add certbot telegraf plugin

5 files changed, 49 insertions, 0 deletions

diff --git a/modules/tick/files/plugins/certbot b/modules/tick/files/plugins/certbot
new file mode 100644
index 0000000..af3f340
--- /dev/null
+++ b/modules/tick/files/plugins/certbot
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+sudo "$(dirname $0)/certbot_inner"
diff --git a/modules/tick/files/plugins/certbot.conf b/modules/tick/files/plugins/certbot.conf
new file mode 100644
index 0000000..0e4a923
--- /dev/null
+++ b/modules/tick/files/plugins/certbot.conf
@@ -0,0 +1,3 @@
+[[inputs.exec]]
+commands = ["/etc/telegraf/plugins/certbot"]
+data_format = "influx"
diff --git a/modules/tick/files/plugins/certbot.sudoers b/modules/tick/files/plugins/certbot.sudoers
new file mode 100644
index 0000000..bab97c7
--- /dev/null
+++ b/modules/tick/files/plugins/certbot.sudoers
@@ -0,0 +1,3 @@
+Cmnd_Alias CERTBOTINNER = /etc/telegraf/plugins/certbot_inner
+telegraf  ALL=(ALL) NOPASSWD: CERTBOTINNER
+Defaults!CERTBOTINNER !logfile, !syslog, !pam_session
diff --git a/modules/tick/files/plugins/certbot_inner b/modules/tick/files/plugins/certbot_inner
new file mode 100644
index 0000000..5d31c35
--- /dev/null
+++ b/modules/tick/files/plugins/certbot_inner
@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+
+config_dir = "/media/persistent/certbot"
+
+(Dir.entries("#{config_dir}/live/") - [".", ".."]).each do |site|
+  next unless File.directory?("#{config_dir}/live/#{site}")
+  cert = File.read("#{config_dir}/live/#{site}/cert.pem")
+  x509 = OpenSSL::X509::Certificate.new(cert)
+  days = (x509.not_after - Time.now) / 60 / 60 / 24
+  sanitized_site = site.gsub(/[^a-zA-Z0-9]/, '_')
+  puts "certbot,site=#{sanitized_site} days_remaining=#{days}"
+end
diff --git a/modules/tick/manifests/client/plugin/certbot.pp b/modules/tick/manifests/client/plugin/certbot.pp
new file mode 100644
index 0000000..17d99ab
--- /dev/null
+++ b/modules/tick/manifests/client/plugin/certbot.pp
@@ -0,0 +1,26 @@
+class tick::client::plugin::certbot {
+  file {
+    "/etc/telegraf/telegraf.d/certbot.conf":
+      source => 'puppet:///modules/tick/plugins/certbot.conf',
+      require => [
+        File["/etc/telegraf/telegraf.d"],
+        File["/etc/telegraf/plugins/certbot"],
+      ],
+      notify => Service["telegraf"];
+    "/etc/telegraf/plugins/certbot":
+      source => 'puppet:///modules/tick/plugins/certbot',
+      mode => '0755',
+      require => [
+        File['/etc/telegraf/plugins'],
+        File['/etc/telegraf/plugins/certbot_inner'],
+        File['/etc/sudoers.d/telegraf-certbot'],
+      ];
+    "/etc/telegraf/plugins/certbot_inner":
+      source => 'puppet:///modules/tick/plugins/certbot_inner',
+      mode => '0755',
+      require => File['/etc/telegraf/plugins'];
+    "/etc/sudoers.d/telegraf-certbot":
+      source => 'puppet:///modules/tick/plugins/certbot.sudoers',
+      require => Package['sudo'];
+  }
+}