# @summary A single certificate
# TODO possibly default cert_name to $::fqdn instead
# @param cert_name Name of the certificate
# @param ensure    Present or absent (currently does nothing)
# @param include_self Should the certificates name be one of its domains?
define letsencrypt::cert (
  String $cert_name                 = $name,
  Enum['present', 'absent'] $ensure = 'present',
  Boolean $include_self             = true,
) {
  # TODO these env files are systemd specific
  # TODO concat::fragment is clumsy, look at re-implementing the
  # functionallity internally

  concat { "${letsencrypt::config_dir}/env/${cert_name}":
    ensure => present,
    warn   => true,
  }

  $cert_preamble = @(EOF)
    AUTHENTICATOR = ''
    POST_HOOK = ''
    DOMAINS =
    |- EOF

  concat::fragment { "letsencrypt ${cert_name} preamble":
    target  => "${letsencrypt::config_dir}/env/${cert_name}",
    order   => '0',
    content => $cert_preamble,
  }

  concat::fragment { "letsencrypt ${cert_name} postamble":
    target  => "${letsencrypt::config_dir}/env/${cert_name}",
    order   => '99',
    content => "\n\n",
  }

  if $include_self {
    letsencrypt::domain { $cert_name: }
  }

  letsencrypt::renew { $cert_name:
  }
}