#
#Lego
# 

bundle agent lego 
{
vars:
	"pkgs" slist => {
		"lego"
	};
	"exe" string => "/usr/bin/lego";
	"data_dir" string => "/etc/lego";
debian::
	"exe" string => "/usr/bin/lego";
	"data_dir" string => "/etc/lego";
	"pkgs" slist => {
		"lego","cron"
	};

freebsd::
	"exe" string => "/usr/local/bin/lego";
	"data_dir" string => "/usr/local/etc/lego";

}

bundle agent install_lego
{
methods:
	"any" usebundle => wmde_install_packages( @(lego.pkgs),"lego");
files:
	"$(lego.data_dir)/." 
		create => "true",
		perms => m("750"), 
		depends_on => {"lego_pkgs_installed"},
		handle => "lego_installed";
	
}


bundle agent lego_dns_cert(site)
{
vars:
	# command to read all domains a certificate contains
	"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(lego.data_dir)/certificates/$(site[domain]).crt";

	"ds" slist => {"$(site[domain])"};
	"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
	"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));
	"args" string => string_mustache(
			"-d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}",
			@(site)
			);


	"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),
		if => isvariable ("site[domain]"),
		handle=>"lego_current_domains_ready";

classes:
	"run_lego"
	expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)")),
		depends_on => {"lego_current_domains_ready"};

files:
	"/etc/cron.d/lego-$(site[domain])"
		create => "true",
		content => "0 0 * * * root $(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) $(site[lego_renew_raw]) renew $(site[lego_renew_raw2])", 
		depends_on => {"lego_installed"};
			

commands:
	run_lego::
		"$(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --accept-tos $(site[lego_raw]) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run"
		contain => wmde_cmd_useshell,
		depends_on => {"lego_installed"};

#		"$(certbot.exe)"
#		depends_on => {"certbot_installed","certbot_dry_run_ok"},
#		args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";



reports:



#	"COMMAND: $(cert_test_cmd)";
#	"CMP: $(current_domains_txt) $(domains_txt)";

#	"LEG IS INSTALLED" depends_on => {"lego_installed"};


#	run_lego::
#		"$(lego.exe)";
#		"--path $(lego.data_dir) --accept-tos --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run";
		#depends_on => {"lego_installed"},
		



#	run_lego::
#		"MUST RUN LEGO";
#	!run_lego::
#		"MUST NOT RUN LEGO";
}