Generalizing GeoIP to be consumed by more services

2025-12-29 14:46:55 -06:00
parent b6785b861a
commit 0070afde5d
17 changed files with 108 additions and 60 deletions
--- a/roles/WebServer/tasks/main.yml
+++ b/roles/WebServer/tasks/main.yml
@@ -44,14 +44,11 @@

 - name: Copy conf.d
   become: yes
-   copy:
+   become_user: http
+   ansible.posix.synchronize:
     src: "conf.d/{{ inventory_hostname }}/"
     dest: /etc/nginx/conf.d/
-     owner: http
-     group: http
-     mode: 0660
-     directory_mode: 0770
-     follow: true
+     delete: true
   register: confd

 - name: Copy conf
@@ -114,17 +111,6 @@
     mode: 0660
   register: geoipconf

- - name: Ensure MaxMindDB is present
-   become: yes
-   file:
-     path: /etc/nginx/conf/maxmind-geoip2.mmdb
-     state: file
-     owner: http
-     group: http
-     mode: 0440
-     # This requires a https://maxmind.com/ account, so the source will have to come from that site.
-     # This file should be the current country database.
-
 - name: Clone OWASP-CRS
   ignore_errors: true
   become: yes
@@ -168,6 +154,11 @@
     #validate: nginx -t -p /etc/nginx -c %s # Commented due to base pathing issues
   register: baseconf

+ - name: Safety test on nginx
+   become: yes
+   command: 'nginx -t'
+   ignore_errors: false
+
 - name: Ensure service is started
   become: yes
   when: conf.changed or confd.changed or geoipconf.changed or secconf.changed or baseconf.changed or modsecconf.changed