--- - name: Install monitoring packages ansible.builtin.apt: name: # System monitoring - htop - iotop - nethogs - iftop - ncdu - dstat # Log monitoring - logwatch - fail2ban # Network monitoring - nmap - tcpdump - wireshark-common # Performance monitoring - sysstat - atop state: present - name: Install modern monitoring tools via snap community.general.snap: name: - btop - bandwhich state: present - name: Configure fail2ban ansible.builtin.template: src: jail.local.j2 dest: /etc/fail2ban/jail.local mode: '0644' notify: restart fail2ban - name: Enable sysstat data collection ansible.builtin.lineinfile: path: /etc/default/sysstat regexp: '^ENABLED=' line: 'ENABLED="true"' notify: restart sysstat - name: Create monitoring scripts directory ansible.builtin.file: path: /usr/local/bin/monitoring state: directory mode: '0755' - name: Deploy system monitoring script ansible.builtin.copy: content: | #!/bin/bash # System monitoring dashboard echo "=== System Overview ===" echo "Hostname: $(hostname)" echo "Uptime: $(uptime -p)" echo "Load: $(uptime | awk -F'load average:' '{print $2}')" echo "" echo "=== Memory ===" free -h echo "" echo "=== Disk Usage ===" df -h / /home 2>/dev/null | grep -v tmpfs echo "" echo "=== Top Processes ===" ps aux --sort=-%cpu | head -6 echo "" echo "=== Network Connections ===" ss -tuln | head -10 echo "" if command -v tailscale >/dev/null; then echo "=== Tailscale Status ===" tailscale status --peers=false 2>/dev/null || echo "Not connected" fi dest: /usr/local/bin/monitoring/sysinfo mode: '0755' - name: Deploy network monitoring script ansible.builtin.copy: content: | #!/bin/bash # Network monitoring script echo "=== Network Interface Status ===" ip addr show | grep -E "(inet |state )" | grep -v 127.0.0.1 echo "" echo "=== Route Table ===" ip route show echo "" echo "=== DNS Configuration ===" cat /etc/resolv.conf | grep nameserver echo "" echo "=== Open Ports ===" ss -tuln | grep LISTEN | sort dest: /usr/local/bin/monitoring/netinfo mode: '0755'