Generate a domain blocklist daily.

diff --git a/blocklist.service b/blocklist.service
new file mode 100644 (file)
index 0000000..860eda5
--- /dev/null
+++ b/blocklist.service
@@ -0,0 +1,27 @@
+# Copyright (c) 2025 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+[Unit]
+Description=Generate a domain blocklist
+OnFailure=notify_failure@%n.service
+
+[Service]
+Type=oneshot
+EnvironmentFile=/etc/ansible/facts.d/env.fact
+ExecStartPre=/usr/bin/git \
+    --work-tree=/tmp \
+    --git-dir=${git_home_dir}/config.git \
+    checkout main --force blacklist.txt
+ExecStartPre=/usr/bin/git \
+    --work-tree=/tmp \
+    --git-dir=${git_home_dir}/server.git \
+    checkout main --force dnscrypt-proxy/domains-blocklist.txt
+ExecStartPre=/usr/bin/wget \
+    https://raw.githubusercontent.com/DNSCrypt/dnscrypt-proxy/master/utils/generate-domains-blocklist/generate-domains-blocklist.py \
+    --output-document=/tmp/generate-domains-blocklist.py
+ExecStart=/usr/bin/python3 /tmp/generate-domains-blocklist.py \
+    --allowlist '' \
+    --config /tmp/dnscrypt-proxy/domains-blocklist.txt \
+    --time-restricted '' \
+    --output /etc/dns/blocked-names.txt
+

diff --git a/blocklist.timer b/blocklist.timer
new file mode 100644 (file)
index 0000000..0b44c4d
--- /dev/null
+++ b/blocklist.timer
@@ -0,0 +1,11 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+[Unit]
+Description=Generate a domain blocklist daily.
+
+[Timer]
+OnCalendar=*-*-* 02:00:00
+
+[Install]
+WantedBy=timers.target