From 5177f8270d4f813f494f14a2189539b9023d3afb Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sat, 11 Jan 2025 01:09:39 -0600 Subject: [PATCH] add blocky --- hosts/ps08rp/blocky/compose.yaml | 37 ++++++++ hosts/ps08rp/blocky/config.yml | 155 +++++++++++++++++++++++++++++++ hosts/ps09rp/blocky/compose.yaml | 37 ++++++++ hosts/ps09rp/blocky/config.yml | 155 +++++++++++++++++++++++++++++++ 4 files changed, 384 insertions(+) create mode 100644 hosts/ps08rp/blocky/compose.yaml create mode 100644 hosts/ps08rp/blocky/config.yml create mode 100644 hosts/ps09rp/blocky/compose.yaml create mode 100644 hosts/ps09rp/blocky/config.yml diff --git a/hosts/ps08rp/blocky/compose.yaml b/hosts/ps08rp/blocky/compose.yaml new file mode 100644 index 000000000..ac5f2b3ce --- /dev/null +++ b/hosts/ps08rp/blocky/compose.yaml @@ -0,0 +1,37 @@ +--- +version: "3.7" + +services: + tailscale-blocky: + image: ghcr.io/tailscale/tailscale:v1.78.3 + container_name: tailscale-blocky + hostname: blocky-ps08rp + cap_add: + - net_admin + - sys_module + environment: + - TS_STATE_DIR=/var/lib/tailscale + restart: always + volumes: + - tailscale:/var/lib/tailscale + devices: + - /dev/net/tun:/dev/net/tun + + blocky: + image: ghcr.io/0xerr0r/blocky:v0.24 + container_name: blocky + environment: + - TZ=America/Chicago + network_mode: service:tailscale-blocky + ports: + - 53:53/tcp + - 53:53/udp + - 4000:4000/tcp + restart: always + volumes: + - ./config.yml:/app/config.yml + devices: + - /etc/localtime:/etc/localtime:ro + +volumes: + tailscale: diff --git a/hosts/ps08rp/blocky/config.yml b/hosts/ps08rp/blocky/config.yml new file mode 100644 index 000000000..242d0d874 --- /dev/null +++ b/hosts/ps08rp/blocky/config.yml @@ -0,0 +1,155 @@ +upstreams: + init: + strategy: fast + groups: + default: + - tcp-tls:1.1.1.1:853 + - tcp-tls:1.0.0.1:853 + strategy: parallel_best + timeout: 2s + +connectIPVersion: v4 + +customDNS: + zone: | + $ORIGIN alexlebens.net. + $TTL 86400 + @ IN SOA patryk.ns.cloudflare.com. alexanderlebens.gmail.com. ( + 2025011001 ; serial + 3H ; refresh after 3 hours + 1H ; retry after 1 hour + 1W ; expire after 1 week + 1D) ; minimum TTL of 1 day + + ;; Name Server + IN NS patryk.ns.cloudflare.com. + IN NS veda.ns.cloudflare.com. + IN NS dns1.alexlebens.net. + IN NS dns2.alexlebens.net. + + dns1 IN A 192.168.1.134 + dns2 IN A 192.168.1.15 + + + ;; Computer Names + nw01un IN A 192.168.1.1 + + ps08rp IN A 192.168.1.134 + ps09rp IN A 192.168.1.15 + ps02sn IN A 192.168.1.55 ; Synology Web + ps02sn-bond IN A 192.168.1.194 ; Synology Bond for Storage + + pd05wd IN A 192.168.1.115 ; Desktop + pl02mc IN A 192.168.1.116 ; Laptop + + dv01hr IN A 192.168.1.213 ; HD Homerun + dv02kv IN A 192.168.1.57 ; Pi KVM + + it01ag IN A 192.168.1.100 ; Airgradient + it02ph IN A 192.168.1.145 ; Phillips Hue + it03tb IN A 192.168.1.193 ; TubesZB ZigBee + it04tb IN A 192.168.1.135 ; TubesZB Z-Wave + + ;; Common Names + synology IN CNAME ps02sn.alexlebens.net + synologybond IN CNAME ps02sn-bond.alexlebens.net + unifi IN CNAME nw01un.alexlebens.net + airgradient IN CNAME it01ag.alexlebens.net + hdhr IN CNAME dv01hr.alexlebens.net + pikvm IN CNAME dv02kv.alexlebens.net + + + ;; Service Names + cl01tl IN A 192.168.1.35 + cl01tl IN A 192.168.1.36 + cl01tl IN A 192.168.1.37 + + cl01tl-endpoint IN A 192.168.1.15 + cl01tl-endpoint IN A 192.168.1.16 + cl01tl-endpoint IN A 192.168.1.17 + + traefik-cl01tl IN A 192.168.1.16 + blocky IN A 192.168.1.15 + + + ;; Application Names + argocd IN CNAME cl01tl-endpoint.alexlebens.net + authentik IN CNAME cl01tl-endpoint.alexlebens.net + gitea IN CNAME cl01tl-endpoint.alexlebens.net + vault IN CNAME cl01tl-endpoint.alexlebens.net + + + +blocking: + denylists: + sus: + - https://v.firebog.net/hosts/static/w3kbl.txt + ads: + - https://v.firebog.net/hosts/AdguardDNS.txt + - https://v.firebog.net/hosts/Admiral.txt + - https://v.firebog.net/hosts/Easylist.txt + - https://adaway.org/hosts.txt + priv: + - https://v.firebog.net/hosts/Easyprivacy.txt + - https://v.firebog.net/hosts/Prigent-Ads.txt + mal: + - https://v.firebog.net/hosts/Prigent-Crypto.txt + - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt + pro: + - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt + allowlists: + radarr: + - | + *.video + clientGroupsBlock: + default: + - sus + - ads + - priv + - mal + - pro + - radarr + blockType: zeroIp + blockTTL: 1m + loading: + refreshPeriod: 24h + downloads: + timeout: 60s + attempts: 5 + cooldown: 10s + concurrency: 16 + strategy: fast + maxErrorsPerSource: 5 + +caching: + minTime: 5m + maxTime: 30m + maxItemsCount: 0 + prefetching: true + prefetchExpires: 2h + prefetchThreshold: 5 + prefetchMaxItemsCount: 0 + cacheTimeNegative: 30m + +prometheus: + enable: true + path: /metrics + +queryLog: + type: console + logRetentionDays: 7 + creationAttempts: 1 + creationCooldown: 2s + flushInterval: 30s + +minTlsServeVersion: 1.3 + +ports: + dns: 53 + http: 4000 + +log: + level: info + format: text + timestamp: true + privacy: false diff --git a/hosts/ps09rp/blocky/compose.yaml b/hosts/ps09rp/blocky/compose.yaml new file mode 100644 index 000000000..3c96ec9a1 --- /dev/null +++ b/hosts/ps09rp/blocky/compose.yaml @@ -0,0 +1,37 @@ +--- +version: "3.7" + +services: + tailscale-blocky: + image: ghcr.io/tailscale/tailscale:v1.78.3 + container_name: tailscale-blocky + hostname: blocky-ps09rp + cap_add: + - net_admin + - sys_module + environment: + - TS_STATE_DIR=/var/lib/tailscale + restart: always + volumes: + - tailscale:/var/lib/tailscale + devices: + - /dev/net/tun:/dev/net/tun + + blocky: + image: ghcr.io/0xerr0r/blocky:v0.24 + container_name: blocky + environment: + - TZ=America/Chicago + network_mode: service:tailscale-blocky + ports: + - 53:53/tcp + - 53:53/udp + - 4000:4000/tcp + restart: always + volumes: + - ./config.yml:/app/config.yml + devices: + - /etc/localtime:/etc/localtime:ro + +volumes: + tailscale: diff --git a/hosts/ps09rp/blocky/config.yml b/hosts/ps09rp/blocky/config.yml new file mode 100644 index 000000000..242d0d874 --- /dev/null +++ b/hosts/ps09rp/blocky/config.yml @@ -0,0 +1,155 @@ +upstreams: + init: + strategy: fast + groups: + default: + - tcp-tls:1.1.1.1:853 + - tcp-tls:1.0.0.1:853 + strategy: parallel_best + timeout: 2s + +connectIPVersion: v4 + +customDNS: + zone: | + $ORIGIN alexlebens.net. + $TTL 86400 + @ IN SOA patryk.ns.cloudflare.com. alexanderlebens.gmail.com. ( + 2025011001 ; serial + 3H ; refresh after 3 hours + 1H ; retry after 1 hour + 1W ; expire after 1 week + 1D) ; minimum TTL of 1 day + + ;; Name Server + IN NS patryk.ns.cloudflare.com. + IN NS veda.ns.cloudflare.com. + IN NS dns1.alexlebens.net. + IN NS dns2.alexlebens.net. + + dns1 IN A 192.168.1.134 + dns2 IN A 192.168.1.15 + + + ;; Computer Names + nw01un IN A 192.168.1.1 + + ps08rp IN A 192.168.1.134 + ps09rp IN A 192.168.1.15 + ps02sn IN A 192.168.1.55 ; Synology Web + ps02sn-bond IN A 192.168.1.194 ; Synology Bond for Storage + + pd05wd IN A 192.168.1.115 ; Desktop + pl02mc IN A 192.168.1.116 ; Laptop + + dv01hr IN A 192.168.1.213 ; HD Homerun + dv02kv IN A 192.168.1.57 ; Pi KVM + + it01ag IN A 192.168.1.100 ; Airgradient + it02ph IN A 192.168.1.145 ; Phillips Hue + it03tb IN A 192.168.1.193 ; TubesZB ZigBee + it04tb IN A 192.168.1.135 ; TubesZB Z-Wave + + ;; Common Names + synology IN CNAME ps02sn.alexlebens.net + synologybond IN CNAME ps02sn-bond.alexlebens.net + unifi IN CNAME nw01un.alexlebens.net + airgradient IN CNAME it01ag.alexlebens.net + hdhr IN CNAME dv01hr.alexlebens.net + pikvm IN CNAME dv02kv.alexlebens.net + + + ;; Service Names + cl01tl IN A 192.168.1.35 + cl01tl IN A 192.168.1.36 + cl01tl IN A 192.168.1.37 + + cl01tl-endpoint IN A 192.168.1.15 + cl01tl-endpoint IN A 192.168.1.16 + cl01tl-endpoint IN A 192.168.1.17 + + traefik-cl01tl IN A 192.168.1.16 + blocky IN A 192.168.1.15 + + + ;; Application Names + argocd IN CNAME cl01tl-endpoint.alexlebens.net + authentik IN CNAME cl01tl-endpoint.alexlebens.net + gitea IN CNAME cl01tl-endpoint.alexlebens.net + vault IN CNAME cl01tl-endpoint.alexlebens.net + + + +blocking: + denylists: + sus: + - https://v.firebog.net/hosts/static/w3kbl.txt + ads: + - https://v.firebog.net/hosts/AdguardDNS.txt + - https://v.firebog.net/hosts/Admiral.txt + - https://v.firebog.net/hosts/Easylist.txt + - https://adaway.org/hosts.txt + priv: + - https://v.firebog.net/hosts/Easyprivacy.txt + - https://v.firebog.net/hosts/Prigent-Ads.txt + mal: + - https://v.firebog.net/hosts/Prigent-Crypto.txt + - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt + pro: + - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt + allowlists: + radarr: + - | + *.video + clientGroupsBlock: + default: + - sus + - ads + - priv + - mal + - pro + - radarr + blockType: zeroIp + blockTTL: 1m + loading: + refreshPeriod: 24h + downloads: + timeout: 60s + attempts: 5 + cooldown: 10s + concurrency: 16 + strategy: fast + maxErrorsPerSource: 5 + +caching: + minTime: 5m + maxTime: 30m + maxItemsCount: 0 + prefetching: true + prefetchExpires: 2h + prefetchThreshold: 5 + prefetchMaxItemsCount: 0 + cacheTimeNegative: 30m + +prometheus: + enable: true + path: /metrics + +queryLog: + type: console + logRetentionDays: 7 + creationAttempts: 1 + creationCooldown: 2s + flushInterval: 30s + +minTlsServeVersion: 1.3 + +ports: + dns: 53 + http: 4000 + +log: + level: info + format: text + timestamp: true + privacy: false