1.0.0 Release IaaS

2026-03-15 04:41:02 +09:00
commit a7365da431
292 changed files with 36059 additions and 0 deletions
--- a/config/services/systemd/fw/blocky/blocky.service
+++ b/config/services/systemd/fw/blocky/blocky.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=Blocky DNS Resolver
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=blocky
+Group=blocky
+
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+ExecStart=/usr/local/bin/blocky --config /etc/blocky/config.yaml
+Restart=always
+RestartSec=5s
+
+
+NoNewPrivileges=true
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target
--- a/config/services/systemd/fw/blocky/etc/config.yaml.j2
+++ b/config/services/systemd/fw/blocky/etc/config.yaml.j2
@@ -0,0 +1,67 @@
+certFile: "/etc/blocky/ssl/blocky.crt"
+keyFile: "/etc/blocky/ssl/blocky.key"
+minTlsServeVersion: 1.2
+connectIPVersion: dual
+
+ports:
+  dns:
+    - "{{ hostvars['fw']['network4']['blocky']['server'] }}:53"
+    - "[{{ hostvars['fw']['network6']['blocky']['server'] }}]:53"
+  tls:
+    - "{{ hostvars['fw']['network4']['blocky']['server'] }}:853"
+    - "[{{ hostvars['fw']['network6']['blocky']['server'] }}]:853"
+  https:
+    - "{{ hostvars['fw']['network4']['blocky']['server'] }}:443"
+    - "[{{ hostvars['fw']['network6']['blocky']['server'] }}]:443"
+
+log:
+  level: info
+  format: text
+  timestamp: true
+  privacy: false
+
+upstreams:
+  groups:
+    default:
+      - "tcp-tls:1.1.1.1:853"
+      - "tcp-tls:1.0.0.1:853"
+      - "tcp-tls:[2606:4700:4700::1111]:853"
+      - "tcp-tls:[2606:4700:4700::1001]:853"
+
+conditional:
+  fallbackUpstream: false
+  mapping:
+    ilnmors.internal: "{{ hostvars['fw']['network4']['bind']['server'] }}, {{ hostvars['fw']['network6']['bind']['server'] }}"
+    ilnmors.com: "{{ hostvars['fw']['network4']['bind']['server'] }}, {{ hostvars['fw']['network6']['bind']['server'] }}"
+    1.168.192.in-addr.arpa: "{{ hostvars['fw']['network4']['bind']['server'] }}, {{ hostvars['fw']['network6']['bind']['server'] }}"
+    10.168.192.in-addr.arpa: "{{ hostvars['fw']['network4']['bind']['server'] }}, {{ hostvars['fw']['network6']['bind']['server'] }}"
+    0.0.0.0.0.0.0.0.1.0.0.0.0.0.d.f.ip6.arpa: "{{ hostvars['fw']['network4']['bind']['server'] }}, {{ hostvars['fw']['network6']['bind']['server'] }}"
+    0.0.0.0.0.0.0.0.0.1.0.0.0.0.d.f.ip6.arpa: "{{ hostvars['fw']['network4']['bind']['server'] }}, {{ hostvars['fw']['network6']['bind']['server'] }}"
+    vpn.ilnmors.com: "tcp-tls:1.1.1.1:853, tcp-tls:1.0.0.1:853, tcp-tls:[2606:4700:4700::1111]:853, tcp-tls:[2606:4700:4700::1001]:853"
+
+blocking:
+  blockType: nxDomain
+  denylists:
+    ads:
+      # [ General ]
+      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+      - https://big.oisd.nl
+      - https://o0.pages.dev/Lite/domains.txt
+      # [ Korean regional ]
+      - https://raw.githubusercontent.com/yous/YousList/master/hosts.txt
+      # [ Telemetry ]
+      - https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
+      - https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt
+  clientGroupsBlock:
+    default:
+      - ads
+
+caching:
+  minTime: 5m
+  maxTime: 30m
+  cacheTimeNegative: 0m
+  prefetching: true
+
+prometheus:
+  enable: false
+  path: /metrics