class ssl {
  file { [ "/etc/ssl", "/etc/ssl/certs", "/etc/ssl/private" ]:
    ensure  => directory,
    owner   => "root",
    group   => "root",
  }

  file { "/etc/ssl/certs/cert.crt":
    ensure => present,
    owner   => "root",
    group   => "root",
    mode    => 644,
    source  => "puppet://$server/files/keys/ssl/cert.crt",
    require => File["/etc/ssl/certs"],
  }

  file { "/etc/ssl/private/cert.pem":
    ensure => present,
    owner   => "root",
    group   => "root",
    mode    => 600,
    source  => "puppet://$server/files/keys/ssl/cert.pem",
    require => File["/etc/ssl/private"],
  }

  file { "/usr/local/bin/ssl-cert-check":
    ensure => present,
    owner   => "root",
    group   => "root",
    mode    => 755,
    source  => "puppet://$server/modules/ssl/ssl-cert-check",
  }

  define check($port = '443', $interval = '60', $email = 'root',
               $hour = '0',   $minute   = '0',  $weekday = '0',
               $file = false) {

    $ssl_cert_check = "/usr/local/bin/ssl-cert-check -a -q -x ${interval} -e ${email}"

    $command = $file ? {
      false   => "$ssl_cert_check -s ${name} -p ${port}",
      true    => "$ssl_cert_check -c /etc/ssl/certs/cert.crt",
      default => "$ssl_cert_check -c ${file} -q -x ${interval} -e ${email}",
    }

    cron { "ssl-cert-check-${name}":
      command  => $command,
      user     => root,
      hour     => $hour,
      minute   => $minute,
      weekday  => $weekday,
      ensure   => present,
      require  => File["/usr/local/bin/ssl-cert-check"],
    }
  }
}

class ssl::mail inherits ssl {
  File['/etc/ssl/private/cert.pem'] {
    group  => postfix,
    mode   => 0640,
    notify => Service['postfix'],
  }

  File['/etc/ssl/certs/cert.crt'] {
    notify => Service['postfix'],
  }
}

class ssl::proxy inherits ssl {
  File['/etc/ssl/certs/cert.crt', '/etc/ssl/private/cert.pem'] {
    notify => Service['nginx'],
  }
}