Benoit/esh
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2025-02-14. You can view files and clone it, but cannot push or open issues or pull requests.
esh/cinc-repo/policyfiles/dns.rb

433 lines
9.7 KiB
Ruby
Raw Permalink Normal View History

Archive abandoned project
2025-02-15 00:56:26 +09:00
name 'dns'
###
# Cookbooks location
###
# ESH
default_source :chef_repo, '../cookbooks'
# Community
default_source :supermarket, 'https://supermarket.chef.io'
###
# Run List
###
run_list %w(
esh_go_mmproxy::default
esh_adguard::default
)
###
# Attributes
###
###
# esh_go_mmproxy
###
# to:listen
default['esh']['go_mmproxy']['proxies'] = {
'853': '10853',
}
default['esh']['go_mmproxy']['prefixes'] = <<~EOT
10.0.0.0/8
EOT
###
# esh_adguard
###
default['esh']['adguard']['cert_pub'] = 'http://10.10.10.1:8898/dns.benoit.jp.net/fullchain.pem'
default['esh']['adguard']['cert_priv'] = 'http://10.10.10.1:8898/dns.benoit.jp.net/privkey.pem'
default['esh']['adguard']['cert_auth'] = ''
default['esh']['adguard']['version'] = '0.107.55'
default['esh']['adguard']['config'] = <<~EOT
http:
pprof:
port: 6060
enabled: false
address: 0.0.0.0:80
session_ttl: 720h
users:
- name: benoit
password:
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: en
theme: dark
dns:
bind_hosts:
- 0.0.0.0
port: 1053
anonymize_client_ip: false
ratelimit: 100
ratelimit_subnet_len_ipv4: 24
ratelimit_subnet_len_ipv6: 56
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- '# Quad9'
- https://dns11.quad9.net/dns-query
- '# CloudFlare'
- tls://1dot1dot1dot1.cloudflare-dns.com
- https://dns.cloudflare.com/dns-query
- '# IIJ'
- tls://public.dns.iij.jp
- https://public.dns.iij.jp/dns-query
- '# NextDNS'
- tls://dns.nextdns.io
- https://dns.nextdns.io
- https://anycast.dns.nextdns.io
- tls://anycast.dns.nextdns.io
- '# AdGuard'
- https://unfiltered.adguard-dns.com/dns-query
- tls://unfiltered.adguard-dns.com
- quic://unfiltered.adguard-dns.com
- '# Cisco OpenDNS'
- https://doh.opendns.com/dns-query
- '# Google'
- https://dns.google/dns-query
- tls://dns.google
- '# Tailscale'
- '[/taile088c7.ts.net/]100.100.100.100'
upstream_dns_file: ""
bootstrap_dns:
- 94.140.14.140
fallback_dns: []
upstream_mode: load_balance
fastest_timeout: 1s
allowed_clients:
- chiisai-firefox
- bluejay
- chiisai-chromium
- tangorpro
- reven
- lavie-firefox
- lavie-chromium
- caiman
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
- 10.0.0.0/8
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: true
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: true
edns_client_subnet:
custom_ip: ""
enabled: false
use_custom: false
max_goroutines: 50
handle_ddr: true
ipset: []
ipset_file: ""
bootstrap_prefer_ipv6: false
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
serve_plain_dns: false
hostsfile_enabled: true
tls:
enabled: true
server_name: dns.benoit.jp.net
force_https: true
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 784
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: /etc/adguard/fullchain.pem
private_key_path: /etc/adguard/privkey.pem
strict_sni_check: false
querylog:
dir_path: ""
ignored: []
interval: 2160h
size_memory: 1000
enabled: true
file_enabled: true
statistics:
dir_path: ""
ignored: []
interval: 2160h
enabled: true
filters:
- enabled: true
url: https://logroid.github.io/adaway-hosts/hosts.txt
name: AdAway Blocking Hosts File for Japan
id: 1598087715
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt
name: The NoTracking blocklist
id: 1686439100
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1686439101
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 1686439102
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt
name: WindowsSpyBlocker - Hosts spy rules
id: 1686439103
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt
name: Dandelion Sprout's Game Console Adblock List
id: 1686439104
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt
name: Perflyst and Dandelion Sprout's Smart-TV Blocklist
id: 1686439105
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt
name: Malicious URL Blocklist (URLHaus)
id: 1686439106
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt
name: The Big List of Hacked Malware Web Sites
id: 1686439107
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt
name: Stalkerware Indicators List
id: 1686439108
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_42.txt
name: ShadowWhisperer's Malware List
id: 1686439109
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt
name: Scam Blocklist by DurableNapkin
id: 1686439110
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt
name: NoCoin Filter List
id: 1686439111
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt
name: Dandelion Sprout's Anti-Malware List
id: 1686439112
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt
name: Phishing URL Blocklist (PhishTank and OpenPhish)
id: 1686439113
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt
name: 1Hosts (Lite)
id: 1686439114
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt
name: Dan Pollock's List
id: 1686439115
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt
name: OISD Blocklist Big
id: 1686439117
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt
name: Peter Lowe's Blocklist
id: 1686439118
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt
name: Steven Black's List
id: 1686439119
whitelist_filters: []
user_rules:
- '@@||rd.rakuten.co.jp^$important'
- '@@||fls-fe.amazon.co.jp^$important'
- '@@||searchapi.agoda.com^$important'
- '@@||auth.split.io^$important'
- '@@||sdk.split.io^$important'
- ""
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
filtering:
blocking_ipv4: ""
blocking_ipv6: ""
blocked_services:
schedule:
time_zone: Local
ids:
- facebook
- twitter
- snapchat
- origin
- epic_games
- vk
- mail_ru
- discord
- ok
- tiktok
- 9gag
- hulu
- whatsapp
- wechat
- tinder
- skype
- pinterest
- disneyplus
- qq
- weibo
- telegram
- roblox
- icloud_private_relay
- zhihu
- minecraft
- douban
- deezer
- bilibili
- instagram
- iqiyi
- lazada
- riot_games
- tidal
- twitch
- voot
- xboxlive
- rakuten_viki
- leagueoflegends
- kakaotalk
- hbomax
- crunchyroll
- kik
- onlyfans
- shopee
- soundcloud
- valorant
- shein
- temu
- yy
- xiaohongshu
- wargaming
- ubisoft
- wizz
- samsung_tv_plus
- nebula
- lionsgateplus
- fifa
- dropbox
- discoveryplus
- coolapk
- claro
- bluesky
- betfair
- apple_streaming
- 500px
- amino
- betano
- bigo_live
- blizzard_entertainment
- canais_globo
- clubhouse
- electronic_arts
- globoplay
- linkedin
- paramountplus
- plenty_of_fish
- privacy
- rockstar_games
- pluto_tv
- mercado_libre
- looke
- kook
- iheartradio
- espn
- directvgo
- box
- blaze
- betway
- battle_net
- activision_blizzard
- 4chan
- ebay
- olvid
- peacock_tv
- slack
- spotify
- tumblr
protection_disabled_until: null
safe_search:
enabled: false
bing: true
duckduckgo: true
ecosia: true
google: true
pixabay: true
yandex: true
youtube: true
blocking_mode: null_ip
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: []
safe_fs_patterns:
- /var/lib/adguard/data/userfilters/*
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
filters_update_interval: 24
blocked_response_ttl: 10
filtering_enabled: true
parental_enabled: true
safebrowsing_enabled: true
protection_enabled: true
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log:
enabled: true
file: ""
max_backups: 0
max_size: 100
max_age: 3
compress: false
local_time: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 29
EOT
Reference in a new issue Copy permalink