76 lines
3.3 KiB
HCL
76 lines
3.3 KiB
HCL
# you must prefixe path with "${path.module}/"
|
|
resource "null_resource" "fail2ban_exporter" {
|
|
triggers = {
|
|
source = filesha256("${path.module}/fail2ban_exporter.initd")
|
|
}
|
|
connection {
|
|
type = "ssh"
|
|
user = "root"
|
|
host = var.connection_ip
|
|
private_key = var.connection_private_key
|
|
}
|
|
|
|
provisioner "file" {
|
|
source = "${path.module}/fail2ban_exporter.initd"
|
|
destination = "/tmp/fail2ban_exporter.initd"
|
|
}
|
|
|
|
provisioner "remote-exec" {
|
|
inline = [
|
|
"echo '#-----------------------'",
|
|
"echo '# module alpine_fail2ban'",
|
|
"echo '#-----------------------'",
|
|
"echo '# install fail2ban'",
|
|
"apk add fail2ban",
|
|
#
|
|
"echo '# enable service fail2ban'",
|
|
"rc-update add fail2ban",
|
|
"rc-service fail2ban start",
|
|
#
|
|
"echo '# install helpers'",
|
|
"ln -s /etc/fail2ban /root/fail2ban",
|
|
"ln -s 'fail2ban-client status' /etc/fail2ban/0_status",
|
|
"ln -s 'fail2ban-client banned' /etc/fail2ban/1_banned",
|
|
"ln -s 'fail2ban-client unban <ip> <ip>' /etc/fail2ban/1_unban",
|
|
"ln -s 'fail2ban-client reload' /etc/fail2ban/2_reload",
|
|
#
|
|
"echo '## fail2ban-prometheus-exporter'",
|
|
# dw binary -- DONT WORK on alpine
|
|
# "wget -nc https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/uploads/${var.fail2ban_exporter_link}/fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz",
|
|
# "echo '${var.fail2ban_exporter_checksum} fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz)' | filesha256 -c",
|
|
# "tar xzf fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz",
|
|
# "install -Dm775 fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64/fail2ban_exporter /usr/sbin/fail2ban_exporter",
|
|
# dw src
|
|
"echo '# install depends '",
|
|
"apk add --virtual .devenv build-base go",
|
|
"echo '# get sources '",
|
|
"wget -nc -q https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/archive/${var.fail2ban_exporter_version}/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz",
|
|
"echo '${var.fail2ban_exporter_checksum} fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz)' | filesha256 -c",
|
|
"tar xzf fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz",
|
|
"cd fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}/src",
|
|
"echo '# build '",
|
|
"go mod download -x",
|
|
"go build -v",
|
|
"echo '# install fail2ban_exporter'",
|
|
"install -Dm775 fail2ban-prometheus-exporter /usr/sbin/fail2ban_exporter",
|
|
"echo '# clean go cache'",
|
|
"go env GOCACHE",
|
|
"go clean -modcache",
|
|
#
|
|
#
|
|
"echo '# enable service fail2ban_exporter'",
|
|
"install -Dm775 /tmp/fail2ban_exporter.initd /etc/init.d/fail2ban_exporter",
|
|
"rc-update add fail2ban_exporter",
|
|
"rc-service fail2ban_exporter start",
|
|
#
|
|
"echo '# clean sources'",
|
|
# "rm -rf fail2ban_exporter_${var.fail2ban_exporter_version}_linux_amd64.tar.gz",
|
|
"rm -rf /root/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version} /root/fail2ban-prometheus-exporter-${var.fail2ban_exporter_version}.tar.gz",
|
|
"echo '# clean depends'",
|
|
"apk del --purge .devenv",
|
|
]
|
|
on_failure = fail
|
|
}
|
|
|
|
}
|