From c8bd9f4ec3c6bdca07bc96c3e1f107f01ed85bb8 Mon Sep 17 00:00:00 2001
From: Anton Vakhrushev <anwinged@ya.ru>
Date: Sat, 17 May 2025 16:58:12 +0300
Subject: [PATCH] Netdata: add fail2ban monitoring

---
 files/netdata/docker-compose.yml.j2 | 2 ++
 files/netdata/go.d/fail2ban.conf    | 3 +++
 playbook-netdata.yml                | 8 ++++++++
 3 files changed, 13 insertions(+)
 create mode 100644 files/netdata/go.d/fail2ban.conf

diff --git a/files/netdata/docker-compose.yml.j2 b/files/netdata/docker-compose.yml.j2
index 12707e1..19d017e 100644
--- a/files/netdata/docker-compose.yml.j2
+++ b/files/netdata/docker-compose.yml.j2
@@ -26,9 +26,11 @@ services:
       - "/run/dbus:/run/dbus:ro"
       - "/sys:/host/sys:ro"
       - "/var/log:/host/var/log:ro"
+      - "/var/run:/host/var/run:ro"
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
     environment:
       PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"
+      NETDATA_EXTRA_DEB_PACKAGES: "fail2ban"
 
 networks:
   {{ web_proxy_network }}:
diff --git a/files/netdata/go.d/fail2ban.conf b/files/netdata/go.d/fail2ban.conf
new file mode 100644
index 0000000..ddb5179
--- /dev/null
+++ b/files/netdata/go.d/fail2ban.conf
@@ -0,0 +1,3 @@
+jobs:
+  - name: fail2ban
+    update_every: 5  # Collect Fail2Ban jails statistics every 5 seconds
diff --git a/playbook-netdata.yml b/playbook-netdata.yml
index 091acaa..130ae16 100644
--- a/playbook-netdata.yml
+++ b/playbook-netdata.yml
@@ -50,6 +50,14 @@
         group: "{{ app_user }}"
         mode: "0640"
 
+    - name: "Copy fail2ban plugin config file"
+      ansible.builtin.copy:
+        src: "files/{{ app_name }}/go.d/fail2ban.conf"
+        dest: "{{ config_go_d_dir }}/fail2ban.conf"
+        owner: "{{ app_user }}"
+        group: "{{ app_user }}"
+        mode: "0640"
+
     - name: "Grab docker group id."
       ansible.builtin.shell:
         cmd: |