From 6a870d2b4f5cd9aff5cb6c63cf09ef9407fa6ab0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Sun, 15 Jan 2023 09:30:31 +0100
Subject: Change to use HugoNikanor/letsencrypt.

---
 manifests/init.pp  |  3 ---
 manifests/nginx.pp | 40 ++++++++++++----------------------------
 2 files changed, 12 insertions(+), 31 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 9af59a4..c2d7c00 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -41,8 +41,6 @@
 #   supported.
 # @param server_name
 #   Passed to nginx::resource::server's server_name.
-# @param certname
-#   Target TLS certificate used by nginx.
 # @param htpasswd
 #   Path to htpasswd file used by nginx's basic auth.
 # @param cgitrc
@@ -69,7 +67,6 @@ class cgit (
   }]] $users = [],
   Variant[Boolean, Enum['nginx']] $manage_server = false,
   Optional[String] $server_name = undef,
-  Optional[String] $certname = undef,
   String $htpasswd = '/var/lib/nginx/cgit-htpasswd',
   String $cgitrc = '/etc/cgitrc',
   Hash[String, Hash] $filters = {},
diff --git a/manifests/nginx.pp b/manifests/nginx.pp
index b3af3f5..b94fff0 100644
--- a/manifests/nginx.pp
+++ b/manifests/nginx.pp
@@ -1,31 +1,15 @@
 # @summary Manages nginx resources for cgit
 # @api private
 class cgit::nginx {
-  if ($cgit::certname == undef) {
-    nginx::resource::server { 'cgit':
-      server_name          => [$cgit::server_name],
-      access_log           => 'absent',
-      error_log            => 'absent',
-      index_files          => [],
-      try_files            => ['$uri', '@cgit'],
-      ssl                  => false,
-      use_default_location => true,
-      www_root             => $cgit::root,
-    }
-  } else {
-    nginx::resource::server { 'cgit':
-      server_name          => [$cgit::server_name],
-      access_log           => 'absent',
-      error_log            => 'absent',
-      index_files          => [],
-      try_files            => ['$uri', '@cgit'],
-      ssl                  => true,
-      ssl_cert             => "/etc/letsencrypt/live/${cgit::certname}/fullchain.pem",
-      ssl_key              => "/etc/letsencrypt/live/${cgit::certname}/privkey.pem",
-      use_default_location => true,
-      www_root             => $cgit::root,
-      ssl_redirect         => true,
-    }
+  nginx::resource::server { 'cgit':
+    server_name          => [$cgit::server_name],
+    access_log           => 'absent',
+    error_log            => 'absent',
+    index_files          => [],
+    try_files            => ['$uri', '@cgit'],
+    use_default_location => true,
+    www_root             => $cgit::root,
+    *                    => letsencrypt::conf::nginx($cgit::server_name),
   }
 
   nginx::resource::location { '@cgit':
@@ -35,7 +19,7 @@ class cgit::nginx {
       'PATH_INFO'       => '$fastcgi_script_name',
       'QUERY_STRING'    => '$args',
     },
-    ssl_only       => $cgit::certname != undef,
+    *              => letsencrypt::conf::nginx::location($cgit::server_name),
     fastcgi        => 'unix:/run/fcgiwrap.socket',
     server         => [
       'cgit',
@@ -53,8 +37,8 @@ class cgit::nginx {
   $re = $cgit::public_repos.join('|')
 
   nginx::resource::location { "~ ^(/(${re})\\.git/.*)" :
+    *              => letsencrypt::conf::nginx::location($cgit::server_name),
     server         => 'cgit',
-    ssl_only       => $cgit::certname != undef,
     priority       => 450,
     fastcgi        => 'unix:/run/fcgiwrap.socket',
     fastcgi_params => 'fastcgi_params',
@@ -67,8 +51,8 @@ class cgit::nginx {
   }
 
   nginx::resource::location { '~ (.*\.git/.*)':
+    *                   => letsencrypt::conf::nginx::location($cgit::server_name),
     server              => 'cgit',
-    ssl_only            => $cgit::certname != undef,
     location_cfg_append => {
       auth_basic           => '"CGit login"',
       auth_basic_user_file => $cgit::htpasswd,
-- 
cgit v1.2.3