algo/roles/dns_adblocking/templates/adblock.sh.j2

#!/bin/sh
# Block ads, malware, etc..

# Redirect endpoint
ENDPOINT_IP4="0.0.0.0"
ENDPOINT_IP6="::"
IPV6="Y"
TEMP=`mktemp`
TEMP_SORTED=`mktemp`
DNSMASQ_WHITELIST="/var/lib/dnsmasq/white.list"
DNSMASQ_BLACKLIST="/var/lib/dnsmasq/black.list"
DNSMASQ_BLOCKHOSTS="/var/lib/dnsmasq/block.hosts"
BLOCKLIST_URLS="{% for url in adblock_lists %}{{ url }} {% endfor %}"

#Delete the old block.hosts to make room for the updates
rm -f $DNSMASQ_BLOCKHOSTS

echo 'Downloading hosts lists...'
#Download and process the files needed to make the lists (enable/add more, if you want)
for url in $BLOCKLIST_URLS; do
  wget -qO- "$url" | awk -v r="$ENDPOINT_IP4" '{sub(/^(0.0.0.0|127.0.0.1)/, r)} $0 ~ "^"r' >> "$TEMP"
done

#Add black list, if non-empty
if [ -s "$DNSMASQ_BLACKLIST" ]
then
    echo 'Adding blacklist...'
    awk -v r="$ENDPOINT_IP4" '/^[^#]/ { print r,$1 }' $DNSMASQ_BLACKLIST >> "$TEMP"
fi

#Sort the download/black lists
awk '{sub(/\r$/,"");print $1,$2}' "$TEMP"|sort -u > "$TEMP_SORTED"

#Filter (if applicable)
if [ -s "$DNSMASQ_WHITELIST" ]
then
    #Filter the blacklist, suppressing whitelist matches
    #  This is relatively slow =-(
    echo 'Filtering white list...'
    egrep -v "^[[:space:]]*$" $DNSMASQ_WHITELIST | awk '/^[^#]/ {sub(/\r$/,"");print $1}' | grep -vf - "$TEMP_SORTED" > $DNSMASQ_BLOCKHOSTS
else
    cat "$TEMP_SORTED" > $DNSMASQ_BLOCKHOSTS
fi

if [ "$IPV6" = "Y" ]
then
    safe_pattern=$(printf '%s\n' "$ENDPOINT_IP4" | sed 's/[[\.*^$(){}?+|/]/\\&/g')
    safe_addition=$(printf '%s\n' "$ENDPOINT_IP6" | sed 's/[\&/]/\\&/g')
    echo 'Adding ipv6 support...'
    sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" $DNSMASQ_BLOCKHOSTS
fi

service dnsmasq restart

exit 0