# Manages the firewalld package and service on RedHat-like distributions.
#
# @param ensure_package Determines the state of the firewalld package.
#   Can be set to 'absent' to remove the package or 'installed' to ensure it's present.
#
# @param ensure_service Determines the state of the firewalld service.
#   Can be set to 'stopped' to stop the service or 'running' to ensure it's active.
#
# @param enable_service A boolean that specifies whether to enable or disable the firewalld service on boot.
#
class profiles::firewall::firewalld (
  Enum['absent', 'installed'] $ensure_package = 'installed',
  Enum['stopped', 'running'] $ensure_service = 'running',
  Boolean $enable_service = true,
) {
  # Ensure it only runs on RedHat like distributions
  if $facts['os']['family'] == 'RedHat' {

    # Manage the firewalld package
    package { 'firewalld':
      ensure => $ensure_package,
    }

    # Manage the firewalld service
    service { 'firewalld':
      ensure     => $ensure_service,
      enable     => $enable_service,
      hasrestart => true,
      require    => Package['firewalld'],
    }
  }
}