# A single certificate
# TODO possibly default cert_name to $::fqdn instead
define letsencrypt::cert (
  String $cert_name                 => $::name,
  Enum['present', 'absent'] $ensure => 'present',
  Boolean $include_self             => true,
) {

  # TODO these env files are systemd specific
  # TODO concat::fragment is clumsy, look at re-implementing the
  # functionallity internally

  concat { "${letsencrypt::config_dir}/env/${cert_name}":
    ensure         => present,
    warn           => true,
  }

  concat::fragment { "letsencrypt ${cert_name} preamble":
    target  => "${letsencrypt::config_dir}/env/${cert_name}",
    order   => '0',
    content => @(EOF)
    AUTHENTICATOR = ''
    POST_HOOK = ''
    DOMAINS =
    |- EOF
  }
  concat::fragment { "letsencrypt ${cert_name} postamble":
    target  => "${letsencrypt::config_dir}/env/${cert_name}",
    order   => '99',
    content => "\n\n",
  }

  if $include_self {
    letsencrypt::domain { $cert_name: }
  }

  letsencrypt::renew { $cert_name:
  }
}