# @summary
#   Message broker for the communication module.
#
#   Sets up the message broker for the communication module in the
#   new exam system.
#
#
class aes::broker {
  $broker_user = broker
  $broker_group = $broker_user
  $broker_home = "/srv/${broker_user}"
  $broker_service = 'aes_broker'

  # Sadly, it does not seem like we can not only install asio, so we need
  # to install the Boost as a whole.
  package {
    [
      'boost169',
      'boost169-devel',
    ]:
      ensure => installed,
  }

  # Figure out which certificate to use based on the hostname.
  if $facts[fqdn] == 'aes.edu.liu.se' {
    $server_type = 'production'
  } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
    $server_type = 'devel'
  } else {
    $server_type = undef
  }

  user { $broker_user :
    ensure     => present,
    home       => $broker_home,
    comment    => 'Message broker for AES',
    managehome => false,
    membership => inclusive,
    system     => true,
    shell      => '/sbin/nologin',
  }

  file { $broker_home :
    ensure => directory,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0755',
  }

  file { "/etc/systemd/system/${broker_service}.service" :
    ensure => file,
    owner  => root,
    group  => root,
    mode   => '0644',
    source => "puppet:///modules/${module_name}/broker/broker.service",
  }

  file { "${broker_home}/on_update.sh" :
    ensure => file,
    owner  => root,
    group  => root,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/broker/on_update.sh",
  }

  file { "${broker_home}/ssl" :
    ensure => directory,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0700',
  }

  file { "${broker_home}/ssl/cert.pem" :
    ensure => file,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/broker/cert/${server_type}_cert.pem",
  }

  file { "${broker_home}/ssl/key.pem" :
    ensure => file,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/broker/cert/${server_type}_key.pem",
  }

  file { "${broker_home}/ssl/password" :
    ensure => file,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/broker/cert/${server_type}_password",
  }

  vcsrepo { "${broker_home}/src":
    ensure   => latest,
    provider => git,
    source   => 'https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git',
    revision => $server_type,
    owner    => $broker_user,
    group    => $broker_group,
    notify   => 'compile-broker-repo',
  }

  exec { 'compile-broker-repo':
    user        => $broker_user,
    group       => $broker_group,
    cwd         => $broker_home,
    path        => '/bin:/usr/bin',
    environment => ["HOME=${auth_home}"],
    command     => "${auth_home}/on_update.sh",
    require     => File["${auth_home}/on_update.sh"],
    refreshonly => true,
    notify      => Service[$broker_service],
  }

  service { $broker_service :
    ensure => 'running',
    enable => true,
  }
}