# profiles::puppetdb::ssl
class profiles::puppetdb::ssl (
  $certname           = $trusted['certname'],
  $ssl_dir            = '/etc/puppetlabs/puppetdb/ssl',
  $ssl_owner          = 'puppetdb',
  $ssl_group          = 'puppetdb',
  $puppetdb_service   = 'puppetdb',
  $ca_source          = '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
  $public_cert_source = "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
  $private_key_source = "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
) {

  file { $ssl_dir:
    ensure  => directory,
    owner   => $ssl_owner,
    group   => $ssl_group,
    recurse => true,
  }

  file { "${ssl_dir}/ca.pem":
    ensure => file,
    source => $ca_source,
    owner  => $ssl_owner,
    group  => $ssl_group,
    notify => Service['puppetdb'],
  }

  file { "${ssl_dir}/public.pem":
    ensure => file,
    source => $public_cert_source,
    owner  => $ssl_owner,
    group  => $ssl_group,
    notify => Service['puppetdb'],
  }

  file { "${ssl_dir}/private.pem":
    ensure => file,
    source => $private_key_source,
    owner  => $ssl_owner,
    group  => $ssl_group,
    mode   => '0600',
    notify => Service['puppetdb'],
  }
}