vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand country blocking to more high-risk countries
Some checks failed
Ansible Lint Check / check-ansible (push) Failing after 29s
Details
Nix Format Check / check-format (push) Failing after 1m26s
Details
Python Lint Check / check-python (push) Failing after 22s
Details

Browse Source 
- Add IN, VN, BR, TR, ID, TH, BD, PK, RO to blocked list
- Update alternative IP ranges for new countries in script
- Enhance documentation with rationale, risk assessment, and best practices
- Add test script for verifying country blocking functionality
- Improve Ansible tasks for dependency installation
This commit is contained in:
Menno van Leeuwen
2025-06-15 01:53:42 +02:00
parent 0f35a7b9e2
commit 3774ea6233
5 changed files with 386 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
config/ansible/tasks/servers/services/caddy/country-blocking.yml
View File

@@ -2,16 +2,17 @@
- name: Country blocking setup for Caddy
block:
- name: Ensure Python requests module is installed
ansible.builtin.pip:
name: requests
ansible.builtin.apt:
name: python3-requests
state: present
update_cache: yes
when: enable_country_blocking | default(false)
- name: Copy country blocking script
ansible.builtin.copy:
src: generate_country_blocks.py
dest: "{{ caddy_service_dir }}/generate_country_blocks.py"
mode: '0755'
mode: "0755"
when: enable_country_blocking | default(false)
- name: Generate country IP ranges