From 2795f254a11e62488e6234d6ae1a782732488cdb Mon Sep 17 00:00:00 2001 From: Jeffrey Serio Date: Wed, 19 Mar 2025 23:01:39 -0500 Subject: [PATCH] Update freebsd-update.yml; add rsyslog-setup.yml --- freebsd-update.yml | 20 ++++++++++++++++++++ inventory.yml | 16 +++------------- rsyslog-setup.yml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 13 deletions(-) create mode 100644 rsyslog-setup.yml diff --git a/freebsd-update.yml b/freebsd-update.yml index 80dd594..5c3ef0e 100644 --- a/freebsd-update.yml +++ b/freebsd-update.yml @@ -20,3 +20,23 @@ state: latest jail: "{{ item }}" with_items: "{{ jails }}" + + - name: Fetch and install updates + ansible.builtin.shell: freebsd-update fetch install + register: updated + changed_when: '"No updates are available to install." not in updated.stdout' + + - name: Fetch and install updates in aa-torrenting jail + ansible.builtin.shell: freebsd-update -j aa-torrenting fetch install + register: updated_aa_torrenting + changed_when: '"No updates are available to install." not in updated_aa_torrenting.stdout' + + - name: Fetch and install updates in blocky jail + ansible.builtin.shell: freebsd-update -j blocky fetch install + register: updated_blocky + changed_when: '"No updates are available to install." not in updated_blocky.stdout' + + - name: Fetch and install updates in unbound jail + ansible.builtin.shell: freebsd-update -j unbound fetch install + register: updated_unbound + changed_when: '"No updates are available to install." not in updated_unbound.stdout' diff --git a/inventory.yml b/inventory.yml index fef3d68..fe9ec28 100644 --- a/inventory.yml +++ b/inventory.yml @@ -35,16 +35,6 @@ promservers: ansible_python_interpreter: /usr/bin/python3 promclients: - hosts: - hyperreal.coffee: - ansible_user: jas - ansible_host: hyperreal.headscale.moonshadow.dev - ansible_python_interpreter: /usr/bin/python3 - headscale: - ansible_user: jas - ansible_host: headscale.headscale.moonshadow.dev - ansible_python_interpreter: /usr/bin/python3 - archive-warrior: - ansible_user: jas - ansible_host: archive-warrior.headscale.moonshadow.dev - ansible_python_interpreter: /usr/bin/python3 + children: + debianservers: + almaservers: diff --git a/rsyslog-setup.yml b/rsyslog-setup.yml new file mode 100644 index 0000000..ced9913 --- /dev/null +++ b/rsyslog-setup.yml @@ -0,0 +1,45 @@ +--- +- hosts: promclients + gather_facts: true + become: true + + tasks: + - name: Ensure rsyslog is installed + ansible.builtin.package: + name: rsyslog + state: latest + + - name: Ensure rsyslog is enabled + ansible.builtin.systemd_service: + name: rsyslog + enabled: true + state: started + + - name: Remove any forwarding file if exists + ansible.builtin.file: + path: /etc/rsyslog.d/forward.conf + state: absent + + - name: Get control node headnet IP address + ansible.builtin.shell: tailscale status | head -1 | awk '{print $1}' + register: ctrl_headnet_ip_addr + delegate_to: 127.0.0.1 + + - name: Configure log forwarding + ansible.builtin.blockinfile: + path: /etc/rsyslog.d/forward.conf + create: true + owner: root + group: root + mode: 0644 + block: | + # Forward to desktop.headscale.moonshadow.dev ({{ctrl_headnet_ip_addr.stdout}}) + *.* action(type="omfwd" target="{{ctrl_headnet_ip_addr.stdout}}" port="514" protocol="tcp" + action.resumeRetryCount="100" + queue.type="linkedList" queue.size="10000") + + - name: Restart rsyslog + ansible.builtin.systemd_service: + name: rsyslog + enabled: true + state: restarted