1. Geoblock Role
- 1.1 Create
roles/geoblock/defaults/main.yml with default variables (zone URL, file paths, ipset name, cron schedule)
- 1.2 Create
roles/geoblock/templates/geoblock-update.sh.j2 — script to download CN zone, build temp ipset, swap atomically, add iptables rule if missing
- 1.3 Create
roles/geoblock/templates/geoblock.service.j2 — systemd oneshot unit that runs the update script at boot
- 1.4 Create
roles/geoblock/tasks/main.yml — install ipset/iptables, deploy update script, run initial load, deploy systemd service, configure daily cron
- 1.5 Create
roles/geoblock/handlers/main.yml — handler to reload geoblock if config changes
2. Integration
