class base_installation::users (
  $users = $base_installation::system_users,
) inherits base_installation {
  ensure_packages('ruby-shadow')
  user { 'root':
    password => '!'
  }

  class { 'sudo':
    config_file_replace => false,
    # Missing in the sudo package, should no be mandatory
    package_ldap        => false
  }

  sudo::conf { 'wheel':
    priority => 10,
    content  => "%wheel ALL=(ALL) ALL"
  }

  contain "sudo"

  $users.each |$user| {
    user { "${user[username]}:${user[userid]}":
      name           => $user[username],
      uid            => $user[userid],
      ensure         => "present",
      groups         => $user[groups],
      managehome     => true,
      home           => "/home/${user[username]}",
      notify         => Exec["remove_password"],
      purge_ssh_keys => true
    }

    exec { "remove_password":
      command     => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
      refreshonly => true
    }

    $user[keys].each |$key| {
      ssh_authorized_key { "${user[username]}@${key[host]}":
        name => "${user[username]}@${key[host]}",
        user => $user[username],
        type => $key[key_type],
        key  => $key[key],
      }
    }
  }

}