# this define realizes all needed resources for a hosted backup
define backupninja_server_realize($host) {
  User               <<| tag == "backupninja-$host" |>>
  File               <<| tag == "backupninja-$host" |>>
  Ssh_authorized_key <<| tag == "backupninja-$host" |>>
}

class backupninja::server (
  $backupdir = '/backup',
  $backupdir_ensure = 'directory',
  $manage_nagios = false,
  $nagios_server = undef,
  $nagios_warn_level = 129600,
  $nagios_crit_level = 216000,
) {

  group { "backupninjas":
    ensure => "present",
    gid => 700
  }
  
  file { $backupdir:
    ensure => $backupdir_ensure,
    mode => 0710, owner => root, group => "backupninjas",
    require => $backupdir_ensure ? {
      'directory' => undef,
      default     => File["$backupdir_ensure"],
    }
  }

  if $manage_nagios {

    case $nagios_server { undef: { err('Cannot manage nagios without nagios_server parameter!') } }

    include nagios::nsca::client
    
    file { "/usr/local/bin/checkbackups":
      ensure => "present",
      source => "puppet:///modules/backupninja/checkbackups.pl",
      mode => 0755, owner => root, group => root,
    }

    cron { checkbackups:
      command => "/usr/local/bin/checkbackups -d ${backupdir} -s ${nagios_server} -w ${nagios_warn_level} -c ${nagios_crit_level} | grep -v 'sent to host successfully'",
      user => "root",
      hour => "8-23",
      minute => 59,
      require => [ File["/usr/local/bin/checkbackups"], Package['nsca'] ]
    }
  }

  # collect all resources from hosted backups
  Backupninja_server_realize <<| tag == $::fqdn |>>

  # this define allows nodes to declare a remote backup sandbox, that have to
  # get created on the server
  define sandbox (
    $user = $name,
    $host = $::fqdn,
    $installuser = true,
    $dir,
    $manage_ssh_dir = true,
    $ssh_dir = "${dir}/.ssh",
    $authorized_keys_file = 'authorized_keys',
    $key = false,
    $keytype = 'dss',
    $backupkeys = "${fileserver}/keys/backupkeys",
    $uid = false,
    $gid = "backupninjas",
    $backuptag = "backupninja-${::fqdn}",
  ) {

    if !defined(Backupninja_server_realize["${::fqdn}@${host}"]) {
      @@backupninja_server_realize { "${::fqdn}@${host}":
        host => $::fqdn,
        tag  => $host,
      }
    }

    if !defined(File["$dir"]) {
      @@file { "$dir":
        ensure => directory,
        mode => 0750, owner => $user, group => 0,
        tag => "$backuptag",
      }
    }

    if $installuser {

       if $manage_ssh_dir {
        if !defined(File["$ssh_dir"]) {
          @@file { "${ssh_dir}":
            ensure => directory,
            mode => 0700, owner => $user, group => 0,
            require => [User[$user], File["$dir"]],
            tag => "$backuptag",
          }
         }
       } 

      if $key {
        # $key contais ssh public key
        if !defined(Ssh_autorized_key["$user"]) {
          @@ssh_authorized_key{ "$user":
            type    => $keytype,
            key     => $key,
            user    => $user,
            target  => "${ssh_dir}/${authorized_keys_file}",
            tag     => "$backuptag",
            require => User[$user],
          }
        }
      }
      else {
        # get ssh public key exists from server
        if !defined(File["${ssh_dir}/${authorized_keys_file}"]) {
          @@file { "${ssh_dir}/${authorized_keys_file}":
            ensure => present,
            mode => 0644, owner => 0, group => 0,
            source => "${backupkeys}/${user}_id_${keytype}.pub",
            require => File["${ssh_dir}"],
            tag => "$backuptag",
          }
        }
      }
      
      if !defined(User["$user"]) {
        @@user { "$user":
          ensure   => "present",
          uid      => $uid ? {
              false   => undef,
              default => $uid
          },
          gid      => "$gid",
          comment  => "$user backup sandbox",
          home     => "$dir",
          managehome => true,
          shell    => "/bin/bash",
          password => '*',
          require  => Group['backupninjas'],
          tag      => "$backuptag"
        }
      }
    }
  }
}