data "docker_registry_image" "fail2ban" {
  name = "linuxserver/fail2ban:latest"
}

resource "docker_image" "fail2ban" {
  name = data.docker_registry_image.fail2ban.name
  pull_triggers = [data.docker_registry_image.fail2ban.sha256_digest]
}

resource "docker_container" "fail2ban" {
  image = docker_image.fail2ban.image_id
  name = "fail2ban"
  restart = "always"

  capabilities {
    add = ["NET_ADMIN", "NET_RAW"]
  }

  env = [
    "TZ=Europe/Amsterdam",
    "PUID=1000",
    "PGID=1000"
  ]

  mounts {
    target = "/config"
    source = "/var/lib/containers/fail2ban/config"
    type = "bind"
  }

  mounts {
    target = "/var/log"
    source = "/var/log"
    type = "bind"
    read_only = true
  }

  mounts {
    target = "/remotelogs/nginx"
    source = "/var/lib/containers/nginx-lb/log"
    type = "bind"
    read_only = true
  }

  lifecycle {
    ignore_changes = [
      ulimit,
      log_opts
    ]
  }
}