class func::minion {

    package { "func":
        ensure => installed,
    }

    file { "/etc/func/minion.conf":
        ensure => present,
        source => [ "puppet:///files/func/minion.conf",
                    "puppet:///func/minion.conf", ],
        mode   => 0644,
        owner  => root,
        group  => root,
        notify => Service["funcd"],
    }
    
    file { "/etc/pki/certmaster/${hostname}.pem":
        ensure  => present,
        source  => "${puppet_ssldir}/private_keys/${fqdn}.pem",
        mode    => 0600,
        owner   => root,
        group   => root,
        require => Package["func"],
        notify  => Service["funcd"],
    }
    file { "/etc/pki/certmaster/${hostname}.cert":
        ensure  => present,
        source  => "${puppet_ssldir}/certs/${fqdn}.pem",
        mode    => 0644,
        owner   => root,
        group   => root,
        require => Package["func"],
        notify  => Service["funcd"],
    }
    file { "/etc/pki/certmaster/ca.cert":
        ensure  => present,
        source  => "${puppet_ssldir}/certs/ca.pem",
        mode    => 0644,
        owner   => root,
        group   => root,
        require => Package["func"],
        notify  => Service["funcd"],
    }
        
    service { "funcd":
        ensure => running,
        enable => true,
    }

}


class func::server inherits func::minion {

    file { "/etc/pki/certmaster/ca":
        ensure => directory,
        mode   => 0750,
        owner  => root,
        group  => sysadm,
    }
    exec { "umask 077; openssl rsa -in ${puppet_ssldir}/ca/ca_key.pem -out /etc/pki/certmaster/ca/certmaster.key -passin file:${puppet_ssldir}/ca/private/ca.pass":
        path    => "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
        creates => "/etc/pki/certmaster/ca/certmaster.key",
        require => File["/etc/pki/certmaster/ca"],
    }
    file { "/etc/pki/certmaster/ca/certmaster.crt":
        ensure  => present,
        source  => "${puppet_ssldir}/ca/ca_crt.pem",
        mode    => 0644,
        owner   => root,
        group   => root,
        require => File["/etc/pki/certmaster/ca"],
    }

    file { "/var/lib/certmaster/certmaster":
        ensure => directory,
        mode   => 0755,
        owner  => root,
        group  => root,
    }
    file { "/var/lib/certmaster/certmaster/certs":
        ensure => link,
        target => "${puppet_ssldir}/ca/signed",
    }

    file { "/etc/certmaster/certmaster.conf":
        ensure  => present,
        source  => [ "puppet:///files/func/certmaster.conf",
                    "puppet:///func/certmaster.conf", ],
        mode    => 0644,
        owner   => root,
        group   => root,
        require => Package["func"],
    }
    
}