From 65a465a31c6478275909192a01ad98c4b3aef00c Mon Sep 17 00:00:00 2001
From: Tine <tine@tjo.space>
Date: Tue, 26 Nov 2024 20:23:06 +0100
Subject: [PATCH] feat: manual ip blocks

---
 justfile                                   | 2 +-
 root/etc/nginx/nginx.conf                  | 3 +++
 root/etc/nginx/partials/blocked.conf       | 3 ++-
 root/etc/nginx/partials/manual-blocks.conf | 8 ++++++++
 4 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 root/etc/nginx/partials/manual-blocks.conf

diff --git a/justfile b/justfile
index ccf91c8..430a92a 100644
--- a/justfile
+++ b/justfile
@@ -26,7 +26,7 @@ destroy:
   tofu  destroy
 
 # Create a list of blocked IP ranges. Traffic we don't want.
-ingress-blocked-list:
+update-blocked-list:
   #!/usr/bin/env bash
   GOOGLE_BOT_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/googlebot/ipv4_merged.txt)
   GOOGLE_BOT_IPV6=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/googlebot/ipv6_merged.txt)
diff --git a/root/etc/nginx/nginx.conf b/root/etc/nginx/nginx.conf
index c484a79..c53523c 100644
--- a/root/etc/nginx/nginx.conf
+++ b/root/etc/nginx/nginx.conf
@@ -105,6 +105,7 @@ stream {
     proxy_protocol on;
     include        /etc/nginx/partials/server.conf;
     include        /etc/nginx/partials/blocked.conf;
+    include        /etc/nginx/partials/manual-blocks.conf;
   }
 
   # GIT
@@ -116,6 +117,7 @@ stream {
     proxy_protocol on;
     include        /etc/nginx/partials/server.conf;
     include        /etc/nginx/partials/blocked.conf;
+    include        /etc/nginx/partials/manual-blocks.conf;
   }
 
   # EMAIL
@@ -137,5 +139,6 @@ stream {
     proxy_protocol off; # Configure downstream first.
     include        /etc/nginx/partials/server.conf;
     include        /etc/nginx/partials/blocked.conf;
+    include        /etc/nginx/partials/manual-blocks.conf;
   }
 }
diff --git a/root/etc/nginx/partials/blocked.conf b/root/etc/nginx/partials/blocked.conf
index ab652e3..7a97551 100644
--- a/root/etc/nginx/partials/blocked.conf
+++ b/root/etc/nginx/partials/blocked.conf
@@ -21,7 +21,7 @@ deny 185.60.216.0/22;
 deny 185.89.216.0/22;
 deny 191.233.204.224/28;
 deny 192.178.5.0/27;
-deny 192.178.6.0/27;
+deny 192.178.6.0/26;
 deny 196.49.68.0/23;
 deny 199.201.64.0/22;
 deny 199.30.24.0/23;
@@ -46,6 +46,7 @@ deny 2001:4860:4801:80::/61;
 deny 2001:4860:4801:88::/64;
 deny 2001:4860:4801:90::/62;
 deny 2001:4860:4801:94::/64;
+deny 2001:4860:4801:a0::/64;
 deny 2001:4860:4801:c::/64;
 deny 2001:4860:4801:f::/64;
 deny 20.125.163.80/28;
diff --git a/root/etc/nginx/partials/manual-blocks.conf b/root/etc/nginx/partials/manual-blocks.conf
new file mode 100644
index 0000000..966c01b
--- /dev/null
+++ b/root/etc/nginx/partials/manual-blocks.conf
@@ -0,0 +1,8 @@
+##
+# Manual Block List
+##
+
+# Reason: Too many requests.
+# Date:   2024-11-26
+# Ref:    https://www.abuseipdb.com/check/65.108.110.26
+deny '65.108.110.26/32';