fixed geoip tag

2026-01-20 18:01:32 +01:00
parent 7595cbe4ad
commit 99548a235e
33 changed files with 2864 additions and 2863 deletions
@@ -99,7 +99,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  labels:
@@ -374,7 +374,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -293,7 +293,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -11,7 +11,7 @@ metadata:
    external-dns.alpha.kubernetes.io/hostname: argocd.dooplex.hu,argocd.home
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -137,7 +137,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  labels:
@@ -247,7 +247,6 @@ spec:
            - name: DATABASE_DIRECT_URL
              value: "postgresql://$(DB_USER):$(DB_PASS)@postgresql-rw.database-system.svc.cluster.local:5432/calcom"

-                  
            # Redis
            - name: REDIS_URL
              value: "redis://calcom-redis:6379"
@@ -408,7 +407,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
    nginx.ingress.kubernetes.io/proxy-set-headers: "booking-system/calcom-proxy-headers"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -340,7 +340,7 @@ metadata:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  labels:
@@ -254,7 +254,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -302,7 +302,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -161,7 +161,7 @@ metadata:
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -11,7 +11,7 @@ metadata:
  labels:
    app.kubernetes.io/name: craftycontroller
 data:
-  README.txt: 'Crafty Controller hostNetwork deployment.
+  README.txt: "Crafty Controller hostNetwork deployment.


    Reserved Minecraft TCP port range on the node: 25565-25575.
@@ -23,7 +23,7 @@ data:

    Port 25565 is commonly used for the primary server.

-    '
+    "
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -149,15 +149,16 @@ metadata:
    external-dns.alpha.kubernetes.io/hostname: crafty.dooplex.hu,crafty.home
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 200m
    nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-crafty-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
    nginx.ingress.kubernetes.io/auth-signin: https://crafty.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
-    nginx.ingress.kubernetes.io/auth-snippet: 'proxy_set_header X-Forwarded-Host $http_host;
+    nginx.ingress.kubernetes.io/auth-snippet:
+      "proxy_set_header X-Forwarded-Host $http_host;

-      '
+      "
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -159,7 +159,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -211,7 +211,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  labels:
@@ -2201,7 +2201,7 @@ metadata:
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -752,7 +752,7 @@ metadata:
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -347,7 +347,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
    # Homepage integration annotations
@@ -716,7 +716,7 @@ metadata:
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
    # Homepage auto-discovery annotation
@@ -482,7 +482,7 @@ metadata:
      set $geo_allowed 0;

      # Allow all Hungarian traffic
-      if ($geoip2_city_country_code = "HU") {
+      if ($geoip2_country_code = "HU") {
        set $geo_allowed 1;
      }

@@ -11,6 +11,7 @@ metadata:
  labels:
    name: mon-system

+
 # =============================================================================
 # PROMETHEUS CONFIGURATION
 # =============================================================================
@@ -295,7 +296,7 @@ spec:
              cpu: 100m
              memory: 256Mi
            limits:
-              cpu: '2'
+              cpu: "2"
              memory: 6Gi
          livenessProbe:
            httpGet:
@@ -373,6 +374,7 @@ spec:
            path: /
            pathType: Prefix

+
 # =============================================================================
 # GRAFANA CONFIGURATION
 # =============================================================================
@@ -571,7 +573,7 @@ metadata:
    external-dns.alpha.kubernetes.io/hostname: grafana.dooplex.hu,grafana.home
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -602,6 +604,7 @@ spec:
        - grafana.dooplex.hu
      secretName: grafana-tls

+
 # =============================================================================
 # NODE EXPORTER - Host metrics (CPU, RAM, Disk, Network)
 # Runs on the host network to collect host metrics
@@ -702,6 +705,7 @@ spec:
  selector:
    app: node-exporter

+
 # =============================================================================
 # EXPORTARR - Metrics for Sonarr, Radarr, Prowlarr
 # =============================================================================
@@ -450,8 +450,7 @@ spec:
              value: "https://nextcloud.dooplex.hu"
            - name: NEXTCLOUD_DATA_DIR
              value: "/data"
-          resources:
-            {}
+          resources: {}
          volumeMounts:
            - name: nextcloud-main
              mountPath: /var/www/
@@ -548,10 +547,8 @@ spec:
      initContainers:
        - name: postgresql-isready
          image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r3
-          resources:
-            {}
-          securityContext:
-            {}
+          resources: {}
+          securityContext: {}
          env:
            - name: POSTGRES_USER
              valueFrom:
@@ -763,7 +760,7 @@ metadata:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_hide_header Content-Security-Policy;
      add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https:; media-src 'self'; frame-ancestors 'self' https://home.dooplex.hu https://orsi.dooplex.hu https://kisfenyo.dooplex.hu;" always;
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  name: nextcloud
@@ -173,7 +173,7 @@ metadata:
      set $geo_allowed 0;

      # Allow all Hungarian traffic
-      if ($geoip2_city_country_code = "HU") {
+      if ($geoip2_country_code = "HU") {
        set $geo_allowed 1;
      }

@@ -399,7 +399,7 @@ metadata:
      proxy_hide_header X-Frame-Options;
      proxy_hide_header Content-Security-Policy;
      add_header X-Frame-Options "ALLOW-FROM https://orsi.dooplex.hu" always;
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  labels:
@@ -344,7 +344,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  labels:
@@ -321,7 +321,7 @@ metadata:
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -372,7 +372,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
    nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "32k"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -390,7 +390,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  name: prowlarr
@@ -441,7 +441,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  name: radarr
@@ -491,7 +491,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  name: sonarr
@@ -541,7 +541,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  name: qbittorrent
@@ -772,7 +772,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  name: radarrkids
@@ -939,7 +939,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  name: seerr
@@ -225,7 +225,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: 128m
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  labels:
@@ -120,7 +120,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -110,7 +110,7 @@ metadata:
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  labels:
@@ -162,7 +162,7 @@ metadata:
    nginx.ingress.kubernetes.io/proxy-body-size: 100m
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
  labels:
@@ -298,7 +298,7 @@ metadata:
    # optional, only if you actually use external-dns:
    external-dns.alpha.kubernetes.io/hostname: wanderer.dooplex.hu
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -245,7 +245,7 @@ metadata:
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Host $http_host;
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -312,7 +312,7 @@ spec:
        # Create public directory if it doesn't exist
        - name: init-public-dir
          image: busybox:1.36
-          command: ['sh', '-c', 'mkdir -p /srv/public && chmod 755 /srv/public']
+          command: ["sh", "-c", "mkdir -p /srv/public && chmod 755 /srv/public"]
          volumeMounts:
            - name: data
              mountPath: /srv
@@ -474,7 +474,7 @@ metadata:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/hostname: web.dooplex.hu
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -436,7 +436,7 @@ metadata:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec:
@@ -131,7 +131,7 @@ metadata:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($geoip2_city_country_code != "HU") {
+      if ($geoip2_country_code != "HU") {
        return 403 "Access restricted to Hungary";
      }
 spec: