{% macro nginx_ssl_cert_present(server_domain) %}
/etc/nginx/ssl.d/{{ server_domain }}:
  file.directory:
    - mode: 700
    - require:
      - file: /etc/nginx/ssl.d

/etc/nginx/ssl.d/{{ server_domain }}/fullchain.pem:
  file.managed:
    - mode: 400
    - contents_pillar: env:certs:host:{{ server_domain }}:fullchain.pem
    - require:
      - file: /etc/nginx/ssl.d/{{ server_domain }}
    - watch_in:
      - service: nginx

/etc/nginx/ssl.d/{{ server_domain }}/privkey.pem:
  file.managed:
    - mode: 400
    - contents_pillar: env:certs:host:{{ server_domain }}:privkey.pem
    - require:
      - file: /etc/nginx/ssl.d/{{ server_domain }}
    - watch_in:
      - service: nginx
{% endmacro %}