--- # Source: blocky/charts/blocky/templates/common.yaml --- apiVersion: v1 kind: ConfigMap metadata: name: blocky labels: app.kubernetes.io/instance: blocky app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: blocky helm.sh/chart: blocky-4.4.0 namespace: blocky data: config.yml: | upstreams: init: strategy: fast groups: default: - tcp-tls:1.1.1.1:853 - tcp-tls:1.0.0.1:853 strategy: parallel_best timeout: 2s connectIPVersion: v4 customDNS: filterUnmappedTypes: false zone: | $ORIGIN alexlebens.net. $TTL 86400 ;; Name Server IN NS patryk.ns.cloudflare.com. IN NS veda.ns.cloudflare.com. IN NS dns1. IN NS dns2. IN NS dns3. dns1 IN A 10.232.1.22 dns2 IN A 10.232.1.51 dns3 IN A 10.232.1.52 ;; Computer Names nw01un IN A 192.168.1.1 ; Unifi Gateway ps08rp IN A 10.232.1.51 ; DNS ps09rp IN A 10.232.1.52 ; DNS ps02sn IN A 10.232.1.61 ; Synology Web ps02sn-bond IN A 10.232.1.64 ; Synology Bond for Storage pd05wd IN A 10.230.0.115 ; Desktop pl02mc IN A 10.230.0.105 ; Laptop dv01hr IN A 10.232.1.72 ; HD Homerun dv02kv IN A 10.232.1.71 ; Pi KVM it01ag IN A 10.232.1.83 ; Airgradient it02ph IN A 10.232.1.85 ; Phillips Hue it03tb IN A 10.232.1.81 ; TubesZB ZigBee it04tb IN A 10.232.1.82 ; TubesZB Z-Wave it05sp IN A 10.230.0.100 ; Shelly Plug ;; Common Names synology IN CNAME ps02sn synologybond IN CNAME ps02sn-bond unifi IN CNAME nw01un airgradient IN CNAME it01ag hdhr IN CNAME dv01hr pikvm IN CNAME dv02kv ;; Service Names cl01tl IN A 10.232.1.11 cl01tl IN A 10.232.1.12 cl01tl IN A 10.232.1.13 cl01tl-api IN A 10.232.1.11 cl01tl-api IN A 10.232.1.12 cl01tl-api IN A 10.232.1.13 cl01tl-endpoint IN A 10.232.1.21 cl01tl-endpoint IN A 10.232.1.22 cl01tl-endpoint IN A 10.232.1.23 cl01tl-gateway IN A 10.232.1.200 traefik-cl01tl IN A 10.232.1.21 blocky IN A 10.232.1.22 plex-lb IN A 10.232.1.23 ;; Application Names actual IN CNAME traefik-cl01tl alertmanager IN CNAME traefik-cl01tl argo-workflows IN CNAME traefik-cl01tl argocd IN CNAME traefik-cl01tl audiobookshelf IN CNAME traefik-cl01tl authentik IN CNAME traefik-cl01tl backrest IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl booklore IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl code-server IN CNAME traefik-cl01tl ephemera IN CNAME traefik-cl01tl garage-s3 IN CNAME traefik-cl01tl garage-webui IN CNAME traefik-cl01tl gatus IN CNAME traefik-cl01tl gitea IN CNAME traefik-cl01tl grafana IN CNAME traefik-cl01tl harbor IN CNAME traefik-cl01tl headlamp IN CNAME traefik-cl01tl home IN CNAME traefik-cl01tl home-assistant IN CNAME traefik-cl01tl home-assistant-code-server IN CNAME traefik-cl01tl hubble IN CNAME cl01tl-gateway huntarr IN CNAME traefik-cl01tl immich IN CNAME traefik-cl01tl jellyfin IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl kronic IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl lidatube IN CNAME traefik-cl01tl listenarr IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl n8n IN CNAME traefik-cl01tl ntfy IN CNAME traefik-cl01tl objects IN CNAME traefik-cl01tl ollama IN CNAME traefik-cl01tl omni-tools IN CNAME traefik-cl01tl overseerr IN CNAME traefik-cl01tl pgadmin IN CNAME traefik-cl01tl photoview IN CNAME traefik-cl01tl plex IN CNAME traefik-cl01tl postiz IN CNAME traefik-cl01tl prometheus IN CNAME traefik-cl01tl prowlarr IN CNAME traefik-cl01tl qbittorrent IN CNAME traefik-cl01tl qui IN CNAME traefik-cl01tl radarr IN CNAME traefik-cl01tl radarr-4k IN CNAME traefik-cl01tl radarr-anime IN CNAME traefik-cl01tl radarr-standup IN CNAME traefik-cl01tl searxng IN CNAME traefik-cl01tl slskd IN CNAME traefik-cl01tl sonarr IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl stalwart IN CNAME traefik-cl01tl tautulli IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl vault IN CNAME traefik-cl01tl whodb IN CNAME traefik-cl01tl yamtrack IN CNAME traefik-cl01tl blocking: denylists: sus: - https://v.firebog.net/hosts/static/w3kbl.txt ads: - https://v.firebog.net/hosts/AdguardDNS.txt - https://v.firebog.net/hosts/Admiral.txt - https://v.firebog.net/hosts/Easylist.txt - https://adaway.org/hosts.txt priv: - https://v.firebog.net/hosts/Easyprivacy.txt - https://v.firebog.net/hosts/Prigent-Ads.txt mal: - https://v.firebog.net/hosts/Prigent-Crypto.txt - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt pro: - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt allowlists: sus: - | *.alexlebens.net *.alexlebens.dev *.boreal-beaufort.ts.net ads: - | *.alexlebens.net *.alexlebens.dev *.boreal-beaufort.ts.net priv: - | *.alexlebens.net *.alexlebens.dev *.boreal-beaufort.ts.net mal: - | *.alexlebens.net *.alexlebens.dev *.boreal-beaufort.ts.net pro: - | *.alexlebens.net *.alexlebens.dev *.boreal-beaufort.ts.net clientGroupsBlock: default: - sus - ads - priv - mal - pro blockType: zeroIp blockTTL: 1m loading: refreshPeriod: 24h downloads: timeout: 60s attempts: 5 cooldown: 10s concurrency: 16 strategy: fast maxErrorsPerSource: 5 caching: minTime: 5m maxTime: 30m maxItemsCount: 0 prefetching: true prefetchExpires: 2h prefetchThreshold: 5 prefetchMaxItemsCount: 0 cacheTimeNegative: 30m redis: address: redis-replication-blocky-master.blocky:6379 required: true prometheus: enable: true path: /metrics queryLog: type: console logRetentionDays: 7 creationAttempts: 1 creationCooldown: 2s flushInterval: 30s minTlsServeVersion: 1.3 ports: dns: 53 http: 4000 log: level: info format: text timestamp: true privacy: false --- # Source: blocky/charts/blocky/templates/common.yaml apiVersion: v1 kind: Service metadata: name: blocky-dns-external labels: app.kubernetes.io/instance: blocky app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: blocky app.kubernetes.io/service: blocky-dns-external helm.sh/chart: blocky-4.4.0 annotations: tailscale.com/expose: "true" namespace: blocky spec: type: LoadBalancer ports: - port: 53 targetPort: 53 protocol: TCP name: tcp - port: 53 targetPort: 53 protocol: UDP name: udp selector: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky app.kubernetes.io/name: blocky --- # Source: blocky/charts/blocky/templates/common.yaml apiVersion: v1 kind: Service metadata: name: blocky-metrics labels: app.kubernetes.io/instance: blocky app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: blocky app.kubernetes.io/service: blocky-metrics helm.sh/chart: blocky-4.4.0 namespace: blocky spec: type: ClusterIP ports: - port: 4000 targetPort: 4000 protocol: TCP name: metrics selector: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky app.kubernetes.io/name: blocky --- # Source: blocky/charts/blocky/templates/common.yaml apiVersion: apps/v1 kind: Deployment metadata: name: blocky labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: blocky helm.sh/chart: blocky-4.4.0 namespace: blocky spec: revisionHistoryLimit: 3 replicas: 3 strategy: type: RollingUpdate selector: matchLabels: app.kubernetes.io/controller: main app.kubernetes.io/name: blocky app.kubernetes.io/instance: blocky template: metadata: annotations: checksum/configMaps: 8a197f81daed9048c4565ecafc0c7ca534383a898e709a13c3441bc00bd12652 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky app.kubernetes.io/name: blocky spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - env: - name: TZ value: US/Central image: ghcr.io/0xerr0r/blocky:v0.28.2@sha256:5f84a54e4ee950c4ab21db905b7497476ece2f4e1a376d23ab8c4855cabddcba imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 128Mi volumeMounts: - mountPath: /app/config.yml mountPropagation: None name: config readOnly: true subPath: config.yml volumes: - configMap: name: blocky name: config --- # Source: blocky/templates/redis-replication.yaml apiVersion: redis.redis.opstreelabs.in/v1beta2 kind: RedisReplication metadata: name: redis-replication-blocky namespace: blocky labels: app.kubernetes.io/name: redis-replication-blocky app.kubernetes.io/instance: blocky app.kubernetes.io/part-of: blocky spec: clusterSize: 3 podSecurityContext: runAsUser: 1000 fsGroup: 1000 kubernetesConfig: image: quay.io/opstree/redis:v8.0.3 imagePullPolicy: IfNotPresent resources: requests: cpu: 50m memory: 128Mi storage: volumeClaimTemplate: spec: storageClassName: ceph-block accessModes: ["ReadWriteOnce"] resources: requests: storage: 1Gi redisExporter: enabled: true image: quay.io/opstree/redis-exporter:v1.48.0 --- # Source: blocky/templates/service-monitor.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: blocky namespace: blocky labels: app.kubernetes.io/name: blocky app.kubernetes.io/instance: blocky app.kubernetes.io/part-of: blocky spec: selector: matchLabels: app.kubernetes.io/name: blocky app.kubernetes.io/instance: blocky endpoints: - port: metrics interval: 30s scrapeTimeout: 10s path: /metrics --- # Source: blocky/templates/service-monitor.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: redis-replication-blocky namespace: blocky labels: app.kubernetes.io/name: redis-replication-blocky app.kubernetes.io/instance: blocky app.kubernetes.io/part-of: blocky redis-operator: "true" env: production spec: selector: matchLabels: redis_setup_type: replication endpoints: - port: redis-exporter interval: 30s scrapeTimeout: 10s