blocky: controllers: main: type: deployment replicas: 3 strategy: RollingUpdate revisionHistoryLimit: 3 containers: main: image: repository: spx01/blocky tag: v0.25@sha256:347f8c6addc1775ef74b83dfc609c28436a67f812ef0ee7e2602569dc0e56cd1 pullPolicy: IfNotPresent env: - name: TZ value: US/Central resources: requests: cpu: 10m memory: 128Mi serviceAccount: create: true configMaps: config: enabled: true data: config.yml: | upstreams: init: strategy: fast groups: default: - tcp-tls:1.1.1.1:853 - tcp-tls:1.0.0.1:853 strategy: parallel_best timeout: 2s connectIPVersion: v4 customDNS: filterUnmappedTypes: false zone: | $ORIGIN alexlebens.net. $TTL 86400 ;; Name Server IN NS patryk.ns.cloudflare.com. IN NS veda.ns.cloudflare.com. IN NS dns1. IN NS dns2. IN NS dns3. dns1 IN A 10.232.1.22 dns2 IN A 10.232.1.51 dns3 IN A 10.232.1.52 ;; Computer Names nw01un IN A 192.168.1.1 ; Unifi Gateway ps08rp IN A 10.232.1.51 ; DNS ps09rp IN A 10.232.1.52 ; DNS ps02sn IN A 10.232.1.61 ; Synology Web ps02sn-bond IN A 10.232.1.64 ; Synology Bond for Storage pd05wd IN A 10.230.0.115 ; Desktop pl02mc IN A 10.230.0.105 ; Laptop dv01hr IN A 10.232.1.72 ; HD Homerun dv02kv IN A 10.232.1.71 ; Pi KVM it01ag IN A 10.232.1.83 ; Airgradient it02ph IN A 10.232.1.85 ; Phillips Hue it03tb IN A 10.232.1.81 ; TubesZB ZigBee it04tb IN A 10.232.1.82 ; TubesZB Z-Wave ;; Common Names synology IN CNAME ps02sn synologybond IN CNAME ps02sn-bond unifi IN CNAME nw01un airgradient IN CNAME it01ag hdhr IN CNAME dv01hr pikvm IN CNAME dv02kv ;; Service Names cl01tl IN A 10.232.1.11 cl01tl IN A 10.232.1.12 cl01tl IN A 10.232.1.13 cl01tl-api IN A 10.232.1.11 cl01tl-api IN A 10.232.1.12 cl01tl-api IN A 10.232.1.13 cl01tl-endpoint IN A 10.232.1.21 cl01tl-endpoint IN A 10.232.1.22 cl01tl-endpoint IN A 10.232.1.23 traefik-cl01tl IN A 10.232.1.21 blocky IN A 10.232.1.22 plex IN A 10.232.1.23 ;; Application Names argocd IN CNAME cl01tl-endpoint authentik IN CNAME cl01tl-endpoint gitea IN CNAME cl01tl-endpoint harbor IN CNAME cl01tl-endpoint vault IN CNAME cl01tl-endpoint blocking: denylists: sus: - https://v.firebog.net/hosts/static/w3kbl.txt ads: - https://v.firebog.net/hosts/AdguardDNS.txt - https://v.firebog.net/hosts/Admiral.txt - https://v.firebog.net/hosts/Easylist.txt - https://adaway.org/hosts.txt priv: - https://v.firebog.net/hosts/Easyprivacy.txt - https://v.firebog.net/hosts/Prigent-Ads.txt mal: - https://v.firebog.net/hosts/Prigent-Crypto.txt - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt pro: - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt clientGroupsBlock: default: - sus - ads - priv - mal - pro blockType: zeroIp blockTTL: 1m loading: refreshPeriod: 24h downloads: timeout: 60s attempts: 5 cooldown: 10s concurrency: 16 strategy: fast maxErrorsPerSource: 5 caching: minTime: 5m maxTime: 30m maxItemsCount: 0 prefetching: true prefetchExpires: 2h prefetchThreshold: 5 prefetchMaxItemsCount: 0 cacheTimeNegative: 30m redis: address: blocky-valkey-headless.blocky:6379 required: true prometheus: enable: true path: /metrics queryLog: type: console logRetentionDays: 7 creationAttempts: 1 creationCooldown: 2s flushInterval: 30s minTlsServeVersion: 1.3 ports: dns: 53 http: 4000 log: level: info format: text timestamp: true privacy: false service: dns-external: controller: main type: LoadBalancer annotations: tailscale.com/expose: "true" ports: tcp: port: 53 targetPort: 53 protocol: TCP udp: port: 53 targetPort: 53 protocol: UDP metrics: controller: main ports: metrics: port: 4000 targetPort: 4000 protocol: TCP persistence: config: enabled: true type: configMap name: blocky-config advancedMounts: main: main: - path: /app/config.yml readOnly: true mountPropagation: None subPath: config.yml valkey: architecture: standalone auth: enabled: false usePasswordFiles: false primary: persistence: enabled: false replica: persistence: enabled: false