Adding geoip module and instituting a deny variable for vhosts to consume

roles/WebServer/templates/conf/geoip.conf.j2

@@ -0,0 +1,28 @@
+# Load database and set variables from the database.
+geoip2 /etc/nginx/conf/maxmind-geoip2.mmdb {
+    auto_reload 60m;
+    $geoip2_metadata_country_build metadata build_epoch;
+    $geoip2_data_country_code country iso_code;
+    $geoip2_data_country_name country names en;
+}
+fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
+fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
+
+# Allow LAN and operational countries.
+geo $lan {
+    default 0;
+    {{ main_subnet }}/{{ netmask }} 1;
+}
+map $geoip2_data_country_code $allowed_country {
+    default 0;
+{% for country in operational_countries %}
+    {{ country }} 1;
+{% endfor %}
+}
+
+# Define the deny variable such that LAN & country requests are allowed.
+# Thanks to https://stackoverflow.com/a/64071860 for the example
+map $lan$allowed_country $deny {
+    default 0;
+    00 1;
+}