0
0
opnxng-deploy-playbook/config-tasks/caddy.yaml
2024-11-16 23:52:19 +08:00

53 lines
1.8 KiB
YAML

- name: Check GeoLite2 file
stat:
path: "{{ docker_dir }}/caddy/GeoLite2-City.mmdb"
register: geolite
tags: never
- name: Create GeoLite2 file
command: "touch {{ docker_dir }}/caddy/GeoLite2-City.mmdb"
when:
- not geolite.stat.exists
tags: never
# ----------------------------------------------------------------------------------------------------
- name: Install yq on control host
apt:
name:
- yq
state: latest
install_recommends: false
delegate_to: "{{ control_host }}"
become: true
- name: Curl IP block range file by ProjectSegfault
command: curl --output /tmp/blocked-ranges.yaml https://raw.githubusercontent.com/ProjectSegfault/ansible/master/privfrontends/blocked-ranges.yaml
delegate_to: "{{ control_host }}"
- name: Read IP block range file by ProjectSegfault
ansible.builtin.shell: "yq -e '.blocked_ranges' /tmp/blocked-ranges.yaml"
register: result
delegate_to: "{{ control_host }}"
- name: Parse IP block range file by ProjectSegfault
set_fact:
blocked_ranges: "{{ result.stdout | from_yaml }}"
# ----------------------------------------------------------------------------------------------------
- name: Parse IP block range file by return42
set_fact:
botnet_ranges: "{{ lookup('url', 'https://raw.githubusercontent.com/return42/sandbox/main/data/searxng/ipv4_botnet.lst') | regex_replace(',', ' ') | trim }}"
delegate_to: "{{ control_host }}"
# ----------------------------------------------------------------------------------------------------
- name: Set up Caddyfile
template:
src: "conf/Caddyfile.j2"
dest: "{{ docker_dir }}/caddy/Caddyfile"
owner: 1000
group: 1000
mode: 0755