class ssl {
  file { [ "/etc/ssl", "/etc/ssl/certs", "/etc/ssl/private" ]:
    ensure  => directory,
    owner   => "root",
    group   => "root",
  }

  file { "/etc/ssl/certs/cert.crt":
    ensure => present,
    owner   => "root",
    group   => "root",
    mode    => 644,
    source  => "puppet://$server/files/keys/ssl/cert.crt",
    require => File["/etc/ssl/certs"],
  }

  file { "/etc/ssl/private/cert.pem":
    ensure => present,
    owner   => "root",
    group   => "root",
    mode    => 600,
    source  => "puppet://$server/files/keys/ssl/cert.pem",
    require => File["/etc/ssl/private"],
  }
}

class ssl::mail inherits ssl {
  File['/etc/ssl/private/cert.pem'] {
    group  => postfix,
    mode   => 0640,
    notify => Service['postfix'],
  }

  File['/etc/ssl/certs/cert.crt'] {
    notify => Service['postfix'],
  }
}

class ssl::proxy inherits ssl {
  File['/etc/ssl/certs/cert.crt', '/etc/ssl/private/cert.pem'] {
    notify => Service['nginx'],
  }
}