51 lines
2.0 KiB
YAML
51 lines
2.0 KiB
YAML
---
|
|
- name: Country blocking setup for Caddy with MaxMind GeoLocation
|
|
block:
|
|
- name: Copy Dockerfile for custom Caddy build with GeoIP
|
|
ansible.builtin.copy:
|
|
src: Dockerfile
|
|
dest: "{{ caddy_service_dir }}/Dockerfile"
|
|
mode: "0644"
|
|
when: enable_country_blocking | default(false)
|
|
|
|
- name: Check if MaxMind Country database is available
|
|
ansible.builtin.stat:
|
|
path: "{{ geoip_db_path }}/GeoLite2-Country.mmdb"
|
|
register: maxmind_country_db
|
|
when: enable_country_blocking | default(false)
|
|
|
|
- name: Ensure log directory exists for Caddy
|
|
ansible.builtin.file:
|
|
path: "{{ caddy_data_dir }}/logs"
|
|
state: directory
|
|
mode: "0755"
|
|
become: true
|
|
when: enable_country_blocking | default(false)
|
|
|
|
- name: Display country blocking configuration
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "✅ Country blocking enabled: {{ enable_country_blocking | default(false) }}"
|
|
- "🛡️ Countries to allow: {{ allowed_countries_codes | default([]) | join(', ') }}"
|
|
- "📍 Using MaxMind GeoLocation plugin"
|
|
- "💾 Database path: /etc/caddy/geoip/GeoLite2-Country.mmdb"
|
|
- "📊 Database available: {{ maxmind_country_db.stat.exists | default(false) }}"
|
|
when: enable_country_blocking | default(false)
|
|
|
|
- name: Warn if MaxMind database not found
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "⚠️ WARNING: MaxMind Country database not found!"
|
|
- "Expected location: {{ geoip_db_path }}/GeoLite2-Country.mmdb"
|
|
- "Country blocking will not work until EchoIP service is deployed"
|
|
- "Run: dotf update --ansible --tags echoip"
|
|
when:
|
|
- enable_country_blocking | default(false)
|
|
- not maxmind_country_db.stat.exists | default(false)
|
|
|
|
tags:
|
|
- caddy
|
|
- security
|
|
- country-blocking
|
|
- geoip
|