truenas · Keeqler · May 1, 2026 · May 1, 2026
diff --git a/ix-dev/community/monerod/app.yaml b/ix-dev/community/monerod/app.yaml
@@ -33,4 +33,4 @@ sources:
 - https://github.com/sethforprivacy/simple-monerod-docker
 title: Monero Node
 train: community
-version: 1.2.6
+version: 1.2.7
diff --git a/ix-dev/community/monerod/ix_values.yaml b/ix-dev/community/monerod/ix_values.yaml
@@ -2,12 +2,16 @@ images:
   image:
     repository: ghcr.io/sethforprivacy/simple-monerod
     tag: v0.18.4.6
+  alpine_image:
+    repository: alpine
+    tag: 3.23.4
   container_utils_image:
     repository: ixsystems/container-utils
     tag: 1.0.2
 
 consts:
   perms_container_name: permissions
+  banlist_setup_container_name: banlist-setup
   monerod_container_name: monerod
   run_as_user: 1000
   run_as_group: 1000
@@ -35,3 +39,4 @@ consts:
     - --pad-transactions
     - --p2p-bind-port
     - --p2p-bind-ip
+    - --ban-list
diff --git a/ix-dev/community/monerod/questions.yaml b/ix-dev/community/monerod/questions.yaml
@@ -52,6 +52,15 @@ questions:
           schema:
             type: boolean
             default: true
+        - variable: mrl_banlist_enabled
+          label: Enable MRL Banlist
+          description: |
+            Enables the Monero Research Lab ban list. It is fetched and verified each time the app is
+            started.</br>
+            See more: https://github.com/Boog900/monero-ban-list
+          schema:
+            type: boolean
+            default: true
         - variable: logging
           label: Enable logging
           description: |
@@ -692,6 +701,83 @@ questions:
                         type: hostpath
                         show_if: [["acl_enable", "=", false]]
                         required: true
+        - variable: banlist
+          label: MRL ban list storage
+          description: |
+            Location for the MRL ban list if enabled.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: "ix_volume"
+                  enum:
+                    - value: "host_path"
+                      description: Host Path (Path that already exists on the system)
+                    - value: "ix_volume"
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: ix_volume_config
+                label: ixVolume Configuration
+                description: The configuration for the ixVolume dataset.
+                schema:
+                  type: dict
+                  show_if: [["type", "=", "ix_volume"]]
+                  $ref:
+                    - "normalize/ix_volume"
+                  attrs:
+                    - variable: acl_enable
+                      label: Enable ACL
+                      description: Enable ACL for the storage.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: dataset_name
+                      label: Dataset Name
+                      description: The name of the dataset to use for storage.
+                      schema:
+                        type: string
+                        required: true
+                        hidden: true
+                        default: "bitmonero"
+                    - variable: acl_entries
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["acl_enable", "=", true]]
+                        attrs: []
+              - variable: host_path_config
+                label: Host Path Configuration
+                schema:
+                  type: dict
+                  show_if: [["type", "=", "host_path"]]
+                  attrs:
+                    - variable: acl_enable
+                      label: Enable ACL
+                      description: Enable ACL for the storage.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: acl
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["acl_enable", "=", true]]
+                        attrs: []
+                        $ref:
+                          - "normalize/acl"
+                    - variable: path
+                      label: Host Path
+                      description: The host path to use for storage.
+                      schema:
+                        type: hostpath
+                        show_if: [["acl_enable", "=", false]]
+                        required: true
         - variable: additional_storage
           label: Additional Storage
           schema:

diff --git a/ix-dev/community/monerod/templates/docker-compose.yaml b/ix-dev/community/monerod/templates/docker-compose.yaml
@@ -1,8 +1,19 @@
+{% from "macros/banlist-setup.sh" import banlist_setup as banlist_setup_script %}
 {% set tpl = ix_lib.base.render.Render(values) %}
 
 {% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
 {% set perm_config = {"uid": values.consts.run_as_user, "gid": values.consts.run_as_group, "mode": "check"} %}
 
+{% if values.monero.mrl_banlist_enabled %}
+  {% set banlist_setup = tpl.add_container(values.consts.banlist_setup_container_name, "alpine_image") %}
+  {% do banlist_setup.set_user(0, 0) %}
+  {% do banlist_setup.add_caps(["DAC_OVERRIDE"]) %}
+  {% do banlist_setup.setup_as_helper(disable_network=False) %}
+  {% do banlist_setup.configs.add("banlist_setup.sh", banlist_setup_script(values), "/banlist-setup.sh", "0755") %}
+  {% do banlist_setup.set_entrypoint(["/banlist-setup.sh"]) %}
+  {% do banlist_setup.add_storage("/banlist", values.storage.banlist) %}
+{% endif %}
+
 {% set monerod = tpl.add_container(values.consts.monerod_container_name, "image") %}
 {% do monerod.set_user(values.consts.run_as_user, values.consts.run_as_group) %}
 {% do monerod.healthcheck.set_test("netcat", {"port": values.network.monerod_restricted_rpc_port.port_number}) %}
@@ -99,15 +110,26 @@
   {% do commands.x.append("--no-zmq") %}
 {% endif %}
 
+{% if values.monero.mrl_banlist_enabled %}
+  {% do commands.x.append("--ban-list=/banlist/ban_list.txt") %}
+{% endif %}
+
 {% do monerod.set_command(commands.x) %}
 
 {% for store in values.storage.additional_storage %}
   {% do monerod.add_storage(store.mount_path, store) %}
   {% do perm_container.add_or_skip_action(store.mount_path, store, perm_config) %}
 {% endfor %}
 
+{% if values.monero.mrl_banlist_enabled %}
+  {% do monerod.add_storage("/banlist", values.storage.banlist) %}
+{% endif %}
+
 {% do monerod.add_storage("/home/monero/.bitmonero", values.storage.bitmonero) %}
 {% do perm_container.add_or_skip_action("bitmonero", values.storage.bitmonero, perm_config) %}
+{% if values.monero.mrl_banlist_enabled %}
+  {% do perm_container.add_or_skip_action("banlist", values.storage.banlist, perm_config) %}
+{% endif %}
 
 {% if not values.network.host_network %}
   {% do monerod.add_port(values.network.monerod_p2p_port) %}
@@ -122,6 +144,13 @@
 {% if perm_container.has_actions() %}
   {% do perm_container.activate() %}
   {% do monerod.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
+  {% if values.monero.mrl_banlist_enabled %}
+    {% do banlist_setup.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
+  {% endif %}
+{% endif %}
+
+{% if values.monero.mrl_banlist_enabled %}
+  {% do monerod.depends.add_dependency(values.consts.banlist_setup_container_name, "service_completed_successfully") %}
 {% endif %}
 
 {{ tpl.render() | tojson }}
diff --git a/ix-dev/community/monerod/templates/macros/banlist-setup.sh b/ix-dev/community/monerod/templates/macros/banlist-setup.sh
@@ -0,0 +1,21 @@
+{% macro banlist_setup(values) -%}
+#!/bin/sh
+
+set -eu
+
+apk add --no-cache curl git gnupg
+
+GPG_KEY_URL="https://github.com/Cuprate/cuprate/raw/7b8756fa80e386fb04173d8220c15c86bf9f9888/misc/gpg_keys/boog900.asc"
+REPO_URL="https://github.com/Boog900/monero-ban-list"
+REPO_DIR="/tmp/monero-ban-list"
+
+rm -rf "$REPO_DIR"
+git clone --depth 1 "$REPO_URL" "$REPO_DIR"
+cd "$REPO_DIR"
+
+curl -fsSL "$GPG_KEY_URL" | gpg --batch --import
+gpg --batch --verify ./sigs/boog900.sig ban_list.txt
+
+cp ban_list.txt /banlist/ban_list.txt
+chmod 644 /banlist/ban_list.txt
+{%- endmacro %}
diff --git a/ix-dev/community/monerod/templates/test_values/basic-values.yaml b/ix-dev/community/monerod/templates/test_values/basic-values.yaml
@@ -8,6 +8,7 @@ monero:
   pruned: true
   publicly_available: false
   dns_blocklist: true
+  mrl_banlist_enabled: true
   logging: true
   additional_flags: []
   ipv6_enabled: true
@@ -49,11 +50,17 @@ network:
 
 ix_volumes:
   bitmonero: /opt/tests/mnt/bitmonero
+  banlist: /opt/tests/mnt/banlist
 
 storage:
   bitmonero:
     type: ix_volume
     ix_volume_config:
       dataset_name: bitmonero
       create_host_path: true
+  banlist:
+    type: ix_volume
+    ix_volume_config:
+      dataset_name: banlist
+      create_host_path: true
   additional_storage: []