From 0d2185a6730c422184d447fe456ad2c10499398a Mon Sep 17 00:00:00 2001
From: Jim Hague <jim.hague@acm.org>
Date: Thu, 22 Aug 2024 12:51:00 +0100
Subject: [PATCH] Initial stage of dmarcts support.

---
 pillar/secrets/dmarcts.sls.sample |  3 +++
 pillar/top.sls                    |  1 +
 states/dmarc_reports/init.sls     | 23 +++++++++++++++++++++++
 states/top.sls                    |  1 +
 4 files changed, 28 insertions(+)
 create mode 100644 pillar/secrets/dmarcts.sls.sample
 create mode 100644 states/dmarc_reports/init.sls

diff --git a/pillar/secrets/dmarcts.sls.sample b/pillar/secrets/dmarcts.sls.sample
new file mode 100644
index 0000000..8326674
--- /dev/null
+++ b/pillar/secrets/dmarcts.sls.sample
@@ -0,0 +1,3 @@
+dmarcts:
+  user_pw: 'user'
+  mariadb_pw: 'dmarcts'
diff --git a/pillar/top.sls b/pillar/top.sls
index 167f740..f206710 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -10,3 +10,4 @@ base:
     - secrets/mailman
     - secrets/smtpauth
     - secrets/webmail
+    - secrets/dmarcts
diff --git a/states/dmarc_reports/init.sls b/states/dmarc_reports/init.sls
new file mode 100644
index 0000000..0186cc6
--- /dev/null
+++ b/states/dmarc_reports/init.sls
@@ -0,0 +1,23 @@
+dmarc:
+  user.present:
+    - fullname: 'DMARC reports'
+    - home: /home/dmarc
+    - shell: /usr/sbin/nologin
+    - system: True
+    - usergroup: True
+    - password: '{{ salt['pillar.get']('dmarcts:user_pw', '') }}'
+    - hash_password: True
+    - enforce_password: False
+
+dmarcts:
+  pkg.installed:
+    - name: dmarcts-report-parser
+  mysql_user.present:
+    - name: dmarcts
+    - password: '{{ salt['pillar.get']('dmarcts:mariadb_pw', '') }}'
+  mysql_database.present:
+    - name: dmarcts
+  mysql_grants.present:
+    - grant: all privileges
+    - database: dmarcts.*
+    - user: dmarcts
diff --git a/states/top.sls b/states/top.sls
index 5f55b2c..d4327ff 100644
--- a/states/top.sls
+++ b/states/top.sls
@@ -35,3 +35,4 @@ base:
     - mailman
     - mercurial
     - webmail
+    - dmarc_reports