merge: main
* Merge branch 'main' into 'main' * See merge request hectorjsmith/fail2ban-prometheus-exporter!105 * Merged by: Markus Pesch <markus.pesch@cryptic.systems>
This commit is contained in:
commit
f8ddc6a7e7
15
.editorconfig
Normal file
15
.editorconfig
Normal file
@ -0,0 +1,15 @@
|
||||
# EditorConfig is awesome: https://EditorConfig.org
|
||||
|
||||
# top-most EditorConfig file
|
||||
root = true
|
||||
|
||||
[*]
|
||||
indent_style = space
|
||||
indent_size = 2
|
||||
end_of_line = lf
|
||||
charset = utf-8
|
||||
trim_trailing_whitespace = true
|
||||
insert_final_newline = false
|
||||
|
||||
[Makefile]
|
||||
indent_style = tab
|
23
Dockerfile
23
Dockerfile
@ -1,10 +1,19 @@
|
||||
FROM debian:buster-slim
|
||||
FROM docker.io/library/golang:1.20.5-buster AS build
|
||||
|
||||
# Create main app folder to run from
|
||||
WORKDIR /app
|
||||
WORKDIR /workspace
|
||||
ADD . /workspace
|
||||
|
||||
# Copy compiled binary to release image
|
||||
# (must build the binary before running docker build)
|
||||
COPY fail2ban_exporter /app/fail2ban_exporter
|
||||
RUN apt update --yes && \
|
||||
apt install --yes build-essential && \
|
||||
make install \
|
||||
PREFIX=/usr \
|
||||
DESTDIR=/app \
|
||||
EXECUTABLE=fail2ban_exporter
|
||||
|
||||
ENTRYPOINT ["/app/fail2ban_exporter"]
|
||||
FROM docker.io/library/debian:10-slim
|
||||
|
||||
COPY --from=build /app /
|
||||
|
||||
EXPOSE 9191
|
||||
|
||||
ENTRYPOINT [ "/usr/bin/fail2ban_exporter" ]
|
||||
|
40
Makefile
40
Makefile
@ -1,3 +1,9 @@
|
||||
DESTDIR?=
|
||||
PREFIX?=/usr/local
|
||||
EXECUTABLE?=fail2ban_exporter
|
||||
|
||||
CONTAINER_RUNTIME?=$(shell which docker)
|
||||
|
||||
# List make commands
|
||||
.PHONY: ls
|
||||
ls:
|
||||
@ -46,10 +52,34 @@ build:
|
||||
-X main.date=${shell date --iso-8601=seconds} \
|
||||
-X main.builtBy=manual \
|
||||
" \
|
||||
-o fail2ban_exporter \
|
||||
-trimpath \
|
||||
-o ${EXECUTABLE} \
|
||||
exporter.go
|
||||
|
||||
# Build project docker container
|
||||
.PHONY: build/docker
|
||||
build/docker: build
|
||||
docker build -t fail2ban-prometheus-exporter .
|
||||
# build container-image
|
||||
.PHONY: build/container-image
|
||||
build/container-image:
|
||||
${CONTAINER_RUNTIME} build \
|
||||
--tag ${EXECUTABLE} \
|
||||
.
|
||||
|
||||
.PHONY: install
|
||||
install: build
|
||||
mkdir --parents ${DESTDIR}/usr/lib/systemd/system
|
||||
sed -e "s/EXECUTABLE/${EXECUTABLE}/gm" systemd/systemd.service > ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service
|
||||
chmod 0644 ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service
|
||||
|
||||
install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/bin ${EXECUTABLE}
|
||||
|
||||
# NOTE: Set restrict file permissions by default to protect optional basic auth credentials
|
||||
install -D --mode 0600 env ${DESTDIR}/etc/conf.d/${EXECUTABLE}
|
||||
|
||||
install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE} LICENSE
|
||||
|
||||
.PHONY: uninstall
|
||||
uninstall:
|
||||
-rm --recursive --force \
|
||||
${DESTDIR}${PREFIX}/bin/${EXECUTABLE} \
|
||||
${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service \
|
||||
${DESTDIR}/etc/conf.d/${EXECUTABLE} \
|
||||
${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE}/LICENSE
|
||||
|
6
env
Normal file
6
env
Normal file
@ -0,0 +1,6 @@
|
||||
# F2B_COLLECTOR_SOCKET=""
|
||||
# F2B_COLLECTOR_TEXT_PATH=""
|
||||
# F2B_WEB_LISTEN_ADDRESS=""
|
||||
# F2B_WEB_BASICAUTH_USER=""
|
||||
# F2B_WEB_BASICAUTH_PASS=""
|
||||
# F2B_EXIT_ON_SOCKET_CONN_ERROR=""
|
22
systemd/systemd.service
Normal file
22
systemd/systemd.service
Normal file
@ -0,0 +1,22 @@
|
||||
[Unit]
|
||||
Description=Prometheus exporter for fail2ban metrics
|
||||
Requires=network-online.target
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=/etc/conf.d/EXECUTABLE
|
||||
ExecStart=/usr/bin/EXECUTABLE
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
|
||||
NoNewPrivileges=true
|
||||
|
||||
# NOTE: Would be great to create and use a dedicated user/group via
|
||||
# sysusers.conf to access the fail2ban socket, but currently it is no possible
|
||||
# without manual configuration of the fail2ban daemon.
|
||||
User=root
|
||||
Group=root
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
x
Reference in New Issue
Block a user