File crowdsec-firewall-bouncer-iptables.spec of Package crowdsec-firewall-bouncer-iptables

Name:           crowdsec-firewall-bouncer-iptables
Version:        0.0.25
Release:        0
Summary:        Firewall bouncer for Crowdsec (iptables+ipset configuration)

License:        MIT
URL:            https://crowdsec.net
Group:          Productivity/Networking/Security
Source0:        %{name}-%{version}.tar.gz
Source1:        80-crowdsec-firewall-bouncer.preset
Source2:        vendor.tar.gz
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires:  git
BuildRequires:  make
BuildRequires:  jq
BuildRequires:  go >= 1.20
BuildRequires:  golang-packaging
Requires:       crowdsec
%{?fc33:BuildRequires: systemd-rpm-macros}

Requires: iptables,ipset,gettext,ipset

%define debug_package %{nil}

%description
Crowdsec bouncer written in golang for firewalls.

crowdsec-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls.

Supported firewalls:

iptables (IPv4 heavy_check_mark / IPv6 heavy_check_mark )
nftables (IPv4 heavy_check_mark / IPv6 heavy_check_mark )
ipset only (IPv4 heavy_check_mark / IPv6 heavy_check_mark )
pf (IPV4 heavy_check_mark / IPV6 heavy_check_mark )


%define version_number  %version
%define releasever  %release
%global local_version v%{version_number}-%{releasever}-rpm
%global name crowdsec-firewall-bouncer
%global __mangle_shebangs_exclude_from /usr/bin/env

%prep
%setup -q -T -b 0 -n crowdsec-firewall-bouncer-iptables-%{version_number}
tar -axf %{SOURCE2}

%build
BUILD_VERSION=%{local_version} GOFLAGS=-mod=vendor make
TMP=$(mktemp -p /tmp/)
cp config/%{name}.service ${TMP}
BIN=%{_bindir}/%{name} CFG=/etc/crowdsec/bouncers/ envsubst < ${TMP} > config/%{name}.service
rm ${TMP}

%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/usr/sbin
mkdir -p %{buildroot}%{_presetdir}
install -m 755 -D %{name}  %{buildroot}%{_bindir}/%{name}
install -m 600 -D config/%{name}.yaml %{buildroot}/etc/crowdsec/bouncers/%{name}.yaml
install -m 644 -D config/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
install -m 644 -D %{SOURCE1} %{buildroot}%{_presetdir}
ln -s /usr/sbin/service %{buildroot}/usr/sbin/rccrowdsec-firewall-bouncer
%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root,-)
/usr/bin/%{name}
%{_unitdir}/%{name}.service
/usr/sbin/rccrowdsec-firewall-bouncer
%dir %{_sysconfdir}/crowdsec/
%dir %{_sysconfdir}/crowdsec/bouncers/
%config(noreplace) %{_sysconfdir}/crowdsec/bouncers/%{name}.yaml
%config(noreplace) %{_presetdir}/80-crowdsec-firewall-bouncer.preset

%changelog
* Tue Feb 16 2021 Manuel Sabban <manuel@crowdsec.net>
- First initial packaging

%pre
%systemd_pre %{name}.service

%post
%systemd_post %{name}.service

%preun
%systemd_preun %{name}.service

%postun
%systemd_postun_with_restart %{name}.service


# %package -n crowdsec-firewall-bouncer-nftables
# Summary:      Firewall bouncer for Crowdsec (nftables configuration)
# Requires: nftables,gettext
# Requires:       crowdsec
# %description -n crowdsec-firewall-bouncer-nftables
# 
# %files -n crowdsec-firewall-bouncer-nftables
# /usr/bin/%{name}
# %{_unitdir}/%{name}.service
# %dir %{_sysconfdir}/crowdsec/
# %dir %{_sysconfdir}/crowdsec/bouncers/
# %config(noreplace) %{_sysconfdir}/crowdsec/bouncers/%{name}.yaml