Release first dockerfile, first documentation etc.. Update will follow

deployment/container/README.md

@@ -0,0 +1,88 @@
+# **Fail2Ban-UI Container**
+
+A **containerized version of Fail2Ban-UI**, allowing easy deployment for managing Fail2Ban configurations, logs, and bans via a web-based UI.
+
+
+## How to Build the Image
+
+```bash
+podman build -t fail2ban-ui --target=standalone-ui .
+```
+
+For **Docker**, just replace `podman` with `docker` for every command, e.g.:
+```bash
+docker build -t fail2ban-ui --target=standalone-ui .
+```
+
+
+## For SELinux enabled systems
+If SELinux is enabled, you must apply the required SELinux policies to allow the container to communicate with Fail2Ban.
+The policies are located here: "`./SELinux/`"
+
+Apply the prebuilt SELinux Modules with:
+
+```bash
+semodule -i fail2ban-container-ui.pp
+semodule -i fail2ban-container-client.pp
+```
+
+### Manually Compile and Install SELinux Rules
+
+If you want to change or compile the SELinux rules by yourself run:
+
+```bash
+checkmodule -M -m -o fail2ban-container-client.mod fail2ban-container-client.te
+semodule_package -o fail2ban-container-client.pp -m fail2ban-container-client.mod
+semodule -i fail2ban-container-client.pp
+```
+
+
+## How to Run the Container
+
+Create the needed folder to store the fail2ban-ui config first:
+```bash
+mkdir /opt/podman-fail2ban-ui
+```
+
+Then run the container with the following prompt in background (-d) as test. For a productive container setup please use a systemd service.
+```bash
+podman run -d \
+  --name fail2ban-ui \
+  --network=host \
+  -v /opt/podman-fail2ban-ui:/config:Z \
+  -v /etc/fail2ban:/etc/fail2ban:Z \
+  -v /var/log:/var/log:ro \
+  -v /var/run/fail2ban:/var/run/fail2ban \
+  -v /usr/share/GeoIP:/usr/share/GeoIP:ro \
+  localhost/fail2ban-ui
+```
+
+### Stop and Remove Container
+Stop the running container:
+```bash
+podman stop fail2ban-ui
+```
+Remove the container:
+```bash
+podman rm fail2ban-ui
+```
+
+## Troubleshooting
+
+### UI Not Accessible
+- Ensure port **8080 (or custom port)** is **not blocked** by the firewall. (e.g. firewalld)
+- Check container logs:
+```bash
+podman logs fail2ban-ui
+```
+- Ensure **Fail2Ban UI is running** inside the container:
+```bash
+podman exec -it fail2ban-ui ps aux
+```
+
+## Contact & Support
+For issues, contributions, or feature requests, visit our GitHub repository:  
+🔗 [GitHub Issues](https://github.com/swissmakers/fail2ban-ui/issues)
+
+For enterprise support, visit:  
+🔗 [Swissmakers GmbH](https://swissmakers.ch)

deployment/container/SELinux/fail2ban-container-client.te

@@ -0,0 +1,29 @@
+
+module fail2ban-container-client 1.0;
+
+require {
+	type fail2ban_t;
+	type fail2ban_client_t;
+	type fail2ban_var_run_t;
+	type container_file_t;
+	type httpd_log_t;
+	type container_t;
+	type var_log_t;
+	class sock_file write;
+	class unix_stream_socket connectto;
+    class dir { read search open };
+    class file { read open getattr };
+}
+
+#============= container_t ==============
+allow container_t fail2ban_t:unix_stream_socket connectto;
+allow container_t fail2ban_var_run_t:sock_file write;
+allow container_t httpd_log_t:dir { read search open };
+allow container_t httpd_log_t:file { read open getattr };
+allow container_t var_log_t:dir { read search open };
+allow container_t var_log_t:file { read open getattr };
+
+#============= fail2ban_client_t ==============
+allow fail2ban_client_t container_file_t:dir { read search open };
+allow fail2ban_client_t container_file_t:file { read open getattr };
+allow fail2ban_client_t container_file_t:sock_file write;

deployment/container/SELinux/fail2ban-container-ui.te

@@ -0,0 +1,13 @@
+
+module fail2ban-container-ui 1.0;
+
+require {
+	type fail2ban_log_t;
+	type etc_t;
+	type container_t;
+	class file { open read write };
+}
+
+#============= container_t ==============
+allow container_t etc_t:file write;
+allow container_t fail2ban_log_t:file { open read };

deployment/fail2ban-curl-allow.te

@@ -0,0 +1,11 @@
+
+module fail2ban-curl-allow 1.0;
+
+require {
+	type fail2ban_t;
+	type http_cache_port_t;
+	class tcp_socket name_connect;
+}
+
+#============= fail2ban_t ==============
+allow fail2ban_t http_cache_port_t:tcp_socket name_connect;

deployment/systemd/README.md

@@ -0,0 +1,188 @@
+# Fail2Ban-UI Systemd Setup
+This guide provides two methods to **run Fail2Ban-UI as a systemd service**.
+1. Systemd service that starts the local compiled binary.
+2. Systemd service that starts the fail2ban-ui container.
+
+## For SELinux enabled systems (needed in bouth cases)
+If SELinux is enabled, you must apply the required SELinux policies to allow Fail2Ban to communicate with the Fail2Ban-UI API via port 8080.
+
+Apply the prebuilt SELinux Module with:
+
+```bash
+semodule -i fail2ban-curl-allow.pp
+```
+
+## Build and running Fail2Ban-UI from Local Source Code
+In this case we will run **Fail2Ban-UI from `/opt/fail2ban-ui/`** using systemd.
+
+### Prerequisites
+Install **Go 1.22+** and required dependencies:
+  ```bash
+  sudo dnf install -y golang git whois
+  ```
+Make sure you setup GeoIP and your country database is available under: `/usr/share/GeoIP/GeoLite2-Country.mmdb`
+
+Clone the repository to `/opt/fail2ban-ui`:
+  ```bash
+  sudo git clone https://github.com/swissmakers/fail2ban-ui.git /opt/fail2ban-ui
+  cd /opt/fail2ban-ui
+  sudo go build -o fail2ban-ui ./cmd/main.go
+  ```
+
+### Create the fail2ban-ui.service
+Save this file as `/etc/systemd/system/fail2ban-ui.service`:
+
+```ini
+[Unit]
+Description=Fail2Ban UI
+After=network.target fail2ban.service
+Requires=fail2ban.service
+
+[Service]
+WorkingDirectory=/opt/fail2ban-ui
+ExecStart=/opt/fail2ban-ui/fail2ban-ui
+Restart=always
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target
+```
+
+### Start & Enable the Service
+1. Reload systemd to detect our new service:
+   ```bash
+   sudo systemctl daemon-reload
+   ```
+2. Enable and start the service:
+   ```bash
+   sudo systemctl enable fail2ban-ui.service --now
+   ```
+3. Check the status:
+   ```bash
+   sudo systemctl status fail2ban-ui.service
+   ```
+
+### View Logs
+To see the real-time logs of Fail2Ban-UI:
+```bash
+sudo journalctl -u fail2ban-ui.service -f
+```
+
+### Restart or Stop
+Restart:
+```bash
+sudo systemctl restart fail2ban-ui.service
+```
+Stop:
+```bash
+sudo systemctl stop fail2ban-ui.service
+```
+
+## Running Fail2Ban-UI as a (Systemd controlled) Container
+
+This method runs Fail2Ban-UI as a **containerized service** with **automatic startup** and handling through systemd.
+
+### Prerequisites
+
+- Ensure **Podman** or **Docker** is installed.
+
+For **Podman**:
+```bash
+sudo dnf install -y podman
+```
+For **Docker** (if preferred):
+```bash
+sudo dnf install -y docker
+sudo systemctl enable --now docker
+```
+Make sure you setup GeoIP and your country database is available under: `/usr/share/GeoIP/GeoLite2-Country.mmdb`
+
+Create the needed folder to store the fail2ban-ui config:
+```bash
+sudo mkdir /opt/podman-fail2ban-ui
+```
+
+### Create the fail2ban-ui-container.service
+Save this file as `/etc/systemd/system/fail2ban-ui-container.service`:
+
+```ini
+[Unit]
+Description=Fail2Ban UI (Containerized)
+After=network.target fail2ban.service
+Requires=fail2ban.service
+
+[Service]
+ExecStart=/usr/bin/podman run --rm \
+    --name fail2ban-ui \
+    --network=host \
+    -v /opt/podman-fail2ban-ui:/config:Z \
+    -v /etc/fail2ban:/etc/fail2ban:Z \
+    -v /var/log:/var/log:ro \
+    -v /var/run/fail2ban:/var/run/fail2ban \
+    -v /usr/share/GeoIP:/usr/share/GeoIP:ro \
+    localhost/fail2ban-ui
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target
+```
+
+### For SELinux enabled systems
+If SELinux is enabled, you must apply the required SELinux policies to allow the container to communicate with Fail2Ban.
+The policies are located here: "`../container/SELinux/`"
+
+Apply the prebuilt SELinux Modules with:
+
+```bash
+semodule -i fail2ban-container-ui.pp
+semodule -i fail2ban-container-client.pp
+```
+
+#### Manually Compile and Install SELinux Rules
+
+If you want to change or compile the SELinux rules by yourself run:
+
+```bash
+checkmodule -M -m -o fail2ban-container-client.mod fail2ban-container-client.te
+semodule_package -o fail2ban-container-client.pp -m fail2ban-container-client.mod
+semodule -i fail2ban-container-client.pp
+```
+
+
+### Start & Enable the Container Service
+1. Reload systemd to detect the new service:
+   ```bash
+   sudo systemctl daemon-reload
+   ```
+2. Enable and start the containerized service:
+   ```bash
+   sudo systemctl enable --now fail2ban-ui-container.service
+   ```
+3. Check the status:
+   ```bash
+   sudo systemctl status fail2ban-ui-container.service
+   ```
+
+### View Logs
+```bash
+sudo journalctl -u fail2ban-ui-container.service -f
+```
+
+### Restart or Stop
+Restart:
+```bash
+sudo systemctl restart fail2ban-ui-container.service
+```
+Stop:
+```bash
+sudo systemctl stop fail2ban-ui-container.service
+```
+
+## **Contact & Support**
+For issues, visit our GitHub repository:  
+🔗 [GitHub Issues](https://github.com/swissmakers/fail2ban-ui/issues)  
+
+For enterprise support:  
+🔗 [Swissmakers GmbH](https://swissmakers.ch)