diff --git a/REFERENCE.md b/REFERENCE.md
index 35fd2ef..095fff3 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -1,323 +1,353 @@
# Reference
## Table of Contents
### Classes
#### Public Classes
* [`hitch`](#hitch): Manage the hitch TLS proxy
#### Private Classes
* `hitch::config`: Manage the hitch configuration, systemd configuration and default DH parameters.
* `hitch::install`: Manage the hitch package and optionally a repository
* `hitch::service`: Manage the hitch service
### Defined types
* [`hitch::domain`](#hitchdomain): Add a TLS certificate and key for a domain
## Classes
-### `hitch`
+### `hitch`
Manage the hitch TLS proxy
#### Examples
##### defaults
```puppet
include hitch
hitch::domain { 'example.com':
cacert_source => '/etc/pki/tls/certs/ca.pem',
cert_source => '/etc/pki/tls/certs/example.com.pem',
key_source => '/etc/pki/tls/private_keys/example.com.pem',
}
```
#### Parameters
-The following parameters are available in the `hitch` class.
-
-##### `package_name`
+The following parameters are available in the `hitch` class:
+
+* [`package_name`](#package_name)
+* [`service_name`](#service_name)
+* [`user`](#user)
+* [`group`](#group)
+* [`backend`](#backend)
+* [`config_file`](#config_file)
+* [`file_owner`](#file_owner)
+* [`dhparams_file`](#dhparams_file)
+* [`dhparams_content`](#dhparams_content)
+* [`config_root`](#config_root)
+* [`purge_config_root`](#purge_config_root)
+* [`frontend`](#frontend)
+* [`manage_repo`](#manage_repo)
+* [`write_proxy_v2`](#write_proxy_v2)
+* [`ciphers`](#ciphers)
+* [`domains`](#domains)
+* [`workers`](#workers)
+* [`prefer_server_ciphers`](#prefer_server_ciphers)
+* [`alpn_protos`](#alpn_protos)
+* [`tls_protos`](#tls_protos)
+
+##### `package_name`
Data type: `String`
Package name for installing hitch.
Default value: `'hitch'`
-##### `service_name`
+##### `service_name`
Data type: `String`
Service name for the hitch service.
Default value: `'hitch.service'`
-##### `user`
+##### `user`
Data type: `String`
User running the service. Defaults vary by OS, see module hieradata.
Default value: `'hitch'`
-##### `group`
+##### `group`
Data type: `String`
Group running the service. Defaults vary by OS, see module hieradata.
Default value: `'hitch'`
-##### `backend`
+##### `backend`
Data type: `String`
Where to proxy requests.
Default value: `'[::1]:80'`
-##### `config_file`
+##### `config_file`
Data type: `Stdlib::Absolutepath`
Path to the hitch configuration file.
Default value: `'/etc/hitch/hitch.conf'`
-##### `file_owner`
+##### `file_owner`
Data type: `String`
User owning the configuration files. Defaults to "root".
Default value: `'root'`
-##### `dhparams_file`
+##### `dhparams_file`
Data type: `Stdlib::Absolutepath`
Path to file for Diffie-Hellman parameters, which are shared
by all domains.
Default value: `'/etc/hitch/dhparams.pem'`
-##### `dhparams_content`
+##### `dhparams_content`
Data type: `Optional[String]`
Content for the DH parameter file. If unset, DH parameters will
be generated on the node, which may take a long time.
Default value: ``undef``
-##### `config_root`
+##### `config_root`
Data type: `Stdlib::Absolutepath`
Configuration root directory. The hitch::domain defined type
will place certificates here.
Default value: `'/etc/hitch'`
-##### `purge_config_root`
+##### `purge_config_root`
Data type: `Boolean`
If true, will delete all unmanaged files from the config_root.
Defaults to false.
Default value: ``false``
-##### `frontend`
+##### `frontend`
Data type: `Variant[String, Array]`
The listening frontend(s) for hitch.
Default value: `'[*]:443'`
-##### `manage_repo`
+##### `manage_repo`
Data type: `Boolean`
If true, install the EPEL repository on RedHat OS family. Defaults vary by OS, see module hieradata.
Default value: ``false``
-##### `write_proxy_v2`
+##### `write_proxy_v2`
Data type: `Enum['on', 'off']`
Default value: `'off'`
-##### `ciphers`
+##### `ciphers`
Data type: `String`
Default value: `'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'`
-##### `domains`
+##### `domains`
Data type: `Optional[Hash]`
Default value: `{}`
-##### `workers`
+##### `workers`
Data type: `Variant[Integer, Enum['auto']]`
Default value: `'auto'`
-##### `prefer_server_ciphers`
+##### `prefer_server_ciphers`
Data type: `Enum['on','off']`
Default value: `'on'`
-##### `alpn_protos`
+##### `alpn_protos`
Data type: `Optional[String]`
Default value: `'http/1.1'`
-##### `tls_protos`
+##### `tls_protos`
Data type: `Optional[String]`
Default value: ``undef``
## Defined types
-### `hitch::domain`
+### `hitch::domain`
This define installs pem files to the config root, and configures
them in the hitch config file.
The CA certificate (if present), server certificate, key and DH
parameters are concatenated, and placed in the hitch configuration.
You can specify cacert, cert and key with either _content or _source
suffix.
#### Examples
##### website with TLS files from managed node
```puppet
hitch::domain { 'example.com':
cacert_source => '/etc/pki/tls/certs/ca.pem',
cert_source => '/etc/pki/tls/certs/example.com.pem',
key_source => '/etc/pki/tls/private_keys/example.com.pem',
}
```
##### website with TLS content from hiera
```puppet
class profile::hitch (
Hash $domains = {},
) {
$domains.each |$domain_title, $domain_params| {
hitch::domain { $domain_title:
* => $domain_params,
}
}
}
```
#### Parameters
-The following parameters are available in the `hitch::domain` defined type.
+The following parameters are available in the `hitch::domain` defined type:
+
+* [`ensure`](#ensure)
+* [`default`](#default)
+* [`cacert_content`](#cacert_content)
+* [`cacert_source`](#cacert_source)
+* [`cert_content`](#cert_content)
+* [`cert_source`](#cert_source)
+* [`key_content`](#key_content)
+* [`key_source`](#key_source)
-##### `ensure`
+##### `ensure`
Data type: `Enum['present', 'absent']`
The desired state of the hitch domain. Default is 'present'.
Default value: `present`
-##### `default`
+##### `default`
Data type: `Boolean`
If there are multiple domains, set this to true to make this the
default domain used by hitch. If there is only one domain, it
will be the default domain no matter what you set here. Defaults
to false.
Default value: ``false``
-##### `cacert_content`
+##### `cacert_content`
Data type: `Optional[String]`
A PEM encoded CA certificate.
Default value: ``undef``
-##### `cacert_source`
+##### `cacert_source`
Data type: `Optional[Stdlib::Filesource]`
Path to a PEM encoded CA certificate.
Default value: ``undef``
-##### `cert_content`
+##### `cert_content`
Data type: `Optional[String]`
A PEM encoded certificate. This must be a certificate matching the
key.
Default value: ``undef``
-##### `cert_source`
+##### `cert_source`
Data type: `Optional[Stdlib::Filesource]`
Path to a PEM encoded certificate. This must be a certificate
matching the key.
Default value: ``undef``
-##### `key_content`
+##### `key_content`
Data type: `Optional[String]`
A PEM encoded key. This must be a key matching the certificate.
Default value: ``undef``
-##### `key_source`
+##### `key_source`
Data type: `Optional[Stdlib::Filesource]`
Path to a PEM encoded key. This must be a key matching the
certificate.
Default value: ``undef``