homelab-nomad/core/blocky/config.yml

ports:
  dns: 53
  http: 4000

bootstrapDns:
  - upstream: 1.1.1.1
  - upstream: 1.0.0.1
  - upstream: 9.9.9.9
  - upstream: 149.112.112.112


upstreams:
  groups:
    default:
      - https://dns.quad9.net/dns-query
      - tcp-tls:dns.quad9.net
    cloudflare:
      - 1.1.1.1
      - 1.0.0.1
      - 2606:4700:4700::1111
      - 2606:4700:4700::1001
      - https://one.one.one.one/dns-query
      - tcp-tls:one.one.one.one
    quad9:
      - 9.9.9.9
      - 149.112.112.112
      - 2620:fe::fe
      - 2620:fe::9
      - https://dns.quad9.net/dns-query
      - tcp-tls:dns.quad9.net
    quad9-secured:
      - 9.9.9.11
      - 149.112.112.11
      - 2620:fe::11
      - 2620:fe::fe:11
      - https://dns11.quad9.net/dns-query
      - tcp-tls:dns11.quad9.net
    quad9-unsecured:
      - 9.9.9.10
      - 149.112.112.10
      - 2620:fe::10
      - 2620:fe::fe:10
      - https://dns10.quad9.net/dns-query
      - tcp-tls:dns10.quad9.net

conditional:
  fallbackUpstream: false
  mapping:
    home.arpa: 192.168.2.1
    in-addr.arpa: 192.168.2.1
    iot: 192.168.2.1
    local: 192.168.2.1
    thefij: 192.168.2.1
    .: 192.168.2.1

hostsFile:
  sources:
    - {{ env "NOMAD_TASK_DIR" }}/nomad.hosts
  hostsTTL: 30s
  loading:
    refreshPeriod: 30s

clientLookup:
  upstream: 192.168.2.1

blocking:
  blackLists:
    ads:
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
      - http://sysctl.org/cameleon/hosts
      - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
      - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
      # - https://hosts-file.net/ad_servers.txt
    smarttv:
      - https://perflyst.github.io/PiHoleBlocklist/SmartTV.txt
      # - https://perflyst.github.io/PiHoleBlocklist/regex.list
    wemo:
      - |
        # Remote commands
        api.xbcs.net
        # Firmware updates
        fw.xbcs.net
        # TURN service
        nat.wemo2.com
        # Connectivity checks
        heartbeat.xwemo.com
    antisocial:
      - |
        facebook.com
        instagram.com
        reddit.com
        twitter.com
        youtube.com
    custom:
      - https://git.thefij.rocks/iamthefij/blocklists/raw/branch/main/block

  whiteLists:
    ads:
{{ with nomadVar "nomad/jobs/blocky" -}}
{{ .whitelists_ads.Value | indent 6 }}
{{- end }}
    custom:
      - https://git.thefij.rocks/iamthefij/blocklists/raw/branch/main/allow

  clientGroupsBlock:
    default:
      - ads
      - custom
      - smarttv
      - wemo

customDNS:
  customTTL: 1h
  mapping:
{{ with nomadVar "nomad/jobs/blocky" }}{{ .mappings.Value | indent 4 }}{{ end }}
    # Catch all at top domain to traefik
    {{ with nomadService "traefik" -}}
    {{- $last := len . | subtract 1 -}}
    {{- $services := . -}}
    {{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}: {{ range $i := loop $last -}}
      {{- with index $services $i }}{{ .Address }},{{ end -}}
    {{- end -}}
      {{- with index . $last }}{{ .Address }}{{ end -}}
    {{- end }}

prometheus:
  enable: true

{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-blocky" -}}
redis:
    address: 127.0.0.1:6379
    # password: ""
    # database: 0
    connectionAttempts: 10
    connectionCooldown: 3s
{{ end -}}


{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-tls" -}}
{{ with nomadVar "nomad/jobs/blocky" -}}
queryLog:
    type: mysql
    target: {{ .db_user }}:{{ .db_pass }}@tcp(127.0.0.1:3306)/{{ .db_name }}?charset=utf8mb4&parseTime=True&loc=Local
    logRetentionDays: 14
{{ end -}}
{{ end -}}
Clean blocky config for latest version 2023-03-27 22:21:35 +00:00			`ports:`
			`dns: 53`
			`http: 4000`

Update blocky upstream dns to bootstrap better (hopefully) and forward to consul 2022-11-15 18:26:26 +00:00			`bootstrapDns:`
Clean blocky config for latest version 2023-03-27 22:21:35 +00:00			`- upstream: 1.1.1.1`
			`- upstream: 1.0.0.1`
Use quad9 encrypted dns 2024-02-13 20:02:14 +00:00			`- upstream: 9.9.9.9`
			`- upstream: 149.112.112.112`

Update blocky upstream dns to bootstrap better (hopefully) and forward to consul 2022-11-15 18:26:26 +00:00
Update blocky config to v0.22 schema 2023-11-30 22:00:27 +00:00			`upstreams:`
			`groups:`
			`default:`
Use quad9 encrypted dns 2024-02-13 20:02:14 +00:00			`- https://dns.quad9.net/dns-query`
			`- tcp-tls:dns.quad9.net`
			`cloudflare:`
Update blocky config to v0.22 schema 2023-11-30 22:00:27 +00:00			`- 1.1.1.1`
			`- 1.0.0.1`
Use quad9 encrypted dns 2024-02-13 20:02:14 +00:00			`- 2606:4700:4700::1111`
			`- 2606:4700:4700::1001`
			`- https://one.one.one.one/dns-query`
			`- tcp-tls:one.one.one.one`
Update blocky config to v0.22 schema 2023-11-30 22:00:27 +00:00			`quad9:`
			`- 9.9.9.9`
			`- 149.112.112.112`
			`- 2620:fe::fe`
			`- 2620:fe::9`
			`- https://dns.quad9.net/dns-query`
			`- tcp-tls:dns.quad9.net`
Use quad9 encrypted dns 2024-02-13 20:02:14 +00:00			`quad9-secured:`
			`- 9.9.9.11`
			`- 149.112.112.11`
			`- 2620:fe::11`
			`- 2620:fe::fe:11`
			`- https://dns11.quad9.net/dns-query`
			`- tcp-tls:dns11.quad9.net`
Update blocky config to v0.22 schema 2023-11-30 22:00:27 +00:00			`quad9-unsecured:`
			`- 9.9.9.10`
			`- 149.112.112.10`
			`- 2620:fe::10`
			`- 2620:fe::fe:10`
			`- https://dns10.quad9.net/dns-query`
			`- tcp-tls:dns10.quad9.net`
Add redis and prometheus support to blocky 2022-03-14 22:56:06 +00:00
conditional dns lookups for router assigned domains 2022-07-28 05:04:46 +00:00			`conditional:`
Update blocky upstream dns to bootstrap better (hopefully) and forward to consul 2022-11-15 18:26:26 +00:00			`fallbackUpstream: false`
conditional dns lookups for router assigned domains 2022-07-28 05:04:46 +00:00			`mapping:`
			`home.arpa: 192.168.2.1`
			`in-addr.arpa: 192.168.2.1`
			`iot: 192.168.2.1`
			`local: 192.168.2.1`
			`thefij: 192.168.2.1`
			`.: 192.168.2.1`

Add nomad services to nomad zone using hosts in blocky 2023-03-27 22:20:50 +00:00			`hostsFile:`
Update blocky config to v0.22 schema 2023-11-30 22:00:27 +00:00			`sources:`
			`- {{ env "NOMAD_TASK_DIR" }}/nomad.hosts`
Add nomad services to nomad zone using hosts in blocky 2023-03-27 22:20:50 +00:00			`hostsTTL: 30s`
Update blocky config to v0.22 schema 2023-11-30 22:00:27 +00:00			`loading:`
			`refreshPeriod: 30s`
Add nomad services to nomad zone using hosts in blocky 2023-03-27 22:20:50 +00:00
Update blocky upstream dns to bootstrap better (hopefully) and forward to consul 2022-11-15 18:26:26 +00:00			`clientLookup:`
			`upstream: 192.168.2.1`

Add blocky dns 2022-02-28 20:07:34 +00:00			`blocking:`
			`blackLists:`
			`ads:`
			`- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts`
Add additional block lists to blocky 2022-03-22 03:12:47 +00:00			`- http://sysctl.org/cameleon/hosts`
			`- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt`
			`- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt`
Remove 404 block list 2024-02-13 20:02:35 +00:00			`# - https://hosts-file.net/ad_servers.txt`
Add additional block lists to blocky 2022-03-22 03:12:47 +00:00			`smarttv:`
			`- https://perflyst.github.io/PiHoleBlocklist/SmartTV.txt`
Remove defunct lists 2023-11-30 21:39:01 +00:00			`# - https://perflyst.github.io/PiHoleBlocklist/regex.list`
Add additional blocking for wemo 2023-06-20 16:42:33 +00:00			`wemo:`
			`- \|`
			`# Remote commands`
			`api.xbcs.net`
			`# Firmware updates`
			`fw.xbcs.net`
			`# TURN service`
			`nat.wemo2.com`
			`# Connectivity checks`
			`heartbeat.xwemo.com`
Update blocklists 2022-12-22 23:13:31 +00:00			`antisocial:`
			`- \|`
			`facebook.com`
			`instagram.com`
			`reddit.com`
			`twitter.com`
			`youtube.com`
Add custom blocklists hosted on my gitea server 2023-11-30 21:23:54 +00:00			`custom:`
			`- https://git.thefij.rocks/iamthefij/blocklists/raw/branch/main/block`
Update blocklists 2022-12-22 23:13:31 +00:00
Add Consul lookup for ads dns allowlist 2022-06-23 20:36:06 +00:00			`whiteLists:`
			`ads:`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-21 00:24:00 +00:00			`{{ with nomadVar "nomad/jobs/blocky" -}}`
Fix blocky template 2022-11-22 22:01:11 +00:00			`{{ .whitelists_ads.Value \| indent 6 }}`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-21 00:24:00 +00:00			`{{- end }}`
Add custom blocklists hosted on my gitea server 2023-11-30 21:23:54 +00:00			`custom:`
			`- https://git.thefij.rocks/iamthefij/blocklists/raw/branch/main/allow`
Fix blocky template 2022-11-22 22:01:11 +00:00
Add blocky dns 2022-02-28 20:07:34 +00:00			`clientGroupsBlock:`
			`default:`
			`- ads`
Add custom blocklists hosted on my gitea server 2023-11-30 21:23:54 +00:00			`- custom`
Add smarttv block list to default on blocky 2022-05-18 21:22:35 +00:00			`- smarttv`
Add additional blocking for wemo 2023-06-20 16:42:33 +00:00			`- wemo`
Add blocky dns 2022-02-28 20:07:34 +00:00
			`customDNS:`
			`customTTL: 1h`
			`mapping:`
Move blocky custom mappings above catchall 2023-04-04 20:12:34 +00:00			`{{ with nomadVar "nomad/jobs/blocky" }}{{ .mappings.Value \| indent 4 }}{{ end }}`
			`# Catch all at top domain to traefik`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-21 00:24:00 +00:00			`{{ with nomadService "traefik" -}}`
Dynamically add dns routes to traefik instances to blocky 2022-05-19 23:53:56 +00:00			`{{- $last := len . \| subtract 1 -}}`
			`{{- $services := . -}}`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-21 00:24:00 +00:00			`{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}: {{ range $i := loop $last -}}`
Dynamically add dns routes to traefik instances to blocky 2022-05-19 23:53:56 +00:00			`{{- with index $services $i }}{{ .Address }},{{ end -}}`
			`{{- end -}}`
			`{{- with index . $last }}{{ .Address }}{{ end -}}`
Clean blocky config for latest version 2023-03-27 22:21:35 +00:00			`{{- end }}`
Add blocky dns 2022-02-28 20:07:34 +00:00
Add redis and prometheus support to blocky 2022-03-14 22:56:06 +00:00			`prometheus:`
			`enable: true`

Fix blocky redis 2023-12-11 04:37:43 +00:00			`{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-blocky" -}}`
Add redis and prometheus support to blocky 2022-03-14 22:56:06 +00:00			`redis:`
A whole lot of incremental fixes for nomad variables and such Also adds stunnel between redis and clients 2023-03-24 23:32:37 +00:00			`address: 127.0.0.1:6379`
Generate blocky host mapping from Consul kv 2022-06-23 16:51:09 +00:00			`# password: ""`
			`# database: 0`
Make redis optional for blocky to help with resliliance to a single host failing 2022-05-19 23:54:16 +00:00			`connectionAttempts: 10`
			`connectionCooldown: 3s`
Add blocky metrics to grafana 2022-11-12 00:21:17 +00:00			`{{ end -}}`
Add redis and prometheus support to blocky 2022-03-14 22:56:06 +00:00
Use stunnel for mysql Doesn't remove wesher or normal mysql service 2023-05-09 20:20:36 +00:00
			`{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-tls" -}}`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-21 00:24:00 +00:00			`{{ with nomadVar "nomad/jobs/blocky" -}}`
Add blocky metrics to grafana 2022-11-12 00:21:17 +00:00			`queryLog:`
			`type: mysql`
Use stunnel for mysql Doesn't remove wesher or normal mysql service 2023-05-09 20:20:36 +00:00			`target: {{ .db_user }}:{{ .db_pass }}@tcp(127.0.0.1:3306)/{{ .db_name }}?charset=utf8mb4&parseTime=True&loc=Local`
Add blocky metrics to grafana 2022-11-12 00:21:17 +00:00			`logRetentionDays: 14`
Add more conditional checks to Blocky so it is more resiliant Hopefully this will allow it to deploy if mysql or vault are down 2023-02-27 19:52:25 +00:00			`{{ end -}}`
Use stunnel for mysql Doesn't remove wesher or normal mysql service 2023-05-09 20:20:36 +00:00			`{{ end -}}`