# @summary Sets up letsencrypt for other classes
# @param email Contact email sent to letsencrypt
# @param manage_package
#   Should the certbot package resource be managed by this class
# @param certbot_package
#   Name of the certbot package. Should be automatically set through hiera.
# @param server
#   Server providing ACME challenge
# @param renewal_provider
#   Service responsible for periodically renewing the certificate
# @param config
#   Default configuration values to pass to certbot. $server and
#   $email is added here if not explicitly set. It's later merged with
#   a specific instance for each certificate.
class letsencrypt (
  String $email,
  Letsencrypt::Renewal_provider $renewal_provider, # hiera
  String $certbot_package = 'certbot',
  Boolean $manage_package = true,
  String $server = 'https://acme-v02.api.letsencrypt.org/directory',
  Hash[String, Any] $config = {},
) {
  # if $default_cert {
  #   letsencrypt::cert { $default_cert_name:
  #     ensure => present,
  #   }
  # }

  # These are internal instead of parameters, since certbot appears to
  # not accept them in other places. This might prove wrong (BSD?), in
  # that case: make them parameters again, and resolve the few remaining
  # instances where they are hard coded.
  $config_dir = '/etc/letsencrypt'
  $cert_dir = "${config_dir}/live"

  # Used by letsencrypt::cert
  $config_ = {
    'server' => $server,
    'email'  => $email,
  } + $config

  file { $config_dir:
    ensure => directory,
  }

  include letsencrypt::renew::setup

  if $manage_package {
    package { $certbot_package:
      ensure => installed,
    }
  }
}