geo $whitelisted {
  default 0;
  192.168.1.0/24 1;
}

server {
  modsecurity on;
  modsecurity_rules_file /etc/nginx/modsec_includes.conf;

  listen 80 default_server;
  server_name {{ home_server_name }};
  if ($whitelisted = 1) {
    return 302 http://{{ ansible_default_ipv4.address }};
  }

  if ($whitelisted = 0) {
    return 302 $scheme://bdebyl.net$request_uri;
  }
}