Add info and instructions on the MRL Ban List (#43)

README.md

@@ -8,7 +8,68 @@ My personal unprivileged Monero Docker image.
 
 [![Docker Image Size (latest by date)][docker-image-size-badge]][docker-image-link]
 
-Usage:
+## IP Ban List
+The Monero Research Lab (MRL) has identified a network of suspected spy nodes that may reduce transaction privacy on the Monero network.
+
+While this Docker image doesn't package the ban list directly, we provide instructions for implementing it with your node.
+
+### Background
+
+These spy nodes are believed to be operated by adversaries attempting to deanonymize Monero transactions by:
+
+* Proxying a few nodes through many IP addresses
+* Creating high subnet saturation in specific IP ranges
+* Potentially weakening Dandelion++ transaction privacy
+
+For more detailed information, please see monero-project/meta#1124.
+
+### Implementing the Ban List
+
+1. Download the ban list:
+```bash
+wget -O ./monero-data/ban_list.txt \
+  https://raw.githubusercontent.com/Boog900/monero-ban-list/refs/heads/main/ban_list.txt
+```
+
+2. Add the ban list to your node configuration using any of these methods:
+
+#### Docker Compose
+
+```yaml
+services:
+  monerod:
+    container_name: monerod
+    image: ghcr.io/rblaine95/monero
+    restart: unless-stopped
+    network_mode: host
+    volumes:
+      - ./monero-data:/opt/bitmonero
+    command:
+      - --ban-list=/opt/bitmonero/ban_list.txt
+```
+
+#### Docker CLI
+
+```bash
+docker run \
+  -dit \
+  --restart=always \
+  --net=host \
+  --name=monerod \
+  -v /path/to/bitmonero:/opt/bitmonero \
+  -v /path/to/ban_list.txt:/ban_list.txt \
+  ghcr.io/rblaine95/monero \
+    --ban-list=/ban_list.txt
+```
+
+### Important notes
+
+* Using the ban list is optional but recommended by MRL
+* The ban list is maintained at [Boog900/monero-ban-list](https://github.com/Boog900/monero-ban-list)
+* You may want to periodically update your ban list to include newly identified spy nodes
+* The effectiveness of the ban list depends on widespread adoption by node operators
+
+## Usage:
 ```sh
 docker run \
   -dit \
@@ -44,21 +105,21 @@ docker run -d --name monerod \
     --tx-proxy=tor,127.0.0.1:9050,16
 ```
 
-### Where can I download this image?
+## Where can I download this image?
 
 I'm using Github Actions to build and publish this image to:
 
 * [ghcr.io/rblaine95/monero](https://ghcr.io/rblaine95/monero)
 * [docker.io/rblaine/monero](https://hub.docker.com/r/rblaine/monero)
 
-### I want to buy you a coffee
+## I want to buy you a coffee
 
 This is just a hobby project for me, if you really want to buy me a coffee, thank you :)
 
 Monero: `83TeC9hCsZjjUcvNVH6VD64FySQ2uTbgw6ETfzNJa51sJaM6XL4NParSNsKqEQN4znfpbtVj84smigtLBtT1AW6BTVQVQGh`
 ![XMR Address](https://api.qrserver.com/v1/create-qr-code/?data=83TeC9hCsZjjUcvNVH6VD64FySQ2uTbgw6ETfzNJa51sJaM6XL4NParSNsKqEQN4znfpbtVj84smigtLBtT1AW6BTVQVQGh&size=150x150 "83TeC9hCsZjjUcvNVH6VD64FySQ2uTbgw6ETfzNJa51sJaM6XL4NParSNsKqEQN4znfpbtVj84smigtLBtT1AW6BTVQVQGh")
 
-### I don't have Monero
+## I don't have Monero
 
 You should definitly get some.
 

docker-compose.yml

@@ -15,13 +15,39 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
 
+  prep-ban-list:
+    container_name: prep-ban-list
+    image: alpine
+    volumes:
+      - ./monero-data:/data
+    command:
+      - sh
+      - -c
+      - |
+        apk add --no-cache git wget gnupg
+        cd /tmp
+        git clone https://github.com/Boog900/monero-ban-list
+        cd monero-ban-list
+        wget https://raw.githubusercontent.com/Cuprate/cuprate/7b8756fa80e386fb04173d8220c15c86bf9f9888/misc/gpg_keys/boog900.asc
+        wget -O rucknium.asc https://rucknium.me/pgp.txt || wget -O rucknium.asc https://gist.githubusercontent.com/Rucknium/262526e37732241bb0e676c670b8c60d/raw
+        wget https://raw.githubusercontent.com/monero-project/monero/004ead1a14d60ff757880c5b16b894b526427829/utils/gpg_keys/jeffro256.asc
+        gpg --import boog900.asc
+        gpg --import rucknium.asc
+        gpg --import jeffro256.asc
+        gpg --verify --status-fd 1 --verify ./sigs/boog900.sig ban_list.txt 2>/dev/null
+        gpg --verify --status-fd 1 --verify ./sigs/Rucknium.sig ban_list.txt 2>/dev/null
+        gpg --verify --status-fd 1 --verify ./sigs/jeffro256.sig ban_list.txt 2>/dev/null
+        cp ban_list.txt /data/ban_list.txt
+
   monerod:
     container_name: monerod
     image: ghcr.io/rblaine95/monero:0.18.3.4-2
     restart: unless-stopped
     network_mode: host
     volumes:
       - ./monero-data:/opt/bitmonero
+    depends_on:
+      - prep-ban-list
     command:
       # https://getmonero.dev/interacting/monerod
       - --non-interactive
@@ -36,6 +62,7 @@ services:
       - --pad-transactions
       - --proxy=127.0.0.1:9050
       - --tx-proxy=tor,127.0.0.1:9050,16
+      - --ban-list=/opt/bitmonero/ban_list.txt
       - --add-priority-node=xwvz3ekocr3dkyxfkmgm2hvbpzx2ysqmaxgter7znnqrhoicygkfswid.onion:18083
       - --add-priority-node=4pixvbejrvihnkxmduo2agsnmc3rrulrqc7s3cbwwrep6h6hrzsibeqd.onion:18083
       - --add-priority-node=zbjkbsxc5munw3qusl7j2hpcmikhqocdf4pqhnhtpzw5nt5jrmofptid.onion:18083