include apt

$apt_origins = [
	'origin=Debian,n=${distro_codename}',
	'origin=Debian,n=${distro_codename}-updates',
	'origin=Debian,n=${distro_codename},l=Debian-Security',
	'origin=IT-Zukunft Schule,n=${distro_codename},l=IT-Zukunft Schule',
]

class ssh_pubkeys_admins {
	# Mike Gabriel, Fre(i)e Software GmbH
	ssh_authorized_key { 'mike@minobo':
		type => 'ssh-rsa',
		key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDn2moKR4u3yJW+/hvwmhUDjiLBxiMPB+46YO9iEo8HXsdulpMi20hi2TTmWA0w3hog1IEnre6C7UGHcZG0HfPg+eROIuuXRcOfg3WP/IBV0KMF4DTa1KDoN/Nw7HMlhWxGxFrdbumAoj/s2ZaA/of1fpaPKOhunF8S9Ch60LYmgnR3tzJW/b0jS9fww8o/rMB3pZy2WSW0uUfpOIbDv+XHhNiC/iu8IgD+M5KkK+qbNZFPoTQkebc0RPRBcOrmEYroofFGg+7jPU++AEKJUKSaGjZRWzACuXiUzTo2F9fT09EMWU4oiYV9zRqjx6ctncwfEB4qOfoRUycfxBSJk7t7',
		user => 'root',
	}
	# Carsten Burkhardt, b-c-s kommunikationslösungen
	ssh_authorized_key { 'carsten@ltsp1':
		type => 'ssh-rsa',
		key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDecW+ar6y8TE2gQT3Lg4fkbVAb0lJBlxDIphnlMB+ymzWi3+UaeqG7qoj3UIUsO2XYHnmw9gxODH42lnZMm/VrME760ZBd5oMDPcPSzhweI8NxDe1cn1gQEPhiVEEAoh98MMFuPref/dzWeVF8P6OBOTc92ULKtFecSdgJgBEToYUWtT74aD0aQFXJ/TlnZoGnUGO2kpOiMVnpdI9bU0TfaufqzZHXwh+gGJxVUbdetxjKcOCZMq7BrNYcy5iebkWrvBUtRDbb0Rm2L5MoFv0SWEzob+rGMILnZwzsqQ9QQwtqx8uISQIKuPt4H/9dRNxw+I4ck6qbkxvOwnDBBuNv',
		user => 'root',
	}
}

class ssh_pubkeys_firedadmins {
	# Bad User, Example Project
	ssh_authorized_key { 'badadmin@NOTEBOOK':
		ensure => 'absent',
		type => 'ssh-rsa',
		key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC71S/LYktwTalKjE6Sb7XlOyV1tr1O+codh4C3g9uVtjqytYj/Lx6hExxegwN2tiTAjb3skEKpdg7uRbmpEZBtyST/UrrJCB0l0KbjJelfh4MANuRF+H9CNAPwaxcLfCWeTFwmQW8mcSHE20ljY7kpJykEoihBVjK49k+kD+sphIG1o4BU8nQii0i5/U2HqHkPZHzCIjIprN9kTx/n/zMmCLwuIW58KJitG/ttBXPq+TMsN/zcUQm7/PL7UmIMlvUtKzApuM36PUyah7/rpOB5mIYrqFcDXSBUpFLT1CIvfH6ZR5umhnwiRXDsVfP8e0WB1JhOZV1LqOez8s7c4a6/',
		user => 'root',
	}
}

class ssh_pubkeys_backupserver {
	ssh_authorized_key { 'root@backup-01':
		type => 'ssh-rsa',
		key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAoP6h9pYVdFMlSj/EgXpgYVZZ61mrm3KTS7CNWjAaefPSU1dXk6NUqTP3QbgVQGVQwb/9usW4Wz2xOjarZUAKWZsrH8kkkoitZMBHUSnYVp2hx33MS62NreSuMSKCf8U5hwiR9S4aifg5l6Bcq1uJ8ht2zcUnsuEV1Prrey0YXAfw29mpVMJSr57pQRYsRTWjcPrO959PB4rQFuj3/SN1z5lMH9gfurVN1o7Hz2C+GQVhSW5ngb+Hmb4T3Y7bcLZomWQZLLkmZNv98gfsL33bl0WFEPQ3lH8x2OjUSO7lDuxzKxl0c5HY71fNk7nPU1mx17MPzHOQfleJJPrfSKrf4Q==',
		user => 'root',
	}
}

class lsb_release_with_version {
	file { '/etc/lsb-release':
		ensure => present,
	}
	file_line { 'lsb-release-with-version':
		path  => '/etc/lsb-release',
		line  => "DISTRIB_DESCRIPTION=\"Debian Edu / Skolelinux ${::operatingsystemrelease}\"",
		match => "^DISTRIB_DESCRIPTION=\"DebianEdu/Skolelinux\"$",
	}
	file_line{ 'lsb-release-remove-cruft-1':
		path   => '/etc/lsb-release',
		ensure => absent,
		line   => 'DISTRIB_DESCRIPTION="DebianEdu/Skolelinux"',
	}
}

class login_manager {
	package { 'arctica-greeter':
		ensure => 'installed',
	}
	package { 'kdm':
		ensure => 'purged',
	}
}

class browsers {
	package { firefox-esr:
		ensure => 'latest',
	}
	package { chromium:
		ensure => 'latest',
	}
}

#node "all_hosts" {
#	class { 'ssh_pubkeys_admins': }
#	class { 'ssh_pubkeys_firedadmins': }
#	class { 'lsb_release_with_version': }
#	class { 'login_manager': }
#}

#node "all_servers" {
#	class { 'ssh_pubkeys_admins': }
#	class { 'ssh_pubkeys_firedadmins': }
#	class { 'ssh_pubkeys_backupserver': }
#	class { 'lsb_release_with_version': }
#}

node "tjener.intern" {
	class { 'ssh_pubkeys_admins': }
	class { 'ssh_pubkeys_firedadmins': }
	class { 'ssh_pubkeys_backupserver': }
	class { 'lsb_release_with_version': }
	class { 'unattended_upgrades':
		enable => 1,
		origins => $apt_origins,
		age => { 'max' => 10 },
		auto => {
			'clean' => 7,
			### WE DON'T REBOOT TJENER
		},
		upgradeable_packages => {
			download_only => 1,
			debdelta => 1,
		},
	}
}

node "disklserver.intern" {
	class { 'ssh_pubkeys_admins': }
	class { 'ssh_pubkeys_firedadmins': }
	class { 'ssh_pubkeys_backupserver': }
	class { 'lsb_release_with_version': }
	# vidar.das-netzwerkteam.de is the deployment source for diskless workstation chroots
	ssh_authorized_key { 'root@vidar.das-netzwerkteam.de':
		type => 'ssh-rsa',
		key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLGbx/U9slB9db8PAy8FTRo7/avVvLJUOZzkoBxZa5Edeo+74ezoU2Kv1OxcRJRnSGBe41XDcpLxDS04JMA5xBddUfdq5c+Y1A2SYChUPK1fkrGoKfmGC60dFmEqAQZ33dJhN9rxzQvuvxlmexX8x2TYJC8/jATa+6QuO4chHAFvGo9RLs8hzet5y06fammJDkf0yD6R32GT7q4XMNXilKQ564D1yBJygE6vZx/W3V3l8/QMr6m1lYTTk+W+29IkoxvQBZ6YXKFdnuTVkSYyanafjZwznTFSuBtBZKcgLXFFmyplcB4QlZGvdrrsEJazwwj+pnJeGx0HwV8ePbKxN',
		user => 'root',
	}
	class { 'unattended_upgrades':
		enable => 1,
		origins => $apt_origins,
		auto => {
			'clean' => 7,
			'reboot' => true,
		},
		upgradeable_packages => {
			download_only => 1,
			debdelta => 1,
		},
	}
}

node "faiserver.intern" {
	class { 'ssh_pubkeys_admins': }
	class { 'ssh_pubkeys_firedadmins': }
	class { 'ssh_pubkeys_backupserver': }
	class { 'lsb_release_with_version': }
	class { 'unattended_upgrades':
		enable => 1,
		origins => $apt_origins,
		auto => {
			'clean' => 7,
			'reboot' => true,
		},
		upgradeable_packages => {
			download_only => 1,
			debdelta => 1,
		},
	}
}

#node "filter.intern" {
#	class { 'ssh_pubkeys_admins': }
#	class { 'ssh_pubkeys_firedadmins': }
#	class { 'ssh_pubkeys_backupserver': }
#	class { 'lsb_release_with_version': }
#	class { 'unattended_upgrades':
#		enable => 1,
#		origins => $apt_origins,
#		auto => {
#			'clean' => 7,
#			'reboot' => true,
#		},
#		upgradeable_packages => {
#			download_only => 1,
#			debdelta => 1,
#		},
#	}
#}

# NOT PRESENT node "bibserv.intern" inherits "all_servers" {}
#node "opsiserver.intern" {
#	class { 'ssh_pubkeys_admins': }
#	class { 'ssh_pubkeys_firedadmins': }
#	class { 'ssh_pubkeys_backupserver': }
#	class { 'lsb_release_with_version': }
#	class { 'unattended_upgrades':
#		enable => 1,
#		origins => $apt_origins,
#		auto => {
#			'clean' => 7,
#			'reboot' => true,
#		},
#		upgradeable_packages => {
#			download_only => 1,
#			debdelta => 1,
#		},
#	}
#}
# NOT PRESENT node "displayserver.intern" inherits "all_servers" {}
# NOT PRESENT node "contentserver.intern" inherits "all_servers" {}
# NOT PRESENT node "devserver.intern" inherits "all_servers" {}

# default / minimal
node "default" {
	class { 'ssh_pubkeys_admins': }
	class { 'ssh_pubkeys_firedadmins': }
	class { 'lsb_release_with_version': }
	class { 'unattended_upgrades':
		enable => 1,
		origins => $apt_origins,
		auto => {
			'clean' => 7,
		},
		upgradeable_packages => {
			download_only => 1,
			debdelta => 1,
		},
	}
}