alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

Compare commits

base: alexlebens:8259cce87e92194df8865c56ecee42c3d9168890
Branches Tags
alexlebens:main alexlebens:renovate/postgres-cluster-6.x alexlebens:renovate/actions-checkout-5.x alexlebens:renovate/ghcr.io-moghtech-komodo-core-1.x alexlebens:renovate/ghcr.io-immich-app-immich-server-1.x alexlebens:renovate/ghcr.io-immich-app-immich-machine-learning-1.x alexlebens:renovate/roundcube-roundcubemail-1.x
...
compare: alexlebens:0ddcaf221b83ef93a58406713c45e99baf79a958
Branches Tags
alexlebens:renovate/postgres-cluster-6.x alexlebens:renovate/actions-checkout-5.x alexlebens:renovate/ghcr.io-moghtech-komodo-core-1.x alexlebens:renovate/ghcr.io-immich-app-immich-server-1.x alexlebens:renovate/ghcr.io-immich-app-immich-machine-learning-1.x alexlebens:main alexlebens:renovate/roundcube-roundcubemail-1.x

4 Commits
8259cce87e ... 0ddcaf221b

Author SHA1 Message Date
Alex Lebens
0ddcaf221b remove unused services 2025-01-11 01:10:04 -06:00
Alex Lebens
5177f8270d add blocky 2025-01-11 01:10:04 -06:00
Alex Lebens
9ad6964215 specify the subnet 2025-01-11 01:10:04 -06:00
Alex Lebens
8ba0f41e04 add zone file 2025-01-11 01:10:04 -06:00
13 changed files with 460 additions and 97 deletions
Expand all files Collapse all files

68
clusters/cl01tl/services/blocky/values.yaml
View File

@@ -37,6 +37,74 @@ blocky:
connectIPVersion: v4
customDNS:
zone: |
$ORIGIN alexlebens.net.
$TTL 86400
@ IN SOA patryk.ns.cloudflare.com. alexanderlebens.gmail.com. (
2025011001 ; serial
3H ; refresh after 3 hours
1H ; retry after 1 hour
1W ; expire after 1 week
1D) ; minimum TTL of 1 day
;; Name Server
IN NS patryk.ns.cloudflare.com.
IN NS veda.ns.cloudflare.com.
IN NS dns1.alexlebens.net.
IN NS dns2.alexlebens.net.
dns1 IN A 192.168.1.134
dns2 IN A 192.168.1.15
;; Computer Names
nw01un IN A 192.168.1.1
ps08rp IN A 192.168.1.134
ps09rp IN A 192.168.1.15
ps02sn IN A 192.168.1.55 ; Synology Web
ps02sn-bond IN A 192.168.1.194 ; Synology Bond for Storage
pd05wd IN A 192.168.1.115 ; Desktop
pl02mc IN A 192.168.1.116 ; Laptop
dv01hr IN A 192.168.1.213 ; HD Homerun
dv02kv IN A 192.168.1.57 ; Pi KVM
it01ag IN A 192.168.1.100 ; Airgradient
it02ph IN A 192.168.1.145 ; Phillips Hue
it03tb IN A 192.168.1.193 ; TubesZB ZigBee
it04tb IN A 192.168.1.135 ; TubesZB Z-Wave
;; Common Names
synology IN CNAME ps02sn.alexlebens.net
synologybond IN CNAME ps02sn-bond.alexlebens.net
unifi IN CNAME nw01un.alexlebens.net
airgradient IN CNAME it01ag.alexlebens.net
hdhr IN CNAME dv01hr.alexlebens.net
pikvm IN CNAME dv02kv.alexlebens.net
;; Service Names
cl01tl IN A 192.168.1.35
cl01tl IN A 192.168.1.36
cl01tl IN A 192.168.1.37
cl01tl-endpoint IN A 192.168.1.15
cl01tl-endpoint IN A 192.168.1.16
cl01tl-endpoint IN A 192.168.1.17
traefik-cl01tl IN A 192.168.1.16
blocky IN A 192.168.1.15
;; Application Names
argocd IN CNAME cl01tl-endpoint.alexlebens.net
authentik IN CNAME cl01tl-endpoint.alexlebens.net
gitea IN CNAME cl01tl-endpoint.alexlebens.net
vault IN CNAME cl01tl-endpoint.alexlebens.net
blocking:
denylists:
sus:

37
hosts/ps08rp/blocky/compose.yaml Normal file
View File

@@ -0,0 +1,37 @@
---
version: "3.7"
services:
tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.78.3
container_name: tailscale-blocky
hostname: blocky-ps08rp
cap_add:
- net_admin
- sys_module
environment:
- TS_STATE_DIR=/var/lib/tailscale
restart: always
volumes:
- tailscale:/var/lib/tailscale
devices:
- /dev/net/tun:/dev/net/tun
blocky:
image: ghcr.io/0xerr0r/blocky:v0.24
container_name: blocky
environment:
- TZ=America/Chicago
network_mode: service:tailscale-blocky
ports:
- 53:53/tcp
- 53:53/udp
- 4000:4000/tcp
restart: always
volumes:
- ./config.yml:/app/config.yml
devices:
- /etc/localtime:/etc/localtime:ro
volumes:
tailscale:

155
hosts/ps08rp/blocky/config.yml Normal file
View File

@@ -0,0 +1,155 @@
upstreams:
init:
strategy: fast
groups:
default:
- tcp-tls:1.1.1.1:853
- tcp-tls:1.0.0.1:853
strategy: parallel_best
timeout: 2s
connectIPVersion: v4
customDNS:
zone: |
$ORIGIN alexlebens.net.
$TTL 86400
@ IN SOA patryk.ns.cloudflare.com. alexanderlebens.gmail.com. (
2025011001 ; serial
3H ; refresh after 3 hours
1H ; retry after 1 hour
1W ; expire after 1 week
1D) ; minimum TTL of 1 day
;; Name Server
IN NS patryk.ns.cloudflare.com.
IN NS veda.ns.cloudflare.com.
IN NS dns1.alexlebens.net.
IN NS dns2.alexlebens.net.
dns1 IN A 192.168.1.134
dns2 IN A 192.168.1.15
;; Computer Names
nw01un IN A 192.168.1.1
ps08rp IN A 192.168.1.134
ps09rp IN A 192.168.1.15
ps02sn IN A 192.168.1.55 ; Synology Web
ps02sn-bond IN A 192.168.1.194 ; Synology Bond for Storage
pd05wd IN A 192.168.1.115 ; Desktop
pl02mc IN A 192.168.1.116 ; Laptop
dv01hr IN A 192.168.1.213 ; HD Homerun
dv02kv IN A 192.168.1.57 ; Pi KVM
it01ag IN A 192.168.1.100 ; Airgradient
it02ph IN A 192.168.1.145 ; Phillips Hue
it03tb IN A 192.168.1.193 ; TubesZB ZigBee
it04tb IN A 192.168.1.135 ; TubesZB Z-Wave
;; Common Names
synology IN CNAME ps02sn.alexlebens.net
synologybond IN CNAME ps02sn-bond.alexlebens.net
unifi IN CNAME nw01un.alexlebens.net
airgradient IN CNAME it01ag.alexlebens.net
hdhr IN CNAME dv01hr.alexlebens.net
pikvm IN CNAME dv02kv.alexlebens.net
;; Service Names
cl01tl IN A 192.168.1.35
cl01tl IN A 192.168.1.36
cl01tl IN A 192.168.1.37
cl01tl-endpoint IN A 192.168.1.15
cl01tl-endpoint IN A 192.168.1.16
cl01tl-endpoint IN A 192.168.1.17
traefik-cl01tl IN A 192.168.1.16
blocky IN A 192.168.1.15
;; Application Names
argocd IN CNAME cl01tl-endpoint.alexlebens.net
authentik IN CNAME cl01tl-endpoint.alexlebens.net
gitea IN CNAME cl01tl-endpoint.alexlebens.net
vault IN CNAME cl01tl-endpoint.alexlebens.net
blocking:
denylists:
sus:
- https://v.firebog.net/hosts/static/w3kbl.txt
ads:
- https://v.firebog.net/hosts/AdguardDNS.txt
- https://v.firebog.net/hosts/Admiral.txt
- https://v.firebog.net/hosts/Easylist.txt
- https://adaway.org/hosts.txt
priv:
- https://v.firebog.net/hosts/Easyprivacy.txt
- https://v.firebog.net/hosts/Prigent-Ads.txt
mal:
- https://v.firebog.net/hosts/Prigent-Crypto.txt
- https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
pro:
- https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt
allowlists:
radarr:
- |
*.video
clientGroupsBlock:
default:
- sus
- ads
- priv
- mal
- pro
- radarr
blockType: zeroIp
blockTTL: 1m
loading:
refreshPeriod: 24h
downloads:
timeout: 60s
attempts: 5
cooldown: 10s
concurrency: 16
strategy: fast
maxErrorsPerSource: 5
caching:
minTime: 5m
maxTime: 30m
maxItemsCount: 0
prefetching: true
prefetchExpires: 2h
prefetchThreshold: 5
prefetchMaxItemsCount: 0
cacheTimeNegative: 30m
prometheus:
enable: true
path: /metrics
queryLog:
type: console
logRetentionDays: 7
creationAttempts: 1
creationCooldown: 2s
flushInterval: 30s
minTlsServeVersion: 1.3
ports:
dns: 53
http: 4000
log:
level: info
format: text
timestamp: true
privacy: false

1
hosts/ps08rp/traefik/.env
View File

@@ -1 +0,0 @@
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

4
hosts/ps08rp/traefik/compose.yaml
View File

@@ -63,6 +63,10 @@ services:
networks:
internal:
name: internal
driver: bridge
ipam:
config:
- subnet: 172.18.0.0/16
volumes:
letsencrypt:

37
hosts/ps09rp/blocky/compose.yaml Normal file
View File

@@ -0,0 +1,37 @@
---
version: "3.7"
services:
tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.78.3
container_name: tailscale-blocky
hostname: blocky-ps09rp
cap_add:
- net_admin
- sys_module
environment:
- TS_STATE_DIR=/var/lib/tailscale
restart: always
volumes:
- tailscale:/var/lib/tailscale
devices:
- /dev/net/tun:/dev/net/tun
blocky:
image: ghcr.io/0xerr0r/blocky:v0.24
container_name: blocky
environment:
- TZ=America/Chicago
network_mode: service:tailscale-blocky
ports:
- 53:53/tcp
- 53:53/udp
- 4000:4000/tcp
restart: always
volumes:
- ./config.yml:/app/config.yml
devices:
- /etc/localtime:/etc/localtime:ro
volumes:
tailscale:

155
hosts/ps09rp/blocky/config.yml Normal file
View File

@@ -0,0 +1,155 @@
upstreams:
init:
strategy: fast
groups:
default:
- tcp-tls:1.1.1.1:853
- tcp-tls:1.0.0.1:853
strategy: parallel_best
timeout: 2s
connectIPVersion: v4
customDNS:
zone: |
$ORIGIN alexlebens.net.
$TTL 86400
@ IN SOA patryk.ns.cloudflare.com. alexanderlebens.gmail.com. (
2025011001 ; serial
3H ; refresh after 3 hours
1H ; retry after 1 hour
1W ; expire after 1 week
1D) ; minimum TTL of 1 day
;; Name Server
IN NS patryk.ns.cloudflare.com.
IN NS veda.ns.cloudflare.com.
IN NS dns1.alexlebens.net.
IN NS dns2.alexlebens.net.
dns1 IN A 192.168.1.134
dns2 IN A 192.168.1.15
;; Computer Names
nw01un IN A 192.168.1.1
ps08rp IN A 192.168.1.134
ps09rp IN A 192.168.1.15
ps02sn IN A 192.168.1.55 ; Synology Web
ps02sn-bond IN A 192.168.1.194 ; Synology Bond for Storage
pd05wd IN A 192.168.1.115 ; Desktop
pl02mc IN A 192.168.1.116 ; Laptop
dv01hr IN A 192.168.1.213 ; HD Homerun
dv02kv IN A 192.168.1.57 ; Pi KVM
it01ag IN A 192.168.1.100 ; Airgradient
it02ph IN A 192.168.1.145 ; Phillips Hue
it03tb IN A 192.168.1.193 ; TubesZB ZigBee
it04tb IN A 192.168.1.135 ; TubesZB Z-Wave
;; Common Names
synology IN CNAME ps02sn.alexlebens.net
synologybond IN CNAME ps02sn-bond.alexlebens.net
unifi IN CNAME nw01un.alexlebens.net
airgradient IN CNAME it01ag.alexlebens.net
hdhr IN CNAME dv01hr.alexlebens.net
pikvm IN CNAME dv02kv.alexlebens.net
;; Service Names
cl01tl IN A 192.168.1.35
cl01tl IN A 192.168.1.36
cl01tl IN A 192.168.1.37
cl01tl-endpoint IN A 192.168.1.15
cl01tl-endpoint IN A 192.168.1.16
cl01tl-endpoint IN A 192.168.1.17
traefik-cl01tl IN A 192.168.1.16
blocky IN A 192.168.1.15
;; Application Names
argocd IN CNAME cl01tl-endpoint.alexlebens.net
authentik IN CNAME cl01tl-endpoint.alexlebens.net
gitea IN CNAME cl01tl-endpoint.alexlebens.net
vault IN CNAME cl01tl-endpoint.alexlebens.net
blocking:
denylists:
sus:
- https://v.firebog.net/hosts/static/w3kbl.txt
ads:
- https://v.firebog.net/hosts/AdguardDNS.txt
- https://v.firebog.net/hosts/Admiral.txt
- https://v.firebog.net/hosts/Easylist.txt
- https://adaway.org/hosts.txt
priv:
- https://v.firebog.net/hosts/Easyprivacy.txt
- https://v.firebog.net/hosts/Prigent-Ads.txt
mal:
- https://v.firebog.net/hosts/Prigent-Crypto.txt
- https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
pro:
- https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt
allowlists:
radarr:
- |
*.video
clientGroupsBlock:
default:
- sus
- ads
- priv
- mal
- pro
- radarr
blockType: zeroIp
blockTTL: 1m
loading:
refreshPeriod: 24h
downloads:
timeout: 60s
attempts: 5
cooldown: 10s
concurrency: 16
strategy: fast
maxErrorsPerSource: 5
caching:
minTime: 5m
maxTime: 30m
maxItemsCount: 0
prefetching: true
prefetchExpires: 2h
prefetchThreshold: 5
prefetchMaxItemsCount: 0
cacheTimeNegative: 30m
prometheus:
enable: true
path: /metrics
queryLog:
type: console
logRetentionDays: 7
creationAttempts: 1
creationCooldown: 2s
flushInterval: 30s
minTlsServeVersion: 1.3
ports:
dns: 53
http: 4000
log:
level: info
format: text
timestamp: true
privacy: false

1
hosts/ps09rp/traefik/.env
View File

@@ -1 +0,0 @@
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

4
hosts/ps09rp/traefik/compose.yaml
View File

@@ -63,6 +63,10 @@ services:
networks:
internal:
name: internal
driver: bridge
ipam:
config:
- subnet: 172.18.0.0/16
volumes:
letsencrypt:

5
hosts/ps10rp/pihole/.env
View File

@@ -1,5 +0,0 @@
TZ=US/Central
WEBPASSWORD=""
RATE_LIMIT=0/0
FTLCONF_MAXDBDAYS=14
WEB_PORT=8080

6
hosts/ps10rp/pihole/.exporter.env
View File

@@ -1,6 +0,0 @@
PIHOLE_HOSTNAME=pihole
PIHOLE_API_TOKEN=""
PIHOLE_PROTOCOL=http
PIHOLE_PORT=8080
INTERVAL=90s
PORT=9617

70
hosts/ps10rp/pihole/docker-compose.yml
View File

@@ -1,70 +0,0 @@
services:
pihole:
container_name: pihole
dns:
- 127.0.0.1
- 1.1.1.1
env_file:
- .env
image: docker.io/pihole/pihole:latest
labels:
traefik.docker.network: traefik
traefik.enable: true
traefik.http.routers.pihole.entrypoints: websecure
traefik.http.routers.pihole.rule: Host(`pihole.lebens-home.net`)
traefik.http.routers.pihole.service: pihole
traefik.http.services.pihole.loadbalancer.server.port: 8080
networks:
traefik:
ipv4_address: 172.19.0.3
ports:
- 53:53/tcp
- 53:53/udp
- 8080:8080
privileged: true
restart: always
volumes:
- config:/etc/pihole
- dnsmasq:/etc/dnsmasq.d
- logs:/var/log
pihole_exporter:
container_name: pihole-exporter
depends_on:
- pihole
dns:
- 127.0.0.1
- 1.1.1.1
env_file:
- .exporter.env
image: docker.io/ekofr/pihole-exporter:latest
networks:
traefik: null
restart: always
networks:
traefik:
name: traefik
external: true
volumes:
config:
driver: local
driver_opts:
type: none
o: bind
device: /mnt/data/containers/pihole/config
dnsmasq:
driver: local
driver_opts:
type: none
o: bind
device: /mnt/data/containers/pihole/dnsmasq
logs:
driver: local
driver_opts:
type: none
o: bind
device: /mnt/data/containers/pihole/logs

14
hosts/ps10rp/portainer-agent/docker-compose.yml
View File

@@ -1,14 +0,0 @@
services:
portainer:
container_name: portainer-agent
dns:
- 172.19.0.3
- 1.1.1.1
image: docker.io/portainer/agent:latest
ports:
- 9001:9001
privileged: true
restart: always
volumes:
- /var/lib/docker/volumes:/var/lib/docker/volumes
- /var/run/docker.sock:/var/run/docker.sock