grim/gf2b

Initial import
draft
2019-05-25, Gary Kramlich
4ac4610c2745
Parents
Children bb2efaa4e4db
Initial import
3 files changed, 83 insertions(+), 0 deletions(-)
  • +30 -0
    Dockerfile.fail2ban
  • +42 -0
    convey.yml
  • +11 -0
    overview.yaml
    • --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/Dockerfile.fail2ban Sat May 25 00:10:31 2019 -0500
    @@ -0,0 +1,30 @@
    +# grad doctl in a separate container so we can keep the final one tiny
    +FROM debian:buster-slim as doctl
    +
    +ENV DOCTL_VERSION=1.18.0
    +
    +RUN set -ex && \
    + apt-get update && \
    + apt-get install -y --no-install-recommends wget ca-certificates
    +
    +RUN set -ex && \
    + wget https://github.com/digitalocean/doctl/releases/download/v${DOCTL_VERSION}/doctl-${DOCTL_VERSION}-linux-amd64.tar.gz -O doctl.tar.gz && \
    + wget https://github.com/digitalocean/doctl/releases/download/v${DOCTL_VERSION}/doctl-${DOCTL_VERSION}-linux-amd64.sha256 -O doctl.sha256 && \
    + tar zxf doctl.tar.gz && \
    + sha256sum -c doctl.sha256 && \
    + chmod +x /doctl
    +
    +# The actual image with fail2ban
    +FROM debian:buster-slim
    +
    +RUN set -ex && \
    + apt-get update && \
    + apt-get install --no-install-recommends -y fail2ban && \
    + apt-get clean && \
    + rm -rf /var/lib/apt/lists && \
    + rm -f /etc/fail2ban/jail.d/* && \
    + mkdir -p /var/run/fail2ban
    +
    +COPY --from=doctl /doctl /usr/local/bin/doctl
    +
    +CMD ["/usr/bin/fail2ban-server", "-f", "--logtarget", "stdout"]
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/convey.yml Sat May 25 00:10:31 2019 -0500
    @@ -0,0 +1,42 @@
    +environment:
    + - TAG=latest
    + - REGISTRY_USERNAME
    + - REGISTRY_PASSWORD
    + - REGISTRY_HOST=docker.io
    +
    +tasks:
    + import:
    + type: docker/import
    + files: .:.
    + build:
    + type: docker/build
    + dockerfile: ${DOCKERFILE}
    + tags: ${REGISTRY_HOST}/${REPO}:${TAG}
    + push:
    + type: docker/push
    + image: ${REGISTRY_HOST}/${REPO}:${TAG}
    + login:
    + type: docker/login
    + server: ${REGISTRY_HOST}
    + username: ${REGISTRY_USERNAME}
    + password: ${REGISTRY_PASSWORD}
    + logout:
    + type: docker/logout
    + server: ${REGISTRY_HOST}
    +
    +plans:
    + default:
    + stages:
    + - tasks: [import]
    + - environment: [DOCKERFILE=Dockerfile.fail2ban, REPO=rwgrim/gf2b-fail2ban]
    + tasks: [build]
    +
    + cicd:
    + stages:
    + - tasks: [login, import]
    + - environment: [DOCKERFILE=Dockerfile.fail2ban, REPO=rwgrim/gf2b-fail2ban]
    + tasks: [build]
    + - tasks: [push]
    + - tasks: [logout]
    + run: always
    +
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/overview.yaml Sat May 25 00:10:31 2019 -0500
    @@ -0,0 +1,11 @@
    +services:
    + - rsyslogd
    +deployment:
    + containers:
    + - fail2ban
    + - rsyslogd
    + volumes:
    + - log storage
    + - fail2ban state
    +configmap:
    + - fail2ban