From b4a878fff8fa4d0c81a6665a6e46552c2abe7b21 Mon Sep 17 00:00:00 2001
From: Arnaud DABY-SEESARAM <ds-ac@crans.org>
Date: Tue, 27 Dec 2022 22:02:48 +0100
Subject: [PATCH] [untested] sdcron: remove authentication when emailing

---
 roles/sdcron/tasks/main.yml                   | 16 -----
 .../systemd/system/failuremail@.service.j2    |  3 -
 .../etc/systemd/system/sdcron.timer.j2        |  4 +-
 .../systemd/system/successmail@.service.j2    |  3 -
 roles/sdcron/templates/tmppass.j2             |  1 -
 .../templates/var/local/sendstatusmail.sh.j2  | 58 +++----------------
 6 files changed, 9 insertions(+), 76 deletions(-)
 delete mode 100644 roles/sdcron/templates/tmppass.j2

diff --git a/roles/sdcron/tasks/main.yml b/roles/sdcron/tasks/main.yml
index ea90b6b8..2f6bf820 100644
--- a/roles/sdcron/tasks/main.yml
+++ b/roles/sdcron/tasks/main.yml
@@ -1,20 +1,4 @@
 ---
-- name: Temporarily store the password of the SMTP user
-  template:
-    src: tmppass.j2
-    dst: /tmp/sdcron_pass
-    owner: root
-    group: root
-
-- name: Launch systemd-creds encrypt on the password for sdcron, and store the result in a variable
-  command: systemd-creds --pretty --name=smtppass encrypt /tmp/sdcron_pass -
-  register: creds
-
-- name: Delete the password of the SMTP user
-  file:
-    state: absent
-    path: /tmp/sdcron_pass
-
 - name: Adding services to send status emails
   template:
     src: etc/systemd/system/{{ item }}@.service.j2
diff --git a/roles/sdcron/templates/etc/systemd/system/failuremail@.service.j2 b/roles/sdcron/templates/etc/systemd/system/failuremail@.service.j2
index 4fd00b34..30fd0dcd 100644
--- a/roles/sdcron/templates/etc/systemd/system/failuremail@.service.j2
+++ b/roles/sdcron/templates/etc/systemd/system/failuremail@.service.j2
@@ -4,7 +4,4 @@ Description=Sends failure mail for service %i
 [Service]
 Type=oneshot
 ExecStart=/var/local/sendstatusmail.sh failure %i
-Environment="SMTP_PORT=465" "SMTP_USER=sdcron"
-{{{ creds.stdout_lines }}}
-# User / Group = ce qu'on veut en vrai
 
diff --git a/roles/sdcron/templates/etc/systemd/system/sdcron.timer.j2 b/roles/sdcron/templates/etc/systemd/system/sdcron.timer.j2
index 7edb2007..b0a9eb52 100644
--- a/roles/sdcron/templates/etc/systemd/system/sdcron.timer.j2
+++ b/roles/sdcron/templates/etc/systemd/system/sdcron.timer.j2
@@ -2,9 +2,9 @@
 Description=Timer for {{ item.name }}.
 
 [Timer]
-{% if item.type == "intervalbased" %}
+{% if ( item.type | default("intervalbased") ) == "intervalbased" %}
 OnBootSec=5m
-OnUnitInactiveSec={{ item.interval }}
+OnUnitInactiveSec={{ item.interval | default ('12h') }}
 {% else %}
 OnCalendar={{ item.calendar }}
 {% endif %}
diff --git a/roles/sdcron/templates/etc/systemd/system/successmail@.service.j2 b/roles/sdcron/templates/etc/systemd/system/successmail@.service.j2
index 4fa6154b..b0e7bb0d 100644
--- a/roles/sdcron/templates/etc/systemd/system/successmail@.service.j2
+++ b/roles/sdcron/templates/etc/systemd/system/successmail@.service.j2
@@ -4,6 +4,3 @@ Description=Sends success mail for service %i
 [Service]
 Type=oneshot
 ExecStart=/var/local/sendstatusmail.sh success %i
-Environment="SMTP_PORT=465" "SMTP_USER=sdcron"
-{{{ creds.stdout_lines }}}
-# User / Group = ce qu'on veut en vrai
diff --git a/roles/sdcron/templates/tmppass.j2 b/roles/sdcron/templates/tmppass.j2
deleted file mode 100644
index a1e90c8d..00000000
--- a/roles/sdcron/templates/tmppass.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{{ vault.sdcron.smtp_pass }}}
diff --git a/roles/sdcron/templates/var/local/sendstatusmail.sh.j2 b/roles/sdcron/templates/var/local/sendstatusmail.sh.j2
index 3f1fd74f..fea44314 100644
--- a/roles/sdcron/templates/var/local/sendstatusmail.sh.j2
+++ b/roles/sdcron/templates/var/local/sendstatusmail.sh.j2
@@ -1,65 +1,21 @@
 #!/usr/bin/bash -ue
 
 
-# The script assumes that:
-# - SMTP_PORT and SMTP_USER are environment variables to store the port and account to use on the SMTP server.
-# - if authentication is to be used, credentials called smtppass and smtpuser is passed by sd.
-
-
 status="${1}"
 service_name="${2}"
-
-
-
-## identification to use fot the mail server:
-#    identifyme is set to 1 if authentication is possible, 0 otherwise
-
-identifyme=1
-smtp_pass=$(systemd-creds cat smtppass) || identifyme=0
-smtp_user=$SMTP_USER
-smtp_port=$SMTP_PORT
-
-smtp_server="redisdead.crans.org"
 smtp_rcpt="nounous@crans.org"
-email="sdcron@crans.org"
 
-
-## Write the email in a temporary file
-tmp=$(mktemp /tmp/mail.XXXXX)
-
-echo "From: sdcron <sdcron@crans.org>
-To: nounous@crans.org
+/usr/bin/sendmail -t <<EOF
+To: ${smtp_rcpt}
 Subject: ${status} of the service ${service_name}.
 Date: $(date -R)
 
-Salut, tout est dans le sujet $\ddot\smile$!
+Détails ci-dessous :
+$(systemctl status ${service_name}.service)
+
+Cordialement,
 
 --
-Cordialement
-
 sdcron
 
-" | tee "$tmp"
-
-
-
-## Send the email
-case identifyme in
-    0 ) 
-        curl --ssl-reqd \
-                --url "smtps://${smtp_server}:${smtp_port}" \
-                --mail-from "${email}" \
-                --mail-rcpt "${smtp_rcpt}" \
-                --upload-file "$tmp"
-        ;;
-    1 )
-        curl --ssl-reqd \
-                --url "smtps://${smtp_server}:${smtp_port}" \
-                --user "${smtp_user}:${smtp_pass}" \
-                --mail-from "${email}" \
-                --mail-rcpt "${smtp_rcpt}" \
-                --upload-file "$tmp"
-        ;;
-esac
-
-rm "$tmp"
+EOF