class profiles::phpldapadmin (
  String $nginx_server,
) {

  # TODO
  # include ::profiles::phpfpm

  class { 'phpldapadmin':
    auth_type => 'cookie',
  }

  # TODO do this better.
  # Debian gives this file through nginx-common, but I can't find it
  # for arch.
  file { '/etc/nginx/snippets/fastcgi-php.conf':
    content => @(EOF)
    # regex to split $uri to $fastcgi_script_name and $fastcgi_path
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;

    # Check that the PHP script exists before passing it
    try_files $fastcgi_script_name =404;

    # Bypass the fact that try_files resets $fastcgi_path_info
    # see: http://trac.nginx.org/nginx/ticket/321
    set $path_info $fastcgi_path_info;
    fastcgi_param PATH_INFO $path_info;

    fastcgi_index index.php;
    include fastcgi.conf;
    | EOF
  }

  nginx::resource::location { 'phpldapadmin':
    location       => '~ \.php$',
    server         => $nginx_server,
    fastcgi_params => 'snippets/fastcgi-php.conf',
    fastcgi        => 'unix:/run/php-fpm7/php-fpm.sock',
    ssl            => true,
    ssl_only       => true,
    www_root       => '/usr/share/webapps/phpldapadmin',
    location_allow => [
      '127.0.0.1',
      '::1',
      "${facts['network6']}/${extlib::netmask_to_cidr($facts['netmask6'])}",
      "${facts['network']}/${extlib::netmask_to_cidr($facts['netmask'])}",
    ],
    location_deny => [
      'all',
    ],
  }

}