About

blocks + cron configures blocks to run at regular intervals (once a day, at 12AM localtime) via cron(8). A dedicated user account (_blocks) isolates the execution of blocks from other user accounts.

Design

• /home/_blocks
  setup-blocks+cron creates a _blocks user, group and environment that's optimized for running blocks via cron(8). The /home/_blocks directory contains all data and code that is generated or executed via cron(8).

• /var/cron/tabs/_blocks
  setup-blocks+cron installs a crontab that executes /home/_blocks/.local/bin/blocks+cron everyday at 12AM localtime. See share/blocks+cron/crontab.

• doas.conf
  setup-blocks+cron updates doas.conf to be able to copy /usr/local/share/pf/blocklist into place and reload pf.conf(5) (both tasks are done as root). See doas.conf.

• /usr/local/share/pf/blocklist
  This file is the most recent copy of /home/_blocks/.local/share/blocks+cron/YYYYMMDD. It contains pf.conf(5) tables that can be used when crafting firewall rules in /etc/pf.conf.

Tree

$ tree -a /home/_blocks
.local
├── bin
│   └── blocks+cron
├── libexec
│   └── blocks+cron
│       ├── copy
│       └── reload
├── share
│   ├── blocks
│   │   └── .gitkeep
│   └── blocks+cron
│       └── .gitkeep
└── var
    └── log
        └── .gitkeep

Requirements

• blocks
• doas
• pfctl

Install

# Clone
git clone https://github.com/0x1eef/blocks.cron
cd blocks.cron

# Install
$ doas -u root make install
$ doas -u root setup-blocks+cron

Sources

• GitHub
• GitLab
• git.HardenedBSD.org

License

BSD Zero Clause
See LICENSE