Compare commits
3 Commits
9cc6250994
...
faf6cfcec9
Author | SHA1 | Date | |
---|---|---|---|
faf6cfcec9 | |||
6ce9d3ccb1 | |||
14d5caa4b4 |
@ -16,6 +16,13 @@
|
||||
- { name: awfulAll, tags: ['awfulAll'] }
|
||||
|
||||
|
||||
- name: Configure home-net base packages
|
||||
hosts: home
|
||||
gather_facts: no
|
||||
roles:
|
||||
- { name: home-net, tags: ['base'] }
|
||||
|
||||
|
||||
- name: Deploy mediaserver
|
||||
hosts: mediaserver
|
||||
gather_facts: no
|
||||
@ -42,3 +49,11 @@
|
||||
- debug: msg="Deploying awful stack to cloud server"
|
||||
roles:
|
||||
- { name: test, tags: ['test'] }
|
||||
|
||||
- name: deploy syslog server
|
||||
gather_facts: no
|
||||
hosts: syslog
|
||||
tasks:
|
||||
- debug: msg="Deploy syslog server to larva."
|
||||
roles:
|
||||
- { name: syslog, tags: ['syslog'] }
|
||||
|
@ -1,5 +1,10 @@
|
||||
---
|
||||
|
||||
global_syslog_host: syslog.home.jowj.net
|
||||
global_syslog_netsys_port: "514"
|
||||
global_syslog_netcons_port: "5514"
|
||||
global_syslog_nettemp_port: "5515"
|
||||
|
||||
remote_user: josiah
|
||||
gather_facts: True
|
||||
source_os: arch
|
||||
@ -70,3 +75,11 @@ NEXTCLOUD_ADMIN_PASSWORD: "{{ VAULT_NEXTCLOUD_ADMIN_PASSWORD }}"
|
||||
|
||||
# DO shit
|
||||
DO_AUTH_TOKEN: "{{ VAULT_DO_AUTH_TOKEN }}"
|
||||
|
||||
# Syslog shit
|
||||
|
||||
sysloghost_share_mountpoint: /syslog/
|
||||
|
||||
sysloghost_netsys_port: "{{ global_syslog_netsys_port }}"
|
||||
sysloghost_netcons_port: "{{ global_syslog_netcons_port }}"
|
||||
sysloghost_nettemp_port: "{{ global_syslog_nettemp_port }}"
|
||||
|
2
ansible/host_vars/larva.home.jowj.net/main.yml
Normal file
2
ansible/host_vars/larva.home.jowj.net/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
interactive: yes
|
@ -4,6 +4,10 @@ all:
|
||||
hosts:
|
||||
awful-1.awful.club:
|
||||
ansible_python_interpreter: /usr/local/bin/python3.7
|
||||
home:
|
||||
hosts:
|
||||
hatchery.home.jowj.net:
|
||||
larva.home.jowj.net:
|
||||
vpn:
|
||||
hosts:
|
||||
vpn.awful.club:
|
||||
@ -20,3 +24,7 @@ all:
|
||||
hosts:
|
||||
hatchery:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
syslog:
|
||||
hosts:
|
||||
larva.home.jowj.net:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
|
10
ansible/roles/syslog/defaults/main.yml
Normal file
10
ansible/roles/syslog/defaults/main.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
sysloghost_netsys_port: "514"
|
||||
sysloghost_netcons_port: "5514"
|
||||
sysloghost_nettemp_port: "5515"
|
||||
sysloghost_all_ports:
|
||||
- "{{ sysloghost_netsys_port }}"
|
||||
- "{{ sysloghost_netcons_port }}"
|
||||
- "{{ sysloghost_nettemp_port }}"
|
||||
|
||||
sysloghost_share_mountpoint: ""
|
5
ansible/roles/syslog/handlers/main.yml
Normal file
5
ansible/roles/syslog/handlers/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: restart syslog-ng
|
||||
service:
|
||||
name: syslog-ng
|
||||
state: restarted
|
6
ansible/roles/syslog/readme.org
Normal file
6
ansible/roles/syslog/readme.org
Normal file
@ -0,0 +1,6 @@
|
||||
* syslog role
|
||||
skeleton build out right now.
|
||||
|
||||
** shit to fix
|
||||
- [ ] move away from NFS, but that's a wider problem
|
||||
- [ ] mount the synology as part of the play.
|
34
ansible/roles/syslog/tasks/main.yml
Normal file
34
ansible/roles/syslog/tasks/main.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
- name: Install syslog-ng etc
|
||||
apt:
|
||||
name:
|
||||
- logrotate
|
||||
- syslog-ng
|
||||
- nfs-common # required for mounting the idiot nfs thing over idiot nfs, the worst fs.
|
||||
state: latest
|
||||
|
||||
|
||||
- name: Configure firewall (Ubuntu)
|
||||
block:
|
||||
- name: Configure syslog UDP ports (Ubuntu)
|
||||
ufw: port={{ item }} proto=udp rule=allow
|
||||
with_items: "{{ sysloghost_all_ports }}"
|
||||
- name: Configure syslog TCP ports (Ubuntu)
|
||||
ufw: port={{ item }} proto=tcp rule=allow
|
||||
with_items: "{{ sysloghost_all_ports }}"
|
||||
|
||||
- name: Apply syslog-ng configuration
|
||||
template:
|
||||
src: syslog-ng.conf.j2
|
||||
dest: /etc/syslog-ng/syslog-ng.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: restart syslog-ng
|
||||
|
||||
|
||||
|
||||
- name: Start syslog-ng
|
||||
service:
|
||||
name: syslog-ng
|
||||
state: started
|
106
ansible/roles/syslog/templates/syslog-ng.conf.j2
Normal file
106
ansible/roles/syslog/templates/syslog-ng.conf.j2
Normal file
@ -0,0 +1,106 @@
|
||||
@version:3.25
|
||||
@include "scl.conf"
|
||||
|
||||
# syslog-ng configuration file.
|
||||
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
|
||||
# Note: it also sources additional configuration files (*.conf)
|
||||
# located in /etc/syslog-ng/conf.d/
|
||||
|
||||
|
||||
#
|
||||
# Options
|
||||
#
|
||||
options {
|
||||
flush_lines (0);
|
||||
time_reopen (10);
|
||||
log_fifo_size (1000);
|
||||
chain_hostnames (off);
|
||||
use_dns (no);
|
||||
use_fqdn (no);
|
||||
create_dirs (yes);
|
||||
keep_hostname (yes);
|
||||
};
|
||||
|
||||
|
||||
#
|
||||
# Sources
|
||||
#
|
||||
|
||||
# Local system logs
|
||||
source s_sys { system(); internal(); };
|
||||
|
||||
# Remote system logs, standard syslog ports on TCP/UDP
|
||||
source s_netsys { udp(port({{ sysloghost_netsys_port }})); tcp(port({{ sysloghost_netsys_port }})); };
|
||||
|
||||
# Remote netconsole logs, Linux kernel messages over the network
|
||||
source s_netcons { udp(port({{ sysloghost_netcons_port }})); tcp(port({{ sysloghost_netcons_port }})); };
|
||||
|
||||
# Remote temporal logs, stuff that might log often and be archived for only a short time
|
||||
source s_nettemp { udp(port({{ sysloghost_nettemp_port }})); tcp(port({{ sysloghost_nettemp_port }})); };
|
||||
|
||||
|
||||
#
|
||||
# Destinations
|
||||
#
|
||||
destination d_cons { file("/dev/console"); };
|
||||
destination d_mesg { file("/var/log/messages"); };
|
||||
destination d_auth { file("/var/log/secure"); };
|
||||
destination d_mail { file("/var/log/maillog" flush_lines(10)); };
|
||||
destination d_spol { file("/var/log/spooler"); };
|
||||
destination d_boot { file("/var/log/boot.log"); };
|
||||
destination d_cron { file("/var/log/cron"); };
|
||||
destination d_kern { file("/var/log/kern"); };
|
||||
destination d_localall { file("/var/log/localall.log"); };
|
||||
destination d_mlal { usertty("*"); };
|
||||
|
||||
destination d_nas_syslog { file("{{ sysloghost_share_mountpoint }}/$HOST.syslog.log.$R_YEAR$R_MONTH$R_DAY"); };
|
||||
destination d_nas_netcons { file("{{ sysloghost_share_mountpoint }}/$HOST.netconsole.log.$R_YEAR$R_MONTH$R_DAY"); };
|
||||
destination d_nas_localtest { file("/var/log/all.log.$R_YEAR$R_MONTH$R_DAY"); };
|
||||
destination d_nas_nettemp { file("{{ sysloghost_share_mountpoint }}/$HOST.temporal.log.$R_YEAR$R_MONTH$R_DAY"); };
|
||||
|
||||
|
||||
#
|
||||
# Filters
|
||||
#
|
||||
filter f_kernel { facility(kern); };
|
||||
filter f_default { level(info..emerg) and
|
||||
not (facility(mail)
|
||||
or facility(authpriv)
|
||||
or facility(cron)); };
|
||||
filter f_auth { facility(authpriv); };
|
||||
filter f_mail { facility(mail); };
|
||||
filter f_emergency { level(emerg); };
|
||||
filter f_news { facility(uucp) or
|
||||
(facility(news)
|
||||
and level(crit..emerg)); };
|
||||
filter f_boot { facility(local7); };
|
||||
filter f_cron { facility(cron); };
|
||||
|
||||
|
||||
#
|
||||
# Logs
|
||||
#
|
||||
#log { source(s_sys); filter(f_kernel); destination(d_cons); };
|
||||
log { source(s_sys); filter(f_kernel); destination(d_kern); };
|
||||
log { source(s_sys); filter(f_default); destination(d_mesg); };
|
||||
log { source(s_sys); filter(f_auth); destination(d_auth); };
|
||||
log { source(s_sys); filter(f_mail); destination(d_mail); };
|
||||
log { source(s_sys); filter(f_emergency); destination(d_mlal); };
|
||||
log { source(s_sys); filter(f_news); destination(d_spol); };
|
||||
log { source(s_sys); filter(f_boot); destination(d_boot); };
|
||||
log { source(s_sys); filter(f_cron); destination(d_cron); };
|
||||
|
||||
log { source(s_sys); destination(d_localall); destination(d_nas_syslog); };
|
||||
log { source(s_netsys); destination(d_nas_syslog); };
|
||||
log { source(s_netcons); destination(d_nas_netcons); };
|
||||
log { source(s_nettemp); destination(d_nas_nettemp); };
|
||||
|
||||
|
||||
#
|
||||
# Other
|
||||
#
|
||||
# Source additional configuration files (.conf extension only)
|
||||
@include "/etc/syslog-ng/conf.d/*.conf"
|
||||
|
||||
|
||||
# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
|
Loading…
Reference in New Issue
Block a user