WIP

core-os-podman/fail2ban.tf

@@ -0,0 +1,51 @@
+data "docker_registry_image" "fail2ban" {
+  name = "linuxserver/fail2ban:latest"
+}
+
+resource "docker_image" "fail2ban" {
+  name = data.docker_registry_image.fail2ban.name
+  pull_triggers = [data.docker_registry_image.fail2ban.sha256_digest]
+}
+
+resource "docker_container" "fail2ban" {
+  image = docker_image.fail2ban.image_id
+  name = "fail2ban"
+  restart = "always"
+
+  capabilities {
+    add = ["NET_ADMIN", "NET_RAW"]
+  }
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "PUID=1000",
+    "PGID=1000"
+  ]
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/fail2ban/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/log"
+    source = "/var/log"
+    type = "bind"
+    read_only = true
+  }
+
+  mounts {
+    target = "/remotelogs/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
+    type = "bind"
+    read_only = true
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}