1 files changed, 32 insertions, 13 deletions

diff --git a/sitemodules/profiles/manifests/base.pp b/sitemodules/profiles/manifests/base.pp
index fd6f225..ff3d9e4 100644
--- a/sitemodules/profiles/manifests/base.pp
+++ b/sitemodules/profiles/manifests/base.pp
@@ -14,9 +14,7 @@
 #
 # @param rootalias alias that gets emails for root
 #
-# @param crl_job_enable whether to setup the hourly CRL update job
-#
-# @param crl_job_services which services to reload after the CRL update
+# @param crl_job configure the hourly CRL update job
 #
 # @param is_external whether the node is outside of CAcert infrastructure
 #
@@ -36,15 +34,21 @@
 # Copyright
 # ---------
 #
-# Copyright 2016-2021 Jan Dittberner
+# Copyright 2016-2022 Jan Dittberner
 #
 class profiles::base (
-  Array[String] $admins           = [],
-  Hash[String, Data] $users       = {},
-  String $rootalias               = "${trusted['certname']}-admin@cacert.org",
-  Boolean $crl_job_enable         = false,
-  Array[String] $crl_job_services = [],
-  Boolean $is_external            = false,
+  Array[String] $admins     = [],
+  Hash[String, Data] $users = {},
+  String $rootalias         = "${trusted['certname']}-admin@cacert.org",
+  Hash[String, Data] $crl_job             = {
+    'enable'       => false,
+    'hostname'     => $trusted['certname'],
+    'services'     => [],
+    'check_url'    => 'https://monitor.infra.cacert.org:5665/v1/actions/process-check-result',
+    'api_user'     => '',
+    'api_password' => '',
+  },
+  Boolean $is_external      = false,
 ) {
   # ensure admin users for this container
   $admins.each |String $username| {
@@ -172,7 +176,10 @@ class profiles::base (
     repos    => 'main',
     release  => "${::lsbdistcodename}-updates",
   }
-  if Integer($facts['os']['release']['major']) < 11 {
+
+  $os_major = Integer($facts['os']['release']['major'])
+
+  if $os_major < 11 {
     apt::source { "security.debian.org-${::lsbdistcodename}-security":
       location => 'http://security.debian.org/debian-security',
       repos    => 'main',
@@ -255,7 +262,11 @@ class profiles::base (
     subscribe   => [File[$cacert_class1_file], File[$cacert_class3_file]],
   }
 
-  if ($crl_job_enable) {
+  if ($crl_job['enable']) {
+    package { 'python3-requests':
+      ensure => installed,
+    }
+
     file { '/var/local/ssl':
       ensure => directory,
       owner  => 'root',
@@ -278,9 +289,17 @@ class profiles::base (
       mode    => '0755',
       content => epp(
         'profiles/base/update-crls.epp',
-        { 'services' => $crl_job_services }),
+        {
+          'services'     => $crl_job['services'],
+          'check_url'    => $crl_job['check_url'],
+          'api_user'     => $crl_job['api_user'],
+          'api_password' => $crl_job['api_password'],
+          'hostname'     => $crl_job['hostname'],
+        },
+      ),
       require => [
         Package['ca-certificates'],
+        Package['python3-requests'],
         File['/var/local/ssl/crls'],
         File[$cacert_class1_file],
         File[$cacert_class3_file]