First commit

2025-05-31 15:48:14 +00:00 · 2025-05-31 15:48:14 +00:00 · 8bec552adc
commit 8bec552adc
7 changed files with 190 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+/adguard/*.log
+/tmp/
--- a/10
+++ b/10
@ -0,0 +1,10 @@
+FROM alpine:latest
+
+RUN apk add --no-cache curl bash busybox-cron
+
+COPY update-blocklist.sh /usr/local/bin/update-blocklist.sh
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /usr/local/bin/update-blocklist.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
--- a/21
+++ b/21
@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 > Djeex
+Copyright (c) 2025 > Vulnebify (CIDRE)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,73 @@
+<h1 align="center"> Adguard CIDRE Sync</h1>
+<div align="center">
+    <a href="https://discord.gg/gxffg3GA96">
+        <img src="https://img.shields.io/badge/JV%20hardware-rejoindre-green?style=flat-square&logo=discord&logoColor=%23fff" alt="JV Hardware">
+</div>
+
+🤖 **Adguard CIDRE Sync** - A bot to synchronize adguard clients disallow list with countries CIDR list of your choices.
+
+*The code is partially generated by AI*
+
+## 📌 Sommaire
+
+- [Features](#features)
+- [Install with Docker and our image](#install-with-docker)
+- [Install with git and build (développeur)](#install-with-git-and-build)
+
+## ✨ Features
+
+- Automatically downloads IP CIDR blocks for specified countries to block.
+- Supports additional manually blocked IPs from a configurable file.
+- Updates the disallowed_clients section in the AdGuard Home config.
+- Configurable update frequency via cron expression environment variable.
+- Automatically restarts the AdGuard Home container after updates via Docker socket proxy.
+
+## Environment Variables
+
+| Variable            | Description                                                | Default                           |
+| ------------------- | ---------------------------------------------------------- | --------------------------------- |
+| `BLOCK_COUNTRIES`   | Comma-separated country codes to block (e.g., `CN,RU,IR`)  | (required)                        |
+| `BLOCKLIST_CRON`    | Cron expression for update frequency (e.g., `0 6 * * *`) | `0 6 * * *` (at 6:00 everydays)          |
+| `DOCKER_API_URL`    | URL of Docker socket proxy to restart AdGuard container    | `http://docker-socket-proxy:2375` |
+
+## File Structure
+
+- `update-blocklist.sh`: Main script to download CIDRs, merge manual IPs, update config, and restart AdGuard.
+- `entrypoint.sh`: Sets up the cron job to periodically run the update script.
+- `Dockerfile`: Builds the lightweight Alpine-based image.
+- `docker-compose.yml`: Example compose file to run the container.
+- `manually_blocked_ips.conf`: (Volume mount) Add extra IPs to block manually.
+
+## Installation and Usage
+
+1. **Clone the repository:**
+
+    ```bash
+    git clone https://github.com/your-username/adguard-blocklist-updater.git
+    cd adguard-blocklist-updater
+    ```
+2. **Modify docker-compose.yml**
+
+- Set `BLOCK_COUNTRIES` environment variable with the countries you want to block.
+- Adjust `BLOCKLIST_CRON` if you want a different update frequency.
+- Bind mount your adguard configuration folder (wich contains `AdGuardHome.yaml`) to `/adguard`
+- (optionnally) create and edit `manually_blocked_ips.conf` file in your adguard configuration folder to add other IPs you want to block. Only valid IP or CIDR entries will be processed, for exemple :
+
+    ```bash
+    192.168.1.100
+    10.0.0.0/24
+    # Comments or empty lines are ignored
+    ```
+
+4. **Build and start the container**
+
+    ```bash
+    docker-compose build
+    docker-compose up -d
+    ```
+5. **Check logs to verify updates**
+
+   ```bash
+   docker-compose logs -f
+   ```
+
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,24 @@
+---
+services:
+  adguard-cidre:
+    build: .
+    environment:
+      - BLOCK_COUNTRIES=CN,RU,IR # choose countries listed IP to block. Full lists here https://github.com/vulnebify/cidre/tree/main/output/cidr/ipv4
+      - BLOCKLIST_CRON=0 6 * * * # at 6:00 every days
+      - DOCKER_API_URL=http://socket-proxy-adguard:2375
+    volumes:
+      - /path/to/adguard/confdir:/adguard
+
+  socket-proxy:
+    image: lscr.io/linuxserver/socket-proxy:latest
+    container_name: socket-proxy-adguard
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - CONTAINERS=1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    restart: unless-stopped
+    read_only: true
+    tmpfs:
+      - /run
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+
+CRON_EXPR="${BLOCKLIST_CRON:-"0 6 * * *"}" # default: every hour
+SCRIPT_PATH="/usr/local/bin/update-blocklist.sh"
+
+echo "Installing cron job with expression: $CRON_EXPR"
+
+echo "$CRON_EXPR root $SCRIPT_PATH" > /etc/crontabs/root
+
+echo "Starting cron..."
+crond -f -L /dev/stdout
--- a/update-blocklist.sh
+++ b/update-blocklist.sh
@ -0,0 +1,47 @@
+#!/bin/bash
+
+set -e
+
+ADGUARD_YAML="/adguard/AdGuardHome.yaml"
+TMP_YAML="/tmp/AdGuardHome.yaml"
+MANUAL_IPS_FILE="/adguard/manually_blocked_ips.conf"
+CIDR_BASE_URL="https://raw.githubusercontent.com/vulnebify/cidre/main/output/cidr/ipv4"
+COUNTRIES=${BLOCK_COUNTRIES:-""}
+DOCKER_API_URL=${DOCKER_API_URL:-"http://docker-socket-proxy:2375"}
+
+if [ -z "$COUNTRIES" ]; then
+  echo "No countries specified in BLOCK_COUNTRIES."
+  exit 1
+fi
+
+mkdir -p /tmp/cidr
+> /tmp/cidr/all.txt
+
+IFS=',' read -ra CODES <<< "$COUNTRIES"
+for CODE in "${CODES[@]}"; do
+  echo "Downloading CIDR list for $CODE..."
+  curl -sf "$CIDR_BASE_URL/${CODE^^}.txt" -o "/tmp/cidr/${CODE}.txt" || continue
+  cat "/tmp/cidr/${CODE}.txt" >> /tmp/cidr/all.txt
+done
+
+if [ -f "$MANUAL_IPS_FILE" ]; then
+  echo "Validating and adding manually blocked IPs from $MANUAL_IPS_FILE..."
+  grep -E '^([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?$' "$MANUAL_IPS_FILE" >> /tmp/cidr/all.txt
+fi
+
+IPS_FORMATTED=$(sed 's/^/    - /' /tmp/cidr/all.txt)
+
+awk -v ips="$IPS_FORMATTED" '
+BEGIN { inside=0 }
+/^  disallowed_clients:/ { print; inside=1; next }
+/^  [^ ]/ && inside==1 { print ips; inside=0 }
+{ if (!inside) print }
+END { if (inside==1) print ips }
+' "$ADGUARD_YAML" > "$TMP_YAML"
+
+mv "$TMP_YAML" "$ADGUARD_YAML"
+
+echo "Restarting adguard-home container..."
+curl -s -X POST "$DOCKER_API_URL/containers/adguard-home/restart" -o /dev/null
+
+echo "Done."