feat: firstrun optimisations

- download gpg keys if gpgkey is defined
- ensure the profiles::defaults is called first

site/profiles/manifests/firstrun/complete.pp

@@ -1,11 +1,19 @@
 # profiles::firstrun::complete
 class profiles::firstrun::complete {
 
+  file { '/root/.cache':
+    ensure => 'directory',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0750',
+  }
+
   file {'/root/.cache/puppet_firstrun_complete':
     ensure  => 'file',
     owner   => 'root',
     group   => 'root',
     mode    => '0750',
     content => 'firstrun completed',
+    require => File['/root/.cache'],
   }
 }

site/profiles/manifests/firstrun/init.pp

@@ -12,7 +12,8 @@ class profiles::firstrun::init {
   include profiles::firstrun::complete
 
 
-  Class['profiles::pki::vaultca']
+  Class['profiles::defaults']
+  -> Class['profiles::pki::vaultca']
   -> Class['profiles::base::repos']
   -> Class['profiles::firstrun::packages']
   -> Class['profiles::firstrun::complete']

site/profiles/manifests/yum/global.pp

@@ -11,10 +11,26 @@ class profiles::yum::global (
     },
   }
 
+  # purge all yum repos not defined by puppet
   resources { 'yumrepo':
     purge => $purge,
   }
 
+  # download all gpg keys if a repo defines it
+  $repos.each |$name, $repo| {
+    if $repo['gpgkey'] {
+      $key_url = $repo['gpgkey']
+      $key_file = "/etc/pki/rpm-gpg/${name}-gpg-key"
+
+      exec { "download_gpg_key_${name}":
+        command => "curl -s -o ${key_file} ${key_url} && rpm --import ${key_file}",
+        path    => ['/bin', 'usr/bin'],
+        creates => $key_file,
+        before  => Yumrepo[$name],
+      }
+    }
+  }
+
   # create repos
   create_resources('yumrepo', $repos)