merge: main

* Merge branch 'main' into 'main'
* See merge request hectorjsmith/fail2ban-prometheus-exporter!105
* Merged by: Markus Pesch <markus.pesch@cryptic.systems>
This commit is contained in:
Markus Pesch 2023-07-07 12:44:14 +00:00
commit f8ddc6a7e7
5 changed files with 94 additions and 12 deletions

15
.editorconfig Normal file
View File

@ -0,0 +1,15 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = false
[Makefile]
indent_style = tab

View File

@ -1,10 +1,19 @@
FROM debian:buster-slim
FROM docker.io/library/golang:1.20.5-buster AS build
# Create main app folder to run from
WORKDIR /app
WORKDIR /workspace
ADD . /workspace
# Copy compiled binary to release image
# (must build the binary before running docker build)
COPY fail2ban_exporter /app/fail2ban_exporter
RUN apt update --yes && \
apt install --yes build-essential && \
make install \
PREFIX=/usr \
DESTDIR=/app \
EXECUTABLE=fail2ban_exporter
ENTRYPOINT ["/app/fail2ban_exporter"]
FROM docker.io/library/debian:10-slim
COPY --from=build /app /
EXPOSE 9191
ENTRYPOINT [ "/usr/bin/fail2ban_exporter" ]

View File

@ -1,3 +1,9 @@
DESTDIR?=
PREFIX?=/usr/local
EXECUTABLE?=fail2ban_exporter
CONTAINER_RUNTIME?=$(shell which docker)
# List make commands
.PHONY: ls
ls:
@ -46,10 +52,34 @@ build:
-X main.date=${shell date --iso-8601=seconds} \
-X main.builtBy=manual \
" \
-o fail2ban_exporter \
-trimpath \
-o ${EXECUTABLE} \
exporter.go
# Build project docker container
.PHONY: build/docker
build/docker: build
docker build -t fail2ban-prometheus-exporter .
# build container-image
.PHONY: build/container-image
build/container-image:
${CONTAINER_RUNTIME} build \
--tag ${EXECUTABLE} \
.
.PHONY: install
install: build
mkdir --parents ${DESTDIR}/usr/lib/systemd/system
sed -e "s/EXECUTABLE/${EXECUTABLE}/gm" systemd/systemd.service > ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service
chmod 0644 ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service
install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/bin ${EXECUTABLE}
# NOTE: Set restrict file permissions by default to protect optional basic auth credentials
install -D --mode 0600 env ${DESTDIR}/etc/conf.d/${EXECUTABLE}
install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE} LICENSE
.PHONY: uninstall
uninstall:
-rm --recursive --force \
${DESTDIR}${PREFIX}/bin/${EXECUTABLE} \
${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service \
${DESTDIR}/etc/conf.d/${EXECUTABLE} \
${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE}/LICENSE

6
env Normal file
View File

@ -0,0 +1,6 @@
# F2B_COLLECTOR_SOCKET=""
# F2B_COLLECTOR_TEXT_PATH=""
# F2B_WEB_LISTEN_ADDRESS=""
# F2B_WEB_BASICAUTH_USER=""
# F2B_WEB_BASICAUTH_PASS=""
# F2B_EXIT_ON_SOCKET_CONN_ERROR=""

22
systemd/systemd.service Normal file
View File

@ -0,0 +1,22 @@
[Unit]
Description=Prometheus exporter for fail2ban metrics
Requires=network-online.target
After=network-online.target
[Service]
EnvironmentFile=/etc/conf.d/EXECUTABLE
ExecStart=/usr/bin/EXECUTABLE
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5s
NoNewPrivileges=true
# NOTE: Would be great to create and use a dedicated user/group via
# sysusers.conf to access the fail2ban socket, but currently it is no possible
# without manual configuration of the fail2ban daemon.
User=root
Group=root
[Install]
WantedBy=multi-user.target