add config + utilities + instructions for `nginx`-level domain blocks

1 files changed, 37 insertions, 0 deletions

diff --git a/dist/nginx-blocklist-cron.sh b/dist/nginx-blocklist-cron.sh
new file mode 100755
index 000000000..b37963670
--- /dev/null
+++ b/dist/nginx-blocklist-cron.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# to use this you need to set JANITOR_BLOCKLIST_OUTPUT in your .env.production
+# ex:
+#   JANITOR_BLOCKLIST_OUTPUT='/var/lib/mastodon/conf/blocklist.txt'
+# remember to adjust these paths to match your setup!
+
+# path to nginx conf file to store generated map
+export NGINX_BLOCKED_DOMAINS_CONF="/etc/nginx/conf.d/blocked-domains.conf"
+
+# path to blocklist generated by JanitorWorker
+export BLOCKED_DOMAINS_FILE="/var/lib/mastodon/conf/blocklist.txt"
+
+# path to nginx-blocklist-generator.sh script
+NGINX_BLOCKLIST_GENERATOR_BIN='/usr/local/bin/nginx-blocklist-generator.sh'
+
+if ! [ $(id -u) = 0 ]; then
+  echo 'This utility requires root privileges.' >&2
+  exit 1
+fi
+
+if [ ! -f "$NGINX_BLOCKLIST_GENERATOR_BIN" ]; then
+  echo "Blocklist generator script not found at '$NGINX_BLOCKLIST_GENERATOR_BIN'." >&2
+  echo 'Check $NGINX_BLOCKLIST_GENERATOR_BIN variable.' >&2
+  exit 1
+fi
+
+if sh "$NGINX_BLOCKLIST_GENERATOR_BIN"; then
+  if which service >/dev/null 2>&1; then
+    service nginx reload
+  elif which systemctl >/dev/null 2>&1; then
+    systemctl reload nginx
+  else
+    echo 'This tool only supports reloading nginx with initscripts or systemd.' >&2
+    echo 'Reload nginx for the new blocklist to take effect.' >&2
+  fi
+fi