# -*- coding: utf-8; mode: python -*-

info["owner"] = "root"
info["group"] = "root"
info["mode"] = 0644

header("Check SSL certificates")

def check_cert(host='localhost', port=443, user="www-data", filename=None):
    params={
          'host': host,
          'port': port,
          'user': user,
          'filename': filename,
        }
    if filename:
        out("43 7 * * * %(user)s /usr/scripts/utils/check_cert.py --filename %(filename)s" % params)
    else:
        out("42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" % params)

# Host specific
if has('https-server') or has('https_cert'):
    check_cert('localhost', 443, 'www-data')

if has('imap-server'):
    check_cert('localhost', 993, 'www-data')

if has('bcfg2-server'):
    check_cert(metadata.hostname, 6789)

if has('asterisk'):
    check_cert('localhost', 5061)

# file specific
if has('nas-auth-server'):
    check_cert(filename='/etc/freeradius/certs/wifi.crt', user='freerad')

if has('vpn'):
    check_cert(filename='/etc/ssl/certs/vpn.pem', user='root')

if has('xmpp'):
    check_cert(filename='/etc/ssl/certs/jabber_server.pem', user='jabber')

if has('mail-mx-main'):
    check_cert('localhost', 465)

if has('mail-mx-secondary'):
    check_cert('localhost', 25)

if has('infinoted'):
    check_cert(filename='/etc/ssl/certs/infinoted.pem')