thomas
/
sovereign


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307
							- name: Add monitoring vhost to apache
  template: src=etc_apache2_sites-available_00-status.conf dest=/etc/apache2/sites-available/00-status.conf
  notify: restart apache
  when: default_http_redirect

- name: Enable the status vhost
  command: a2ensite 00-status.conf creates=/etc/apache2/sites-enabled/00-status.conf
  notify: restart apache
  when: default_http_redirect

- name: add buster-backport for Monit
  apt_repository: repo='deb http://deb.debian.org/debian buster-backports main' state=present update_cache=yes
  tags:
    - dependencies
  when: ansible_distribution_version == '10'

- name: Install monit
  apt:
    name: monit
    state: present
    default_release: buster-backports
  tags:
    - dependencies
  when: ansible_distribution_version == '10'

- name: Install monit
  apt:
    name: monit
    state: present
  tags:
    - dependencies
  when: ansible_distribution_version != '10'

- name: Copy monit master config file into place
  template: src=etc_monit_monitrc.j2 dest=/etc/monit/monitrc
  notify: restart monit

# ---------------------------------------

- name: Determine if ZNC is installed
  stat: path=/usr/lib/znc/configs/znc.conf
  register: znc_config_file

- name: Determine if XMPP is installed
  stat: path=/etc/prosody/prosody.cfg.lua
  register: prosody_config_file

- name: Determine if Fathom is installed
  stat: path=/usr/local/bin/fathom
  register: fathom_config_file

- name: Determine if Redis is installed
  stat: path=/etc/redis/redis.conf
  register: redis_config_file

- name: Determine if RSpamD is installed
  stat: path=/etc/rspamd/rspamd.conf
  register: rspamd_config_file

- name: Determine if gitea is installed
  stat: path=/etc/gitea/app.ini
  register: gitea_config_file

- name: Determine if Synapse is installed
  stat: path=/etc/matrix-synapse/homeserver.yaml
  register: synapse_config_file

- name: Determine if Mastodon is installed
  stat: path=/home/mastodon/mastodon
  register: mastodon_config_file

- name: Determine if Commento is installed
  stat: path=/home/{{ main_user_name }}/commento/commento
  register: commento_config_file

- name: Determine if Grafana is installed
  stat: path=/etc/grafana/grafana.ini
  register: grafana_config_file

- name: Determine if InfluxDB is installed
  stat: path=/etc/influxdb/influxdb.conf
  register: influxdb_config_file

- name: Determine if Telegraf is installed
  stat: path=/etc/telegraf/telegraf.conf
  register: telegraf_config_file

- name: Determine if Mosquitto is installed
  stat: path=/etc/mosquitto/mosquitto.conf
  register: mosquitto_config_file

- name: Determine if OpenVPN is installed
  stat: path=/etc/openvpn/server.conf
  register: openvpn_config_file

- name: Determine if Jitsi is installed
  stat: path=/etc/jitsi/jicofo/config
  register: jitsi_config_file

- name: Determine if MongoDB is installed
  stat: path=/etc/mongod.conf
  register: mongodb_config_file

- name: Determine if Rocket.Chat is installed
  stat: path=/usr/local/bin/Rocket.Chat/main.js
  register: rocketchat_config_file

- name: Determine if Apache2 is installed
  stat: path=/etc/apache2/apache2.conf
  register: apache2_config_file

- name: Determine if Dovecot is installed
  stat: path=/etc/dovecot/dovecot.conf
  register: dovecot_config_file

- name: Determine if Postfix is installed
  stat: path=/etc/postfix/main.cf
  register: postfix_config_file

- name: Determine if sshd is installed
  stat: path=/etc/ssh/sshd_config
  register: sshd_config_file

- name: Determine if slapd is installed
  stat: path=/usr/sbin/slapd
  register: slapd_config_file

- name: Determine if pgsql_deb9 is installed
  stat: path=/etc/postgresql/9.6/main/pg_ctl.conf
  register: pgsql9_config_file

- name: Determine if pgsql_deb10 is installed
  stat: path=/etc/postgresql/11/main/pg_ctl.conf
  register: pgsql10_config_file

- name: Determine if pgsql_deb11 is installed
  stat: path=/etc/postgresql/13/main/pg_ctl.conf
  register: pgsql11_config_file

- name: Determine if tomcat_deb9 is installed
  stat: path=/etc/tomcat8/server.xml
  register: tomcat9_config_file

- name: Determine if tomcat_deb10 is installed
  stat: path=/etc/tomcat9/server.xml
  register: tomcat10_config_file

# ---------------------------------------

- name: Copy ZNC monit service config files into place
  copy: src=etc_monit_conf.d_znc dest=/etc/monit/conf.d/znc
  notify: restart monit
  when: znc_config_file.stat.exists == True

- name: Copy XMPP monit service config files into place
  copy: src=etc_monit_conf.d_prosody dest=/etc/monit/conf.d/prosody
  notify: restart monit
  when: prosody_config_file.stat.exists == True

- name: Copy Jitsi monit service config files into place
  copy: src=etc_monit_conf.d_jitsi dest=/etc/monit/conf.d/jitsi
  notify: restart monit
  when: jitsi_config_file.stat.exists == True

- name: Copy Fathom monit service config files into place
  copy: src=etc_monit_conf.d_fathom dest=/etc/monit/conf.d/fathom
  notify: restart monit
  when: fathom_config_file.stat.exists == True

- name: Copy Redis monit service config files into place
  copy: src=etc_monit_conf.d_redis dest=/etc/monit/conf.d/redis
  notify: restart monit
  when: redis_config_file.stat.exists == True

- name: Copy RSpamD monit service config files into place
  copy: src=etc_monit_conf.d_rspamd dest=/etc/monit/conf.d/rspamd
  notify: restart monit
  when: rspamd_config_file.stat.exists == True

- name: Copy gitea monit service config files into place
  copy: src=etc_monit_conf.d_gitea dest=/etc/monit/conf.d/gitea
  notify: restart monit
  when: gitea_config_file.stat.exists == True

- name: Copy Synapse monit service config files into place
  copy: src=etc_monit_conf.d_matrix dest=/etc/monit/conf.d/matrix
  notify: restart monit
  when: synapse_config_file.stat.exists == True

- name: Copy Mastodon monit service config files into place
  copy: src=etc_monit_conf.d_mastodon dest=/etc/monit/conf.d/mastodon
  notify: restart monit
  when: mastodon_config_file.stat.exists == True

- name: Copy Commento monit service config files into place
  copy: src=etc_monit_conf.d_commento dest=/etc/monit/conf.d/commento
  notify: restart monit
  when: commento_config_file.stat.exists == True

- name: Copy Grafana monit service config files into place
  copy: src=etc_monit_conf.d_grafana dest=/etc/monit/conf.d/grafana
  notify: restart monit
  when: grafana_config_file.stat.exists == True

- name: Copy InfluxDB monit service config files into place
  copy: src=etc_monit_conf.d_influxdb dest=/etc/monit/conf.d/influxdb
  notify: restart monit
  when: influxdb_config_file.stat.exists == True

- name: Copy Telegraf monit service config files into place
  copy: src=etc_monit_conf.d_telegraf dest=/etc/monit/conf.d/telegraf
  notify: restart monit
  when: telegraf_config_file.stat.exists == True

- name: Copy Mosquitto monit service config files into place
  copy: src=etc_monit_conf.d_mosquitto dest=/etc/monit/conf.d/mosquitto
  notify: restart monit
  when: mosquitto_config_file.stat.exists == True

- name: Copy OpenVPN monit service config files into place
  copy: src=etc_monit_conf.d_openvpn dest=/etc/monit/conf.d/openvpn
  notify: restart monit
  when: openvpn_config_file.stat.exists == True

- name: Copy dnsmasq monit service config files into place
  copy: src=etc_monit_conf.d_dnsmasq dest=/etc/monit/conf.d/dnsmasq
  notify: restart monit
  when: openvpn_config_file.stat.exists == True

- name: Copy MongoDB monit service config files into place
  copy: src=etc_monit_conf.d_mongodb dest=/etc/monit/conf.d/mongodb
  notify: restart monit
  when: mongodb_config_file.stat.exists == True

- name: Copy Rocket.Chat monit service config files into place
  copy: src=etc_monit_conf.d_rocketchat dest=/etc/monit/conf.d/rocketchat
  notify: restart monit
  when: rocketchat_config_file.stat.exists == True

- name: Copy apache2 monit service config files into place
  copy: src=etc_monit_conf.d_apache2 dest=/etc/monit/conf.d/apache2
  notify: restart monit
  when: apache2_config_file.stat.exists == True

- name: Copy dovecot monit service config files into place
  copy: src=etc_monit_conf.d_dovecot dest=/etc/monit/conf.d/dovecot
  notify: restart monit
  when: dovecot_config_file.stat.exists == True

- name: Copy postfix monit service config files into place
  copy: src=etc_monit_conf.d_postfix dest=/etc/monit/conf.d/postfix
  notify: restart monit
  when: postfix_config_file.stat.exists == True

- name: Copy sshd monit service config files into place
  copy: src=etc_monit_conf.d_sshd dest=/etc/monit/conf.d/sshd
  notify: restart monit
  when: sshd_config_file.stat.exists == True

- name: Copy slapd monit service config files into place
  copy: src=etc_monit_conf.d_slapd dest=/etc/monit/conf.d/slapd
  notify: restart monit
  when: slapd_config_file.stat.exists == True

- name: Copy pgsql deb9 monit service config files into place
  copy: src=etc_monit_conf.d_pgsql_deb9 dest=/etc/monit/conf.d/pgsql_deb9
  notify: restart monit
  when: pgsql9_config_file.stat.exists == True

- name: Copy tomcat deb9 monit service config files into place
  copy: src=etc_monit_conf.d_tomcat_deb9 dest=/etc/monit/conf.d/tomcat_deb9
  notify: restart monit
  when: tomcat9_config_file.stat.exists == True

- name: Copy pgsql deb10 monit service config files into place
  copy: src=etc_monit_conf.d_pgsql_deb10 dest=/etc/monit/conf.d/pgsql_deb10
  notify: restart monit
  when: pgsql10_config_file.stat.exists == True

- name: Copy tomcat deb10 monit service config files into place
  copy: src=etc_monit_conf.d_tomcat_deb10 dest=/etc/monit/conf.d/tomcat_deb10
  notify: restart monit
  when: tomcat10_config_file.stat.exists == True

- name: Copy pgsql deb11 monit service config files into place
  copy: src=etc_monit_conf.d_pgsql_deb11 dest=/etc/monit/conf.d/pgsql_deb11
  notify: restart monit
  when: pgsql11_config_file.stat.exists == True

# ---------------------------------------

# TODO add to fail2ban when monit_page_public == 1

- name: Create the Apache monit sites config files
  template:
    src=etc_apache2_sites-available_monit.j2
    dest=/etc/apache2/sites-available/monit_{{ item.name }}.conf
    owner=root
    group=root
  with_items: "{{ virtual_domains }}"
  when: monit_page_public == 1

- name: Enable Apache sites (creates new sites-enabled symlinks)
  command: a2ensite monit_{{ item }}.conf creates=/etc/apache2/sites-enabled/monit_{{ item }}.conf
  notify: restart apache
  with_items: "{{ virtual_domains | json_query('[*].name') }}"
  when: monit_page_public == 1