A Linux-based distraction blocking system that uses multiple enforcement mechanisms to help you stay focused.
I needed an application that would block distracting sites and apps, but existing solutions didn't work for me:
- Plucky wasn't transparent about its strategies and didn't support Firefox
- Accountable2You couldn't get it working on Linux
Given the control that Linux offers for root, it's hard to make something that really blocks everything. However, it is possible to make it very tedious to break out. That's what this application does.
I've often found that there are liminal moments where I make the wrong decision in a fog of distraction. Having someone, or if not possible, something that makes it hard to make the wrong decision, lets me get back to work.
That's what Glocker tries to do.
# Build all binaries
make build-all
# Install as systemd service (requires sudo)
sudo ./glocker -install
# Check status
glocker -status
# Uninstall
sudo glocker -uninstall "reason for uninstalling"Glocker uses 9 independent monitoring systems that work together:
- Hosts File Blocking - Redirects blocked domains to
127.0.0.1 - Firewall Blocking - Network-level blocking via iptables (optional)
- Web Tracking - Intercepts HTTP/HTTPS requests, records violations
- Browser Extension - Monitors page content for forbidden keywords
- Forbidden Programs - Kills specified programs during time windows
- Violation Tracking - Triggers actions when threshold exceeded (e.g., screen lock)
- Sudoers Control - Restricts
sudoaccess during blocking periods - Tamper Detection - Self-healing when critical files are modified
- Panic Mode - Emergency system suspension with re-suspend on early wake
Each system can be independently enabled/disabled and configured with time windows for fine-grained control.
- Installation & Usage Guide - Commands, utilities, development setup
- Configuration Guide - All YAML configuration options
- Architecture - System design, monitoring systems, technical details
- Time-Based Blocking - Block sites only during work hours
- Temporary Unblocking - Unblock domains for short periods with logged reasons
- Program Extensions - Mark a forbidden program
extendible: trueto allowglocker -extendto grant a one-hour reprieve for legitimate edge cases (e.g. an unplanned evening business call); capped at one grant per rolling 24 hours, persisted across daemon restarts, logged and emailed - Allow Windows for Programs - In addition to
kill_windows, programs can be configured withallow_windows(killed outside the listed times) for inverse semantics - Accountability - Email notifications to partner on violations, unblocks, and extension grants
- DNS Cache Flushing - Configured browsers (
kill_on_block) are killed right afterglocker -blockapplies, forcing a fresh lookup so a newly blocked domain isn't still reachable from a browser's internal DNS cache - Lifecycle Logging - Install and uninstall events are recorded with a required reason and optional note; valid reasons are gated by config
- Content Monitoring - Firefox extension watches for keywords on any page
- Screen Locker - Time-based or text-based mindful unlocking
- Log Analysis - Visual summaries of violations and patterns with
glockpeek - Panic Mode - Nuclear option: suspend system and re-suspend on early wake
- glocker - Main daemon and CLI
- glocklock - X11 screen locker with time/text-based modes
- glockpeek - Log analysis tool with visual summaries
domains:
# Always blocked (permanent - default)
- {name: "reddit.com"}
# Always blocked, but can be temporarily unblocked
- {name: "youtube.com", unblockable: true}
# Time-based blocking - only blocked during the listed windows
- name: "twitter.com"
block_windows:
- start: "09:00"
end: "17:00"
days: ["Mon", "Tue", "Wed", "Thu", "Fri"]
# Kill programs during the listed windows
forbidden_programs:
programs:
# Killed during the window (use kill_windows for "blocked during these hours")
- name: "chromium"
kill_windows:
- start: "20:00"
end: "05:00"
days: ["Mon", "Tue", "Wed", "Thu", "Fri"]
# Allowed only during the window (use allow_windows for "permitted during these hours")
- name: "steam"
allow_windows:
- start: "19:00"
end: "22:00"
days: ["Fri", "Sat"]
# Extendible: `glocker -extend firefox "client call"` grants one hour,
# max once per rolling 24 hours.
- name: "firefox"
extendible: true
kill_windows:
- start: "22:00"
end: "05:00"
days: ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]
# Browsers cache DNS internally, so a domain freshly added via `glocker -block`
# stays reachable until they restart. Kill them on every -block to force a
# fresh lookup against the updated /etc/hosts. Ignores time windows and is not
# counted as a violation.
kill_on_block:
- firefox
- chromium
- brave
# Lifecycle accountability: -uninstall must cite one of these reasons
lifecycle:
log_file: "/var/log/glocker-lifecycle.log"
reasons: ["maintenance", "hardware", "testing"]
# Lock screen after 5 violations in 60 minutes
violation_tracking:
enabled: true
max_violations: 5
time_window_minutes: 60
command: "glocklock -duration 5m"Domain Blocking Behavior:
- No time windows → Always blocked (permanent by default)
- Time windows specified → Only blocked during those time windows
unblockable: true→ Domain can be temporarily unblocked (otherwise permanent)
See sample config and configuration guide for all options.
# Inspection
glocker -status # Runtime state: blocked count, temp unblocks,
# active program extensions, recent violations,
# panic mode
glocker -info # Static configuration: domains, programs,
# time windows, keywords
# Domain management
glocker -unblock "youtube.com,reddit.com:work research"
glocker -block "facebook.com,instagram.com" # persisted to config; also kills
# kill_on_block browsers to flush DNS
glocker -add-keyword "gambling,casino,poker"
# Forbidden-program management
glocker -block-app "steam,chromium" # kill these on sight, 24/7
glocker -extend "firefox:client call with X" # one hour, max once per 24h
# (program must be extendible: true)
# Control
glocker -reload # Reload config
glocker -lock # Lock sudo immediately
glocker -panic 30 # Suspend for 30 minutes
# Uninstall with accountability
sudo glocker -uninstall "maintenance" -note "kernel upgrade"
# Analysis
glockpeek # Show violation/unblock summaries
glockpeek -detail 2024-06-15 # Detail view for a date (also accepts
# "last week", "last month", etc.)
glockpeek -from 2024-06 -to 2024-07 # Range view across monthsglockpeek reads Glocker's log files — violations (/var/log/glocker-reports.log), unblocks (/var/log/glocker-unblocks.log), and lifecycle events (/var/log/glocker-lifecycle.log) — and renders colored, terminal-friendly summaries so you can see your patterns at a glance. It is read-only and needs no daemon or root.
Summary view (default) — aggregate statistics across all logs:
glockpeek # Violations summary: totals, by type (URL vs content
# keyword), time-of-day periods, top keywords, top
# domains, day-of-week distribution
glockpeek -unblocks # Unblocks summary: totals, time of day, top domains,
# reasons cited, day of weekBars are colored relative to the average (red = above average, green = below) so outliers stand out.
Date-range filtering — scope any summary to a period. Accepts YYYY, YYYY-MM, or YYYY-MM-DD:
glockpeek -from 2024 # Everything from 2024 onward
glockpeek -from 2024-01 -to 2024-06 # First half of 2024
glockpeek -unblocks -from 2024-06 # Unblocks since June 2024Detailed timelines — -detail picks the right granularity (day / week / month / year) from the input and accepts both exact dates and natural-language expressions:
glockpeek -detail yesterday # Hour-by-hour breakdown for a single day
glockpeek -detail 'last week' # Day-by-day, Monday–Sunday
glockpeek -detail 2024-06 # Day-by-day calendar for a month
glockpeek -detail 'last month' # Same, for the previous month
glockpeek -detail 2024 # Month-by-month rollup for a year
glockpeek -detail 'last year' # Same, for the previous yearDetail views fold in the lifecycle log: any period during which Glocker was uninstalled (longer than 2 minutes — quick upgrades are ignored) is marked UNMANAGED in red, annotated with the reason and note from the uninstall, and counted separately from clean and violating periods. This makes gaps in coverage visible rather than silently absent. Hours/days with more than 2 violations are flagged as egregious (inverse video) to distinguish deliberate attempts from accidental hits.
Glocker is a Go application that runs as a systemd service with setuid root privileges:
- Daemon: Runs enforcement loop every 60s, manages protections
- CLI: Communicates with daemon via Unix socket (
/tmp/glocker.sock) - Browser Extension: Firefox extension in
extensions/firefox/ - Config: YAML configuration in
/etc/glocker/config.yaml(sample)
See architecture documentation for detailed design.
glocker/
├── cmd/ # Binaries
│ ├── glocker/ # Main daemon
│ ├── glocklock/ # Screen locker
│ └── glockpeek/ # Log analyzer
├── internal/ # Application packages
│ ├── cli/ # Command processors
│ ├── config/ # Configuration loading
│ ├── enforcement/ # Core blocking logic
│ ├── monitoring/ # Background monitors
│ ├── web/ # HTTP server for extension
│ └── ...
├── extensions/firefox/ # Browser extension
├── conf/conf.yaml # Sample config (~60MB)
├── extras/glocker.service # Systemd service
└── docs/ # Documentation
See CLAUDE.md for complete file map and developer guide.
- Domain Blocklist Updater - Automated domain list updates from curated sources
- Android Port Architecture - Design docs for Android version
- Linux with systemd
- Go 1.21+ (for building)
- iptables (optional, for firewall blocking)
- Firefox (for browser extension)
- Root access (for installation)
See LICENSE file for details.
This is a personal tool that solves my specific problem. If it helps you too, great! Feel free to fork and adapt to your needs.