bootstrapDns:
  ips:
    - 1.1.1.1
    - 1.0.0.1

upstream:
  default:
    - 1.1.1.1
    - 1.0.0.1
  quad9:
    - 9.9.9.9
    - 149.112.112.112
    - 2620:fe::fe
    - 2620:fe::9
    - https://dns.quad9.net/dns-query
    - tcp-tls:dns.quad9.net
  quad9-unsecured:
    - 9.9.9.10
    - 149.112.112.10
    - 2620:fe::10
    - 2620:fe::fe:10
    - https://dns10.quad9.net/dns-query
    - tcp-tls:dns10.quad9.net

conditional:
  fallbackUpstream: false
  mapping:
    consul: {{ env "attr.unique.network.ip-address" }}:8600
    home.arpa: 192.168.2.1
    in-addr.arpa: 192.168.2.1
    iot: 192.168.2.1
    local: 192.168.2.1
    thefij: 192.168.2.1
    .: 192.168.2.1

clientLookup:
  upstream: 192.168.2.1

blocking:
  blackLists:
    ads:
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
      - http://sysctl.org/cameleon/hosts
      - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
      - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
      - https://hosts-file.net/ad_servers.txt
    smarttv:
      - https://perflyst.github.io/PiHoleBlocklist/SmartTV.txt
      - https://perflyst.github.io/PiHoleBlocklist/regex.list
    malware:
      - https://mirror1.malwaredomains.com/files/justdomains
    antisocial:
      - |
        facebook.com
        instagram.com
        reddit.com
        twitter.com
        youtube.com

  whiteLists:
    # Move to Gitea when deployed internally
    ads:
{{ keyOrDefault "blocky/whitelists/ads" "# None" | indent 6 }}

  clientGroupsBlock:
    default:
      - ads
      - malware
      - smarttv
    192.168.10.232:
      - ads
      - malware
      - antisocial

customDNS:
  customTTL: 1h
  mapping:
    {{ with service "traefik" -}}
    {{- $last := len . | subtract 1 -}}
    {{- $services := . -}}
    {{ keyOrDefault "global/base_hostname" "${base_hostname}" }}: {{ range $i := loop $last -}}
      {{- with index $services $i }}{{ .Address }},{{ end -}}
    {{- end -}}
      {{- with index . $last }}{{ .Address }}{{ end -}}
    {{- end }}
    # Other mappings
{{ keyOrDefault "blocky/mappings" "# None" | indent 4 }}

prometheus:
  enable: true

{{ with service "redis" -}}
redis:
    address: {{ env "NOMAD_UPSTREAM_ADDR_redis" }}
    # password: ""
    # database: 0
    connectionAttempts: 10
    connectionCooldown: 3s
{{ end -}}

{{ with service "vault" -}}{{ with service "mysql-server" -}}
{{ with secret "kv/data/blocky" -}}
queryLog:
    type: mysql
    target: {{ .Data.data.db_user }}:{{ .Data.data.db_pass }}@tcp({{ env "NOMAD_UPSTREAM_ADDR_mysql_server" }})/{{ .Data.data.db_name }}?charset=utf8mb4&parseTime=True&loc=Local
    logRetentionDays: 14
{{ end -}}
{{ end -}}{{ end -}}

port: 53
httpPort: 4000