ports:
  dns: 53
  http: 4000

bootstrapDns:
  - upstream: 1.1.1.1
  - upstream: 1.0.0.1

upstream:
  default:
    - 1.1.1.1
    - 1.0.0.1
  quad9:
    - 9.9.9.9
    - 149.112.112.112
    - 2620:fe::fe
    - 2620:fe::9
    - https://dns.quad9.net/dns-query
    - tcp-tls:dns.quad9.net
  quad9-unsecured:
    - 9.9.9.10
    - 149.112.112.10
    - 2620:fe::10
    - 2620:fe::fe:10
    - https://dns10.quad9.net/dns-query
    - tcp-tls:dns10.quad9.net

conditional:
  fallbackUpstream: false
  mapping:
    home.arpa: 192.168.2.1
    in-addr.arpa: 192.168.2.1
    iot: 192.168.2.1
    local: 192.168.2.1
    thefij: 192.168.2.1
    .: 192.168.2.1

hostsFile:
  filePath: {{ env "NOMAD_TASK_DIR" }}/nomad.hosts
  hostsTTL: 30s
  refreshPeriod: 30s

clientLookup:
  upstream: 192.168.2.1

blocking:
  blackLists:
    ads:
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
      - http://sysctl.org/cameleon/hosts
      - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
      - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
      - https://hosts-file.net/ad_servers.txt
    smarttv:
      - https://perflyst.github.io/PiHoleBlocklist/SmartTV.txt
      - https://perflyst.github.io/PiHoleBlocklist/regex.list
    wemo:
      - |
        # Remote commands
        api.xbcs.net
        # Firmware updates
        fw.xbcs.net
        # TURN service
        nat.wemo2.com
        # Connectivity checks
        heartbeat.xwemo.com
    malware:
      - https://mirror1.malwaredomains.com/files/justdomains
    antisocial:
      - |
        facebook.com
        instagram.com
        reddit.com
        twitter.com
        youtube.com

  whiteLists:
    # Move to Gitea when deployed internally
    ads:
{{ with nomadVar "nomad/jobs/blocky" -}}
{{ .whitelists_ads.Value | indent 6 }}
{{- end }}

  clientGroupsBlock:
    default:
      - ads
      - malware
      - smarttv
      - wemo

customDNS:
  customTTL: 1h
  mapping:
{{ with nomadVar "nomad/jobs/blocky" }}{{ .mappings.Value | indent 4 }}{{ end }}
    # Catch all at top domain to traefik
    {{ with nomadService "traefik" -}}
    {{- $last := len . | subtract 1 -}}
    {{- $services := . -}}
    {{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}: {{ range $i := loop $last -}}
      {{- with index $services $i }}{{ .Address }},{{ end -}}
    {{- end -}}
      {{- with index . $last }}{{ .Address }}{{ end -}}
    {{- end }}

prometheus:
  enable: true

{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}}
redis:
    address: 127.0.0.1:6379
    # password: ""
    # database: 0
    connectionAttempts: 10
    connectionCooldown: 3s
{{ end -}}


{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-tls" -}}
{{ with nomadVar "nomad/jobs/blocky" -}}
queryLog:
    type: mysql
    target: {{ .db_user }}:{{ .db_pass }}@tcp(127.0.0.1:3306)/{{ .db_name }}?charset=utf8mb4&parseTime=True&loc=Local
    logRetentionDays: 14
{{ end -}}
{{ end -}}