include:
  - nginx

/etc/nginx/conf.d/logformat.conf:
  file.managed:
    - user: root
    - group: root
    - mode: 0644
    - source: salt://webserver/nginx-logformat.conf
    - require:
      - pkg: nginx
    - watch_in:
      - service: nginx

{% set ssldir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}

generate-dhparam-nginx:
  cmd.run:
    - name: openssl dhparam -out {{ ssldir }}/dhparams.pem 2048
    - umask: 022
    - user: root
    - group: root
    - creates: {{ ssldir }}/dhparams.pem
    - require_in:
      - file: /etc/nginx/conf.d/ssl.conf
    - watch_in:
      - service: nginx

/etc/nginx/conf.d/ssl.conf:
  file.managed:
    - user: root
    - group: root
    - mode: 0644
    - source: salt://webserver/nginx-ssl.conf
    - template: jinja
    - require:
      - pkg: nginx
    - watch_in:
      - service: nginx

/etc/nginx/snippets/security.conf:
  file.managed:
    - user: root
    - group: root
    - mode: 0644
    - source: salt://webserver/nginx-security.conf
    - require:
      - pkg: nginx
    - watch_in:
      - service: nginx