814 lines
28 KiB
YAML
814 lines
28 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
# Include{portalLink}
|
|
questions:
|
|
# Include{global}
|
|
# Include{controller}
|
|
# Include{replicas}
|
|
# Include{replica1}
|
|
# Include{controllerExpertExtraArgs}
|
|
- variable: webUI
|
|
group: App Configuration
|
|
label: WebUI Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable Web UI
|
|
description: Enables Web UI
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: apiURL
|
|
label: API URL
|
|
description: API URL for webUI, including port. Only used when not using ingress
|
|
schema:
|
|
type: string
|
|
default: "http://127.0.0.1:4000"
|
|
- variable: overrideDefaults
|
|
group: App Configuration
|
|
label: Override Default Upstreams
|
|
description: Overrides the predefined DNS server upstream list
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: defaultUpstreams
|
|
label: Default Upstreams
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: upstreamEntry
|
|
label: Upstream Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: upstreams
|
|
group: App Configuration
|
|
label: Upstreams Groups
|
|
description: Refer to
|
|
<br /><a href="https://0xerr0r.github.io/blocky/configuration/#upstream-configuration" target="_blank" rel="noopener noreferrer">https://0xerr0r.github.io/blocky/configuration/#upstream-configuration</a>
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: upstreamsGroupEntry
|
|
label: Upstreams Group Entry
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Group Name
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: upstreams
|
|
label: Upstreams
|
|
schema:
|
|
type: list
|
|
required: true
|
|
default: []
|
|
items:
|
|
- variable: upstreamEntry
|
|
label: upstream Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: bootstrapDns
|
|
group: App Configuration
|
|
label: Bootstrap DNS
|
|
description: Used to resolve upstream DoH and DoT servers that are specified as hostnames.
|
|
<br />Refer to <a href="https://0xerr0r.github.io/blocky/configuration/#bootstrap-dns-configuration" target="_blank" rel="noopener noreferrer">https://0xerr0r.github.io/blocky/configuration/#bootstrap-dns-configuration</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: upstream
|
|
label: Upstream
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: ips
|
|
label: IPs
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: ipEntry
|
|
label: IP Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: filtering
|
|
group: App Configuration
|
|
label: Filtering
|
|
description: Define one or more DNS query types; all queries with these types will be dropped
|
|
<br />Refer to <a href="https://0xerr0r.github.io/blocky/configuration/#filtering" target="_blank" rel="noopener noreferrer">https://0xerr0r.github.io/blocky/configuration/#filtering</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: queryTypes
|
|
label: Query Types
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: queryTypeEntry
|
|
label: Query Type Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: customDNS
|
|
group: App Configuration
|
|
label: Custom DNS
|
|
description: Define your own domain name to IP mappings.
|
|
<br />Refer to <a href="https://0xerr0r.github.io/blocky/configuration/#custom-dns" target="_blank" rel="noopener noreferrer">https://0xerr0r.github.io/blocky/configuration/#custom-dns</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: customTTL
|
|
label: Custom TTL
|
|
schema:
|
|
type: string
|
|
default: 1h
|
|
- variable: filterUnmappedTypes
|
|
label: Filter Unmapped Types
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: rewrite
|
|
label: Rewrite
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: rewriteEntry
|
|
label: Rewrite Entry
|
|
schema:
|
|
type: dict
|
|
additional_attrs: true
|
|
attrs:
|
|
- variable: in
|
|
label: In
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: out
|
|
label: Out
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: mapping
|
|
label: Mapping
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: mappingEntry
|
|
label: Mapping Entry
|
|
schema:
|
|
type: dict
|
|
additional_attrs: true
|
|
attrs:
|
|
- variable: domain
|
|
label: Domain
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: dnsserver
|
|
label: DNS Server
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: clientLookup
|
|
group: App Configuration
|
|
label: Client Lookup
|
|
description: Blocky can try to resolve a user-friendly client name from the IP address or server URL (DoT and DoH)
|
|
<br />Refer to <a href="https://0xerr0r.github.io/blocky/configuration/#client-name-lookup" target="_blank" rel="noopener noreferrer">https://0xerr0r.github.io/blocky/configuration/#client-name-lookup</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: upstream
|
|
label: Upstream
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: singleNameOrder
|
|
label: Single Name Order
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: singleNameEntry
|
|
label: Single Name Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: clients
|
|
label: Clients
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: clientEntry
|
|
label: Client Entry
|
|
schema:
|
|
type: dict
|
|
additional_attrs: true
|
|
attrs:
|
|
- variable: domain
|
|
label: Domain
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: ips
|
|
label: IPs
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: ipEntry
|
|
label: IP Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: caching
|
|
group: App Configuration
|
|
label: Caching
|
|
description: Refer to
|
|
<br /><a href="https://0xerr0r.github.io/blocky/configuration/#caching" target="_blank" rel="noopener noreferrer">https://0xerr0r.github.io/blocky/configuration/#caching</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: minTime
|
|
label: Min Time
|
|
schema:
|
|
type: string
|
|
default: 5m
|
|
- variable: maxTime
|
|
label: Max Time
|
|
schema:
|
|
type: string
|
|
default: 30m
|
|
- variable: maxItemsCount
|
|
label: Max Items Count
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: prefetching
|
|
label: Prefetching
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: prefetchExpires
|
|
label: Prefetch Expires
|
|
schema:
|
|
type: string
|
|
default: 2h
|
|
- variable: prefetchThreshold
|
|
label: Prefetch Threshold
|
|
schema:
|
|
type: int
|
|
default: 5
|
|
- variable: prefetchMaxItemsCount
|
|
label: Prefetch Max Items Count
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: cacheTimeNegative
|
|
label: Cache Time Negative
|
|
schema:
|
|
type: string
|
|
default: 30m
|
|
- variable: conditional
|
|
group: App Configuration
|
|
label: Conditional
|
|
description: Define which DNS resolver(s) should be used for queries for the particular domain
|
|
<br />Refer to <a href="https://0xerr0r.github.io/blocky/configuration/#conditional-dns-resolution" target="_blank" rel="noopener noreferrer">https://0xerr0r.github.io/blocky/configuration/#conditional-dns-resolution</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: rewrite
|
|
label: Rewrite
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: rewriteEntry
|
|
label: Rewrite Entry
|
|
schema:
|
|
type: dict
|
|
additional_attrs: true
|
|
attrs:
|
|
- variable: in
|
|
label: In
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: out
|
|
label: Out
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: mapping
|
|
label: Mapping
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: mappingEntry
|
|
label: Mapping Entry
|
|
schema:
|
|
type: dict
|
|
additional_attrs: true
|
|
attrs:
|
|
- variable: domain
|
|
label: Domain
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: dnsserver
|
|
label: DNS Server
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: blocking
|
|
group: App Configuration
|
|
label: Blocking
|
|
description: Each black or whitelist can be either a path to the local file or a URL to download. All Urls must be grouped to a group name.
|
|
<br />Refer to <a href="https://0xerr0r.github.io/blocky/configuration/#blocking-and-whitelisting" target="_blank" rel="noopener noreferrer">https://0xerr0r.github.io/blocky/configuration/#blocking-and-whitelisting</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: blockType
|
|
label: Block Type
|
|
description: Set the response should be sent to the client, if a requested query is blocked
|
|
schema:
|
|
type: string
|
|
default: nxDomain
|
|
- variable: blockTTL
|
|
label: Block TTL
|
|
description: Set the TTL for answers to blocked domains
|
|
schema:
|
|
type: string
|
|
default: 6h
|
|
- variable: refreshPeriod
|
|
label: Refresh Period
|
|
description: Set how often blocky should refresh list cache
|
|
schema:
|
|
type: string
|
|
default: 4h
|
|
- variable: downloadTimeout
|
|
label: Download Timeout
|
|
description: Download attempt timeout
|
|
schema:
|
|
type: string
|
|
default: 60s
|
|
- variable: downloadAttempts
|
|
label: Download Attempts
|
|
description: How many download attempts should be performed
|
|
schema:
|
|
type: int
|
|
default: 3
|
|
- variable: downloadCooldown
|
|
label: Download Cooldown
|
|
description: Time between the download attempts
|
|
schema:
|
|
type: string
|
|
default: 2s
|
|
- variable: failStartOnListError
|
|
label: Fail Start on List Error
|
|
description: Fail to start if at least one list can't be downloaded or opened
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: processingConcurrency
|
|
label: Processing Concurrency
|
|
description: Sets how many list-groups can be processed at the same time
|
|
schema:
|
|
type: int
|
|
default: 4
|
|
- variable: whitelist
|
|
label: Whitelist
|
|
description: Define whitelists, either URL or file
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: whitelistEntry
|
|
label: Whitelist Group Entry
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Group Name
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: lists
|
|
label: Lists
|
|
schema:
|
|
type: list
|
|
required: true
|
|
default: []
|
|
items:
|
|
- variable: listEntry
|
|
label: List Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: blacklist
|
|
label: Blacklist
|
|
description: Define blacklists, either URL or file
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: blacklistEntry
|
|
label: Blacklist Group Entry
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Group Name
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: lists
|
|
label: Lists
|
|
schema:
|
|
type: list
|
|
required: true
|
|
default: []
|
|
items:
|
|
- variable: listEntry
|
|
label: List Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: clientGroupsBlock
|
|
label: Client Groups Block
|
|
description: Define, which blocking group(s) should be used for which client in your network.
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: clientGroupBlockEntry
|
|
label: Client Group Block Entry
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Client Group Name
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: groups
|
|
label: Groups
|
|
schema:
|
|
type: list
|
|
required: true
|
|
default: []
|
|
items:
|
|
- variable: groupEntry
|
|
label: Group Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: hostsFile
|
|
group: App Configuration
|
|
label: Hosts File
|
|
description: You can enable resolving of entries, located in local hosts file.
|
|
<br />Refer to <a href="https://0xerr0r.github.io/blocky/configuration/#hosts-file" target="_blank" rel="noopener noreferrer">https://0xerr0r.github.io/blocky/configuration/#hosts-file</a>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enabled
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: filePath
|
|
label: File Path
|
|
schema:
|
|
type: string
|
|
default: /etc/hosts
|
|
- variable: hostsTTL
|
|
label: Hosts TTL
|
|
schema:
|
|
type: string
|
|
default: 60m
|
|
- variable: refreshPeriod
|
|
label: Refresh Period
|
|
schema:
|
|
type: string
|
|
default: 30m
|
|
- variable: k8sgateway
|
|
group: App Configuration
|
|
label: k8s-Gateway Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable k8s-Gateway
|
|
description: Enables k8s-Gateway
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: domains
|
|
label: Domains
|
|
description: Please refer to CoreDNS docs for options
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: domainEntry
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: domain
|
|
label: Domain name
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: example.com
|
|
- variable: dnsChallenge
|
|
label: Forward dnsChallenge
|
|
description: Optional configuration option for DNS01 challenge that will redirect all acme
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: Enable
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: domain
|
|
label: Forward to Domain
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: dns01.clouddns.com
|
|
- variable: advancedOptions
|
|
label: Advanced Options
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_if: [["enabled", "=", "true"]]
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: ttl
|
|
label: ttl
|
|
description: TTL for non-apex responses (in seconds)
|
|
schema:
|
|
type: int
|
|
default: 300
|
|
- variable: watchedResources
|
|
label: Watched Resources
|
|
description: imit what kind of resources to watch, e.g. Ingress
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: watchedResource
|
|
label: Watched Resource
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: secondary
|
|
label: Secondary DNS Server Service
|
|
description: Service name of a secondary DNS server (should be serviceName.namespace)
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: apex
|
|
label: Apex
|
|
description: Override the default `serviceName.namespace` domain apex
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
# Include{containerConfig}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: Main Service
|
|
description: The Primary service on which the healthcheck runs, often the webUI
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: main
|
|
label: Main Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 10315
|
|
required: true
|
|
- variable: dnstcp
|
|
label: DNS TCP Service
|
|
description: The DNS TCP service
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: dnstcp
|
|
label: DNS TCP Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 53
|
|
required: true
|
|
- variable: dnsudp
|
|
label: DNS UDP Service
|
|
description: The DNS UDP service
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: dnsudp
|
|
label: DNS UDP Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 53
|
|
required: true
|
|
- variable: dot
|
|
label: DoT Service
|
|
description: "DNS-over-TLS service"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorClusterIP}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: dot
|
|
label: DoT Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 853
|
|
required: true
|
|
- variable: http
|
|
label: HTTP and Metrics Service
|
|
description: "service for things like metrics, pprof, API, DoH etc"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorClusterIP}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: http
|
|
label: HTTP and Metrics Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 4000
|
|
required: true
|
|
# Include{serviceExpertRoot}
|
|
default: false
|
|
# Include{serviceExpert}
|
|
# Include{serviceList}
|
|
# Include{persistenceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: Main Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
# Include{ingressList}
|
|
# Include{security}
|
|
# Include{securityContextAdvancedRoot}
|
|
- variable: privileged
|
|
label: Privileged mode
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnlyRootFilesystem
|
|
label: ReadOnly Root Filesystem
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowPrivilegeEscalation
|
|
label: Allow Privilege Escalation
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: runAsNonRoot
|
|
label: runAsNonRoot
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
# Include{podSecurityContextRoot}
|
|
- variable: runAsUser
|
|
label: runAsUser
|
|
description: The UserID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
- variable: runAsGroup
|
|
label: runAsGroup
|
|
description: The groupID this App of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
- variable: fsGroup
|
|
label: fsGroup
|
|
description: The group that should own ALL storage.
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{podSecurityContextAdvanced}
|
|
# Include{resources}
|
|
# Include{metrics}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{codeserver}
|
|
# Include{vpn}
|
|
# Include{documentation}
|