From 3e6aa6ec30f8794b61130aa4fb99dca92fde2d28 Mon Sep 17 00:00:00 2001
From: hkcomori <hkcomori@gmail.com>
Date: Thu, 8 Aug 2024 13:14:49 +0900
Subject: [PATCH] Add unixsocket support for webinterface

---
 README.md                 |  4 ++++
 templates/webinterface.j2 | 17 +++++++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index b57e920..ee05da7 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,10 @@ Role Variables
 * `monit_webinterface_enabled`: Enable monit web interface. Defaults to `true`.
 * `monit_webinterface_bind`: IP address to bind web interface. Defaults to `0.0.0.0` (listen for external requests).
 * `monit_webinterface_port`: Port for web interface. Defaults to `2812`.
+* `monit_webinterface_socket_path`: Path to the socket file. If set this, use the unix socket instead of TCP for web interface. Defaults to undefined.
+* `monit_webinterface_socket_owner`: Owner of the socket file. Defaults to undefined.
+* `monit_webinterface_socket_group`: Owner group of the socket file. Defaults to undefined.
+* `monit_webinterface_socket_mode`: Permission of the socket file. Defaults to undefined.
 * `monit_webinterface_rw_group`: Define group of users allowed to read and write on web interface. It is only applied when defined and is empty by default.
 * `monit_webinterface_r_group`: Define group of users allowed to read on web interface. It is only applied when defined and is empty by default.
 * `monit_webinterface_acl_rules`: List of ACL rules for the web interface, such as "localhost" or "hauk:password". It is only applied when defined and is empty by default. You should probably define at least one for the httpd service to start.
diff --git a/templates/webinterface.j2 b/templates/webinterface.j2
index cb7b9be..1a230ef 100644
--- a/templates/webinterface.j2
+++ b/templates/webinterface.j2
@@ -1,8 +1,21 @@
 # {{ ansible_managed }}
 {% if monit_webinterface_enabled %}
 set httpd
-  port {{ monit_webinterface_port }}
-  use address {{ monit_webinterface_bind }}
+{% if monit_webinterface_socket_path is not defined %}
+    port {{ monit_webinterface_port }}
+    use address {{ monit_webinterface_bind }}
+{% else %}
+    unixsocket {{ monit_webinterface_socket_path }}
+{% if monit_webinterface_socket_owner is defined %}
+    uid {{ monit_webinterface_socket_owner }}
+{% endif %}
+{% if monit_webinterface_socket_group is defined %}
+    gid {{ monit_webinterface_socket_group }}
+{% endif %}
+{% if monit_webinterface_socket_mode is defined %}
+    permission {{ monit_webinterface_socket_mode }}
+{% endif %}
+{% endif %}
 {% if monit_webinterface_acl_rules is defined %}
 {% for rule in monit_webinterface_acl_rules %}
     allow {{ rule }}