check_mirrors.pp 2.7 KB
Newer Older
intrigeri's avatar
intrigeri committed
1
# Manage checking of Tails mirrors
2
class tails::check_mirrors (
3
4
5
6
7
8
9
10
  String $email_recipient,
  Stdlib::Absolutepath $homedir      = '/var/lib/tails_check_mirrors',
  Pattern[/\A[a-z_]+\z/] $user       = 'tails_check_mirrors',
  Pattern[/\A[a-z_]+\z/] $repo_user  = 'tails',
  Stdlib::Host $repo_host            = 'git.tails.boum.org',
  Pattern[/\A[a-z_-]+\z/] $repo_name = 'check-mirrors',
  String $repo_rev                   = 'master',
  String $repo_ensure                = 'latest',
11
12
) {

13
14
  validate_email_address($email_recipient)

15
16
17
  $repo_checkout    = "${homedir}/check-mirrors"
  $needed_packages  = ['curl', 'ruby-nokogiri', 'wget']
  $gnupg_homedir    = "${homedir}/.gnupg"
18
  $signing_key_file = "${homedir}/tails-signing.key"
19
20

  package { $needed_packages: ensure => present }
21
22
23
24
25
26

  user::managed { $user:
    ensure  => present,
    homedir => $homedir,
  }

27
28
29
30
  postfix::mailalias { $user:
    recipient => $email_recipient,
  }

31
32
33
34
35
36
  exec { "SSH key pair for user ${user}":
    command => "ssh-keygen -t rsa -b 4096 -N '' -f \"${homedir}/.ssh/id_rsa\"",
    user    => $user,
    creates => "${homedir}/.ssh/id_rsa",
  }

37
38
39
40
41
42
43
  file { $signing_key_file:
    owner  => $user,
    group  => $user,
    mode   => '0600',
    source => 'puppet:///modules/tails/check_mirrors/tails-signing.key',
  }

44
45
46
47
48
49
50
  file { $gnupg_homedir:
    ensure => directory,
    owner  => $user,
    group  => $user,
    mode   => '0700',
  }

51
52
53
  exec { 'Import Tails signing key':
    user        => $user,
    group       => $user,
intrigeri's avatar
intrigeri committed
54
55
    command     => "gpg --batch --quiet --import '${signing_key_file}'",
    environment => "HOME=${homedir}",
56
    require     => File[$gnupg_homedir, $signing_key_file],
57
58
59
60
    subscribe   => File[$signing_key_file],
    refreshonly => true,
  }

61
  vcsrepo { $repo_checkout:
62
    ensure   => $repo_ensure,
63
64
    provider => git,
    source   => "${repo_user}@${repo_host}:${repo_name}.git",
intrigeri's avatar
intrigeri committed
65
    revision => $repo_rev,
66
    user     => $user,
intrigeri's avatar
intrigeri committed
67
68
69
70
    require  => [
      User[$user], File[$homedir], Sshkey[$repo_host],
      Exec["SSH key pair for user ${user}"]
    ],
71
72
  }

73
74
75
76
  tails::check_mirrors::cronjob { 'Full run':
    args   => ['--ignore-failures', 'failures.json'],
    hour   => 0,
    minute => 16,
intrigeri's avatar
intrigeri committed
77
78
  }

79
80
81
82
  tails::check_mirrors::cronjob { 'Fast run #1: optimized for European morning':
    args   => ['--fast', '--store-failures', 'failures.json'],
    hour   => 4,
    minute => 16,
83
84
  }

85
86
87
88
  tails::check_mirrors::cronjob { 'Fast run #2: optimized for American morning':
    args   => ['--fast', '--store-failures', 'failures.json'],
    hour   => 12,
    minute => 16,
89
90
  }

91
92
93
94
  tails::check_mirrors::cronjob { 'Fast run #3: to complete the 3 × 8 shifts':
    args   => ['--fast', '--store-failures', 'failures.json'],
    hour   => 20,
    minute => 16,
95
96
  }

97
}