bundles/nginx: ensure we're doing letsencrypt, since we're enforcing ssl

bundles/nginx/files/site_template

@@ -19,6 +19,10 @@ server {
     add_header Strict-Transport-Security "max-age=31104000; preload";
     add_header X-Frame-Options "DENY";
 
+    location /.well-known/acme-challenge/ {
+        alias /var/lib/dehydrated/acme-challenges/;
+    }
+
 % if extras:
 <%include file="extras/${node.name}/${domain}" />
 % endif

bundles/nginx/items.py

@@ -1,3 +1,8 @@
+# TODO rework this to support specifying a certificate instead of
+# relying on letsencrypt for the specific domain (for example to
+# support wildcard certificates
+assert node.has_bundle('letsencrypt'), 'nginx needs letsencrypt'
+
 files = {
     '/etc/nginx/nginx.conf': {
         'content_type': 'mako',