From c6d62a710cbae68cff80fe16973505568e3a4581 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Wed, 21 Jun 2023 21:29:57 +1000
Subject: [PATCH] Added puppet-enc setup

  * systemd timer/service to update repo every minute
  * added puppetlabs/vcsrepo module
  * install git if its not already installed
  * added to profile::puppet::puppetmaster
  * updated pre-commit to allow long yaml lines
---
 .pre-commit-config.yaml                       |  5 ++
 Puppetfile                                    |  1 +
 hieradata/common.yaml                         |  2 +
 site/profile/manifests/puppet/enc.pp          | 83 +++++++++++++++++++
 site/profile/manifests/puppet/puppetmaster.pp |  1 +
 5 files changed, 92 insertions(+)
 create mode 100644 site/profile/manifests/puppet/enc.pp

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e135550..8100246 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -22,3 +22,8 @@ repos:
     rev: v1.32.0
     hooks:
       - id: 'yamllint'
+        args:
+          [
+            "-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
+            "-s",
+          ]
diff --git a/Puppetfile b/Puppetfile
index 8d0d3e0..3c81565 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -10,3 +10,4 @@ mod 'eyp-systemd', '3.1.0'
 mod 'ghoneycutt-puppet', '3.3.0'
 mod 'puppet-archive', '7.0.0'
 mod 'puppet-chrony', '2.6.0'
+mod 'puppetlabs-vcsrepo', '6.1.0'
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 7f1cdd7..0553b6c 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -5,3 +5,5 @@ profile::base::ntp_servers:
 
 profile::puppet::autosign::subnet_ranges:
   - '198.18.17.0/24'
+
+profile::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git
diff --git a/site/profile/manifests/puppet/enc.pp b/site/profile/manifests/puppet/enc.pp
new file mode 100644
index 0000000..62db939
--- /dev/null
+++ b/site/profile/manifests/puppet/enc.pp
@@ -0,0 +1,83 @@
+# Class: profile::puppet::enc
+#
+# This class manages a Git repository at /opt/puppetlabs/enc. It includes a 
+# systemd service and timer to keep the repository updated every minute.
+# The Git package is installed if not present, and the repository at the given 
+# location will always reflect the state of the remote Git repository.
+#
+# Parameters:
+# - enc_repo: The URL of the Git repository to clone.
+#
+# Actions:
+# - Ensures the Git package is installed.
+# - Ensures the /opt/puppetlabs/enc directory is a clone of the given Git repository.
+# - Creates a helper script '/opt/puppetlabs/bin/git_update' for updating the Git repository.
+# - Creates a systemd service and timer that runs the git update script every minute.
+#
+# Usage:
+#   Directly include the class in your node definitions or classify your nodes 
+#   using an ENC or Hiera.
+#   Example:
+#     node 'puppet.example.com' {
+#       class { 'profile::puppet::enc':
+#         enc_repo => 'https://github.com/user/repo.git',
+#       }
+#     }
+#
+# Requirements:
+# - The 'puppet-vcsrepo' module should be installed on your puppetmaster.
+# - The 'puppet-systemd' module should be installed on your puppetmaster.
+# - '/opt/puppetlabs/bin/' directory must exist and be writable.
+# - Puppet master must have access to the specified Git URL.
+#
+# Limitations:
+# This is designed to work on Unix-like systems only.
+#
+class profile::puppet::enc (
+  String $enc_repo,
+) {
+
+  package { 'git':
+    ensure => installed,
+  }
+
+  vcsrepo { '/opt/puppetlabs/enc':
+    ensure   => latest,
+    provider => git,
+    source   => $enc_repo,
+    require  => Package['git'],
+  }
+
+  file { '/opt/puppetlabs/bin/enc':
+    ensure  => link,
+    target  => '/opt/puppetlabs/enc/enc.py',
+    require => Vcsrepo['/opt/puppetlabs/enc'],
+  }
+
+  file { '/opt/puppetlabs/bin/puppet-enc':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+    content => "#!/bin/bash\n(
+      cd /opt/puppetlabs/enc/
+      git reset --hard master
+      git clean -fd
+      git pull\n)",
+    require => Package['git'],
+  }
+
+  systemd::service { 'puppet-enc':
+    description => 'puppet-enc update service',
+    execstart   => '/opt/puppetlabs/bin/puppet-enc',
+    user        => 'root',
+    require     => File['/opt/puppetlabs/bin/puppet-enc'],
+  }
+
+  systemd::timer { 'puppet-enc':
+    description => 'Run puppet-enc every minute',
+    unit        => 'puppet-enc.service',
+    on_calendar => '*:0/1',
+    require     => Systemd::Service['puppet-enc'],
+  }
+}
diff --git a/site/profile/manifests/puppet/puppetmaster.pp b/site/profile/manifests/puppet/puppetmaster.pp
index 0e7b481..4424712 100644
--- a/site/profile/manifests/puppet/puppetmaster.pp
+++ b/site/profile/manifests/puppet/puppetmaster.pp
@@ -24,6 +24,7 @@
 # This is designed to work on Unix-like systems.
 class profile::puppet::puppetmaster {
   include profile::puppet::g10k
+  include profile::puppet::enc
   include profile::puppet::autosign
 
   class { 'profile::puppet::server':