class ssl {
  file { [ "/etc/ssl", "/etc/ssl/certs", "/etc/ssl/private" ]:
    ensure  => directory,
    owner   => "root",
    group   => "root",
  }

  file { "/usr/local/bin/ssl-cert-check":
    ensure => present,
    owner   => "root",
    group   => "root",
    mode    => 755,
    source  => "puppet://$server/modules/ssl/ssl-cert-check",
  }

  define cert($ensure  = present, $owner    = 'root', $group = 'root',
              $pubmode = '644',   $privmode = '600',  $base  = '/etc/ssl') {
    file { "${base}/certs/$name.crt":
      ensure  => $ensure,
      owner   => $owner,
      group   => $group,
      mode    => $pubmode,
      source  => "puppet:///modules/site_keys/ssl/$name.crt",
      require => File["${base}/certs"],
    }
  
    file { "${base}/private/$name.pem":
      ensure  => $ensure,
      owner   => $owner,
      group   => $group,
      mode    => $privmode,
      backup  => false, # Do not backup the private key
      source  => "puppet:///modules/site_keys/ssl/$name.pem",
      require => File["${base}/private"],
    }
  }

  define check($port = '443', $interval = '60',    $email = 'root',
               $hour = '0',   $minute   = '0',     $weekday = '0',
               $file = false, $ensure   = present, $base  = '/etc/ssl') {

    $ssl_cert_check = "/usr/local/bin/ssl-cert-check -a -q -x ${interval} -e ${email}"

    $command = $file ? {
      false   => "$ssl_cert_check -s ${name} -p ${port}",
      true    => "$ssl_cert_check -c ${base}/certs/cert.crt",
      default => "$ssl_cert_check -c ${file}",
    }

    cron { "ssl-cert-check-${name}":
      command  => $command,
      user     => root,
      hour     => $hour,
      minute   => $minute,
      weekday  => $weekday,
      ensure   => $ensure,
      require  => File["/usr/local/bin/ssl-cert-check"],
    }
  }
}