From 2c34ddf3424ce4fe29d4018fd3589b641828d549 Mon Sep 17 00:00:00 2001 From: blindfish Date: Fri, 15 Aug 2025 18:52:09 +0200 Subject: [PATCH 01/11] fix: Timeout while waiting for blocky to get ready with many/long block lists Added up to 5 retries to blocky readiness check --- tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/main.yml b/tasks/main.yml index 4657ef6..49f4fe1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -118,4 +118,5 @@ port: "{{ (blocky__ports_dns | string | ansible.builtin.split(':') | last) if ':' in blocky__ports_dns | string else blocky__ports_dns }}" delay: 5 timeout: 30 + retries: 5 when: blocky__readiness_check_enabled From daae234dfcb1d13145dc1626261829f08de565cc Mon Sep 17 00:00:00 2001 From: blindfish Date: Fri, 15 Aug 2025 20:49:16 +0200 Subject: [PATCH 02/11] fix: Empty bootstrapDns entry is not a valid configuration Only add bootstrapDns block to config file if at least one bootstrapDns entry is supplied --- templates/config_base.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/config_base.j2 b/templates/config_base.j2 index fc0c4dc..ca5609e 100644 --- a/templates/config_base.j2 +++ b/templates/config_base.j2 @@ -71,8 +71,10 @@ customDNS: {% endblock %} {% block bootstrap_dns -%} +{% if blocky__bootstrap_dns | length > 0 %} bootstrapDns: {{ blocky__bootstrap_dns | to_nice_yaml(indent=2) | trim | indent(2) }} +{% endif %} {% endblock %} {% block conditional -%} From ae036950eaff5603e5ab1f74d84da834443a7251 Mon Sep 17 00:00:00 2001 From: blindfish Date: Fri, 15 Aug 2025 20:49:50 +0200 Subject: [PATCH 03/11] chore: CI Workflow: Extended blocky version list with v0.25 and v0.26 --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e3777a..b8b543e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,6 +46,8 @@ jobs: # Temporarily disabled due to "sudo: A password is required" error, see https://github.com/geerlingguy/docker-rockylinux9-ansible/issues/6 #- rockylinux9 blocky_version: + - v0.26 + - v0.25 - v0.24 - v0.23 - v0.22 From 2dcdf1c522caed6d63c37a7ba80ea4277aa27448 Mon Sep 17 00:00:00 2001 From: blindfish Date: Sat, 16 Aug 2025 19:39:44 +0200 Subject: [PATCH 04/11] feat: Added support for inline block/allow list definitions It is not possible to define inline domain names, wildcard names or regular expressions for blocklists/allowlists --- defaults/main.yml | 15 +++++++++-- molecule/default/converge.yml | 6 +++++ tasks/main.yml | 50 +++++++++++++++++++++++++++++++++++ 3 files changed, 69 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index cbdafa4..855f69b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -30,8 +30,19 @@ blocky__blocking_blacklists: blocky__blocking_whitelists: ads: - https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt -# - | -# www.googleadservices.com + +# List groups of literal domains, domain wildcards or regular expressions +# May use the same group names as blocky__blocking_blacklists, these lists will be merged in the +# final configuration. +blocky__blocking_inline_blacklists: {} + # ads: + # - www.googleadservices.com + # - /^banners?[_.-]/ + +blocky__blocking_inline_whitelists: {} + # ads: + # - *.example.com + blocky__ports_dns: 53 blocky__ports_http: 4000 diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 8ba2907..e0a4ca8 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -6,6 +6,12 @@ blocky__hosts_dns_enabled: true blocky__hosts_dns_host_ip_var: "ansible_host" blocky__hosts_dns_domain: ".local.example.com" + blocky__blocking_inline_blacklists: + ads: + - www.example.com + blocky__blocking_inline_whitelists: + ads: + - www.example.org blocky__blocking_blacklists: {} blocky__ports_dns: 127.0.0.1:5353 blocky__cert_file: "/etc/cert/blocky_cert.pem" diff --git a/tasks/main.yml b/tasks/main.yml index 49f4fe1..9130164 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -85,6 +85,56 @@ that: blocky__config_template is defined fail_msg: "No config template found for requested blocky version {{ blocky__version }}! That version might not be supported by this role!" +- name: "Inline blocklists: Create dict with inline blocklist goups" + ansible.builtin.set_fact: + __blocky__blocking_inline_blocklist_files: "{{ __blocky__blocking_inline_blocklist_files | default({}) | + ansible.builtin.combine({item.key: [blocky__install_path + '/blocklist_' + item.key + '.txt']}) }}" + with_items: "{{ blocky__blocking_inline_blacklists | dict2items }}" + +- name: "Inline blocklists: Store inline blocklists as file" + ansible.builtin.copy: + dest: "{{ item.value | first }}" + content: "{{ blocky__blocking_inline_blacklists[item.key] | join('\n') }}" + owner: root + group: root + mode: '0640' + when: + - blocky__blocking_inline_blacklists[item.key] is defined + - blocky__blocking_inline_blacklists[item.key] | length > 0 + with_items: "{{ __blocky__blocking_inline_blocklist_files | default({}) | dict2items }}" + +- name: "Inline blocklists: Merge explicitly configured and inline blocklist groups" + ansible.builtin.set_fact: + blocky__blocking_blacklists: "{{ blocky__blocking_blacklists | ansible.builtin.combine(__blocky__blocking_inline_blocklist_files, + list_merge='append', recursive=true) }}" + when: + - __blocky__blocking_inline_blocklist_files | length > 0 + +- name: "Inline allowlists: Create dict with inline allowlist goups" + ansible.builtin.set_fact: + __blocky__blocking_inline_allowlist_files: "{{ __blocky__blocking_inline_allowlist_files | default({}) | + ansible.builtin.combine({item.key: [blocky__install_path + '/allowlist_' + item.key + '.txt']}) }}" + with_items: "{{ blocky__blocking_inline_whitelists | dict2items }}" + +- name: "Inline allowlists: Store inline allowlists as file" + ansible.builtin.copy: + dest: "{{ item.value | first }}" + content: "{{ blocky__blocking_inline_whitelists[item.key] | join('\n') }}" + owner: root + group: root + mode: '0640' + when: + - blocky__blocking_inline_whitelists[item.key] is defined + - blocky__blocking_inline_whitelists[item.key] | length > 0 + with_items: "{{ __blocky__blocking_inline_allowlist_files | default({}) | dict2items }}" + +- name: "Inline allowlists: Merge explicitly configured and inline allowlist groups" + ansible.builtin.set_fact: + blocky__blocking_whitelists: "{{ blocky__blocking_whitelists | ansible.builtin.combine(__blocky__blocking_inline_allowlist_files, + list_merge='append', recursive=true) }}" + when: + - __blocky__blocking_inline_allowlist_files | length > 0 + - name: Configure blocky ansible.builtin.template: src: "{{ blocky__config_template }}" From c0de16e84bfd2cb70d46d5fe76022d4c6c7c193a Mon Sep 17 00:00:00 2001 From: blindfish Date: Sat, 16 Aug 2025 19:44:01 +0200 Subject: [PATCH 05/11] chore: Satisfy ansible-lint --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 855f69b..0e51e3e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -42,7 +42,7 @@ blocky__blocking_inline_blacklists: {} blocky__blocking_inline_whitelists: {} # ads: # - *.example.com - + blocky__ports_dns: 53 blocky__ports_http: 4000 From 1570dccb5f214fa6ec78902e9889298c0d3579b2 Mon Sep 17 00:00:00 2001 From: blindfish Date: Sat, 16 Aug 2025 19:54:35 +0200 Subject: [PATCH 06/11] chore: Wrapped regex/wildcard examples in quotes for proper yaml syntax --- defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 0e51e3e..fff9441 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -37,11 +37,11 @@ blocky__blocking_whitelists: blocky__blocking_inline_blacklists: {} # ads: # - www.googleadservices.com - # - /^banners?[_.-]/ + # - "/^banners?[_.-]/" blocky__blocking_inline_whitelists: {} # ads: - # - *.example.com + # - "*.example.com" blocky__ports_dns: 53 From 0d02e25fa25c2a42566c9a23ce58f54a4d237a1b Mon Sep 17 00:00:00 2001 From: blindfish Date: Sat, 16 Aug 2025 20:27:51 +0200 Subject: [PATCH 07/11] fix: Store inline block/allowlist files for blocky user/group --- tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 9130164..93b744f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -95,8 +95,8 @@ ansible.builtin.copy: dest: "{{ item.value | first }}" content: "{{ blocky__blocking_inline_blacklists[item.key] | join('\n') }}" - owner: root - group: root + owner: blocky + group: blocky mode: '0640' when: - blocky__blocking_inline_blacklists[item.key] is defined @@ -120,8 +120,8 @@ ansible.builtin.copy: dest: "{{ item.value | first }}" content: "{{ blocky__blocking_inline_whitelists[item.key] | join('\n') }}" - owner: root - group: root + owner: blocky + group: blocky mode: '0640' when: - blocky__blocking_inline_whitelists[item.key] is defined From 8314948a1e60e1c40e87c1d13f906a6462076d34 Mon Sep 17 00:00:00 2001 From: blindfish Date: Wed, 20 Aug 2025 19:04:59 +0200 Subject: [PATCH 08/11] feat: Added support for configuring caching behavior --- defaults/main.yml | 18 +++++++++++++++++- molecule/default/converge.yml | 2 ++ templates/config.yaml.from_0.24.j2 | 1 - templates/config.yaml.from_0.24_to_0.25.j2 | 13 +++++++++++++ templates/config.yaml.from_0.26.j2 | 1 + templates/config_base.j2 | 15 ++++++++++++--- vars/main.yml | 3 ++- 7 files changed, 47 insertions(+), 6 deletions(-) delete mode 100644 templates/config.yaml.from_0.24.j2 create mode 100644 templates/config.yaml.from_0.24_to_0.25.j2 create mode 100644 templates/config.yaml.from_0.26.j2 diff --git a/defaults/main.yml b/defaults/main.yml index fff9441..c1ae9ef 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -blocky__version: v0.24 +blocky__version: v0.26.2 blocky__arch: "{{ ansible_machine }}" blocky__system: "{{ ansible_system }}" blocky__base_url: https://github.com/0xERR0R/blocky/releases/download @@ -87,3 +87,19 @@ blocky__min_tls_version: "" blocky__redis: {} blocky__bootstrap_dns: {} + + +# Cachine configuration +# Refer to https://0xerr0r.github.io/blocky/latest/configuration/#caching +blocky__caching_min_time: 5m +blocky__caching_max_time: 60m +blocky__caching_max_items_count: 0 +blocky__caching_prefetching: true +blocky__caching_prefetch_expires: 2h +blocky__caching_prefetch_threshold: 5 +blocky__caching_prefetch_max_items_count: 0 +blocky__caching_cache_time_negative: 30m +blocky__caching_exclude: [] + # - /.*\\.lan$/ + # - /.*\\.local$/ + # - /.*\\.host\.com\.(jp|fr)$/ diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index e0a4ca8..8010870 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -13,6 +13,8 @@ ads: - www.example.org blocky__blocking_blacklists: {} + blocky__caching_exclude: + - "/.*\\.lan$/" blocky__ports_dns: 127.0.0.1:5353 blocky__cert_file: "/etc/cert/blocky_cert.pem" blocky__key_file: "/etc/cert/blocky_key.key" diff --git a/templates/config.yaml.from_0.24.j2 b/templates/config.yaml.from_0.24.j2 deleted file mode 100644 index d857f5f..0000000 --- a/templates/config.yaml.from_0.24.j2 +++ /dev/null @@ -1 +0,0 @@ -{% extends "config_base.j2" -%} diff --git a/templates/config.yaml.from_0.24_to_0.25.j2 b/templates/config.yaml.from_0.24_to_0.25.j2 new file mode 100644 index 0000000..d4a2547 --- /dev/null +++ b/templates/config.yaml.from_0.24_to_0.25.j2 @@ -0,0 +1,13 @@ +{% extends "config_base.j2" -%} + +{% block caching -%} +caching: + minTime: {{ blocky__caching_min_time }} + maxTime: {{ blocky__caching_max_time }} + maxItemsCount: {{ blocky__caching_max_items_count }} + prefetching: {{ blocky__caching_prefetching }} + prefetchExpires: {{ blocky__caching_prefetch_expires }} + prefetchThreshold: {{ blocky__caching_prefetch_threshold }} + prefetchMaxItemsCount: {{ blocky__caching_prefetch_max_items_count }} + cacheTimeNegative: {{ blocky__caching_cache_time_negative }} +{% endblock %} \ No newline at end of file diff --git a/templates/config.yaml.from_0.26.j2 b/templates/config.yaml.from_0.26.j2 new file mode 100644 index 0000000..99955f2 --- /dev/null +++ b/templates/config.yaml.from_0.26.j2 @@ -0,0 +1 @@ +{% extends "config_base.j2" -%} \ No newline at end of file diff --git a/templates/config_base.j2 b/templates/config_base.j2 index ca5609e..f20e55c 100644 --- a/templates/config_base.j2 +++ b/templates/config_base.j2 @@ -44,9 +44,18 @@ log: {% block caching -%} caching: - minTime: 5m - maxTime: 60m - prefetching: true + minTime: {{ blocky__caching_min_time }} + maxTime: {{ blocky__caching_max_time }} + maxItemsCount: {{ blocky__caching_max_items_count }} + prefetching: {{ blocky__caching_prefetching }} + prefetchExpires: {{ blocky__caching_prefetch_expires }} + prefetchThreshold: {{ blocky__caching_prefetch_threshold }} + prefetchMaxItemsCount: {{ blocky__caching_prefetch_max_items_count }} + cacheTimeNegative: {{ blocky__caching_cache_time_negative }} +{% if blocky__caching_exclude | length > 0 %} + exclude: + {{ blocky__caching_exclude | to_nice_yaml(indent=2) | trim | indent(4) }} +{% endif %} {% endblock %} {% block custom_dns -%} diff --git a/vars/main.yml b/vars/main.yml index e2e742b..de79e45 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -5,5 +5,6 @@ blocky__base: "blocky-{{ blocky__version }}" # Must be maintained as blocky evolves. min_version and max_version may be defined for the same template. blocky__config_template_versions: [ {'max_version': '0.23', 'template': 'config.yaml.up_to_0.23.j2'}, - {'min_version': '0.24', 'template': 'config.yaml.from_0.24.j2'}, + {'min_version': '0.24', 'max_version': '0.25', 'template': 'config.yaml.0.24_to_0.25.j2'}, + {'min_version': '0.26', 'template': 'config.yaml.from_0.26.j2'}, ] From 64e18e329d1cadbb9a43059d7510739e43217cb7 Mon Sep 17 00:00:00 2001 From: blindfish Date: Wed, 20 Aug 2025 19:09:41 +0200 Subject: [PATCH 09/11] fix: Fixed template mapping for blocky v0.24 to v0.25 --- ...nfig.yaml.from_0.24_to_0.25.j2 => config.yaml.0.24_to_0.25.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename templates/{config.yaml.from_0.24_to_0.25.j2 => config.yaml.0.24_to_0.25.j2} (100%) diff --git a/templates/config.yaml.from_0.24_to_0.25.j2 b/templates/config.yaml.0.24_to_0.25.j2 similarity index 100% rename from templates/config.yaml.from_0.24_to_0.25.j2 rename to templates/config.yaml.0.24_to_0.25.j2 From f3f0af0f023cbaa265f89a7bb6a0c79ebe6e3faf Mon Sep 17 00:00:00 2001 From: blindfish Date: Wed, 20 Aug 2025 19:18:51 +0200 Subject: [PATCH 10/11] fix: Fixed template for blocky up to v0.23 --- templates/config.yaml.up_to_0.23.j2 | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/templates/config.yaml.up_to_0.23.j2 b/templates/config.yaml.up_to_0.23.j2 index 56f6521..79e11ab 100644 --- a/templates/config.yaml.up_to_0.23.j2 +++ b/templates/config.yaml.up_to_0.23.j2 @@ -13,3 +13,15 @@ blocking: whiteLists: {{ blocky__blocking_whitelists | to_nice_yaml(indent=2) | trim | indent(4) }} {% endblock%} + +{% block caching -%} +caching: + minTime: {{ blocky__caching_min_time }} + maxTime: {{ blocky__caching_max_time }} + maxItemsCount: {{ blocky__caching_max_items_count }} + prefetching: {{ blocky__caching_prefetching }} + prefetchExpires: {{ blocky__caching_prefetch_expires }} + prefetchThreshold: {{ blocky__caching_prefetch_threshold }} + prefetchMaxItemsCount: {{ blocky__caching_prefetch_max_items_count }} + cacheTimeNegative: {{ blocky__caching_cache_time_negative }} +{% endblock %} From 84fcfde760d27915bd58dd771d4164dfca6b8b3d Mon Sep 17 00:00:00 2001 From: blindfish Date: Wed, 20 Aug 2025 19:33:15 +0200 Subject: [PATCH 11/11] fix: Fixed typo in default variable comments --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index c1ae9ef..a710b18 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -89,7 +89,7 @@ blocky__redis: {} blocky__bootstrap_dns: {} -# Cachine configuration +# Caching configuration # Refer to https://0xerr0r.github.io/blocky/latest/configuration/#caching blocky__caching_min_time: 5m blocky__caching_max_time: 60m