215 lines
		
	
	
		
			7.0 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			215 lines
		
	
	
		
			7.0 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| blocky:
 | |
|   controllers:
 | |
|     main:
 | |
|       type: deployment
 | |
|       replicas: 3
 | |
|       strategy: RollingUpdate
 | |
|       revisionHistoryLimit: 3
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: spx01/blocky
 | |
|             tag: v0.25@sha256:347f8c6addc1775ef74b83dfc609c28436a67f812ef0ee7e2602569dc0e56cd1
 | |
|             pullPolicy: IfNotPresent
 | |
|           env:
 | |
|             - name: TZ
 | |
|               value: US/Central
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 10m
 | |
|               memory: 128Mi
 | |
|   serviceAccount:
 | |
|     create: true
 | |
|   configMaps:
 | |
|     config:
 | |
|       enabled: true
 | |
|       data:
 | |
|         config.yml: |
 | |
|           upstreams:
 | |
|             init:
 | |
|               strategy: fast
 | |
|             groups:
 | |
|               default:
 | |
|                 - tcp-tls:1.1.1.1:853
 | |
|                 - tcp-tls:1.0.0.1:853
 | |
|             strategy: parallel_best
 | |
|             timeout: 2s
 | |
| 
 | |
|           connectIPVersion: v4
 | |
| 
 | |
|           customDNS:
 | |
|             filterUnmappedTypes: false
 | |
|             zone: |
 | |
|               $ORIGIN alexlebens.net.
 | |
|               $TTL 86400
 | |
| 
 | |
|               ;; Name Server
 | |
|                                               IN      NS      patryk.ns.cloudflare.com.
 | |
|                                               IN      NS      veda.ns.cloudflare.com.
 | |
|                                               IN      NS      dns1.
 | |
|                                               IN      NS      dns2.
 | |
|                                               IN      NS      dns3.
 | |
| 
 | |
|               dns1                            IN      A       192.168.1.15
 | |
|               dns2                            IN      A       192.168.1.134
 | |
|               dns3                            IN      A       192.168.1.147
 | |
| 
 | |
| 
 | |
|               ;; Computer Names
 | |
|               nw01un                          IN      A       192.168.1.1
 | |
| 
 | |
|               ps08rp                          IN      A       192.168.1.134
 | |
|               ps09rp                          IN      A       192.168.1.147
 | |
|               ps02sn                          IN      A       192.168.1.55  ; Synology Web
 | |
|               ps02sn-bond                     IN      A       192.168.1.194 ; Synology Bond for Storage
 | |
| 
 | |
|               pd05wd                          IN      A       192.168.1.115 ; Desktop
 | |
|               pl02mc                          IN      A       192.168.1.116 ; Laptop
 | |
| 
 | |
|               dv01hr                          IN      A       192.168.1.213 ; HD Homerun
 | |
|               dv02kv                          IN      A       192.168.1.57  ; Pi KVM
 | |
| 
 | |
|               it01ag                          IN      A       192.168.1.100 ; Airgradient
 | |
|               it02ph                          IN      A       192.168.1.145 ; Phillips Hue
 | |
|               it03tb                          IN      A       192.168.1.193 ; TubesZB ZigBee
 | |
|               it04tb                          IN      A       192.168.1.135 ; TubesZB Z-Wave
 | |
| 
 | |
|               ;; Common Names
 | |
|               synology                        IN      CNAME   ps02sn
 | |
|               synologybond                    IN      CNAME   ps02sn-bond
 | |
|               unifi                           IN      CNAME   nw01un
 | |
|               airgradient                     IN      CNAME   it01ag
 | |
|               hdhr                            IN      CNAME   dv01hr
 | |
|               pikvm                           IN      CNAME   dv02kv
 | |
| 
 | |
| 
 | |
|               ;; Service Names
 | |
|               cl01tl                          IN      A       192.168.1.35
 | |
|               cl01tl                          IN      A       192.168.1.36
 | |
|               cl01tl                          IN      A       192.168.1.37
 | |
| 
 | |
|               cl01tl-endpoint                 IN      A       192.168.1.15
 | |
|               cl01tl-endpoint                 IN      A       192.168.1.16
 | |
|               cl01tl-endpoint                 IN      A       192.168.1.17
 | |
| 
 | |
|               traefik-cl01tl                  IN      A       192.168.1.16
 | |
|               blocky                          IN      A       192.168.1.15
 | |
| 
 | |
| 
 | |
|               ;; Application Names
 | |
|               argocd                          IN      CNAME   cl01tl-endpoint
 | |
|               authentik                       IN      CNAME   cl01tl-endpoint
 | |
|               gitea                           IN      CNAME   cl01tl-endpoint
 | |
|               vault                           IN      CNAME   cl01tl-endpoint
 | |
| 
 | |
|           blocking:
 | |
|             denylists:
 | |
|               sus:
 | |
|                 - https://v.firebog.net/hosts/static/w3kbl.txt
 | |
|               ads:
 | |
|                 - https://v.firebog.net/hosts/AdguardDNS.txt
 | |
|                 - https://v.firebog.net/hosts/Admiral.txt
 | |
|                 - https://v.firebog.net/hosts/Easylist.txt
 | |
|                 - https://adaway.org/hosts.txt
 | |
|               priv:
 | |
|                 - https://v.firebog.net/hosts/Easyprivacy.txt
 | |
|                 - https://v.firebog.net/hosts/Prigent-Ads.txt
 | |
|               mal:
 | |
|                 - https://v.firebog.net/hosts/Prigent-Crypto.txt
 | |
|                 - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
 | |
|               pro:
 | |
|                 - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt
 | |
|             clientGroupsBlock:
 | |
|               default:
 | |
|                 - sus
 | |
|                 - ads
 | |
|                 - priv
 | |
|                 - mal
 | |
|                 - pro
 | |
|             blockType: zeroIp
 | |
|             blockTTL: 1m
 | |
|             loading:
 | |
|               refreshPeriod: 24h
 | |
|               downloads:
 | |
|                 timeout: 60s
 | |
|                 attempts: 5
 | |
|                 cooldown: 10s
 | |
|               concurrency: 16
 | |
|               strategy: fast
 | |
|               maxErrorsPerSource: 5
 | |
| 
 | |
|           caching:
 | |
|             minTime: 5m
 | |
|             maxTime: 30m
 | |
|             maxItemsCount: 0
 | |
|             prefetching: true
 | |
|             prefetchExpires: 2h
 | |
|             prefetchThreshold: 5
 | |
|             prefetchMaxItemsCount: 0
 | |
|             cacheTimeNegative: 30m
 | |
| 
 | |
|           redis:
 | |
|             address: blocky-valkey-headless.blocky:6379
 | |
|             required: true
 | |
| 
 | |
|           prometheus:
 | |
|             enable: true
 | |
|             path: /metrics
 | |
| 
 | |
|           queryLog:
 | |
|             type: console
 | |
|             logRetentionDays: 7
 | |
|             creationAttempts: 1
 | |
|             creationCooldown: 2s
 | |
|             flushInterval: 30s
 | |
| 
 | |
|           minTlsServeVersion: 1.3
 | |
| 
 | |
|           ports:
 | |
|             dns: 53
 | |
|             http: 4000
 | |
| 
 | |
|           log:
 | |
|             level: info
 | |
|             format: text
 | |
|             timestamp: true
 | |
|             privacy: false
 | |
|   service:
 | |
|     dns-external:
 | |
|       controller: main
 | |
|       type: LoadBalancer
 | |
|       annotations:
 | |
|         tailscale.com/expose: "true"
 | |
|       ports:
 | |
|         tcp:
 | |
|           port: 53
 | |
|           targetPort: 53
 | |
|           protocol: TCP
 | |
|         udp:
 | |
|           port: 53
 | |
|           targetPort: 53
 | |
|           protocol: UDP
 | |
|     metrics:
 | |
|       controller: main
 | |
|       ports:
 | |
|         metrics:
 | |
|           port: 4000
 | |
|           targetPort: 4000
 | |
|           protocol: TCP
 | |
|   persistence:
 | |
|     config:
 | |
|       enabled: true
 | |
|       type: configMap
 | |
|       name: blocky-config
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           main:
 | |
|             - path: /app/config.yml
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: config.yml
 | |
| valkey:
 | |
|   architecture: standalone
 | |
|   auth:
 | |
|     enabled: false
 |