hosts/web-2: Block Alibaba Cloud because of scraper bots

pkgs/generate-blocked-prefixes/default.nix

@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+
+pkgs.clerie-build-support.writePythonScript {
+  name = "generate-blocked-prefixes";
+  runtimePackages = ps: with ps; [ requests ];
+  text = builtins.readFile ./generate-blocked-prefixes.py;
+}

pkgs/generate-blocked-prefixes/generate-blocked-prefixes.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+
+import requests
+
+blocked_asns = [
+    "45102", # Alibaba (US) Technology Co., Ltd.
+]
+
+r = requests.get('https://bgp.tools/table.txt', stream=True, headers={
+    "User-Agent": "https://git.clerie.de/clerie/nixfiles",
+    })
+
+with open("hosts/web-2/blocked-prefixes.txt", "w") as blocked_ips_file:
+    for line in r.iter_lines(decode_unicode=True):
+        ip, asn = line.split()
+
+        if asn in blocked_asns:
+            if ":" in ip:
+                blocked_ips_file.write(f"ip6tables -I nixos-fw -s {ip} -j nixos-fw-refuse\n")
+            else:
+                blocked_ips_file.write(f"iptables -I nixos-fw -s {ip} -j nixos-fw-refuse\n")
+
+

pkgs/overlay.nix

@@ -13,6 +13,7 @@ final: prev: {
   chromium-incognito = final.callPackage ./chromium-incognito {};
   factorio-launcher = final.callPackage ./factorio-launcher {};
   feeds-dir = final.callPackage ./feeds-dir {};
+  generate-blocked-prefixes = final.callPackage ./generate-blocked-prefixes {};
   git-checkout-github-pr = final.callPackage ./git-checkout-github-pr {};
   git-diff-word = final.callPackage ./git-diff-word {};
   git-pp = final.callPackage ./git-pp {};