# Sets up letsencrypt for this host
class profiles::letsencrypt (
  String $certname = $::fqdn,
  Array[String] $domains = [ $::fqdn, ],
  Enum['nginx','apache'] $provider,
) {

  include ::letsencrypt

  # TODO general restart comman
  $plugin = $provider
  $post_hook = $provider ? {
    'nginx'  => 'systemctl restart nginx.service',
    'apache' => 'systemctl restart apache2.service',
  }

  case $facts['os']['family'] {
    'Debian': {
      $nginx_plugin  = 'python3-certbot-nginx'
      $apache_plugin = 'python3-certbot-apache'
    }
    'RedHat': {
      if $facts['os']['name'] == 'Fedora' {
        $nginx_plugin  = 'python3-certbot-nginx'
        $apache_plugin = 'python3-certbot-apache'
      } else {
        case $facts['os']['release']['major'] {
          '7': {
            $nginx_plugin  = 'python2-certbot-nginx'
            $apache_plugin = 'python2-certbot-apache'
          }
          '8': {
            $nginx_plugin  = 'python3-certbot-nginx'
            $apache_plugin = 'python3-certbot-apache'
          }
        }
      }
    }
    'Archlinux': {
      $nginx_plugin  = 'certbot-nginx'
      $apache_plugin = 'certbot-apache'
    }
    'FreeBSD': {
      $nginx_plugin  = 'py38-certbot-nginx'
      $apache_plugin = 'py38-certbot-apache'
    }
  }


  # TODO this requires that we have the webserver in question started.
  # TODO we also have the bootstrap problem, which I should find a
  # common solution for

  letsencrypt::certonly { $certname:
    ensure             => present,
    domains            => $domains,
    manage_cron        => true,
    plugin             => $plugin,
    additional_args    => [ '--quiet', ],
    post_hook_commands => [ $post_hook, ],
  }
}