---
- name: Country blocking setup for Caddy with MaxMind GeoLocation
  block:
      - name: Copy Dockerfile for custom Caddy build with GeoIP
        ansible.builtin.copy:
            src: Dockerfile
            dest: "{{ caddy_service_dir }}/Dockerfile"
            mode: "0644"
        when: enable_country_blocking | default(false)

      - name: Check if MaxMind Country database is available
        ansible.builtin.stat:
            path: "{{ geoip_db_path }}/GeoLite2-Country.mmdb"
        register: maxmind_country_db
        when: enable_country_blocking | default(false)

      - name: Ensure log directory exists for Caddy
        ansible.builtin.file:
            path: "{{ caddy_data_dir }}/logs"
            state: directory
            mode: "0755"
        become: true
        when: enable_country_blocking | default(false)

      - name: Display country blocking configuration
        ansible.builtin.debug:
            msg:
                - "✅ Country blocking enabled: {{ enable_country_blocking | default(false) }}"
                - "🛡️  Countries to allow: {{ allowed_countries_codes | default([]) | join(', ') }}"
                - "📍 Using MaxMind GeoLocation plugin"
                - "💾 Database path: /etc/caddy/geoip/GeoLite2-Country.mmdb"
                - "📊 Database available: {{ maxmind_country_db.stat.exists | default(false) }}"
        when: enable_country_blocking | default(false)

      - name: Warn if MaxMind database not found
        ansible.builtin.debug:
            msg:
                - "⚠️  WARNING: MaxMind Country database not found!"
                - "Expected location: {{ geoip_db_path }}/GeoLite2-Country.mmdb"
                - "Country blocking will not work until EchoIP service is deployed"
                - "Run: dotf update --ansible --tags echoip"
        when:
            - enable_country_blocking | default(false)
            - not maxmind_country_db.stat.exists | default(false)

  tags:
      - caddy
      - security
      - country-blocking
      - geoip