add server support for syslogd

roles/syslogd/tasks/server.yml

@@ -0,0 +1,76 @@
+---
+
+- name: create data directories
+  file:
+    dest: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: root
+    group: "{{ ansible_wheel }}"
+  with_items:
+    - /export/log
+    - /export/log/archive
+
+- name: link data directory
+  file:
+    dest: /srv/log
+    src: /export/log
+    state: link
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: copy server key
+  copy:
+    dest: "{{ tls_private }}/0.0.0.0:6514.key"
+    src: /srv/letsencrypt/live/loghost.foo.sh/privkey.pem
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: copy server crt
+  copy:
+    dest: "{{ tls_certs }}/0.0.0.0:6514.crt"
+    src: /srv/letsencrypt/live/loghost.foo.sh/fullchain.pem
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: add archiving to syslog.conf
+  blockinfile:
+    path: /etc/syslog.conf
+    insertbefore: BOF
+    block: |
+      # everything goes to archive
+      *.* /srv/log/all.log
+      # only local goes to the standard logs
+      +{{ inventory_hostname }}
+    marker: "# {mark} ANSIBLE MANAGED BLOCK (syslogd)"
+  notify: restart syslogd
+
+- name: create dummy all.log
+  shell: umask 027 ; touch /srv/log/all.log
+  args:
+    creates: /srv/log/all.log
+
+- name: install log archiver
+  copy:
+    dest: /usr/local/sbin/syslog-archive
+    src: syslog-archive.sh
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: install log archiver cron
+  cron:
+    name: syslog-archive
+    user: root
+    hour: 0
+    minute: 0
+    job: /usr/local/sbin/syslog-archive /srv/log all.log
+
+- name: enable syslogd remote logging
+  service:
+    name: syslogd
+    state: started
+    enabled: true
+    arguments: -n -K {{ tls_certs }}/ca.crt -S 0.0.0.0:6514 -S ::::6514