define apache::site(
  $ensure               = present,
  $docroot              = false,
  $redirect             = false,
  $redirect_match       = false,
  $protocol             = 'http',
  $aliases              = false,
  $server_alias         = false,
  $use                  = false,
  $ticket               = false,
  $source               = false,
  $template             = 'apache/site.erb',
  $filename             = '',
  $manage_docroot       = true,
  $owner                = 'root',
  $group                = 'root',
  $mpm                  = true,
  $mpm_user             = '',
  $mpm_group            = '',
  $password             = '*',
  $comment              = '',
  $sshkey               = absent,
  $sshkey_options       = [],
  $groups               = '',
  $shell                = '/bin/false',
  $manage_user          = true,
  $ssl                  = false,
  $listen               = '*',
  $https_redirect       = false,
  $canonical            = false,
  $canonical_exceptions = '',
  $hidden_service       = false,
  $custom_directives    = false,
  $allow_override       = false,
  $hosting_domain       = hiera('apache::site::domain', $::domain)

) {

  $vhost = $filename ? {
    ''      => "${name}",
    default => "$filename",
  }

  $user = $mpm_user ? {
    ''      => regsubst($name, '\.', '_', 'G'),
    default => $mpm_user,
  }

  $gid = $mpm_group ? {
    ''      => regsubst($name, '\.', '_', 'G'),
    default => $mpm_group,
  }

  $hidden_enabled = hiera('apache::site::hidden', false)
  if $hidden_service == true and $hidden_enabled == true {
    tor::daemon::hidden_service { "${name}":
      ports    => [ "80 127.0.0.1:${apache::http_port}" ],
      data_dir => "${tor::daemon::data_dir}/hidden",
      require  => File["${tor::daemon::data_dir}/hidden"],
      ensure   => $ensure,
    }
  }

  if $mpm == true and $manage_user == true and $user != 'root' {
    if $ensure == present {
      if !defined(Group[$gid]) {
        group { "$gid":
          ensure => present,
        }
      }

      if !defined(User["$user"]) {
        user::manage { "$user":
          tag            => "virtual",
          password       => $password,
          gid            => $gid,
          comment        => $comment,
          ticket         => $ticket,
          groups         => $groups,
          sshkey         => $sshkey,
          sshkey_options => $sshkey_options,
          shell          => $shell,
          ensure         => present,
          require        => Group[$gid],
        }
      }
    }
    else {
      if !defined(User["$user"]) {
        user::manage { "$user":
          tag      => "virtual",
          password => $password,
          ensure   => absent,
        }
      }

      if !defined(Group[$gid]) {
        group { "$gid":
          ensure  => absent,
          require => User[$user],
        }
      }
    }
  }

  if $ssl == true {
    ssl::cert { "$name":
      group    => $gid,
      privmode => '0640',
      ensure   => $ensure,
    }

    ssl::check { "$name":
      file   => "/etc/ssl/certs/$name.crt",
      ensure => $ensure,
    }
  }

  # Legacy configuration
  file { [ "${apache::conf_sites}-available/$vhost",
           "${apache::conf_sites}-enabled/$vhost" ]:
    ensure => absent,
  }

  apache::site::config { $name:
    ensure               => $ensure,
    source               => $source,
    vhost                => $vhost,
    docroot              => $docroot,
    redirect             => $redirect,
    redirect_match       => $redirect_match,
    protocol             => $protocol,
    aliases              => $aliases,
    server_alias         => $server_alias,
    use                  => $use,
    template             => $template,
    mpm                  => $mpm,
    user                 => $user,
    gid                  => $gid,
    ssl                  => $ssl,
    listen               => $listen,
    https_redirect       => $https_redirect,
    canonical            => $canonical,
    canonical_exceptions => $canonical_exceptions,
    custom_directives    => $custom_directives,
    allow_override       => $allow_override,
    hosting_domain       => $hosting_domain,
  }

  case $ensure {
    'present': {
      if ($docroot != false) and ($manage_docroot == true) {
        if !defined(File["${docroot}"]) {
          file { "${docroot}":
            ensure  => present,
            owner   => $owner,
            group   => $group,
            mode    => 0755,
            recurse => false,
          }
        }
        if !defined(Exec["check_docroot_${docroot}"]) {
          # Ensure parent folder exist
          exec { "check_docroot_${docroot}":
            command => "/bin/mkdir -p ${docroot}",
            unless  => "/bin/sh -c '[ -e ${docroot} ]'",
            user    => root,
            before  => File["${docroot}"],
          }
        }
      }
      exec { "/usr/sbin/a2ensite $vhost":
        command => $::lsbdistcodename ? {
          'wheezy' => "/usr/sbin/a2ensite $vhost.conf",
          default  => "/usr/sbin/a2ensite $vhost",
        },
        unless  => "/bin/sh -c '[ -L ${apache::conf_sites}-enabled/$vhost.conf ] \
                && [ ${apache::conf_sites}-enabled/$vhost.conf -ef ${apache::conf_sites}-available/$vhost.conf ]'",
        require => Apache::Site::Config[$name],
        notify  => Exec["reload-apache2"],
      }
    }
    'absent': {
      exec { "/usr/sbin/a2dissite $vhost":
        command => $::lsbdistcodename ? {
          'wheezy' => "/usr/sbin/a2dissite $vhost.conf",
          default  => "/usr/sbin/a2dissite $vhost",
        },
        onlyif  => "/bin/sh -c '[ -L ${apache::conf_sites}-enabled/$vhost.conf ] \
                && [ ${apache::conf_sites}-enabled/$vhost.conf -ef ${apache::conf_sites}-available/$vhost.conf ]'",
        require => Apache::Site::Config[$name],
        notify  => Exec["reload-apache2"],
      }

      file { "${apache::conf_sites}-enabled/$vhost.conf":
        ensure => absent,
        notify => Exec["reload-apache2"],
      }
    }
    default: { err ("Unknown ensure value: '$ensure'") }
  }
}