- name: Check GeoLite2 file stat: path: "{{ docker_dir }}/caddy/GeoLite2-City.mmdb" register: geolite tags: never - name: Create GeoLite2 file command: "touch {{ docker_dir }}/caddy/GeoLite2-City.mmdb" when: - not geolite.stat.exists tags: never # ---------------------------------------------------------------------------------------------------- - name: Install yq on control host apt: name: - yq state: latest install_recommends: false delegate_to: "{{ control_host }}" become: true - name: Curl IP block range file by ProjectSegfault command: curl --output /tmp/blocked-ranges.yaml https://raw.githubusercontent.com/ProjectSegfault/ansible/master/privfrontends/blocked-ranges.yaml delegate_to: "{{ control_host }}" - name: Read IP block range file by ProjectSegfault ansible.builtin.shell: "yq -e '.blocked_ranges' /tmp/blocked-ranges.yaml" register: result delegate_to: "{{ control_host }}" - name: Parse IP block range file by ProjectSegfault set_fact: blocked_ranges: "{{ result.stdout | from_yaml }}" # ---------------------------------------------------------------------------------------------------- - name: Parse IP block range file by return42 set_fact: botnet_ranges: "{{ lookup('url', 'https://raw.githubusercontent.com/return42/sandbox/main/data/searxng/ipv4_botnet.lst') | regex_replace(',', ' ') | trim }}" delegate_to: "{{ control_host }}" # ---------------------------------------------------------------------------------------------------- - name: Set up Caddyfile template: src: "conf/Caddyfile.j2" dest: "{{ docker_dir }}/caddy/Caddyfile" owner: 1000 group: 1000 mode: 0755