thomas
/
sovereign


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207
							- name: Add monitoring vhost to apache
  template: src=etc_apache2_sites-available_00-status.conf dest=/etc/apache2/sites-available/00-status.conf

- name: Enable the status vhost
  command: a2ensite 00-status.conf creates=/etc/apache2/sites-enabled/00-status.conf
  notify: restart apache

- name: Install monit
  apt:
    name: monit
    state: present
  tags:
    - dependencies

- name: Copy monit master config file into place
  template: src=etc_monit_monitrc.j2 dest=/etc/monit/monitrc
  notify: restart monit

- name: Determine if ZNC is installed
  stat: path=/usr/lib/znc/configs/znc.conf
  register: znc_config_file

- name: Determine if XMPP is installed
  stat: path=/etc/prosody/prosody.cfg.lua
  register: prosody_config_file

- name: Determine if Fathom is installed
  stat: path=/usr/local/bin/fathom
  register: fathom_config_file

- name: Determine if Redis is installed
  stat: path=/etc/redis/redis.conf
  register: redis_config_file

- name: Determine if RSpamD is installed
  stat: path=/etc/rspamd/rspamd.conf
  register: rspamd_config_file

- name: Determine if gitea is installed
  stat: path=/etc/gitea/app.ini
  register: gitea_config_file

- name: Determine if Synapse is installed
  stat: path=/etc/matrix-synapse/homeserver.yaml
  register: synapse_config_file

- name: Determine if Mastodon is installed
  stat: path=/home/mastodon/mastodon
  register: mastodon_config_file

- name: Determine if Commento is installed
  stat: path=/home/{{ main_user_name }}/commento/commento
  register: commento_config_file

- name: Determine if Grafana is installed
  stat: path=/etc/grafana/grafana.ini
  register: grafana_config_file

- name: Determine if InfluxDB is installed
  stat: path=/etc/influxdb/influxdb.conf
  register: influxdb_config_file

- name: Determine if Telegraf is installed
  stat: path=/etc/telegraf/telegraf.conf
  register: telegraf_config_file

- name: Determine if Mosquitto is installed
  stat: path=/etc/mosquitto/mosquitto.conf
  register: mosquitto_config_file

- name: Determine if OpenVPN is installed
  stat: path=/etc/openvpn/server.conf
  register: openvpn_config_file

- name: Determine if Jitsi is installed
  stat: path=/etc/jitsi/jicofo/config
  register: jitsi_config_file

- name: Copy ZNC monit service config files into place
  copy: src=etc_monit_conf.d_znc dest=/etc/monit/conf.d/znc
  notify: restart monit
  when: znc_config_file.stat.exists == True

- name: Copy XMPP monit service config files into place
  copy: src=etc_monit_conf.d_prosody dest=/etc/monit/conf.d/prosody
  notify: restart monit
  when: prosody_config_file.stat.exists == True

- name: Copy Jitsi monit service config files into place
  copy: src=etc_monit_conf.d_jitsi dest=/etc/monit/conf.d/jitsi
  notify: restart monit
  when: jitsi_config_file.stat.exists == True

- name: Copy Fathom monit service config files into place
  copy: src=etc_monit_conf.d_fathom dest=/etc/monit/conf.d/fathom
  notify: restart monit
  when: fathom_config_file.stat.exists == True

- name: Copy Redis monit service config files into place
  copy: src=etc_monit_conf.d_redis dest=/etc/monit/conf.d/redis
  notify: restart monit
  when: redis_config_file.stat.exists == True

- name: Copy RSpamD monit service config files into place
  copy: src=etc_monit_conf.d_rspamd dest=/etc/monit/conf.d/rspamd
  notify: restart monit
  when: rspamd_config_file.stat.exists == True

- name: Copy gitea monit service config files into place
  copy: src=etc_monit_conf.d_gitea dest=/etc/monit/conf.d/gitea
  notify: restart monit
  when: gitea_config_file.stat.exists == True

- name: Copy Synapse monit service config files into place
  copy: src=etc_monit_conf.d_matrix dest=/etc/monit/conf.d/matrix
  notify: restart monit
  when: synapse_config_file.stat.exists == True

- name: Copy Mastodon monit service config files into place
  copy: src=etc_monit_conf.d_mastodon dest=/etc/monit/conf.d/mastodon
  notify: restart monit
  when: mastodon_config_file.stat.exists == True

- name: Copy Commento monit service config files into place
  copy: src=etc_monit_conf.d_commento dest=/etc/monit/conf.d/commento
  notify: restart monit
  when: commento_config_file.stat.exists == True

- name: Copy Grafana monit service config files into place
  copy: src=etc_monit_conf.d_grafana dest=/etc/monit/conf.d/grafana
  notify: restart monit
  when: grafana_config_file.stat.exists == True

- name: Copy InfluxDB monit service config files into place
  copy: src=etc_monit_conf.d_influxdb dest=/etc/monit/conf.d/influxdb
  notify: restart monit
  when: influxdb_config_file.stat.exists == True

- name: Copy Telegraf monit service config files into place
  copy: src=etc_monit_conf.d_telegraf dest=/etc/monit/conf.d/telegraf
  notify: restart monit
  when: telegraf_config_file.stat.exists == True

- name: Copy Mosquitto monit service config files into place
  copy: src=etc_monit_conf.d_mosquitto dest=/etc/monit/conf.d/mosquitto
  notify: restart monit
  when: mosquitto_config_file.stat.exists == True

- name: Copy OpenVPN monit service config files into place
  copy: src=etc_monit_conf.d_openvpn dest=/etc/monit/conf.d/openvpn
  notify: restart monit
  when: openvpn_config_file.stat.exists == True

- name: Copy dnsmasq monit service config files into place
  copy: src=etc_monit_conf.d_dnsmasq dest=/etc/monit/conf.d/dnsmasq
  notify: restart monit
  when: openvpn_config_file.stat.exists == True

- name: Copy monit service config files into place
  copy: src=etc_monit_conf.d_{{ item }} dest=/etc/monit/conf.d/{{ item }}
  with_items:
    - apache2
    - dovecot
    - postfix
    - sshd
  notify: restart monit

- name: Copy monit service config files into place
  copy: src=etc_monit_conf.d_{{ item }} dest=/etc/monit/conf.d/{{ item }}
  with_items:
    - pgsql_deb9
    - tomcat_deb9
  notify: restart monit
  when: ansible_distribution_version == '9'

- name: Copy monit service config files into place
  copy: src=etc_monit_conf.d_{{ item }} dest=/etc/monit/conf.d/{{ item }}
  with_items:
    - pgsql_deb10
    - tomcat_deb10
  notify: restart monit
  when: ansible_distribution_version == '10'

- name: Copy monit service config files into place
  copy: src=etc_monit_conf.d_{{ item }} dest=/etc/monit/conf.d/{{ item }}
  with_items:
    - pgsql_deb10
    - tomcat_deb10
  notify: restart monit
  when: ansible_distribution_version == '11'

# TODO add to fail2ban when monit_page_public == 1

- name: Create the Apache monit sites config files
  template:
    src=etc_apache2_sites-available_monit.j2
    dest=/etc/apache2/sites-available/monit_{{ item.name }}.conf
    owner=root
    group=root
  with_items: "{{ virtual_domains }}"
  when: monit_page_public == 1

- name: Enable Apache sites (creates new sites-enabled symlinks)
  command: a2ensite monit_{{ item }}.conf creates=/etc/apache2/sites-enabled/monit_{{ item }}.conf
  notify: restart apache
  with_items: "{{ virtual_domains | json_query('[*].name') }}"
  when: monit_page_public == 1