Fix unbound reload issue (twas a file permission issue) and add basic ad blocking

2021-05-10 19:40:02 -04:00 · 2021-05-10 19:40:02 -04:00 · 407bc6f0d6
parent 084e07cb44
commit 407bc6f0d6
4 changed files with 31 additions and 7 deletions
--- a/cron/unbound-dhcpd-updater
+++ b/cron/unbound-dhcpd-updater
@ -1,5 +1,5 @@
-#!/bin/sh
-set -eu
+#!/usr/local/bin/bash
+set -euo pipefail

 readonly DHCPD_CONF_FILE='/etc/dhcpd.conf'
 readonly DHCPD_LEASES_FILE='/var/db/dhcpd.leases'
@ -24,5 +24,6 @@ fi
 ../dhcpd/list_active_assignments | ../unbound/local-data-file-generator > "$UNBOUND_LOCAL_DATA_FILE_TMP"

 mv "$UNBOUND_LOCAL_DATA_FILE_TMP" "$UNBOUND_LOCAL_DATA_FILE"
+chmod 644 "$UNBOUND_LOCAL_DATA_FILE"

-rcctl restart unbound
+rcctl reload unbound
--- a/dhcpd/list_active_assignments
+++ b/dhcpd/list_active_assignments
@ -1,5 +1,5 @@
-#!/bin/sh
-set -eu
+#!/usr/local/bin/bash
+set -euo pipefail

 readonly DHCPD_CONF_FILE="${DHCPD_CONF_FILE:-/etc/dhcpd.conf}"
 readonly DHCPD_LEASES_FILE="${DHCPD_LEASES_FILE:-/var/db/dhcpd.leases}"
--- a/unbound/blocklist-updater
+++ b/unbound/blocklist-updater
@ -0,0 +1,23 @@
+#!/usr/local/bin/bash
+
+set -euo pipefail
+
+if ! command -v curl &> /dev/null; then
+	>&2 echo 'curl is missing from PATH'
+	exit 1
+fi
+
+readonly OUTPUT_FILE='/var/unbound/etc/blocklist.conf'
+
+curl -LSsf 'https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts' | awk '/^0\.0\.0\.0/{
+	# there is no need for a "0.0.0.0 0.0.0.0" line
+	if ($2 == "0.0.0.0") {
+		next
+	}
+
+	print "local-zone: \"" $2 "\" redirect"
+	print "local-data: \"" $2 " A 0.0.0.0\""
+}' > "${OUTPUT_FILE}"
+
+chmod 644 "${OUTPUT_FILE}"
+rcctl reload unbound
--- a/unbound/local-data-file-generator
+++ b/unbound/local-data-file-generator
@ -1,6 +1,6 @@
-#!/bin/sh
+#!/usr/local/bin/bash

-set -eu
+set -euo pipefail

 AWK_SCRIPT=$(cat << 'EOF'
 /^[ \t]*[^ \t]+[ \t]+([0-9]{1,3}\.){3}[0-9]{1,3}[ \t]*$/ {