ports:
  dns: 53
  http: 4000

# I must have ip v6 blocked or something
connectIPVersion: v4

bootstrapDns:
  - upstream: 1.1.1.1
  - upstream: 1.0.0.1
  - upstream: 9.9.9.9
  - upstream: 149.112.112.112


upstreams:
  init:
    strategy: fast
  groups:
    default:
      - https://dns.quad9.net/dns-query
      - tcp-tls:dns.quad9.net
      - https://one.one.one.one/dns-query
      - tcp-tls:one.one.one.one
    # cloudflare:
    #   - 1.1.1.1
    #   - 1.0.0.1
    #   - 2606:4700:4700::1111
    #   - 2606:4700:4700::1001
    #   - https://one.one.one.one/dns-query
    #   - tcp-tls:one.one.one.one
    # quad9:
    #   - 9.9.9.9
    #   - 149.112.112.112
    #   - 2620:fe::fe
    #   - 2620:fe::9
    #   - https://dns.quad9.net/dns-query
    #   - tcp-tls:dns.quad9.net
    # quad9-secured:
    #   - 9.9.9.11
    #   - 149.112.112.11
    #   - 2620:fe::11
    #   - 2620:fe::fe:11
    #   - https://dns11.quad9.net/dns-query
    #   - tcp-tls:dns11.quad9.net
    # quad9-unsecured:
    #   - 9.9.9.10
    #   - 149.112.112.10
    #   - 2620:fe::10
    #   - 2620:fe::fe:10
    #   - https://dns10.quad9.net/dns-query
    #   - tcp-tls:dns10.quad9.net

conditional:
  fallbackUpstream: false
  mapping:
    home.arpa: 192.168.2.1
    in-addr.arpa: 192.168.2.1
    iot: 192.168.2.1
    local: 192.168.2.1
    thefij: 192.168.2.1
    .: 192.168.2.1

hostsFile:
  sources:
    - {{ env "NOMAD_TASK_DIR" }}/nomad.hosts
  hostsTTL: 30s
  loading:
    refreshPeriod: 30s

clientLookup:
  upstream: 192.168.2.1

blocking:
  blackLists:
    ads:
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
      - http://sysctl.org/cameleon/hosts
      - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
      - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
      # - https://hosts-file.net/ad_servers.txt
    iot:
      - https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt
      - {{ env "NOMAD_TASK_DIR" }}/smarttv-regex.txt
      - {{ env "NOMAD_TASK_DIR" }}/wemo.txt
      - {{ env "NOMAD_TASK_DIR" }}/sonos.txt
    antisocial:
      - |
        facebook.com
        instagram.com
        reddit.com
        twitter.com
        youtube.com
    custom:
      - {{ env "NOMAD_TASK_DIR" }}/block

  whiteLists:
    custom:
      - {{ env "NOMAD_TASK_DIR" }}/allow

  clientGroupsBlock:
    default:
      - ads
      - custom
    192.168.3.1/24:
      - ads
      - iot
      - custom

customDNS:
  customTTL: 1h
  mapping:
{{ with nomadVar "nomad/jobs/blocky" }}{{ .mappings.Value | indent 4 }}{{ end }}
    # Catch all at top domain to traefik
    {{ with nomadService "traefik" -}}
    {{- $last := len . | subtract 1 -}}
    {{- $services := . -}}
    {{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}: {{ range $i := loop $last -}}
      {{- with index $services $i }}{{ .Address }},{{ end -}}
    {{- end -}}
      {{- with index . $last }}{{ .Address }}{{ end -}}
    {{- end }}

prometheus:
  enable: true

{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-blocky" -}}
redis:
    address: 127.0.0.1:6379
    # password: ""
    # database: 0
    connectionAttempts: 10
    connectionCooldown: 3s
{{ end -}}

{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-tls" -}}
{{ with nomadVar "nomad/jobs/blocky" -}}
queryLog:
    type: mysql
    target: {{ .db_user }}:{{ .db_pass }}@tcp(127.0.0.1:3306)/{{ .db_name }}?charset=utf8mb4&parseTime=True&loc=Local
    logRetentionDays: 14
{{ end -}}
{{ end -}}