# type DNSRecordType = ['A', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS',
# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48',
# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX',
# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG',
# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA',
# 'TSIG', 'TXT', 'URI', 'ZA', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS',
# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48',
# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX',
# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG',
# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA',
# 'TSIG', 'TXT', 'URI', 'ZONEMD']

type DNSRecordType = Enum['A']

type DNSRecord = Struct[{
	domain => String,
	type   => DNSRecordType,
	ttl    => Integer,
}]

# Sets up a single instance of a reoccuring nsupdate.
# Note that nsupdate::secret.$keyname needs to be made available through hiera
# /etc/puppetlabs/code/environments/production/data/nodes/hornquist.se.yaml
define nsupdate::instance (
  String $nameserver,
  Array[DNSRecord] $records,
  String $iface = $facts['networking']['primary'],
  Enum['present', 'absent'] $ensure = present,
  String $keyname = $name,
) {

  require ::nsupdate::setup

  file { "/usr/libexec/nsupdate/${name}":
	ensure => $ensure,
	mode => '0555',
    content => epp('nsupdate/nsupdate.epp', {
		iface      => $iface,
		nameserver => $nameserver,
		records    => $records,
		keyname    => $keyname,
	})
  }

  $key = $nsupdate::secrets[$keyname]
  $secret = Sensitive($key['secret'])
  file { "/var/lib/nsupdate/${keyname}.key":
	ensure  => file,
	mode    => '0400',
	show_diff => false,
    content => @("EOF")
	key "${keyname}" {
		algorithm ${key['algorithm']};
		secret "${secret.unwrap}";
	};
	| EOF
  }

  cron { "nsupdate ${name}":
	  ensure => $ensure,
	  command => "/usr/libexec/nsupdate/${name}",
	  minute => 0,
  }
}