vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fuck scammers, abusers and bad actors!
Some checks failed
Ansible Lint Check / check-ansible (push) Failing after 42s
Details
Nix Format Check / check-format (push) Failing after 37s
Details
Python Lint Check / check-python (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Menno van Leeuwen
2025-06-15 01:33:04 +00:00
parent 3774ea6233
commit 247aa2d733
14 changed files with 275 additions and 852 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
config/ansible/tasks/servers/services/caddy/Caddyfile.j2
View File

@@ -1,19 +1,22 @@
# Global configuration for country blocking
{
# Block specific countries (add ISO country codes as needed)
# Examples: CN (China), RU (Russia), KP (North Korea), IR (Iran)
servers {
protocols h1 h2 h3
}
}
# Country blocking snippet - reusable across all sites
{% if enable_country_blocking | default(false) and blocked_countries | default([]) | length > 0 %}
# Country blocking snippet using MaxMind GeoLocation - reusable across all sites
{% if enable_country_blocking | default(false) and allowed_countries_codes | default([]) | length > 0 %}
(country_block) {
@blocked_countries {
remote_ip {{ blocked_countries | join(' ') }}
@not_allowed_countries {
not {
maxmind_geolocation {
db_path "/etc/caddy/geoip/GeoLite2-Country.mmdb"
allow_countries {{ allowed_countries_codes | join(' ') }}
}
}
}
respond @blocked_countries "Access denied from your country" 403
respond @not_allowed_countries "Access denied" 403
}
{% else %}
(country_block) {
@@ -116,7 +119,6 @@ ip.mvl.sh {
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
tls {{ caddy_email }}
}