Add debian common role

2023-05-05 15:47:27 -04:00
parent b387d68eda
commit bf6bfe2809
79 changed files with 3166 additions and 0 deletions
--- a/common-debian/templates/etc/rsyslog.conf.j2
+++ b/common-debian/templates/etc/rsyslog.conf.j2
@ -0,0 +1,73 @@
+# Main rsyslog configuration
+# {{ ansible_managed }}
+
+####		 ####
+#### MODULES ####
+####		 ####
+
+module(load="imuxsock") # provides support for local system logging (e.g. via logger command)
+module(load="imklog")   # provides kernel logging support (previously done by rklogd)
+
+{% if 'role_log' in group_names %}
+module(load="imtcp" MaxSessions="1024")
+{% else %}
+$ModLoad imudp
+$UDPServerAddress ::1
+$UDPServerRun 514
+{% endif %}
+
+####				   ####
+#### GLOBAL DIRECTIVES ####
+####				   ####
+
+$PreserveFQDN on
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+####	   ####
+
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+$WorkDirectory /var/spool/rsyslog
+#### RULES ####
+####	   ####
+
+ruleset(name="local") {
+	kern.*								/var/log/kern.log
+	auth,authpriv.*	 					/var/log/auth.log
+	{% if not 'rpi' in group_names %}
+	cron.*								/var/log/cron.log
+	daemon,user.*						/var/log/daemon.log
+	mail.*								/var/log/mail.log
+	local5.*							/var/log/nginx.log
+	local6.*							/var/log/haproxy.log
+	local7.*							/var/log/boot.log
+	*.info;kern,daemon,user,auth,authpriv,cron,mail,local6.none,local7.none	/var/log/system.log
+	{% endif %}
+	{% if 'remote' in group_names %}
+	# Send everything to central logserver (rsyslog)
+	*.*									@@log.{{ blsedomains_admindomain }}:514
+	{% else %}
+	# Send everything to central logserver (rsyslog)
+	*.*									@@log.{{ blsedomains_hostdomain }}:514
+	{% endif %}
+}
+$DefaultRuleset local
+{% if 'role_log' in group_names %}
+
+ruleset(name="remote") {
+	kern.*								/srv/log/kern.log
+	daemon,user.*						/srv/log/daemon.log
+	auth,authpriv.*	 					/srv/log/auth.log
+	cron.*								/srv/log/cron.log
+	mail.*								/srv/log/mail.log
+	local5.*							/srv/log/nginx.log
+	local6.*							/srv/log/haproxy.log
+	local7.*							/srv/log/boot.log
+	*.info;kern,daemon,user,auth,authpriv,cron,mail,local6.none,local7.none	/srv/log/system.log
+}
+input(type="imtcp" port="514" ruleset="remote")
+{% endif %}