# this is the base class, which will be used by all servers
class profiles::base (
  Array  $puppet_servers,
) {

  # install the vault ca first
  include profiles::pki::vaultca

  # manage the puppet agent
  include profiles::puppet::agent

  # manage puppet clients
  if ! member($puppet_servers, $trusted['certname']) {
    include profiles::puppet::client
  }

  # include the base profiles
  include profiles::base::repos
  include profiles::packages
  include profiles::base::facts
  include profiles::base::motd
  include profiles::base::scripts
  include profiles::base::hosts
  include profiles::base::groups
  include profiles::accounts::sysadmin
  include profiles::ntp::client
  include profiles::dns::base
  include profiles::pki::vault
  include profiles::cloudinit::init
  include profiles::metrics::default
  include profiles::helpers::node_lookup

  # include the python class
  class { 'python':
    manage_python_package => true,
    manage_venv_package   => true,
    manage_pip_package    => true,
    use_epel              => false,
  }

  # all hosts will have sudo applied
  class { 'sudo':
    secure_path => '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/puppetlabs/bin'
  }

  # manage virtualised guest agents
  if $::facts['is_virtual'] and $::facts['dmi']['manufacturer'] == 'QEMU' {
    include profiles::qemu::agent
  }

  # include classes from hiera
  lookup('hiera_classes', Array[String], 'unique').include

  # specifc ordering constraints
  Class['profiles::pki::vaultca']
  -> Class['profiles::base::repos']
  -> Class['profiles::packages']

}