# Sets up nginx specific configuration, and provides access to
# variables for enterpolating into nginx configurations
#
# These use the default cert name
# @example
# nginx::resource::server { 'servername':
#   * => $letsescrypt::nginx::server_ssl
# }
# $letsencrypt::nginx::location_ssl
#
# @param certbot_plugin_package
#   Name of the system package providing this plugin.
#   Populated through hiera.
# @param manage_package
#   If this class should manage the package.
class letsencrypt::nginx (
  String $certbot_plugin_package,
  Boolean $manage_package = true,
) {
  # TODO $cert_path should use the default certificate name.
  # There should however also be a hash of all configured
  # certificates.
  $cert_path = "${letsencrypt::config_dir}/live/${letsencrypt::config_dir::default_cert_name}"

  $server_ssl = if $letsencrypt::ssl_configured {
    {
      ssl          => true,
      ssl_redirect => true,
      ssl_cert     => "${cert_path}/fullchain.pem",
      ssl_key      => "${cert_path}/privkey.pem",
    }
  } else {
    {
      ssl => false,
    }
  }

  $location_ssl = if $letsencrypt::ssl_configured {
    {
      ssl      => true,
      ssl_only => true,
    }
  } else {
    {
      ssl => false,
    }
  }

  if $manage_package {
    ensure_packages([$certbot_plugin_package])
  }
}