Make DNS blocklist URLs configurable (#548)

config.cfg

@@ -20,6 +20,12 @@ vpn_network_ipv6: 'fd9d:bc11:4020::/48'
 server_name: "{{ ansible_ssh_host }}"
 IP_subject_alt_name: "{{ ansible_ssh_host }}"
 
+adblock_lists:
+ - "http://winhelp2002.mvps.org/hosts.txt"
+ - "https://adaway.org/hosts.txt"
+ - "https://www.malwaredomainlist.com/hostslist/hosts.txt"
+ - "https://hosts-file.net/ad_servers.txt"
+
 dns_servers:
   ipv4:
     - 8.8.8.8

roles/dns_adblocking/tasks/main.yml

@@ -29,7 +29,7 @@
 
     - name: Adblock script created
       template:
-        src: adblock.sh
+        src: adblock.sh.j2
         dest: /usr/local/sbin/adblock.sh
         owner: root
         group: "{{ root_group|default('root') }}"

roles/dns_adblocking/templates/adblock.sh.j2

@@ -7,36 +7,39 @@ ENDPOINT_IP6="::"
 IPV6="Y"
 TEMP=`mktemp`
 TEMP_SORTED=`mktemp`
+DNSMASQ_WHITELIST="/var/lib/dnsmasq/white.list"
+DNSMASQ_BLACKLIST="/var/lib/dnsmasq/black.list"
+DNSMASQ_BLOCKHOSTS="/var/lib/dnsmasq/block.hosts"
+BLOCKLIST_URLS="{% for url in adblock_lists %}{{ url }} {% endfor %}"
 
 #Delete the old block.hosts to make room for the updates
-rm -f /var/lib/dnsmasq/block.hosts
+rm -f $DNSMASQ_BLOCKHOSTS
 
 echo 'Downloading hosts lists...'
 #Download and process the files needed to make the lists (enable/add more, if you want)
-wget -qO- http://winhelp2002.mvps.org/hosts.txt| awk -v r="$ENDPOINT_IP4" '{sub(/^0.0.0.0/, r)} $0 ~ "^"r' > "$TEMP"
-wget -qO- "https://adaway.org/hosts.txt"|awk -v r="$ENDPOINT_IP4" '{sub(/^127.0.0.1/, r)} $0 ~ "^"r' >> "$TEMP"
-wget -qO- https://www.malwaredomainlist.com/hostslist/hosts.txt|awk -v r="$ENDPOINT_IP4" '{sub(/^127.0.0.1/, r)} $0 ~ "^"r' >> "$TEMP"
-wget -qO- "https://hosts-file.net/.\ad_servers.txt"|awk -v r="$ENDPOINT_IP4" '{sub(/^127.0.0.1/, r)} $0 ~ "^"r' >> "$TEMP"
+for url in $BLOCKLIST_URLS; do
+  wget -qO- "$url" | awk -v r="$ENDPOINT_IP4" '{sub(/^(0.0.0.0|127.0.0.1)/, r)} $0 ~ "^"r' >> "$TEMP"
+done
 
 #Add black list, if non-empty
-if [ -s "/var/lib/dnsmasq/black.list" ]
+if [ -s "$DNSMASQ_BLACKLIST" ]
 then
     echo 'Adding blacklist...'
-    awk -v r="$ENDPOINT_IP4" '/^[^#]/ { print r,$1 }' /var/lib/dnsmasq/black.list >> "$TEMP"
+    awk -v r="$ENDPOINT_IP4" '/^[^#]/ { print r,$1 }' $DNSMASQ_BLACKLIST >> "$TEMP"
 fi
 
 #Sort the download/black lists
 awk '{sub(/\r$/,"");print $1,$2}' "$TEMP"|sort -u > "$TEMP_SORTED"
 
 #Filter (if applicable)
-if [ -s "/var/lib/dnsmasq/white.list" ]
+if [ -s "$DNSMASQ_WHITELIST" ]
 then
     #Filter the blacklist, suppressing whitelist matches
     #  This is relatively slow =-(
     echo 'Filtering white list...'
-    egrep -v "^[[:space:]]*$" /var/lib/dnsmasq/white.list | awk '/^[^#]/ {sub(/\r$/,"");print $1}' | grep -vf - "$TEMP_SORTED" > /var/lib/dnsmasq/block.hosts
+    egrep -v "^[[:space:]]*$" $DNSMASQ_WHITELIST | awk '/^[^#]/ {sub(/\r$/,"");print $1}' | grep -vf - "$TEMP_SORTED" > $DNSMASQ_BLOCKHOSTS
 else
-    cat "$TEMP_SORTED" > /var/lib/dnsmasq/block.hosts
+    cat "$TEMP_SORTED" > $DNSMASQ_BLOCKHOSTS
 fi
 
 if [ "$IPV6" = "Y" ]
@@ -44,7 +47,7 @@ then
     safe_pattern=$(printf '%s\n' "$ENDPOINT_IP4" | sed 's/[[\.*^$(){}?+|/]/\\&/g')
     safe_addition=$(printf '%s\n' "$ENDPOINT_IP6" | sed 's/[\&/]/\\&/g')
     echo 'Adding ipv6 support...'
-    sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" /var/lib/dnsmasq/block.hosts
+    sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" $DNSMASQ_BLOCKHOSTS
 fi
 
 service dnsmasq restart