class vmcluster::vmagent (
  Boolean $enable         = false,
  String  $user           = 'vmagent',
  String  $group          = 'vmagent',
  Boolean $manage_user    = true,
  Boolean $manage_service = true,
  Array[String] $packages = ['vmagent', 'vmutils'],
  Stdlib::Absolutepath $exec_path = '/usr/bin/vmagent',
  Stdlib::Absolutepath $data_path = '/var/lib/vmagent',
  Stdlib::Absolutepath $vars_file = '/etc/default/vmagent',
  String  $consul_node_token      = $facts['consul_node_token'],
  Hash[String, Variant[String, Array[String]]] $options = {},
  Hash[String, Hash] $static_targets = {},
) {

  # if enabled, manage this service
  if $enable {

    # install required packages
    if $packages {
      ensure_packages($packages, {ensure => 'installed'})
    }

    # manage the user/group
    if $manage_user {
      group { $group:
        ensure => present,
      }

      user { $user:
        ensure     => present,
        shell      => '/usr/sbin/nologin',
        groups     => $group,
        managehome => true,
      }
    }

    # manage directories
    file { [ $data_path ]:
      ensure => directory,
      owner  => $user,
      group  => $group,
    }

    # manage environment options file
    file { $vars_file:
      ensure  => file,
      owner   => 'root',
      group   => 'root',
      mode    => '0644',
      content => template('vmcluster/options.erb'),
    }

    file { '/etc/vmagent':
      ensure => directory,
    }
    file { '/etc/vmagent/scrape.yaml':
      ensure  => file,
      owner   => 'root',
      group   => 'root',
      mode    => '0644',
      content => template('vmcluster/vmagent.scrape.yaml.erb'),
    }

    # manage the systemd service
    if $manage_service {

      # manage the subscribed resources
      if 'tls' in $options and $options['tls'] == 'true' {
        if 'remoteWrite.tlsCertFile' in $options and 'remoteWrite.tlsKeyFile' in $options {
          # tls option AND certs listed, subscribe to the options file and certs
          $subscribe = [
            File[$vars_file],
            File[$options['remoteWrite.tlsCertFile']],
            File[$options['remoteWrite.tlsKeyFile']],
            File['/etc/vmagent/scrape.yaml']
          ]
        }else{
          # tls option but no certs listed, just subscribe to the options file
          warning('TLS is enabled but remoteWrite.tlsCertFile or remoteWrite.tlsKeyFile is missing from vmagent options.')
          $subscribe = [File[$vars_file], File['/etc/vmagent/scrape.yaml']]
        }
      }else{
        # no tls option, just subscribe to the options file
        $subscribe = [File[$vars_file], File['/etc/vmagent/scrape.yaml']]
      }

      # Use these in notifications or file resources
      systemd::unit_file { 'vmagent.service':
        content   => template('vmcluster/vmagent.service.erb'),
        enable    => true,
        active    => true,
        subscribe => $subscribe,
      }
    }
  }
}