diff --git a/run.yml b/run.yml index 5d822c3..635810a 100644 --- a/run.yml +++ b/run.yml @@ -17,4 +17,5 @@ - import_tasks: tasks/tor.yml - import_tasks: tasks/nginx.yml - import_tasks: tasks/git.yml + - import_tasks: tasks/goaccess.yml - import_tasks: tasks/deadswitch.yml \ No newline at end of file diff --git a/tasks/blog-setup.yml b/tasks/blog-setup.yml index 4da0cb6..82f8b80 100644 --- a/tasks/blog-setup.yml +++ b/tasks/blog-setup.yml @@ -15,6 +15,7 @@ dest: /usr/local/bin/updateBlog mode: u+rwx +# Rebuild blog every hour - name: Setup blog cron job cron: name: Build blog every hour diff --git a/tasks/deadswitch.yml b/tasks/deadswitch.yml index 56ec879..412620c 100644 --- a/tasks/deadswitch.yml +++ b/tasks/deadswitch.yml @@ -26,6 +26,7 @@ name: /root/.deadtrigger state: touch +# Run deadswitch daily at 1am - name: Install deadlock cronjob cron: name: Run deadswitch diff --git a/tasks/essential.yml b/tasks/essential.yml index 8ce6e5e..13de178 100644 --- a/tasks/essential.yml +++ b/tasks/essential.yml @@ -25,6 +25,7 @@ - tor - ufw - fail2ban + - goaccess - htop - zsh # :D - python3-certbot-nginx diff --git a/tasks/firewall.yml b/tasks/firewall.yml index 40def8c..848bb3c 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -30,4 +30,4 @@ systemd: name: fail2ban enabled: yes - state: restarted \ No newline at end of file + state: started \ No newline at end of file diff --git a/tasks/gitea.yml b/tasks/gitea.yml index a082780..d8203d5 100644 --- a/tasks/gitea.yml +++ b/tasks/gitea.yml @@ -10,4 +10,4 @@ systemd: name: gitea enabled: yes - state: restarted \ No newline at end of file + state: started \ No newline at end of file diff --git a/tasks/goaccess.yml b/tasks/goaccess.yml new file mode 100644 index 0000000..35feac5 --- /dev/null +++ b/tasks/goaccess.yml @@ -0,0 +1,5 @@ +--- +- name: Copy goaccess config + template: + src: templates/goaccess/goaccess.conf + dest: /etc/goaccess/goaccess.conf diff --git a/tasks/nginx.yml b/tasks/nginx.yml index 4f49951..1534446 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -36,7 +36,7 @@ dest: /etc/nginx/conf.d/tor-{{ domain }}.conf force: no -- name: Reload nginx to activate specified site +- name: Reload Nginx to install LetsEncrypt service: name: nginx state: restarted @@ -45,7 +45,7 @@ - name: Setup certbot shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}" -- name: Reload Nginx +- name: Reload Nginx with LetsEncrypt installed systemd: name: nginx enabled: yes diff --git a/tasks/tor.yml b/tasks/tor.yml index ff4ddc6..1caacb0 100644 --- a/tasks/tor.yml +++ b/tasks/tor.yml @@ -27,4 +27,4 @@ systemd: name: tor enabled: yes - state: restarted \ No newline at end of file + state: started \ No newline at end of file diff --git a/templates/goaccess/goaccess.conf b/templates/goaccess/goaccess.conf new file mode 100644 index 0000000..c8239ff --- /dev/null +++ b/templates/goaccess/goaccess.conf @@ -0,0 +1,718 @@ +###################################### +# Time Format Options (required) +###################################### +# +# The hour (24-hour clock) [00,23]; leading zeros are permitted but not required. +# The minute [00,59]; leading zeros are permitted but not required. +# The seconds [00,60]; leading zeros are permitted but not required. +# See `man strftime` for more details +# +# The following time format works with any of the +# Apache/NGINX's log formats below. +# +#time-format %H:%M:%S +# +# Google Cloud Storage or +# The time in microseconds since the Unix epoch. +# +#time-format %f + +# Squid native log format +# +#time-format %s + +###################################### +# Date Format Options (required) +###################################### +# +# The date-format variable followed by a space, specifies +# the log format date containing any combination of regular +# characters and special format specifiers. They all begin with a +# percentage (%) sign. See `man strftime` +# +# The following date format works with any of the +# Apache/NGINX's log formats below. +# +#date-format %d/%b/%Y +# +# AWS | Amazon CloudFront (Download Distribution) +# AWS | Elastic Load Balancing +# W3C (IIS) +# +#date-format %Y-%m-%d +# +# Google Cloud Storage or +# The time in microseconds since the Unix epoch. +# +#date-format %f + +# Squid native log format +# +#date-format %s + +###################################### +# Log Format Options (required) +###################################### +# +# The log-format variable followed by a space or \t for +# tab-delimited, specifies the log format string. +# +# NOTE: If the time/date is a timestamp in seconds or microseconds +# %x must be used instead of %d & %t to represent the date & time. + +# NCSA Combined Log Format +#log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +# NCSA Combined Log Format with Virtual Host +#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +# Common Log Format (CLF) +#log-format %h %^[%d:%t %^] "%r" %s %b + +# Common Log Format (CLF) with Virtual Host +#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b + +# W3C +#log-format %d %t %h %^ %^ %^ %^ %r %^ %s %b %^ %^ %u %R + +# Squid native log format +#log-format %^ %^ %^ %v %^: %x.%^ %~%L %h %^/%s %b %m %U + +# AWS | Amazon CloudFront (Download Distribution) +#log-format %d\t%t\t%^\t%b\t%h\t%m\t%^\t%r\t%s\t%R\t%u\t%^ + +# Google Cloud Storage +#log-format "%x","%h",%^,%^,"%m","%U","%s",%^,"%b","%D",%^,"%R","%u" + +# AWS | Elastic Load Balancing +#log-format %dT%t.%^ %^ %h:%^ %^ %T %^ %^ %^ %s %^ %b "%r" "%u" + +# AWSS3 | Amazon Simple Storage Service (S3) +#log-format %^[%d:%t %^] %h %^"%r" %s %^ %b %^ %L %^ "%R" "%u" + +# Virtualmin Log Format with Virtual Host +#log-format %h %^ %v %^[%d:%t %^] "%r" %s %b "%R" "%u" + +# Kubernetes Nginx Ingress Log Format +#log-format %^ %^ [%h] %^ %^ [%d:%t %^] "%r" %s %b "%R" "%u" %^ %^ [%v] %^:%^ %^ %T %^ %^ + +# In addition to specifying the raw log/date/time formats, for +# simplicity, any of the following predefined log format names can be +# supplied to the log/date/time-format variables. GoAccess can also +# handle one predefined name in one variable and another predefined +# name in another variable. +# +#log-format COMBINED +#log-format VCOMBINED +#log-format COMMON +#log-format VCOMMON +#log-format W3C +#log-format SQUID +#log-format CLOUDFRONT +#log-format CLOUDSTORAGE +#log-format AWSELB +#log-format AWSS3 + +###################################### +# UI Options +###################################### + +# Choose among color schemes +# 1 : Monochrome +# 2 : Green +# 3 : Monokai (if 256-colors supported) +# +#color-scheme 3 + +# Prompt log/date configuration window on program start. +# +config-dialog false + +# Color highlight active panel. +# +hl-header true + +# Specify a custom CSS file in the HTML report. +# +#html-custom-css /path/file.css + +# Specify a custom JS file in the HTML report. +# +#html-custom-js /path/file.js + +# Set default HTML preferences. +# +# NOTE: A valid JSON object is required. +# DO NOT USE A MULTILINE JSON OBJECT. +# The parser will only parse the value next to `html-prefs` (single line) +# It allows the ability to customize each panel plot. See example below. +# +#html-prefs {"theme":"bright","perPage":5,"layout":"horizontal","showTables":true,"visitors":{"plot":{"chartType":"bar"}}} + +# Set HTML report page title and header. +# +#html-report-title My Awesome Web Stats + +# Format JSON output using tabs and newlines. +# +json-pretty-print false + +# Turn off colored output. This is the default output on +# terminals that do not support colors. +# true : for no color output +# false : use color-scheme +# +no-color false + +# Don't write column names in the terminal output. By default, it displays +# column names for each available metric in every panel. +# +no-column-names false + +# Disable summary metrics on the CSV output. +# +no-csv-summary false + +# Disable progress metrics. +# +no-progress false + +# Disable scrolling through panels on TAB. +# +no-tab-scroll false + +# Disable progress metrics and parsing spinner. +# +#no-parsing-spinner true + +# Do not show the last updated field displayed in the HTML generated report. +# +#no-html-last-updated true + +# Enable mouse support on main dashboard. +# +with-mouse false + +# Maximum number of items to show per panel. +# Note: Only the CSV and JSON outputs allow a maximum greater than the +# default value of 366. +# +#max-items 366 + +# Custom colors for the terminal output +# Tailor GoAccess to suit your own tastes. +# +# Color Syntax: +# DEFINITION space/tab colorFG#:colorBG# [[attributes,] PANEL] +# +# FG# = foreground color number [-1...255] (-1 = default terminal color) +# BG# = background color number [-1...255] (-1 = default terminal color) +# +# Optionally: +# +# It is possible to apply color attributes, such as: +# bold,underline,normal,reverse,blink. +# Multiple attributes are comma separated +# +# If desired, it is possible to apply custom colors per panel, that is, a +# metric in the REQUESTS panel can be of color A, while the same metric in the +# BROWSERS panel can be of color B. +# +# The following is a 256 color scheme (hybrid palette) +# +#color COLOR_MTRC_HITS color110:color-1 +#color COLOR_MTRC_VISITORS color173:color-1 +#color COLOR_MTRC_DATA color221:color-1 +#color COLOR_MTRC_BW color167:color-1 +#color COLOR_MTRC_AVGTS color143:color-1 +#color COLOR_MTRC_CUMTS color247:color-1 +#color COLOR_MTRC_MAXTS color186:color-1 +#color COLOR_MTRC_PROT color109:color-1 +#color COLOR_MTRC_MTHD color139:color-1 +#color COLOR_MTRC_HITS_PERC color186:color-1 +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 VISITORS +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 OS +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 BROWSERS +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 VISIT_TIMES +#color COLOR_MTRC_VISITORS_PERC color186:color-1 +#color COLOR_MTRC_VISITORS_PERC_MAX color139:color-1 +#color COLOR_PANEL_COLS color243:color-1 +#color COLOR_BARS color250:color-1 +#color COLOR_ERROR color231:color167 +#color COLOR_SELECTED color7:color167 +#color COLOR_PANEL_ACTIVE color7:color237 +#color COLOR_PANEL_HEADER color250:color235 +#color COLOR_PANEL_DESC color242:color-1 +#color COLOR_OVERALL_LBLS color243:color-1 +#color COLOR_OVERALL_VALS color167:color-1 +#color COLOR_OVERALL_PATH color186:color-1 +#color COLOR_ACTIVE_LABEL color139:color235 bold underline +#color COLOR_BG color250:color-1 +#color COLOR_DEFAULT color243:color-1 +#color COLOR_PROGRESS color7:color110 + +###################################### +# Server Options +###################################### + +# Specify IP address to bind server to. +# +#addr 0.0.0.0 + +# Run GoAccess as daemon (if --real-time-html enabled). +# +#daemonize false + +# Ensure clients send the specified origin header upon the WebSocket +# handshake. +# +#origin http://example.org + +# The port to which the connection is being attempted to connect. +# By default GoAccess' WebSocket server listens on port 7890 +# See man page or http://gwsocket.io for details. +# +#port 7890 + +# Write the PID to a file when used along the daemonize option. +# +#pid-file /var/run/goaccess.pid + +# Enable real-time HTML output. +# +#real-time-html true + +# Path to TLS/SSL certificate. +# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL. +# +#ssl-cert /path/ssl/domain.crt + +# Path to TLS/SSL private key. +# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL. +# +#ssl-key /path/ssl/domain.key + +# URL to which the WebSocket server responds. This is the URL supplied +# to the WebSocket constructor on the client side. +# +# Optionally, it is possible to specify the WebSocket URI scheme, such as ws:// +# or wss:// for unencrypted and encrypted connections. +# e.g., ws-url wss://goaccess.io +# +# If GoAccess is running behind a proxy, you could set the client side +# to connect to a different port by specifying the host followed by a +# colon and the port. +# e.g., ws-url goaccess.io:9999 +# +# By default, it will attempt to connect to localhost. If GoAccess is +# running on a remote server, the host of the remote server should be +# specified here. Also, make sure it is a valid host and NOT an http +# address. +# +#ws-url goaccess.io + +# Path to read named pipe (FIFO). +# +#fifo-in /tmp/wspipein.fifo + +# Path to write named pipe (FIFO). +# +#fifo-out /tmp/wspipeout.fifo + +###################################### +# File Options +###################################### + +# Specify the path to the input log file. If set, it will take +# priority over -f from the command line. +# +#log-file /var/log/apache2/access.log + +# Send all debug messages to the specified file. +# +#debug-file debug.log + +# Specify a custom configuration file to use. If set, it will take +# priority over the global configuration file (if any). +# +#config-file + +# Log invalid requests to the specified file. +# +#invalid-requests + +# Do not load the global configuration file. +# +#no-global-config false + +###################################### +# Parse Options +###################################### + +# Enable a list of user-agents by host. For faster parsing, do not +# enable this flag. +# +agent-list false + +# Enable IP resolver on HTML|JSON|CSV output. +# +with-output-resolver false + +# Exclude an IPv4 or IPv6 from being counted. +# Ranges can be included as well using a dash in between +# the IPs (start-end). +# +#exclude-ip 127.0.0.1 +#exclude-ip 192.168.0.1-192.168.0.100 +#exclude-ip ::1 +#exclude-ip 0:0:0:0:0:ffff:808:804-0:0:0:0:0:ffff:808:808 + +# Include HTTP request method if found. This will create a +# request key containing the request method + the actual request. +# +# [default: yes] +# +http-method yes + +# Include HTTP request protocol if found. This will create a +# request key containing the request protocol + the actual request. +# +# [default: yes] +# +http-protocol yes + +# Write output to stdout given one of the following files and the +# corresponding extension for the output format: +# +# /path/file.csv - Comma-separated values (CSV) +# /path/file.json - JSON (JavaScript Object Notation) +# /path/file.html - HTML +# +# output /path/file.html + +# Ignore request's query string. +# i.e., www.google.com/page.htm?query => www.google.com/page.htm +# +# Note: Removing the query string can greatly decrease memory +# consumption, especially on timestamped requests. +# +no-query-string false + +# Disable IP resolver on terminal output. +# +no-term-resolver false + +# Treat non-standard status code 444 as 404. +# +444-as-404 false + +# Add 4xx client errors to the unique visitors count. +# +4xx-to-unique-count false + +# IP address anonymization +# The IP anonymization option sets the last octet of IPv4 user IP addresses and +# the last 80 bits of IPv6 addresses to zeros. +# e.g., 192.168.20.100 => 192.168.20.0 +# e.g., 2a03:2880:2110:df07:face:b00c::1 => 2a03:2880:2110:df07:: +# +#anonymize-ip false + +# Include static files that contain a query string in the static files +# panel. +# e.g., /fonts/fontawesome-webfont.woff?v=4.0.3 +# +all-static-files false + +# Include an additional delimited list of browsers/crawlers/feeds etc. +# See config/browsers.list for an example or +# https://raw.githubusercontent.com/allinurl/goaccess/master/config/browsers.list +# +#browsers-file + +# Date specificity. Possible values: `date` (default), or `hr`. +# +#date-spec hr + +# Decode double-encoded values. +# +double-decode false + +# Enable parsing/displaying the given panel. +# +#enable-panel VISITORS +#enable-panel REQUESTS +#enable-panel REQUESTS_STATIC +#enable-panel NOT_FOUND +#enable-panel HOSTS +#enable-panel OS +#enable-panel BROWSERS +#enable-panel VISIT_TIMES +#enable-panel VIRTUAL_HOSTS +#enable-panel REFERRERS +#enable-panel REFERRING_SITES +#enable-panel KEYPHRASES +#enable-panel STATUS_CODES +#enable-panel REMOTE_USER +#enable-panel CACHE_STATUS +#enable-panel GEO_LOCATION + +# Hide a referer but still count it. Wild cards are allowed. i.e., *.bing.com +# +#hide-referer *.google.com +#hide-referer bing.com + +# Hour specificity. Possible values: `hr` (default), or `min` (tenth +# of a minute). +# +#hour-spec min + +# Ignore crawlers from being counted. +# This will ignore robots listed under browsers.c +# Note that it will count them towards the total +# number of requests, but excluded from any of the panels. +# +ignore-crawlers false + +# Parse and display crawlers only. +# This will ignore all hosts except robots listed under browsers.c +# Note that it will count them towards the total +# number of requests, but excluded from any of the panels. +# +crawlers-only false + +# Ignore static file requests. +# req : Only ignore request from valid requests +# panels : Ignore request from panels. +# Note that it will count them towards the total number of requests +# ignore-statics req + +# Ignore parsing and displaying the given panel. +# +#ignore-panel VISITORS +#ignore-panel REQUESTS +#ignore-panel REQUESTS_STATIC +#ignore-panel NOT_FOUND +#ignore-panel HOSTS +#ignore-panel OS +#ignore-panel BROWSERS +#ignore-panel VISIT_TIMES +#ignore-panel VIRTUAL_HOSTS +ignore-panel REFERRERS +#ignore-panel REFERRING_SITES +ignore-panel KEYPHRASES +#ignore-panel STATUS_CODES +#ignore-panel REMOTE_USER +#ignore-panel CACHE_STATUS +#ignore-panel GEO_LOCATION + +# Ignore referers from being counted. +# This supports wild cards. For instance, +# '*' matches 0 or more characters (including spaces) +# '?' matches exactly one character +# +#ignore-referer *.domain.com +#ignore-referer ww?.domain.* + +# Ignore parsing and displaying one or multiple status code(s) +# +#ignore-status 400 +#ignore-status 502 + +# Keep the last specified number of days in storage. This will recycle the +# storage tables. e.g., keep & show only the last 7 days. +# +# keep-last 7 + +# Disable client IP validation. Useful if IP addresses have been +# obfuscated before being logged. +# +# no-ip-validation true + +# Number of lines from the access log to test against the provided +# log/date/time format. By default, the parser is set to test 10 +# lines. If set to 0, the parser won't test any lines and will parse +# the whole access log. +# +#num-tests 10 + +# Parse log and exit without outputting data. +# +#process-and-exit false + +# Display real OS names. e.g, Windows XP, Snow Leopard. +# +real-os true + +# Sort panel on initial load. +# Sort options are separated by comma. +# Options are in the form: PANEL,METRIC,ORDER +# +# Available metrics: +# BY_HITS - Sort by hits +# BY_VISITORS - Sort by unique visitors +# BY_DATA - Sort by data +# BY_BW - Sort by bandwidth +# BY_AVGTS - Sort by average time served +# BY_CUMTS - Sort by cumulative time served +# BY_MAXTS - Sort by maximum time served +# BY_PROT - Sort by http protocol +# BY_MTHD - Sort by http method +# Available orders: +# ASC +# DESC +# +#sort-panel VISITORS,BY_DATA,ASC +#sort-panel REQUESTS,BY_HITS,ASC +#sort-panel REQUESTS_STATIC,BY_HITS,ASC +#sort-panel NOT_FOUND,BY_HITS,ASC +#sort-panel HOSTS,BY_HITS,ASC +#sort-panel OS,BY_HITS,ASC +#sort-panel BROWSERS,BY_HITS,ASC +#sort-panel VISIT_TIMES,BY_DATA,DESC +#sort-panel VIRTUAL_HOSTS,BY_HITS,ASC +#sort-panel REFERRERS,BY_HITS,ASC +#sort-panel REFERRING_SITES,BY_HITS,ASC +#sort-panel KEYPHRASES,BY_HITS,ASC +#sort-panel STATUS_CODES,BY_HITS,ASC +#sort-panel REMOTE_USER,BY_HITS,ASC +#sort-panel CACHE_STATUS,BY_HITS,ASC +#sort-panel GEO_LOCATION,BY_HITS,ASC + +# Consider the following extensions as static files +# The actual '.' is required and extensions are case sensitive +# For a full list, uncomment the less common static extensions below. +# +static-file .css +static-file .js +static-file .jpg +static-file .png +static-file .gif +static-file .ico +static-file .jpeg +static-file .pdf +static-file .csv +static-file .mpeg +static-file .mpg +static-file .swf +static-file .woff +static-file .woff2 +static-file .xls +static-file .xlsx +static-file .doc +static-file .docx +static-file .ppt +static-file .pptx +static-file .txt +static-file .zip +static-file .ogg +static-file .mp3 +static-file .mp4 +static-file .exe +static-file .iso +static-file .gz +static-file .rar +static-file .svg +static-file .bmp +static-file .tar +static-file .tgz +static-file .tiff +static-file .tif +static-file .ttf +static-file .flv +#static-file .less +#static-file .ac3 +#static-file .avi +#static-file .bz2 +#static-file .class +#static-file .cue +#static-file .dae +#static-file .dat +#static-file .dts +#static-file .ejs +#static-file .eot +#static-file .eps +#static-file .img +#static-file .jar +#static-file .map +#static-file .mid +#static-file .midi +#static-file .ogv +#static-file .webm +#static-file .mkv +#static-file .odp +#static-file .ods +#static-file .odt +#static-file .otf +#static-file .pict +#static-file .pls +#static-file .ps +#static-file .qt +#static-file .rm +#static-file .svgz +#static-file .wav +#static-file .webp + +###################################### +# GeoIP Options +# Only if configured with --enable-geoip +###################################### + +# To feed a database either through GeoIP Legacy or GeoIP2, you need to use the +# geoip-database flag below. +# +# === GeoIP Legacy +# Legacy GeoIP has been discontinued. If your Linux distribution does not ship +# with the legacy databases, you may still be able to find them through +# different sources. Make sure to download the .dat files. +# +# Distributed with Creative Commons Attribution-ShareAlike 4.0 International License. +# https://mailfud.org/geoip-legacy/ + +# IPv4 Country database: +# Download the GeoIP.dat.gz +# gunzip GeoIP.dat.gz +# +# IPv4 City database: +# Download the GeoIPCity.dat.gz +# gunzip GeoIPCity.dat.gz + +# Standard GeoIP database for less memory usage (GeoIP Legacy). +# +#std-geoip false + +# === GeoIP2 +# For GeoIP2 databases, you can use DB-IP Lite databases. +# DB-IP is licensed under a Creative Commons Attribution 4.0 International License. +# https://db-ip.com/db/lite.php + +# Or you can download them from MaxMind +# https://dev.maxmind.com/geoip/geoip2/geolite2/ + +# For GeoIP2 City database: +# Download the GeoLite2-City.mmdb.gz +# gunzip GeoLite2-City.mmdb.gz +# +# For GeoIP2 Country database: +# Download the GeoLite2-Country.mmdb.gz +# gunzip GeoLite2-Country.mmdb.gz +# +#geoip-database /usr/local/share/GeoIP/GeoLiteCity.dat + +###################################### +# Persistence Options +###################################### + +# Path where the persisted database files are stored on disk. +# The default value is the /tmp/ directory +# Note the trailing forward-slash. +# +#db-path /tmp + +# Persist parsed data into disk. +#persist true + +# Load previously stored data from disk. +# Database files need to exist. See `persist`. +#restore true