replicaCount: 1
image:
    repository: ghcr.io/0xerr0r/blocky
    tag: v0.24
    pullPolicy: IfNotPresent
service:
    type: LoadBalancer
    annotations:
        io.cilium/lb-ipam-ips: 10.1.2.172
    ports:
        dns:
            port: 53
            protocol: UDP
        dns-tcp:
            port: 53
            protocol: TCP
resources:
    limits:
        cpu: 200m
        memory: 256Mi
    requests:
        cpu: 50m
        memory: 64Mi
config:
    upstream:
        default:
            - 1.1.1.1
            - 1.0.0.1
        # Conditional forwarding for .lan zone to CoreDNS
        lan:
            - coredns.coredns.svc.cluster.local
    conditional:
        mapping:
            lan: coredns.coredns.svc.cluster.local
    blocking:
        # Whitelist - domains that should never be blocked
        whiteLists:
            ads:
                - dealabs.digidip.net
                - s.click.aliexpress.com
                - fonts.googleapis.com
                - fonts.gstatic.com
                - wl.spotify.com
                - www.googleadservices.com
        # Blocklists
        blackLists:
            ads:
                - https://big.oisd.nl/
                - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
                - https://adaway.org/hosts.txt
        # Block all query types for blocked domains
        blockType: any
        # Refresh blocklists every 4 hours
        refreshPeriod: 4h
        # Download timeout for blocklists
        downloadTimeout: 60s
    # DNS caching
    caching:
        minTime: 5m
        maxTime: 30m
        prefetching: true
        prefetchExpires: 2h
        prefetchThreshold: 5
    # Prometheus metrics
    prometheus:
        enabled: true
        path: /metrics
    # Logging
    log:
        level: info
        format: text
        timestamp: true
    # HTTP API for web UI and API
    http:
        address: 0.0.0.0:4000
sops:
    lastmodified: "2026-05-02T09:29:44Z"
    mac: ENC[AES256_GCM,data:VsTrsCFEFQnZXhOOwGEt1yMcrnTOzhA69xF8G4ZjtmpjtyQ6aPlkCdOOKpPKryOXo9W6tUScvRJLNdxFeugqSALfXPiEQXMvypiiavVmGy9ALkQML+fRYFISD0ABz4Wd389KUdIZJR8C01GzwrjcyXiwwD/RTdCaYyu7vtwIP+o=,iv:hw867evKgefM18toiCEbGGZ49N0dZnCNXPR4Fzf/v1g=,tag:q7RpSPfDoz4f5Qt1NdIX0w==,type:str]
    pgp:
        - created_at: "2026-05-02T09:29:43Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----

            hQIMA7uy4qQr71wiARAArXJGrHPy+Ll0CzMkn3LouguZSTfhBYGKbhHq8N+y+GJc
            wwHVpu6TZ6NPIS1RuN6yUSA2/+eTkf411ASvsboD0MnabSIumZI7zlGkv+kQSh/J
            q5zL7mOhYP4EuqUIoXCip2ZSGBiu5s2LFcV+Ie7Txp6L5YqClza694DjZsVKZd8g
            kx8EMTlRxRl3xor5qAXaZhdOzlQxIbspfqCOStri4HiKNIHyeaB3HjtfrYbY1iDT
            y+FfLTuQlWZkDe0dHqmNctVL4mozfTJbnyx/wsCgVL7ns1/IxqNcADrsA02tb17c
            zCj8tdRCJxmwfcnTnYukZMgszqGVfjz/+4tZuDcblN7vvN2eMHao54VYk5u4qQ6V
            NGtkazB/D1vFqw/YLMscbfSBQa36jp/xHijrwR1p00PWet9Mre6v19Vwyq0qkVKO
            CpU5mfrLuX0ewQZTUaPr6fOvuybKVlBhEU8ESz1bq+6KpXLiJgj9PzFCdXks8cC8
            qh1t9/9z9O1I4JIQrrL6mkyORRr+7ivNpKVHniwHtYa/yphICv5HhlXbF36kc6aF
            QTHe/rYe9lFgwrWFcq8PeHKNVxm4svK+pIf5HnSBPNuk3V2lGkA/1BRRVaThYhMY
            3OwpnBYtlX5vXBuWdWP3bMWY25ggoZLPQym9leBDnoNpEewNPQORHTO2RQgS/bPS
            XgGvrlSfN/dns6YtkyJPL+bal0xiziMVMIFEIUYtjQzC11F1CKYVhsxwQHcmUMD3
            jmn9iwGRGf6uAhZ8v4KUAQxuVbKq9/Q7O4LOMUe6Zhmhxch/qWtBu9fXexlfWWA=
            =tK2P
            -----END PGP MESSAGE-----
          fp: DC6910268E657FF70BA7EC289974494E76938DDC
    encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
    version: 3.10.2