puppet-prod/site/profiles/manifests/puppet/enc.pp

# Class: profiles::puppet::enc
#
# This class manages a Git repository at /opt/puppetlabs/enc. It includes a 
# systemd service and timer to keep the repository updated every minute.
# The Git package is installed if not present, and the repository at the given 
# location will always reflect the state of the remote Git repository.
class profiles::puppet::enc (
  String $repo,
  String $release = 'master',
  Boolean $force = false,
) {

  vcsrepo { '/opt/puppetlabs/enc':
    ensure   => latest,
    provider => git,
    source   => $repo,
    revision => $release,
    force    => $force,
    require  => Package['git'],
  }

  file { '/opt/puppetlabs/bin/enc':
    ensure  => link,
    target  => '/opt/puppetlabs/enc/enc.py',
    require => Vcsrepo['/opt/puppetlabs/enc'],
  }

  file { '/opt/puppetlabs/bin/puppet-enc':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
    content => "#!/bin/bash\n(
      cd /opt/puppetlabs/enc/
      git reset --hard master
      git clean -fd
      git pull\n)",
    require => Package['git'],
  }

  $_timer = @(EOT)
  [Unit]
  Description=puppet-enc downloader timer
  [Timer]
  OnCalendar=*:0/1
  RandomizedDelaySec=1s
  [Install]
  WantedBy=timers.target
  EOT

  $_service = @(EOT)
  [Unit]
  Description=puppet-enc downloader service
  [Service]
  Type=oneshot
  ExecStart=/opt/puppetlabs/bin/puppet-enc
  User=root
  Group=root
  PermissionsStartOnly=false
  PrivateTmp=no
  EOT

  systemd::timer { 'puppet-enc.timer':
    timer_content   => $_timer,
    service_content => $_service,
    active          => true,
    enable          => true,
    require         => File['/opt/puppetlabs/bin/puppet-enc'],
  }
}