22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
# File 'modules/certspotter/manifests/init.pp', line 22
class certspotter(
String $alert_email,
Array[Stdlib::Fqdn] $monitor_domains,
) {
ensure_packages(['certspotter'])
$homedir = '/var/lib/certspotter'
$statedir = "${homedir}/state"
$configdir = '/etc/certspotter'
$watchlist = "${configdir}/watchlist"
$ctlogslist = "${configdir}/ctlogslist.json"
systemd::sysuser { 'certspotter':
home_dir => $homedir,
shell => '/bin/sh',
description => 'certspotter user',
}
file { $configdir:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { $watchlist:
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
content => template('certspotter/watchlist.erb'),
}
file { $ctlogslist:
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
content => file('certspotter/ctlogslist.json'),
}
$cmd = "/usr/bin/certspotter -watchlist ${watchlist} -start_at_end -logs ${ctlogslist} -state_dir ${statedir}"
systemd::timer::job { 'certspotter':
ensure => absent,
description => 'Run certspotter periodically to monitor for issuance of certificates',
command => $cmd,
send_mail => true,
send_mail_only_on_error => false,
environment => { 'MAILTO' => $alert_email },
user => 'certspotter',
interval => {'start' => 'OnUnitInactiveSec', 'interval' => '30min'},
splay => fqdn_rand(300, 'certspotter'),
require => [
User['certspotter'],
Package['certspotter'],
File[$watchlist],
],
}
}
|