# this is the base class, which will be used by all servers
class profiles::base (
  Array  $puppet_servers,
) {

  # install the vault ca first
  include profiles::pki::vaultca

  # manage package repositories
  case $facts['os']['family'] {
    'RedHat': {
      include profiles::yum::global
      include profiles::firewall::firewalld
    }
    'Debian': {
      include profiles::apt::global
    }
    default: {
      fail("Unsupported OS family ${facts['os']['family']}")
    }
  }

  # manage the puppet agent
  include profiles::puppet::agent

  # manage puppet clients
  if ! member($puppet_servers, $trusted['certname']) {
    include profiles::puppet::client
  }

  # include the base profiles
  include profiles::packages
  include profiles::base::facts
  include profiles::base::motd
  include profiles::base::scripts
  include profiles::base::hosts
  include profiles::accounts::sysadmin
  include profiles::ntp::client
  include profiles::dns::base
  include profiles::pki::vault
  include profiles::cloudinit::init
  include profiles::metrics::default
  include profiles::helpers::node_lookup

  # include the python class
  class { 'python':
    manage_python_package => true,
    manage_venv_package   => true,
    manage_pip_package    => true,
    use_epel              => false,
  }

  # all hosts will have sudo applied
  class { 'sudo':
    secure_path => '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/puppetlabs/bin'
  }

  # manage virtualised guest agents
  if $::facts['is_virtual'] and $::facts['dmi']['manufacturer'] == 'QEMU' {
    include profiles::qemu::agent
  }
}