From 8bec552adcfb3b8a071cf384bc47b4d7850aa500 Mon Sep 17 00:00:00 2001 From: Djeex Date: Sat, 31 May 2025 15:48:14 +0000 Subject: [PATCH] First commit --- .gitignore | 2 ++ Dockerfile | 10 +++++++ LICENSE | 21 +++++++++++++ README.md | 73 +++++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 24 +++++++++++++++ entrypoint.sh | 13 ++++++++ update-blocklist.sh | 47 +++++++++++++++++++++++++++++ 7 files changed, 190 insertions(+) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 README.md create mode 100644 docker-compose.yml create mode 100644 entrypoint.sh create mode 100644 update-blocklist.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d0d192d --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/adguard/*.log +/tmp/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d84bb26 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:latest + +RUN apk add --no-cache curl bash busybox-cron + +COPY update-blocklist.sh /usr/local/bin/update-blocklist.sh +COPY entrypoint.sh /entrypoint.sh + +RUN chmod +x /usr/local/bin/update-blocklist.sh /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f4c4c4c --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License +Copyright (c) 2025 > Djeex +Copyright (c) 2025 > Vulnebify (CIDRE) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..bccdba2 --- /dev/null +++ b/README.md @@ -0,0 +1,73 @@ +

Adguard CIDRE Sync

+
+ + JV Hardware +
+ +🤖 **Adguard CIDRE Sync** - A bot to synchronize adguard clients disallow list with countries CIDR list of your choices. + +*The code is partially generated by AI* + +## 📌 Sommaire + +- [Features](#features) +- [Install with Docker and our image](#install-with-docker) +- [Install with git and build (développeur)](#install-with-git-and-build) + +## ✨ Features + +- Automatically downloads IP CIDR blocks for specified countries to block. +- Supports additional manually blocked IPs from a configurable file. +- Updates the disallowed_clients section in the AdGuard Home config. +- Configurable update frequency via cron expression environment variable. +- Automatically restarts the AdGuard Home container after updates via Docker socket proxy. + +## Environment Variables + +| Variable | Description | Default | +| ------------------- | ---------------------------------------------------------- | --------------------------------- | +| `BLOCK_COUNTRIES` | Comma-separated country codes to block (e.g., `CN,RU,IR`) | (required) | +| `BLOCKLIST_CRON` | Cron expression for update frequency (e.g., `0 6 * * *`) | `0 6 * * *` (at 6:00 everydays) | +| `DOCKER_API_URL` | URL of Docker socket proxy to restart AdGuard container | `http://docker-socket-proxy:2375` | + +## File Structure + +- `update-blocklist.sh`: Main script to download CIDRs, merge manual IPs, update config, and restart AdGuard. +- `entrypoint.sh`: Sets up the cron job to periodically run the update script. +- `Dockerfile`: Builds the lightweight Alpine-based image. +- `docker-compose.yml`: Example compose file to run the container. +- `manually_blocked_ips.conf`: (Volume mount) Add extra IPs to block manually. + +## Installation and Usage + +1. **Clone the repository:** + + ```bash + git clone https://github.com/your-username/adguard-blocklist-updater.git + cd adguard-blocklist-updater + ``` +2. **Modify docker-compose.yml** + +- Set `BLOCK_COUNTRIES` environment variable with the countries you want to block. +- Adjust `BLOCKLIST_CRON` if you want a different update frequency. +- Bind mount your adguard configuration folder (wich contains `AdGuardHome.yaml`) to `/adguard` +- (optionnally) create and edit `manually_blocked_ips.conf` file in your adguard configuration folder to add other IPs you want to block. Only valid IP or CIDR entries will be processed, for exemple : + + ```bash + 192.168.1.100 + 10.0.0.0/24 + # Comments or empty lines are ignored + ``` + +4. **Build and start the container** + + ```bash + docker-compose build + docker-compose up -d + ``` +5. **Check logs to verify updates** + + ```bash + docker-compose logs -f + ``` + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..9eeab34 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,24 @@ +--- +services: + adguard-cidre: + build: . + environment: + - BLOCK_COUNTRIES=CN,RU,IR # choose countries listed IP to block. Full lists here https://github.com/vulnebify/cidre/tree/main/output/cidr/ipv4 + - BLOCKLIST_CRON=0 6 * * * # at 6:00 every days + - DOCKER_API_URL=http://socket-proxy-adguard:2375 + volumes: + - /path/to/adguard/confdir:/adguard + + socket-proxy: + image: lscr.io/linuxserver/socket-proxy:latest + container_name: socket-proxy-adguard + security_opt: + - no-new-privileges:true + environment: + - CONTAINERS=1 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + restart: unless-stopped + read_only: true + tmpfs: + - /run \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..249a0ce --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +CRON_EXPR="${BLOCKLIST_CRON:-"0 6 * * *"}" # default: every hour +SCRIPT_PATH="/usr/local/bin/update-blocklist.sh" + +echo "Installing cron job with expression: $CRON_EXPR" + +echo "$CRON_EXPR root $SCRIPT_PATH" > /etc/crontabs/root + +echo "Starting cron..." +crond -f -L /dev/stdout diff --git a/update-blocklist.sh b/update-blocklist.sh new file mode 100644 index 0000000..33a4ff8 --- /dev/null +++ b/update-blocklist.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +set -e + +ADGUARD_YAML="/adguard/AdGuardHome.yaml" +TMP_YAML="/tmp/AdGuardHome.yaml" +MANUAL_IPS_FILE="/adguard/manually_blocked_ips.conf" +CIDR_BASE_URL="https://raw.githubusercontent.com/vulnebify/cidre/main/output/cidr/ipv4" +COUNTRIES=${BLOCK_COUNTRIES:-""} +DOCKER_API_URL=${DOCKER_API_URL:-"http://docker-socket-proxy:2375"} + +if [ -z "$COUNTRIES" ]; then + echo "No countries specified in BLOCK_COUNTRIES." + exit 1 +fi + +mkdir -p /tmp/cidr +> /tmp/cidr/all.txt + +IFS=',' read -ra CODES <<< "$COUNTRIES" +for CODE in "${CODES[@]}"; do + echo "Downloading CIDR list for $CODE..." + curl -sf "$CIDR_BASE_URL/${CODE^^}.txt" -o "/tmp/cidr/${CODE}.txt" || continue + cat "/tmp/cidr/${CODE}.txt" >> /tmp/cidr/all.txt +done + +if [ -f "$MANUAL_IPS_FILE" ]; then + echo "Validating and adding manually blocked IPs from $MANUAL_IPS_FILE..." + grep -E '^([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?$' "$MANUAL_IPS_FILE" >> /tmp/cidr/all.txt +fi + +IPS_FORMATTED=$(sed 's/^/ - /' /tmp/cidr/all.txt) + +awk -v ips="$IPS_FORMATTED" ' +BEGIN { inside=0 } +/^ disallowed_clients:/ { print; inside=1; next } +/^ [^ ]/ && inside==1 { print ips; inside=0 } +{ if (!inside) print } +END { if (inside==1) print ips } +' "$ADGUARD_YAML" > "$TMP_YAML" + +mv "$TMP_YAML" "$ADGUARD_YAML" + +echo "Restarting adguard-home container..." +curl -s -X POST "$DOCKER_API_URL/containers/adguard-home/restart" -o /dev/null + +echo "Done."