# == Class: geant_acme::files
#
class geant_acme::files (
  Sensitive $vault_token,
  Sensitive $puppet_token,
  $wildcard_domain,
  $redis_host,
  $vault_host,
  $puppetdb_host,
  $puppetdb_port,
  $le_acme_server,
  $sg_acme_server_ev,
  $sg_acme_server_ov,
  $le_acme_email,
  $sg_acme_email,
  Sensitive $sectigo_key_id_ov,
  Sensitive $sectigo_hmac_key_ov,
  Sensitive $sectigo_key_id_ev,
  Sensitive $sectigo_hmac_key_ev,
  Sensitive $iblox_password,
  $iblox_user,
  $web_base
) {

  if $::environment == 'production' {
    file {
      default:
        ensure => link;
      '/etc/letsencrypt':
        target => '/nas/letsencrypt_wildcard';
      '/etc/sectigo_ev':
        target => '/nas/sectigo_ev';
      '/etc/sectigo_ov':
        target => '/nas/sectigo_ov';
    }
  } else {
    file { ['/etc/letsencrypt', '/etc/sectigo_ev', '/etc/sectigo_ov']:
      ensure => directory,
      mode   => '0755';
    }
  }

  file {
    default:
      ensure => file,
      owner  => root,
      group  => root,
      mode   => '0755';
    '/etc/sectigo_ev/cli.ini':
      mode    => '0640',
      require => File['/etc/sectigo_ev'],
      content => Sensitive(epp("${module_name}/cli.ini.epp", {
        acme_email       => $sg_acme_email,
        acme_server      => $sg_acme_server_ev,
        acme_provider    => 'sectigo_ev',
        sectigo_key_id   => $sectigo_key_id_ev,
        sectigo_hmac_key => $sectigo_hmac_key_ev
      }));
    '/etc/sectigo_ov/cli.ini':
      mode    => '0640',
      require => File['/etc/sectigo_ov'],
      content => Sensitive(epp("${module_name}/cli.ini.epp", {
        acme_email       => $sg_acme_email,
        acme_server      => $sg_acme_server_ov,
        acme_provider    => 'sectigo_ov',
        sectigo_key_id   => $sectigo_key_id_ov,
        sectigo_hmac_key => $sectigo_hmac_key_ov
      }));
    '/etc/letsencrypt/cli.ini':
      mode    => '0644',
      require => File['/etc/letsencrypt'],
      content => epp("${module_name}/cli.ini.epp", {
        acme_email    => $le_acme_email,
        acme_server   => $le_acme_server,
        acme_provider => 'letsencrypt'
      });
    '/root/bin/root_password.py':
      source => "puppet:///modules/${module_name}/root_password.py";
    '/root/bin/cert2json.py':
      source => "puppet:///modules/${module_name}/cert2json.py";
    '/root/bin/geant_acme.py':
      source => "puppet:///modules/${module_name}/geant_acme.py";
    '/root/bin/geant_acme_uploader.py':
      source => "puppet:///modules/${module_name}/geant_acme_uploader.py";
    '/root/bin/infoblox_hook.py':
      source => "puppet:///modules/${module_name}/infoblox_hook.py";
    ['/root/bin/infoblox_hook_letsencrypt',
      '/root/bin/infoblox_hook_sectigo_ov',
      '/root/bin/infoblox_hook_sectigo_ev']:
      ensure => link,
      target => '/root/bin/infoblox_hook.py';
    '/root/.geant_acme.ini':
      mode    => '0640',
      content => Sensitive(epp("${module_name}/geant_acme.ini.epp"));
    '/root/.secrets_shuffle.ini':
      mode    => '0640',
      content => Sensitive(epp("${module_name}/secrets_shuffle.ini.epp"));
    ['/var/log/acme_letsencrypt',
      '/var/log/acme_sectigo_ov',
      '/var/log/acme_sectigo_ev']:
      ensure => directory;
    ## http site
    [$web_base,
      "${web_base}/letsencrypt",
      "${web_base}/sectigo_ov",
      "${web_base}/sectigo_ev"]:
      ensure  => directory,
      mode    => undef,
      require => Class['nginx'],
      recurse => true,
      source  => "puppet:///modules/${module_name}/acme_web";
    "${web_base}/anvil.ico":
      mode    => '0644',
      require => File[$web_base],
      source  => 'puppet:///modules/depot/anvil.ico';
    "${web_base}/anvil.png":
      mode    => '0644',
      require => File[$web_base],
      source  => 'puppet:///modules/depot/anvil.png';
    "${web_base}/letsencrypt/index.html":
      mode    => '0644',
      require => File[$web_base],
      content => epp("${module_name}/index.html.epp", {
        json_file  => 'letsencrypt',
        html_title => 'LetsEncrypt'}
      );
    "${web_base}/letsencrypt/expiry_date.html":
      mode    => '0644',
      require => File[$web_base],
      content => epp("${module_name}/index.html.epp", {
        json_file  => 'letsencrypt_expired',
        html_title => 'LetsEncrypt'}
      );
    "${web_base}/sectigo_ev/index.html":
      mode    => '0644',
      require => File[$web_base],
      content => epp("${module_name}/index.html.epp", {
        json_file  => 'sectigo_ev',
        html_title => 'SectiGO EV'}
      );
    "${web_base}/sectigo_ev/expiry_date.html":
      mode    => '0644',
      require => File[$web_base],
      content => epp("${module_name}/index.html.epp", {
        json_file  => 'sectigo_ev_expired',
        html_title => 'SectiGO EV'}
      );
    "${web_base}/sectigo_ov/index.html":
      mode    => '0644',
      require => File[$web_base],
      content => epp("${module_name}/index.html.epp", {
        json_file  => 'sectigo_ov',
        html_title => 'SectiGO OV'}
      );
    "${web_base}/sectigo_ov/expiry_date.html":
      mode    => '0644',
      require => File[$web_base],
      content => epp("${module_name}/index.html.epp", {
        json_file  => 'sectigo_ov_expired',
        html_title => 'SectiGO OV'}
      );
    "${web_base}/index.html":
      mode    => '0644',
      require => File[$web_base],
      source  => "puppet:///modules/${module_name}/index.html";
  }

}
# vim:ts=2:sw=2