From 483617e41a7226a5a34738ee31c2a6a74bdfa3db Mon Sep 17 00:00:00 2001 From: Albert Armea Date: Sat, 21 Mar 2026 22:23:28 +0000 Subject: [PATCH] Move geo_rules.yml into its own directory This way, Docker still passes through changes made by text editors --- .gitignore | 1 + README.md | 12 +++++++----- geo_rules.yml => config/geo_rules.yml.example | 0 docker-compose.yml | 2 +- geoblock_watcher/watcher.py | 2 +- 5 files changed, 10 insertions(+), 7 deletions(-) rename geo_rules.yml => config/geo_rules.yml.example (100%) diff --git a/.gitignore b/.gitignore index 91f014e..3baeae6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .env certs/ +config/geo_rules.yml diff --git a/README.md b/README.md index 4991429..6da0162 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ A single-VPS Docker Compose stack providing: - **Forgejo** — lightweight, Gitea-compatible Git hosting - **nginx** — reverse proxy with TLS termination and GeoIP2 blocking - **MaxMind GeoLite2** — IP → country + state/province database (auto-updated) -- **geoblock_watcher** — watches `geo_rules.yml` and hot-reloads nginx when rules change +- **geoblock_watcher** — watches `config/geo_rules.yml` and hot-reloads nginx when rules change - **Certbot** — automatic Let's Encrypt certificate renewal --- @@ -16,8 +16,9 @@ A single-VPS Docker Compose stack providing: . ├── docker-compose.yml ├── .env.example ← copy to .env and fill in -├── geo_rules.yml ← ✏️ edit this to configure geo-blocking ├── bootstrap_certs.sh ← run once before first `docker compose up` +├── config/ +│ └── geo_rules.yml.example ← copy to geo_rules.yml and edit to configure geo-blocking ├── nginx/ │ ├── Dockerfile ← builds nginx + GeoIP2 dynamic module │ ├── nginx.conf ← main nginx config (loads GeoIP2 module) @@ -51,6 +52,7 @@ A single-VPS Docker Compose stack providing: ### 1. Configure environment ```bash +cp config/geo_rules.yml.example config/geo_rules.yml cp .env.example .env $EDITOR .env # fill in DOMAIN, MAXMIND_*, LETSENCRYPT_EMAIL ``` @@ -90,14 +92,14 @@ docker compose up -d forgejo ### 4. Configure geo-blocking -Edit `geo_rules.yml` — the watcher will detect the change within seconds and +Edit `config/geo_rules.yml` — the watcher will detect the change within seconds and hot-reload nginx automatically. No restart needed. --- ## Geo-Blocking Configuration -`geo_rules.yml` is the single source of truth. Example: +`config/geo_rules.yml` is the single source of truth. Example: ```yaml repos: @@ -150,7 +152,7 @@ https://www.iso.org/obp/ui/#search (search for the country, then see "Subdivisio ### Hot reload The watcher polls every 60 seconds and also reacts to inotify events -immediately. After saving `geo_rules.yml`, nginx will reload within seconds. +immediately. After saving `config/geo_rules.yml`, nginx will reload within seconds. No traffic is dropped — nginx does a graceful configuration reload (SIGHUP). --- diff --git a/geo_rules.yml b/config/geo_rules.yml.example similarity index 100% rename from geo_rules.yml rename to config/geo_rules.yml.example diff --git a/docker-compose.yml b/docker-compose.yml index 0054603..3c0c489 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -89,7 +89,7 @@ services: container_name: geoblock_watcher restart: unless-stopped volumes: - - ./geo_rules.yml:/app/geo_rules.yml:ro + - ./config:/app/host:ro - ./nginx/geoblock:/app/geoblock # shared with nginx (rw here) - /var/run/docker.sock:/var/run/docker.sock networks: diff --git a/geoblock_watcher/watcher.py b/geoblock_watcher/watcher.py index 9869d90..e69ea33 100644 --- a/geoblock_watcher/watcher.py +++ b/geoblock_watcher/watcher.py @@ -41,7 +41,7 @@ logging.basicConfig( ) log = logging.getLogger(__name__) -RULES_FILE = Path("/app/geo_rules.yml") +RULES_FILE = Path("/app/host/geo_rules.yml") OUTPUT_DIR = Path("/app/geoblock") NGINX_CONTAINER = os.environ.get("NGINX_CONTAINER_NAME", "nginx")