# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1588343265 -3600
# Node ID e6c11dadd985fd4151b7b728b9069481a1f50014

Initial commit

diff -r 000000000000 -r e6c11dadd985 Dockerfile
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Dockerfile	Fri May 01 15:27:45 2020 +0100
@@ -0,0 +1,13 @@
+FROM alpine:3
+
+RUN apk add --no-cache openssl bash curl
+
+ADD certwatch.sh /usr/local/bin/certwatch.sh
+ADD entrypoint.sh /usr/local/bin/entrypoint.sh
+
+RUN mkdir -p /etc/certwatch
+
+ADD config.example.sh /etc/certwatch/config.sh
+ADD checks.example.sh /etc/certwatch/checks.sh
+
+CMD ["/usr/local/bin/entrypoint.sh"]
diff -r 000000000000 -r e6c11dadd985 certwatch.sh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/certwatch.sh	Fri May 01 15:27:45 2020 +0100
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+. /etc/certwatch/config.sh
+
+PASS=1
+
+check_domain() {
+	DOMAIN="$1"
+	shift;
+	DAYS=14
+	CRT=$(echo "" | openssl s_client $@ 2>/dev/null);
+	if [[ $? != 0 ]]; then
+		PASS=0
+		send_notification "Check failed for $DOMAIN" "$CRT";
+		return;
+	fi
+
+	if (echo "$CRT" | openssl x509 -noout -checkend $(($DAYS*3600*24)) >/dev/null 2>&1); then
+		return;
+	fi
+	MSG=$(echo "$CRT" | openssl x509 -noout -text|egrep 'CN|DNS|Not After' 2>/dev/null)
+	PASS=0
+	send_notification "Certificate expiry: $DOMAIN" "$MSG"
+}
+
+check_https() {
+	check_domain "$1 HTTPS" -servername $1 -connect $1:443
+}
+
+check_xmpp() {
+	# need OpenSSL 1.1 for -xmpphost :(
+	check_domain "$1 XMPP" -connect $1:5222 -starttls xmpp
+}
+
+check_xmpps2s() {
+	# need OpenSSL 1.1 for -xmpphost :(
+	check_domain "$1 XMPP" -connect $1:5269 -starttls xmpp
+}
+
+check_smtp() {
+	check_domain "$1 SMTP" -connect $1:25 -starttls smtp
+}
+
+check_imap() {
+	check_domain "$1 IMAP" -connect $1:993
+}
+
+. /etc/certwatch/checks.sh
+
+if [[ "$PASS" != 1 ]]; then
+	exit 2;
+fi
+
+exit 0;
diff -r 000000000000 -r e6c11dadd985 checks.example.sh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/checks.example.sh	Fri May 01 15:27:45 2020 +0100
@@ -0,0 +1,1 @@
+check_https example.com
diff -r 000000000000 -r e6c11dadd985 config.example.sh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/config.example.sh	Fri May 01 15:27:45 2020 +0100
@@ -0,0 +1,7 @@
+export DAYS=14
+
+send_notification() {
+	echo "Notification: $1"
+	echo "    $2"
+}
+
diff -r 000000000000 -r e6c11dadd985 entrypoint.sh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/entrypoint.sh	Fri May 01 15:27:45 2020 +0100
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+trap 'kill %1;' SIGTERM
+
+log() {
+	echo "$(date +"%F %R"): $@"
+}
+
+run_certwatch() {
+	log "Executing checks at $(date +"%F %R")..."
+	/usr/local/bin/certwatch.sh
+	case "$?" in
+	  0) log "PASS: All checks passed" ;;
+	  2) log "FAIL: One or more checks failed" ;;
+	  *) log "ERROR: There was an error executing the checks" ;;
+	esac
+}
+
+log "Hello and welcome to certwatch!"
+
+(
+	run_certwatch;
+
+	while sleep 86400; do
+  		run_certwatch;
+	done;
+) &
+
+wait %1
+
+log "Exiting..."
+
+exit 0;