From 5d758da66e41129052bbb78bcddea8d89db7e19c Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Mon, 26 Jun 2023 19:42:15 +1000
Subject: [PATCH 1/3] Added r10k repo management

  * added profile to download puppet-r10k, add a script to pull changes,
    and scheduled it to happen automatically with systemd timer/service
  * added to the puppetmaster profile
  * updated hieradata
---
 hieradata/common.yaml                         |  1 +
 .../profiles/manifests/puppet/puppetmaster.pp |  1 +
 site/profiles/manifests/puppet/r10k.pp        | 93 +++++++++++++++++++
 3 files changed, 95 insertions(+)
 create mode 100644 site/profiles/manifests/puppet/r10k.pp

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index afa73b2..a96f967 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -7,3 +7,4 @@ profiles::puppet::autosign::subnet_ranges:
   - '198.18.17.0/24'
 
 profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git
+profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git
diff --git a/site/profiles/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp
index 919b8f3..eaeaeba 100644
--- a/site/profiles/manifests/puppet/puppetmaster.pp
+++ b/site/profiles/manifests/puppet/puppetmaster.pp
@@ -23,6 +23,7 @@
 # Limitations:
 # This is designed to work on Unix-like systems.
 class profiles::puppet::puppetmaster {
+  include profiles::puppet::r10k
   include profiles::puppet::g10k
   include profiles::puppet::enc
   include profiles::puppet::autosign
diff --git a/site/profiles/manifests/puppet/r10k.pp b/site/profiles/manifests/puppet/r10k.pp
new file mode 100644
index 0000000..c5e8e85
--- /dev/null
+++ b/site/profiles/manifests/puppet/r10k.pp
@@ -0,0 +1,93 @@
+# Class: profiles::puppet::r10k
+#
+# This class manages a Git repository at /etc/puppetlabs/r10k. It includes a 
+# systemd service and timer to keep the repository updated every minute.
+# The Git package is installed if not present, and the repository at the given 
+# location will always reflect the state of the remote Git repository.
+#
+# Parameters:
+# - r10k_repo: The URL of the Git repository to clone.
+#
+# Actions:
+# - Ensures the Git package is installed.
+# - Ensures the /etc/puppetlabs/r10k directory is a clone of the given Git repository.
+# - Creates a helper script '/opt/puppetlabs/bin/puppet-r10k' for updating the Git repository.
+# - Creates a systemd service and timer that runs the git update script every minute.
+#
+# Usage:
+#   Directly include the class in your node definitions or classify your nodes 
+#   using an enc or Hiera.
+#   Example:
+#     node 'puppet.example.com' {
+#       class { 'profiles::puppet::r10k':
+#         r10k_repo => 'https://github.com/user/repo.git',
+#       }
+#     }
+#
+# Requirements:
+# - The 'puppet-vcsrepo' module should be installed on your puppetmaster.
+# - The 'puppet-systemd' module should be installed on your puppetmaster.
+# - '/opt/puppetlabs/bin/' directory must exist and be writable.
+# - Puppet master must have access to the specified Git URL.
+#
+# Limitations:
+# This is designed to work on Unix-like systems only.
+#
+class profiles::puppet::r10k (
+  String $r10k_repo,
+){
+
+  package { 'git':
+    ensure => installed,
+  }
+
+  vcsrepo { '/etc/puppetlabs/r10k':
+    ensure   => latest,
+    provider => git,
+    source   => $r10k_repo,
+    require  => Package['git'],
+  }
+
+  file { '/opt/puppetlabs/bin/puppet-r10k':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+    content => "#!/bin/bash\n(
+      cd /etc/puppetlabls/r10k
+      git reset --hard master
+      git clean -fd
+      git pull\n)",
+    require => Package['git'],
+  }
+
+  $_timer = @(EOT)
+  [Unit]
+  Description=puppet-r10k downloader timer
+  [Timer]
+  OnCalendar=*:0/1
+  RandomizedDelaySec=1s
+  [Install]
+  WantedBy=timers.target
+  EOT
+
+  $_service = @(EOT)
+  [Unit]
+  Description=puppet-r10k downloader service
+  [Service]
+  Type=oneshot
+  ExecStart=/opt/puppetlabs/bin/puppet-r10k
+  User=root
+  Group=root
+  PermissionsStartOnly=false
+  PrivateTmp=no
+  EOT
+
+  systemd::timer { 'puppet-r10k.timer':
+    timer_content   => $_timer,
+    service_content => $_service,
+    active          => true,
+    enable          => true,
+    require         => File['/opt/puppetlabs/bin/puppet-r10k'],
+  }
+}

From 45a96393468dd2b1d5ca14499727032174926e44 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Mon, 26 Jun 2023 20:02:08 +1000
Subject: [PATCH 2/3] Changed r10k to update every 5 minutes

---
 site/profiles/manifests/puppet/r10k.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site/profiles/manifests/puppet/r10k.pp b/site/profiles/manifests/puppet/r10k.pp
index c5e8e85..6694540 100644
--- a/site/profiles/manifests/puppet/r10k.pp
+++ b/site/profiles/manifests/puppet/r10k.pp
@@ -65,7 +65,7 @@ class profiles::puppet::r10k (
   [Unit]
   Description=puppet-r10k downloader timer
   [Timer]
-  OnCalendar=*:0/1
+  OnCalendar=*:0/5
   RandomizedDelaySec=1s
   [Install]
   WantedBy=timers.target

From 754241bcf2a0fe0bc281c5238cbd875e7176a460 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Mon, 26 Jun 2023 20:06:15 +1000
Subject: [PATCH 3/3] Added class to manage installing the git client

---
 site/profiles/manifests/git/git.pp     | 24 ++++++++++++++++++++++++
 site/profiles/manifests/puppet/enc.pp  |  4 +---
 site/profiles/manifests/puppet/r10k.pp |  4 +---
 3 files changed, 26 insertions(+), 6 deletions(-)
 create mode 100644 site/profiles/manifests/git/git.pp

diff --git a/site/profiles/manifests/git/git.pp b/site/profiles/manifests/git/git.pp
new file mode 100644
index 0000000..ca3b4e7
--- /dev/null
+++ b/site/profiles/manifests/git/git.pp
@@ -0,0 +1,24 @@
+# Class: profiles::git::git
+#
+# This class ensures that the Git package is installed.
+#
+# It uses the 'package' resource to manage the Git package,
+# and will ensure that it is installed. This class does not 
+# manage any configurations related to Git, it only ensures 
+# that the package is installed.
+#
+# The class does not take any parameters.
+#
+# Example usage:
+# --------------
+# To use this class, you simply need to declare it in your manifest:
+# 
+# include profiles::git::git
+#
+# You do not need to pass any parameters.
+#
+class profiles::git::git {
+  package { 'git':
+    ensure => installed,
+  }
+}
diff --git a/site/profiles/manifests/puppet/enc.pp b/site/profiles/manifests/puppet/enc.pp
index 5ab06ef..6745587 100644
--- a/site/profiles/manifests/puppet/enc.pp
+++ b/site/profiles/manifests/puppet/enc.pp
@@ -37,9 +37,7 @@ class profiles::puppet::enc (
   String $enc_repo,
 ) {
 
-  package { 'git':
-    ensure => installed,
-  }
+  include profiles::git::git
 
   vcsrepo { '/opt/puppetlabs/enc':
     ensure   => latest,
diff --git a/site/profiles/manifests/puppet/r10k.pp b/site/profiles/manifests/puppet/r10k.pp
index 6694540..c404be7 100644
--- a/site/profiles/manifests/puppet/r10k.pp
+++ b/site/profiles/manifests/puppet/r10k.pp
@@ -37,9 +37,7 @@ class profiles::puppet::r10k (
   String $r10k_repo,
 ){
 
-  package { 'git':
-    ensure => installed,
-  }
+  include profiles::git::git
 
   vcsrepo { '/etc/puppetlabs/r10k':
     ensure   => latest,