fuck scammers, abusers and bad actors!
This commit is contained in:
@@ -1,53 +1,50 @@
|
||||
---
|
||||
- name: Country blocking setup for Caddy
|
||||
- name: Country blocking setup for Caddy with MaxMind GeoLocation
|
||||
block:
|
||||
- name: Ensure Python requests module is installed
|
||||
ansible.builtin.apt:
|
||||
name: python3-requests
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: enable_country_blocking | default(false)
|
||||
- name: Copy Dockerfile for custom Caddy build with GeoIP
|
||||
ansible.builtin.copy:
|
||||
src: Dockerfile
|
||||
dest: "{{ caddy_service_dir }}/Dockerfile"
|
||||
mode: "0644"
|
||||
when: enable_country_blocking | default(false)
|
||||
|
||||
- name: Copy country blocking script
|
||||
ansible.builtin.copy:
|
||||
src: generate_country_blocks.py
|
||||
dest: "{{ caddy_service_dir }}/generate_country_blocks.py"
|
||||
mode: "0755"
|
||||
when: enable_country_blocking | default(false)
|
||||
- name: Check if MaxMind Country database is available
|
||||
ansible.builtin.stat:
|
||||
path: "/mnt/object_storage/services/echoip/GeoLite2-Country.mmdb"
|
||||
register: maxmind_country_db
|
||||
when: enable_country_blocking | default(false)
|
||||
|
||||
- name: Generate country IP ranges
|
||||
ansible.builtin.command:
|
||||
cmd: "python3 {{ caddy_service_dir }}/generate_country_blocks.py {{ blocked_countries_codes | join(' ') }} --format=list"
|
||||
register: country_ranges_result
|
||||
when:
|
||||
- enable_country_blocking | default(false)
|
||||
- blocked_countries_codes | default([]) | length > 0
|
||||
changed_when: false
|
||||
- name: Ensure log directory exists for Caddy
|
||||
ansible.builtin.file:
|
||||
path: "{{ caddy_data_dir }}/logs"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
become: true
|
||||
when: enable_country_blocking | default(false)
|
||||
|
||||
- name: Set country IP ranges fact
|
||||
ansible.builtin.set_fact:
|
||||
blocked_countries: "{{ country_ranges_result.stdout.split('\n') | select('match', '^[0-9]') | list }}"
|
||||
when:
|
||||
- enable_country_blocking | default(false)
|
||||
- country_ranges_result is defined
|
||||
- country_ranges_result.stdout is defined
|
||||
- name: Display country blocking configuration
|
||||
ansible.builtin.debug:
|
||||
msg:
|
||||
- "✅ Country blocking enabled: {{ enable_country_blocking | default(false) }}"
|
||||
- "🛡️ Countries to allow: {{ allowed_countries_codes | default([]) | join(', ') }}"
|
||||
- "📍 Using MaxMind GeoLocation plugin"
|
||||
- "💾 Database path: /etc/caddy/geoip/GeoLite2-Country.mmdb"
|
||||
- "📊 Database available: {{ maxmind_country_db.stat.exists | default(false) }}"
|
||||
when: enable_country_blocking | default(false)
|
||||
|
||||
- name: Display blocked countries info
|
||||
ansible.builtin.debug:
|
||||
msg:
|
||||
- "Country blocking enabled: {{ enable_country_blocking | default(false) }}"
|
||||
- "Countries to block: {{ blocked_countries_codes | default([]) | join(', ') }}"
|
||||
- "IP ranges found: {{ blocked_countries | default([]) | length }}"
|
||||
when: enable_country_blocking | default(false)
|
||||
|
||||
- name: Fallback to empty list if no ranges generated
|
||||
ansible.builtin.set_fact:
|
||||
blocked_countries: []
|
||||
when:
|
||||
- enable_country_blocking | default(false)
|
||||
- blocked_countries is not defined
|
||||
- name: Warn if MaxMind database not found
|
||||
ansible.builtin.debug:
|
||||
msg:
|
||||
- "⚠️ WARNING: MaxMind Country database not found!"
|
||||
- "Expected location: /mnt/object_storage/services/echoip/GeoLite2-Country.mmdb"
|
||||
- "Country blocking will not work until EchoIP service is deployed"
|
||||
- "Run: dotf update --ansible --tags echoip"
|
||||
when:
|
||||
- enable_country_blocking | default(false)
|
||||
- not maxmind_country_db.stat.exists | default(false)
|
||||
|
||||
tags:
|
||||
- caddy
|
||||
- security
|
||||
- country-blocking
|
||||
- caddy
|
||||
- security
|
||||
- country-blocking
|
||||
- geoip
|
||||
|
||||
Reference in New Issue
Block a user