class profiles::nginx::ldapauth (
  Stdlib::AbsolutePath  $bin_path = '/usr/local/bin/nginx-ldap-auth',
  Stdlib::AbsolutePath  $env_path = '/etc/default/nginx-ldap-auth',
  String                $user   = 'nginx-ldap-auth',
  String                $group  = 'nginx-ldap-auth',
  Boolean               $systempkgs = false,
  String                $version = 'system',
  Hash                  $packages = {
    'python3.11-ldap' => { ensure => 'present' }
  }
){


  if $::facts['python3_version'] {

    $python_version = $version ? {
      'system' => $::facts['python3_version'],
      default  => $version,
    }

    ensure_resources('package', $packages)

    # Deploy the default configuration file using a template
    file { $env_path:
      ensure  => file,
      content => template('profiles/ldapauth/nginx-ldap-auth.default.erb'),
    }

    # Deploy the daemon script using a template
    file { $bin_path:
      ensure  => file,
      content => template('profiles/ldapauth/nginx-ldap-auth-daemon.py.erb'),
      mode    => '0755',
    }

    # Manage user and group
    group { $group:
      ensure => present,
      system => true,
    }

    user { $user:
      ensure  => present,
      comment => 'nginx-ldap-auth helper',
      gid     => $group,
      shell   => '/sbin/nologin',
      system  => true,
      require => Group[$group],
    }

    # Create log directory for nginx-ldap-auth
    file { '/var/log/nginx-ldap-auth':
      ensure  => directory,
      owner   => $user,
      group   => $group,
      mode    => '0755',
      require => User[$user],
    }

    # Ensure the systemd service is enabled and started
    systemd::unit_file { 'nginx-ldap-auth.service':
      content => template('profiles/ldapauth/nginx-ldap-auth.service.erb'),
      enable  => true,
      active  => true,
      require => [
        File[$bin_path],
        File[$env_path],
        User[$user],
      ],
    }
  }
}