diff --git a/fail2ban/init.sls b/fail2ban/init.sls index 1385ded..0c1be13 100644 --- a/fail2ban/init.sls +++ b/fail2ban/init.sls @@ -1,3 +1,4 @@ include: - fail2ban.install - fail2ban.jails + - fail2ban.prometheus diff --git a/fail2ban/prometheus.sls b/fail2ban/prometheus.sls new file mode 100644 index 0000000..a7aae9a --- /dev/null +++ b/fail2ban/prometheus.sls @@ -0,0 +1,35 @@ +Define firewalld service for fail2ban exporter: + firewalld.service: + - name: fail2ban_exporter + - ports: + - 9191/tcp + +Addinge fail2ban exporter fw service: + firewalld.present: + - name: public + - services: + - fail2ban_exporter + +create fail2ban-exporter container: + cmd.run: + - name: podman container create --name fail2ban-exporter -v /var/run/fail2ban:/var/run/fail2ban:ro -p 9191:9191 registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest + - unless: podman container exists fail2ban-exporter + +create fail2ban-exporter container unit file: + cmd.run: + - name: podman generate systemd --name fail2ban-exporter > /etc/systemd/system/fail2ban-exporter.service + - onchanges: + - cmd: create fail2ban-exporter container + +run daemon reload for fail2ban-exporter container unit file: + cmd.run: + - name: systemctl daemon-reload + - onchanges: + - cmd: create fail2ban-exporter container unit file + +start fail2ban-exporter container: + service.running: + - name: fail2ban-exporter + - enable: true + - watch: + - cmd: create fail2ban-exporter container unit file