Test

manifests/init.pp

-class ai4ca {
+#
+class ai4ca (
+  String $www_root = '/usr/share/nginx/html',
+  Array[String] $index_files = ['index.html'],
+) {
   include profiles::letsencrypt
   include nginx
+
+  nginx::resource::server { fact('networking.fqdn'):
+    ensure              => present,
+    www_root            => $www_root,
+    location_cfg_append => {
+      'rewrite' => '^ https://$server_name$request_uri? permanent',
+    },
+  }
+
+  nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
+    ensure        => present,
+    listen_port   => 443,
+    www_root      => $www_root,
+    index_files   => $index_files,
+    ssl           => true,
+    ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
+    ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
+    ssl_protocols => 'TLSv1.3 TLSv1.2',
+    ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
+  }
+
+  firewalld_service {
+    'nginx http LiU':
+      zone    => 'liu',
+      service => 'http';
+    'nginx https LiU':
+      zone    => 'liu',
+      service => 'https';
+    'nginx http Public':
+      zone    => 'public',
+      service => 'http';
+    'nginx https Public':
+      zone    => 'public',
+      service => 'https';
+  }
 }