diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..dd69de0 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,15 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false + +[Makefile] +indent_style = tab \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 1955792..9959a07 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,19 @@ -FROM debian:buster-slim +FROM docker.io/library/golang:1.20.5-buster AS build -# Create main app folder to run from -WORKDIR /app +WORKDIR /workspace +ADD . /workspace -# Copy compiled binary to release image -# (must build the binary before running docker build) -COPY fail2ban_exporter /app/fail2ban_exporter +RUN apt update --yes && \ + apt install --yes build-essential && \ + make install \ + PREFIX=/usr \ + DESTDIR=/app \ + EXECUTABLE=fail2ban_exporter -ENTRYPOINT ["/app/fail2ban_exporter"] +FROM docker.io/library/debian:10-slim + +COPY --from=build /app / + +EXPOSE 9191 + +ENTRYPOINT [ "/usr/bin/fail2ban_exporter" ] diff --git a/Makefile b/Makefile index 4421341..6b0be1a 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,9 @@ +DESTDIR?= +PREFIX?=/usr/local +EXECUTABLE?=fail2ban_exporter + +CONTAINER_RUNTIME?=$(shell which docker) + # List make commands .PHONY: ls ls: @@ -46,10 +52,34 @@ build: -X main.date=${shell date --iso-8601=seconds} \ -X main.builtBy=manual \ " \ - -o fail2ban_exporter \ + -trimpath \ + -o ${EXECUTABLE} \ exporter.go -# Build project docker container -.PHONY: build/docker -build/docker: build - docker build -t fail2ban-prometheus-exporter . +# build container-image +.PHONY: build/container-image +build/container-image: + ${CONTAINER_RUNTIME} build \ + --tag ${EXECUTABLE} \ + . + +.PHONY: install +install: build + mkdir --parents ${DESTDIR}/usr/lib/systemd/system + sed -e "s/EXECUTABLE/${EXECUTABLE}/gm" systemd/systemd.service > ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service + chmod 0644 ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service + + install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/bin ${EXECUTABLE} + +# NOTE: Set restrict file permissions by default to protect optional basic auth credentials + install -D --mode 0600 env ${DESTDIR}/etc/conf.d/${EXECUTABLE} + + install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE} LICENSE + +.PHONY: uninstall +uninstall: + -rm --recursive --force \ + ${DESTDIR}${PREFIX}/bin/${EXECUTABLE} \ + ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service \ + ${DESTDIR}/etc/conf.d/${EXECUTABLE} \ + ${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE}/LICENSE diff --git a/env b/env new file mode 100644 index 0000000..d0286e8 --- /dev/null +++ b/env @@ -0,0 +1,6 @@ +# F2B_COLLECTOR_SOCKET="" +# F2B_COLLECTOR_TEXT_PATH="" +# F2B_WEB_LISTEN_ADDRESS="" +# F2B_WEB_BASICAUTH_USER="" +# F2B_WEB_BASICAUTH_PASS="" +# F2B_EXIT_ON_SOCKET_CONN_ERROR="" diff --git a/systemd/systemd.service b/systemd/systemd.service new file mode 100644 index 0000000..1622c9f --- /dev/null +++ b/systemd/systemd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Prometheus exporter for fail2ban metrics +Requires=network-online.target +After=network-online.target + +[Service] +EnvironmentFile=/etc/conf.d/EXECUTABLE +ExecStart=/usr/bin/EXECUTABLE +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure +RestartSec=5s + +NoNewPrivileges=true + +# NOTE: Would be great to create and use a dedicated user/group via +# sysusers.conf to access the fail2ban socket, but currently it is no possible +# without manual configuration of the fail2ban daemon. +User=root +Group=root + +[Install] +WantedBy=multi-user.target