ansible/roles/monitoring/tasks/main.yml

---
- name: Install monitoring packages
  ansible.builtin.apt:
    name:
      # System monitoring
      - htop
      - iotop
      - nethogs
      - iftop
      - ncdu
      - dstat
      # Log monitoring
      - logwatch
      - fail2ban
      # Network monitoring
      - nmap
      - tcpdump
      - wireshark-common
      # Performance monitoring
      - sysstat
      - atop
    state: present

- name: Install modern monitoring tools via snap
  community.general.snap:
    name:
      - btop
      - bandwhich
    state: present

- name: Configure fail2ban
  ansible.builtin.template:
    src: jail.local.j2
    dest: /etc/fail2ban/jail.local
    mode: '0644'
  notify: restart fail2ban

- name: Enable sysstat data collection
  ansible.builtin.lineinfile:
    path: /etc/default/sysstat
    regexp: '^ENABLED='
    line: 'ENABLED="true"'
  notify: restart sysstat

- name: Create monitoring scripts directory
  ansible.builtin.file:
    path: /usr/local/bin/monitoring
    state: directory
    mode: '0755'

- name: Deploy system monitoring script
  ansible.builtin.copy:
    content: |
      #!/bin/bash
      # System monitoring dashboard
      echo "=== System Overview ==="
      echo "Hostname: $(hostname)"
      echo "Uptime: $(uptime -p)"
      echo "Load: $(uptime | awk -F'load average:' '{print $2}')"
      echo ""
      echo "=== Memory ==="
      free -h
      echo ""
      echo "=== Disk Usage ==="
      df -h / /home 2>/dev/null | grep -v tmpfs
      echo ""
      echo "=== Top Processes ==="
      ps aux --sort=-%cpu | head -6
      echo ""
      echo "=== Network Connections ==="
      ss -tuln | head -10
      echo ""
      if command -v tailscale >/dev/null; then
        echo "=== Tailscale Status ==="
        tailscale status --peers=false 2>/dev/null || echo "Not connected"
      fi
    dest: /usr/local/bin/monitoring/sysinfo
    mode: '0755'

- name: Deploy network monitoring script
  ansible.builtin.copy:
    content: |
      #!/bin/bash
      # Network monitoring script
      echo "=== Network Interface Status ==="
      ip addr show | grep -E "(inet |state )" | grep -v 127.0.0.1
      echo ""
      echo "=== Route Table ==="
      ip route show
      echo ""
      echo "=== DNS Configuration ==="
      cat /etc/resolv.conf | grep nameserver
      echo ""
      echo "=== Open Ports ==="
      ss -tuln | grep LISTEN | sort
    dest: /usr/local/bin/monitoring/netinfo
    mode: '0755'