@metadata_processor
def defaults(metadata):
    return {
        'apt': {
            'repos': {
                'nginx': {
                    'key': '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62',
                    'items': [
                        'deb http://nginx.org/packages/debian buster nginx',
                    ],
                },
            },
            'unattended-upgrades': {
                'origins': {
                    'o=nginx,a=stable,n=buster,l=nginx,c=nginx',
                },
            },
            'packages': {
                'nginx': {},
            },
        },
        'nginx': {
            'worker_processes': 4,
            'worker_connections': 1000,
        },
    }, DEFAULTS, DONE


@metadata_processor
def letsencrypt(metadata):
    if not node.has_bundle('letsencrypt'):
        return metadata, DONE

    le = metadata.setdefault('letsencrypt', {}).setdefault('domains', {})

    for domain in metadata.get('nginx', {}).get('vhosts', {}).keys():
        le[domain] = set()

    return metadata, RUN_ME_AGAIN