# Sets up a syncthing node, available to the net.
# Doesn't configure reverse proxies or firewalls.
# Also doesn't manage devices or folders in the instance. Those are
# currently seen as program state
class profiles::syncthing (
  Array[String] $enable_for = [],
) {

  class { 'syncthing':
    manage_repo  => $::osfamily == 'Debian',
    service_type => 'systemd',
  }


  systemd::dropin_file { 'nospam.conf':
    ensure  => absent,
    unit    => 'syncthing@.service',
    content => @(EOF)
      [Service]
      ExecStart=
      ExecStart=/bin/bash -c 'set -o pipefail; /usr/bin/syncthing -no-browser -no-restart -logflags=0 | grep -v "INFO: "'
      | EOF
  }

  $enable_for.map |$user| {

    # TODO create deferred function returning passwd entries
    # {{{ruby
    # require 'etc'
    # Etc.getpwnam('hugo')
    # }}}
    # {{{
    # => #<struct Etc::Passwd name="hugo", passwd="x", 
    #                         uid=1000, gid=1000, 
    #                         gecos="Hugo Hörnquist",
    #                         dir="/home/hugo", shell="/bin/bash">
    # }}}
    $home = "/home/${user}"

    $conf_dir = "/home/${user}/.config/syncthing"

    syncthing::instance { $user:
      home_path   => $conf_dir,
      daemon_uid  => $user,
      gui         => true,
      gui_tls     => false,
      gui_address => '[::]',
      # TODO ldap
      gui_port    => 8384,
      options     => {
        'startBrowser' => 'false',
      }
      # defaults
    }

    # ensure_packages(['syncthing-gtk-python3'])
  }
}