If nginx config until letsencrypt certs are in place

manifests/init.pp

@@ -30,32 +30,34 @@ class ai4ca (
       ensure => installed,
   }
 
-  nginx::resource::server { fact('networking.fqdn'):
-    ensure              => present,
-    www_root            => $www_root,
-    location_cfg_append => {
-      'rewrite' => '^ https://$server_name$request_uri? permanent',
-    },
-  }
+  if fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined") {
+    nginx::resource::server { fact('networking.fqdn'):
+      ensure              => present,
+      www_root            => $www_root,
+      location_cfg_append => {
+        'rewrite' => '^ https://$server_name$request_uri? permanent',
+      },
+    }
 
-  nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
-    ensure        => present,
-    listen_port   => 443,
-    www_root      => $www_root,
-    index_files   => $index_files,
-    ssl           => true,
-    ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
-    ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
-    ssl_protocols => 'TLSv1.3 TLSv1.2',
-    ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
-  }
+    nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
+      ensure        => present,
+      listen_port   => 443,
+      www_root      => $www_root,
+      index_files   => $index_files,
+      ssl           => true,
+      ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
+      ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
+      ssl_protocols => 'TLSv1.3 TLSv1.2',
+      ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', # lint:ignore:140chars
+    }
 
-  nginx::resource::location { '/va':
-    ensure   => present,
-    ssl      => true,
-    ssl_only => true,
-    server   => "${fact('networking.fqdn')} HTTPS",
-    proxy    => 'http://localhost:8100/',
+    nginx::resource::location { '/va':
+      ensure   => present,
+      ssl      => true,
+      ssl_only => true,
+      server   => "${fact('networking.fqdn')} HTTPS",
+      proxy    => 'http://localhost:8100/',
+    }
   }
 
   firewalld_service {