } else {
    $real_managehome = false

    if $managehome != false {
      if !defined(File[$managehome]) {
        file { $managehome:
          ensure  => present,
          owner   => $name,
          mode    => $homedir_mode,
          require => User[$name],
        }
      }

      case $gid {
        'absent','uid': {
          File[$managehome] {
            group => $name,
          }
        }
        default: {
          File[$managehome] {
            group => $gid,
          }
        }
      }

      file{ "$real_homedir":
        ensure  => $managehome,
        require => File[$managehome],
      }
    }
  }

  if $gid != 'absent' {
    if $gid == 'uid' {
      if $uid != 'absent' {
        $real_gid = $uid
      } else {
        $real_gid = false
      }
    } else {
      $real_gid = $gid
    }
  } else {
    $real_gid = false
  }

  user { "$title":
    ensure     => $ensure,
    allowdupe  => false,
    comment    => "$real_name_comment",
    home       => $real_homedir,
    managehome => $real_managehome,
    shell      => $real_shell,
    groups     => $real_groups,
    membership => $membership,
    password   => $password,
    uid        => $uid      ? { false => undef, default => $uid },
    gid        => $real_gid ? { false => undef, default => $real_gid },
  }

  if $sshkey != 'absent' {
    ssh_authorized_key { "$title":
      ensure  => $ensure,
      key     => $sshkey,
      user    => $title,
      options => $sshkey_options,
      type    => $real_sshkey_type,
      target  => "$real_homedir/.ssh/authorized_keys",
      require => User["$title"],
    }
  }
}