From c1244f837a77ce63ba57b626cdad0f6b6b2acea2 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Sun, 23 Mar 2025 19:29:12 +0100
Subject: [PATCH] Generate a domain blocklist daily.

---
 blocklist.service | 27 +++++++++++++++++++++++++++
 blocklist.timer   | 11 +++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 blocklist.service
 create mode 100644 blocklist.timer

diff --git a/blocklist.service b/blocklist.service
new file mode 100644
index 0000000..860eda5
--- /dev/null
+++ b/blocklist.service
@@ -0,0 +1,27 @@
+# Copyright (c) 2025 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+[Unit]
+Description=Generate a domain blocklist
+OnFailure=notify_failure@%n.service
+
+[Service]
+Type=oneshot
+EnvironmentFile=/etc/ansible/facts.d/env.fact
+ExecStartPre=/usr/bin/git \
+    --work-tree=/tmp \
+    --git-dir=${git_home_dir}/config.git \
+    checkout main --force blacklist.txt
+ExecStartPre=/usr/bin/git \
+    --work-tree=/tmp \
+    --git-dir=${git_home_dir}/server.git \
+    checkout main --force dnscrypt-proxy/domains-blocklist.txt
+ExecStartPre=/usr/bin/wget \
+    https://raw.githubusercontent.com/DNSCrypt/dnscrypt-proxy/master/utils/generate-domains-blocklist/generate-domains-blocklist.py \
+    --output-document=/tmp/generate-domains-blocklist.py
+ExecStart=/usr/bin/python3 /tmp/generate-domains-blocklist.py \
+    --allowlist '' \
+    --config /tmp/dnscrypt-proxy/domains-blocklist.txt \
+    --time-restricted '' \
+    --output /etc/dns/blocked-names.txt
+
diff --git a/blocklist.timer b/blocklist.timer
new file mode 100644
index 0000000..0b44c4d
--- /dev/null
+++ b/blocklist.timer
@@ -0,0 +1,11 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+[Unit]
+Description=Generate a domain blocklist daily.
+
+[Timer]
+OnCalendar=*-*-* 02:00:00
+
+[Install]
+WantedBy=timers.target
-- 
2.39.5