# the base class defining tings common for all three static classes (master, mirror, source)
class roles::static::base {
  $query = 'nodes[certname] { resources { type = "Class" and title = "Roles::Static_mirror" } }'
  $static_mirrors = sort(puppetdb_query($query).map |$value| { $value["certname"] })

  file { '/etc/static-components.conf':
    content => template('roles/static-mirroring/static-components.conf.erb'),
  }

  file { '/usr/local/bin/staticsync-ssh-wrap':
    source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
    mode   => '0555',
  }

  file { '/usr/local/bin/static-update-component':
    source => 'puppet:///modules/roles/static-mirroring/static-update-component',
    mode    => '0555',
  }

  file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
  file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }

  ferm::rule { 'dsa-static-bt-v4':
    description => 'Allow bt between static hosts',
    rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
    notarule    => true,
  }
  ferm::rule { 'dsa-static-bt-v6':
    description => 'Allow bt between static hosts',
    domain      => 'ip6',
    rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
    notarule    => true,
  }

  file { '/etc/staticsync.conf':
    content  => @("EOF"),
                # This file is sourced by bash
                # and parsed by python
                #  - empty lines and lines starting with a # are ignored.
                #  - other lines are key=value.  No extra spaces anywhere.  No quoting.
                base=/srv/static.debian.org
                masterbase=/home/staticsync/static-master/master
                staticuser=staticsync
                | EOF
  }
}