nixos-module: add blocklist-update
This commit is contained in:
parent
b7be2337ea
commit
75b5823964
|
@ -3,11 +3,14 @@
|
|||
let
|
||||
cfg = config.services.caveman;
|
||||
|
||||
blocklistPath = "/etc/caveman.blocklist";
|
||||
|
||||
hunterDefaultSettings = {
|
||||
redis = "redis://127.0.0.1:${toString cfg.redis.port}/";
|
||||
hosts = [ "mastodon.social" "fosstodon.org" "chaos.social" "dresden.network" ];
|
||||
max_workers = 16;
|
||||
prometheus_port = 9101;
|
||||
blocklist = blocklistPath;
|
||||
};
|
||||
|
||||
hunterSettings = lib.recursiveUpdate hunterDefaultSettings cfg.hunter.settings;
|
||||
|
@ -265,5 +268,24 @@ in
|
|||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.blocklist-update = lib.mkIf cfg.hunter.enable {
|
||||
requires = [ "network-online.target" ];
|
||||
path = with pkgs; [ coreutils wget ];
|
||||
script = ''
|
||||
T=$(mktemp blocklistXXXX)
|
||||
wget -O $T https://rapidblock.org/blocked_domains.csv
|
||||
mv $T ${lib.escapeShellArg blocklistPath}
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
Restart = "on-failure";
|
||||
RestartSec = 600;
|
||||
};
|
||||
};
|
||||
systemd.timers.blocklist-update = lib.mkIf cfg.hunter.enable {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "hourly";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue