From 63f34c4905886e738e1eeb38d32d6fb6ac8cab9b Mon Sep 17 00:00:00 2001
From: Tim H <6026716+tho@users.noreply.github.com>
Date: Sun, 3 Feb 2019 18:14:47 -0500
Subject: [PATCH] Add monitoring tag

Monitoring is disabled by default. It can be enabled by either setting

    monitoring_enabled: true

in config.cfg or by running

    ./algo -e monitoring_enabled`
---
 config.cfg                  | 10 ++++++++++
 docs/deploy-from-ansible.md |  1 +
 playbooks/cloud-pre.yml     |  1 +
 server.yml                  |  3 +++
 4 files changed, 15 insertions(+)

diff --git a/config.cfg b/config.cfg
index b0c7756d..865f667c 100644
--- a/config.cfg
+++ b/config.cfg
@@ -78,6 +78,16 @@ dns_servers:
 # IP address for the local dns resolver
 local_service_ip: 172.16.0.1
 
+# Enable system monitoring.
+monitoring_enabled: false
+
+# If monitoring is enabled go-audit will be installed. Currently, no official
+# go-audit package exists and the tool must either be compiled from source or
+# pre-built binaries must be used. Set the following option to 'true' to
+# compile go-audit from source on the target host or 'false' to use the
+# pre-build binary located in the go_audit role's files/ directory.
+go_audit_build: false
+
 # Your Algo server will automatically install security updates. Some updates
 # require a reboot to take effect but your Algo server will not reboot itself
 # automatically unless you change 'enabled' below from 'false' to 'true', in
diff --git a/docs/deploy-from-ansible.md b/docs/deploy-from-ansible.md
index 361272d3..b85fb54d 100644
--- a/docs/deploy-from-ansible.md
+++ b/docs/deploy-from-ansible.md
@@ -60,6 +60,7 @@ Server roles:
 - role: dns_encryption
 - role: ssh_tunneling
 - role: wireguard
+- role: go_audit
 
 Note: The `vpn` role generates Apple profiles with On-Demand Wifi and Cellular if you pass the following variables:
 
diff --git a/playbooks/cloud-pre.yml b/playbooks/cloud-pre.yml
index 338e70dd..8a2b75c9 100644
--- a/playbooks/cloud-pre.yml
+++ b/playbooks/cloud-pre.yml
@@ -12,6 +12,7 @@
         'algo_windows "{{ algo_windows }}"' \
         'wireguard_enabled "{{ wireguard_enabled }}"' \
         'dns_encryption "{{ dns_encryption }}"' \
+        'monitoring_enabled "{{ monitoring_enabled }}"' \
         > /dev/tty
 
 - name: Install the requirements
diff --git a/server.yml b/server.yml
index f643f4f8..a938344a 100644
--- a/server.yml
+++ b/server.yml
@@ -24,6 +24,9 @@
     - role: ssh_tunneling
       when: algo_ssh_tunneling
       tags: ssh_tunneling
+    - role: go_audit
+      when: monitoring_enabled
+      tags: monitoring
 
   post_tasks:
     - block: