bitcoin: aws banscript service - citadel - My dotfiles, scripts and nix configs

commit d0aab213d67b7096097afedc99ec695548230d6a
parent 3de4849ae564877194dc239e84ed842cd1e773b0
Author: William Casarin <jb55@jb55.com>
Date:   Wed, 28 Oct 2020 15:11:15 -0700

bitcoin: aws banscript service

Signed-off-by: William Casarin <jb55@jb55.com>

Diffstat:
M nix-config/machines/monad/default.nix  | 15 +++++++++++++++

1 file changed, 15 insertions(+), 0 deletions(-)
diff --git a/nix-config/machines/monad/default.nix b/nix-config/machines/monad/default.nix
@@ -246,6 +246,21 @@ in
     requires = [ "pulseaudio.service" ];
   };
 
+  systemd.user.services.btc-ban-aws = {
+    enable   = if extra.is-minimal then false else true;
+    description = "Ban Bitcoin EC2 nodes";
+    wantedBy = [ "bitcoind-mainnet.service" ];
+    after    = [ "bitcoind-mainnet.service" ];
+    serviceConfig.ExecStart = util.writeBash "btc-ban-ec2" ''
+      # lets chill for a bit before we do this
+      ${pkgs.curl}/bin/curl -s 'https://ip-ranges.amazonaws.com/ip-ranges.json' |
+      ${pkgs.jq}/bin/jq -rc '.prefixes[].ip_prefix | {"jsonrpc": "1.0", "id":"aws-banscript", method: "setban", "params": [., "add", 3450]}' |
+      ${pkgs.jq}/bin/jq -s  |
+      ${pkgs.curl}/bin/curl -s -u ${extra.private.btc-user}:${extra.private.btc-pass} --data-binary @/dev/stdin -H 'content-type: text/plain' ${extra.private.btc-rpc-host}:${extra.private.btc-rpc-port}
+    '';
+    startAt = "*-*-* *:00:00"; #hourly
+  };
+
   environment.systemPackages = [ pkgs.virt-manager ];
 
   virtualisation.virtualbox.host.enable = false;#if extra.is-minimal then false else true;

	citadel My dotfiles, scripts and nix configs
	git clone git://jb55.com/citadel
	Log \| Files \| Refs \| README \| LICENSE