merge: main

* Merge branch 'main' into 'main'
* See merge request hectorjsmith/fail2ban-prometheus-exporter!105
* Merged by: Markus Pesch <markus.pesch@cryptic.systems>

.editorconfig

@@ -0,0 +1,15 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = false
+
+[Makefile]
+indent_style = tab

Dockerfile

@@ -1,10 +1,19 @@
-FROM debian:buster-slim
+FROM docker.io/library/golang:1.20.5-buster AS build
 
-# Create main app folder to run from
-WORKDIR /app
+WORKDIR /workspace
+ADD . /workspace
 
-# Copy compiled binary to release image
-# (must build the binary before running docker build)
-COPY fail2ban_exporter /app/fail2ban_exporter
+RUN apt update --yes && \
+    apt install --yes build-essential && \
+    make install \
+      PREFIX=/usr \
+      DESTDIR=/app \
+      EXECUTABLE=fail2ban_exporter
 
-ENTRYPOINT ["/app/fail2ban_exporter"]
+FROM docker.io/library/debian:10-slim
+
+COPY --from=build /app /
+
+EXPOSE 9191
+
+ENTRYPOINT [ "/usr/bin/fail2ban_exporter" ]

Makefile

@@ -1,3 +1,9 @@
+DESTDIR?=
+PREFIX?=/usr/local
+EXECUTABLE?=fail2ban_exporter
+
+CONTAINER_RUNTIME?=$(shell which docker)
+
 # List make commands
 .PHONY: ls
 ls:
@@ -46,10 +52,34 @@ build:
 	-X main.date=${shell date --iso-8601=seconds} \
 	-X main.builtBy=manual \
 	" \
-	-o fail2ban_exporter \
+	-trimpath \
+	-o ${EXECUTABLE} \
 	exporter.go
 
-# Build project docker container
-.PHONY: build/docker
-build/docker: build
-	docker build -t fail2ban-prometheus-exporter .
+# build container-image
+.PHONY: build/container-image
+build/container-image:
+	${CONTAINER_RUNTIME} build \
+		--tag ${EXECUTABLE} \
+		.
+
+.PHONY: install
+install: build
+	mkdir --parents ${DESTDIR}/usr/lib/systemd/system
+	sed -e "s/EXECUTABLE/${EXECUTABLE}/gm" systemd/systemd.service > ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service
+	chmod 0644 ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service
+
+	install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/bin ${EXECUTABLE}
+
+# NOTE: Set restrict file permissions by default to protect optional basic auth credentials
+	install -D --mode 0600 env ${DESTDIR}/etc/conf.d/${EXECUTABLE}
+
+	install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE} LICENSE
+
+.PHONY: uninstall
+uninstall:
+	-rm --recursive --force \
+		${DESTDIR}${PREFIX}/bin/${EXECUTABLE} \
+		${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service \
+		${DESTDIR}/etc/conf.d/${EXECUTABLE} \
+		${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE}/LICENSE

env

@@ -0,0 +1,6 @@
+# F2B_COLLECTOR_SOCKET=""
+# F2B_COLLECTOR_TEXT_PATH=""
+# F2B_WEB_LISTEN_ADDRESS=""
+# F2B_WEB_BASICAUTH_USER=""
+# F2B_WEB_BASICAUTH_PASS=""
+# F2B_EXIT_ON_SOCKET_CONN_ERROR=""

systemd/systemd.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Prometheus exporter for fail2ban metrics
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/EXECUTABLE
+ExecStart=/usr/bin/EXECUTABLE
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=5s
+
+NoNewPrivileges=true
+
+# NOTE: Would be great to create and use a dedicated user/group via
+# sysusers.conf to access the fail2ban socket, but currently it is no possible
+# without manual configuration of the fail2ban daemon.
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target