iamthefij/homelab-nomad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor blocky lists to a new nomad var space to make them easier to manage

Browse Source
This commit is contained in:
IamTheFij 2024-06-24 17:04:03 -07:00
parent 1f8014e740
commit 2235a00f3b
5 changed files with 89 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
core/blocky/blocky.nomad
View File

@ -124,8 +124,8 @@ job "blocky" {
template {
data = <<EOF
{{ if nomadVarExists "nomad/jobs/blocky" }}
{{ with nomadVar "nomad/jobs/blocky" -}}
{{ if nomadVarExists "blocky_lists/user" }}
{{ with nomadVar "blocky_lists/user" -}}
{{ .block_list.Value }}
{{- end }}
{{- end }}
@ -141,8 +141,8 @@ job "blocky" {
template {
data = <<EOF
{{ if nomadVarExists "nomad/jobs/blocky" }}
{{ with nomadVar "nomad/jobs/blocky" -}}
{{ if nomadVarExists "blocky_lists/user" }}
{{ with nomadVar "blocky_lists/user" -}}
{{ .allow_list.Value }}
{{- end }}
{{- end }}
@ -155,6 +155,40 @@ job "blocky" {
max = "20s"
}
}
template {
data = <<EOF
{{ if nomadVarExists "blocky_lists/terraform" }}
{{ with nomadVar "blocky_lists/terraform" -}}
{{ .smarttv_regex.Value }}
{{- end }}
{{- end }}
EOF
destination = "$${NOMAD_TASK_DIR}/smarttv-regex.txt"
change_mode = "noop"
wait {
min = "10s"
max = "20s"
}
}
template {
data = <<EOF
{{ if nomadVarExists "blocky_lists/terraform" }}
{{ with nomadVar "blocky_lists/terraform" -}}
{{ .wemo.Value }}
{{- end }}
{{- end }}
EOF
destination = "$${NOMAD_TASK_DIR}/wemo.txt"
change_mode = "noop"
wait {
min = "10s"
max = "20s"
}
}
}
task "stunnel" {

28
core/blocky/blocky.tf
View File

@ -66,3 +66,31 @@ EOH
task = "stunnel"
}
}
resource "nomad_variable" "blocky_lists_terraform" {
path = "blocky_lists/terraform"
items = {
smarttv_regex = file("${path.module}/list-smarttv-regex.txt")
wemo = file("${path.module}/list-wemo.txt")
}
}
resource "nomad_acl_policy" "blocky_lists" {
name = "blocky-lists"
description = "Give access Blocky lists"
rules_hcl = <<EOH
namespace "default" {
variables {
path "blocky_lists/*" {
capabilities = ["read"]
}
}
}
EOH
job_acl {
job_id = "blocky"
group = "blocky"
task = "blocky"
}
}

25
core/blocky/config.yml
View File

@ -77,30 +77,9 @@ blocking:
# - https://hosts-file.net/ad_servers.txt
smarttv:
- https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt
# - https://perflyst.github.io/PiHoleBlocklist/regex.list
- |
# Title: Perflyst's SmartTV Blocklist for Pi-hole - RegEx extension
# Version: 13July2023v1
# Samsung
/(^|\.)giraffic\.com$/
/(^|\.)internetat\.tv$/
/(^|\.)pavv\.co\.kr$/
# /(^|\.)samsungcloudcdn\.com$/ # prevents updates
# /(^|\.)samsungcloudsolution\.com$/ # prevents internet connection
/(^|\.)samsungcloudsolution\.net$/
/(^|\.)samsungelectronics\.com$/
# /(^|\.)samsungotn\.net$/ # prevents updates
/(^|\.)samsungrm\.net$/
- {{ env "NOMAD_TASK_DIR" }}/smartv-regex.txt
wemo:
- |
# Remote commands
api.xbcs.net
# Firmware updates
fw.xbcs.net
# TURN service
nat.wemo2.com
# Connectivity checks
heartbeat.xwemo.com
- {{ env "NOMAD_TASK_DIR" }}/wemo.txt
antisocial:
- |
facebook.com

13
core/blocky/list-smarttv-regex.txt Normal file
View File

@ -0,0 +1,13 @@
# From: https://perflyst.github.io/PiHoleBlocklist/regex.list
# Title: Perflyst's SmartTV Blocklist for Pi-hole - RegEx extension
# Version: 13July2023v1
# Samsung
/(^|\.)giraffic\.com$/
/(^|\.)internetat\.tv$/
/(^|\.)pavv\.co\.kr$/
/(^|\.)samsungcloudsolution\.net$/
/(^|\.)samsungelectronics\.com$/
/(^|\.)samsungrm\.net$/
# /(^|\.)samsungotn\.net$/ # prevents updates
# /(^|\.)samsungcloudcdn\.com$/ # prevents updates
# /(^|\.)samsungcloudsolution\.com$/ # prevents internet connection

8
core/blocky/list-wemo.txt Normal file
View File

@ -0,0 +1,8 @@
# Remote commands
api.xbcs.net
# Firmware updates
fw.xbcs.net
# TURN service
nat.wemo2.com
# Connectivity checks
heartbeat.xwemo.com