first commit

2026-02-17 09:04:09 +01:00
commit c0afc1554d
32 changed files with 7217 additions and 0 deletions
--- a/systemd/geoip-ban.service
+++ b/systemd/geoip-ban.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=GeoIP Ban Configuration Generator
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=www-data
+Group=www-data
+WorkingDirectory=/opt/geoip_block_generator
+ExecStart=/opt/geoip_block_generator/start.sh
+
+Restart=always
+RestartSec=10
+
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=geoip-ban
+
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/geoip_block_generator/geoip_db /var/log/geoip-ban
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/geoip-precache.service
+++ b/systemd/geoip-precache.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=GeoIP Country Pre-Cache Daemon
+After=network-online.target redis-server.service
+Wants=network-online.target
+Requires=redis-server.service
+
+[Service]
+Type=simple
+User=www-data
+Group=www-data
+WorkingDirectory=/opt/geoip_block_generator
+
+EnvironmentFile=/opt/geoip_block_generator/.env
+
+ExecStart=/opt/geoip_block_generator/venv/bin/python3 /opt/geoip_block_generator/precache_daemon.py
+
+Restart=always
+RestartSec=30
+
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=geoip-precache
+
+PrivateTmp=true
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/geoip_block_generator/geoip_db
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/geoip-scheduler.service
+++ b/systemd/geoip-scheduler.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=GeoIP Country Pre-Scanner Daemon
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=www-data
+Group=www-data
+WorkingDirectory=/opt/geoip_block_generator
+
+EnvironmentFile=/opt/geoip_block_generator/.env
+
+# Python executable
+ExecStart=/opt/geoip_block_generator/venv/bin/python /opt/geoip_block_generator/scheduler.py
+
+# Restart policy
+Restart=always
+RestartSec=10
+
+# Logging
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=geoip-scheduler
+
+# Security
+PrivateTmp=true
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/geoip_block_generator/geoip_db
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/geoip-webapp@.service
+++ b/systemd/geoip-webapp@.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=GeoIP Ban Generator WebApp (Instance %i)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=www-data
+Group=www-data
+WorkingDirectory=/opt/geoip_block_generator
+
+# Pass instance port as argument
+ExecStart=/opt/geoip_block_generator/start-instance.sh %i
+
+Restart=always
+RestartSec=10
+
+# Logging per instance
+StandardOutput=append:/var/log/geoip-ban/webapp-%i.log
+StandardError=append:/var/log/geoip-ban/webapp-%i-error.log
+SyslogIdentifier=geoip-webapp-%i
+
+# Security
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/geoip_block_generator/geoip_db /var/log/geoip-ban
+
+[Install]
+WantedBy=multi-user.target