WIP

2025-10-17 14:58:05 +02:00
parent d1298973a2
commit 8c149a4b38
5 changed files with 106 additions and 2 deletions
--- a/core-os-podman/fail2ban.tf
+++ b/core-os-podman/fail2ban.tf
@@ -0,0 +1,51 @@
+data "docker_registry_image" "fail2ban" {
+  name = "linuxserver/fail2ban:latest"
+}
+
+resource "docker_image" "fail2ban" {
+  name = data.docker_registry_image.fail2ban.name
+  pull_triggers = [data.docker_registry_image.fail2ban.sha256_digest]
+}
+
+resource "docker_container" "fail2ban" {
+  image = docker_image.fail2ban.image_id
+  name = "fail2ban"
+  restart = "always"
+
+  capabilities {
+    add = ["NET_ADMIN", "NET_RAW"]
+  }
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "PUID=1000",
+    "PGID=1000"
+  ]
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/fail2ban/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/log"
+    source = "/var/log"
+    type = "bind"
+    read_only = true
+  }
+
+  mounts {
+    target = "/remotelogs/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
+    type = "bind"
+    read_only = true
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
--- a/core-os-podman/goaccess.tf
+++ b/core-os-podman/goaccess.tf
@@ -0,0 +1,47 @@
+data "docker_registry_image" "goaccess" {
+  name = "allinurl/goaccess:latest"
+}
+
+resource "docker_image" "goaccess" {
+  name = data.docker_registry_image.goaccess.name
+  pull_triggers = [data.docker_registry_image.goaccess.sha256_digest]
+}
+
+resource "docker_container" "goaccess" {
+  image = docker_image.goaccess.image_id
+  name = "goaccess"
+  restart = "always"
+
+  entrypoint = ["zcat -f /srv/logs/nginx/access.log.*.gz | /usr/bin/goaccess"]
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "PUID=1000",
+    "PGID=1000"
+  ]
+
+  mounts {
+    target = "/srv/config/goaccess.conf"
+    source = "/var/lib/containers/goaccess/goaccess.conf"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/srv/logs/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
+    type = "bind"
+    read_only = true
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.48"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
--- a/core-os-podman/nginx-lb.tf
+++ b/core-os-podman/nginx-lb.tf
@@ -43,6 +43,12 @@ resource "docker_container" "nginx-lb" {
    type = "bind"
  }

+  mounts {
+    target = "/var/log/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
+    type = "bind"
+  }
+
  restart = "always"

  networks_advanced {
--- a/core-os-podman/terraform.tfstate
+++ b/core-os-podman/terraform.tfstate
--- a/core-os-podman/terraform.tfstate.backup
+++ b/core-os-podman/terraform.tfstate.backup