feat(pi-hole): Configuring Pi-Hole lists

infra/pi-hole/cm-adlists.yaml

@@ -1,32 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: adlists.list
-  namespace: pi-hole
-data:
-  adlists.list: |
-    https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
-    https://mirror1.malwaredomains.com/files/justdomains
-    http://sysctl.org/cameleon/hosts
-    https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
-    https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
-    https://hosts-file.net/ad_servers.txt
-    https://blocklist.site/app/dl/porn
-    https://blocklist.site/app/dl/fakenews
-    https://blocklist.site/app/dl/tracking
-    https://blocklist.site/app/dl/drugs
-    https://blocklist.site/app/dl/phishing
-    https://blocklist.site/app/dl/gambling
-    https://blocklist.site/app/dl/malware
-    https://blocklist.site/app/dl/spam
-    https://blocklist.site/app/dl/ads
-    https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt
-    https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
-    https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
-    https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.2o7Net/hosts
-    https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
-    https://v.firebog.net/hosts/Easyprivacy.txt
-    https://v.firebog.net/hosts/Prigent-Ads.txt
-    https://blocklist.site/app/dl/scam
-    https://blocklist.site/app/dl/proxy
-    https://blocklist.site/app/dl/redirect

infra/pi-hole/cm-dnsmasq.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: pi-hole-custom-dnsmasq
-data:
-  02-custom.conf: |
-    address=/stonegarden.dev/192.168.1.128
-    address=/stonegarden.lan/192.168.1.128

infra/pi-hole/cm-ftl.yaml

@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: pihole-ftl.conf
-  namespace: pi-hole
-data:
-  pihole-FTL.conf: |
-    MAXDBDAYS=7
-    LOGFILE=/var/log/pihole/pihole-FTL.log

infra/pi-hole/cm-regex.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: regex.list
-  namespace: pi-hole
-data:
-  regex.list: |
-    (^|\.)googlevideo\.com$
-    (^|\.)twitch\.tv$
-    (^|\.)wuaki\.tv$
-    (^|\.)youtube\.be$
-    (^|\.)youtube\.com$
-    (^|\.)xvpn\.com$
-    (^|\.)xvpn\.io$
-    (^|\.)tiktok\.com$
-    (^|\.)musical\.ly$

infra/pi-hole/cm-whitelist.yaml

@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: whitelist.txt
-  namespace: pi-hole
-data:
-  whitelist.txt: |
-    ichnaea.netflix.com
-    nrdp.nccp.netflix.com

infra/pi-hole/config/adlists.list

@@ -0,0 +1,10 @@
+https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
+https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
+https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt
+https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
+https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
+https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.2o7Net/hosts
+https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
+https://v.firebog.net/hosts/Easyprivacy.txt
+https://v.firebog.net/hosts/Prigent-Ads.txt

infra/pi-hole/config/pihole-FTL.conf

@@ -0,0 +1,2 @@
+MAXDBDAYS=200
+LOGFILE=/var/log/pihole/pihole-FTL.log

infra/pi-hole/config/regex.list

@@ -0,0 +1,2 @@
+(^|\.)twitch\.tv$
+(^|\.)youtube\.com$

infra/pi-hole/config/whitelist.txt

@@ -0,0 +1,2 @@
+ichnaea.netflix.com
+nrdp.nccp.netflix.com

infra/pi-hole/deployment.yaml

@@ -11,10 +11,10 @@ spec:
     matchLabels:
       app: pi-hole
   strategy:
+    type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
       maxUnavailable: 1
-    type: RollingUpdate
   template:
     metadata:
       labels:
@@ -55,86 +55,62 @@ spec:
             limits:
               cpu: "250m"
               memory: "896Mi"
-          #readinessProbe:
-          #  exec:
-          #    command: ['dig', '@127.0.0.1', 'cnn.com']
-          #  timeoutSeconds: 20
-          #  initialDelaySeconds: 5
-          #  periodSeconds: 60
-          #livenessProbe:
-          #  tcpSocket:
-          #    port: dns-tcp
-          #  initialDelaySeconds: 15
-          #  periodSeconds: 30
           livenessProbe:
-            httpGet:
+            tcpSocket:
-              path: /admin/index.php
+              port: dns-tcp
-              port: http
-              scheme: HTTP
             initialDelaySeconds: 60
             failureThreshold: 10
             timeoutSeconds: 5
           readinessProbe:
-            httpGet:
+            exec:
-              path: /admin/index.php
+              command:
-              port: http
+                - 'dig'
-              scheme: HTTP
+                - '@127.0.0.1'
+                - 'github.com'
             initialDelaySeconds: 60
             failureThreshold: 3
             timeoutSeconds: 5
           volumeMounts:
+            - name: config
+              mountPath: /etc/pihole
             - name: custom-dnsmasq
               mountPath: /etc/dnsmasq.d/02-custom.conf
               subPath: 02-custom.conf
-           # - name: var-log
+            #- name: ftl-conf
-           #   mountPath: /var/log
-           # - name: var-log-lighttpd
-           #   mountPath: /var/log/lighttpd
-           # - name: ftlconf
             #  mountPath: /etc/pihole/pihole-FTL.conf
             #  subPath: pihole-FTL.conf
-           # - name: regex
+            - name: ad-lists
-           #   mountPath: /etc/pihole/regex.list
+              mountPath: /etc/pihole/adlists.list
-           #   subPath: regex.list
+              subPath: adlists.list
-           # - name: whitelist
+            - name: regex
-           #   mountPath: /etc/pihole/whitelist.txt
+              mountPath: /etc/pihole/regex.list
-           #   subPath: whitelist.txt
+              subPath: regex.list
-           # - name: adlists
+            - name: whitelist
-           #   mountPath: /etc/pihole/adlists.list
+              mountPath: /etc/pihole/whitelist.txt
-           #   subPath: adlists.list
+              subPath: whitelist.txt
       restartPolicy: Always
       volumes:
+        - name: config
+          emptyDir: {}
+        #  persistentVolumeClaim:
+        #    claimName: pi-hole-config
         - name: custom-dnsmasq
           configMap:
+        #    defaultMode: 420
             name: custom-dnsmasq
-            defaultMode: 420
+        #- name: ftl-conf
-        #- name: var-log
-        #  emptyDir:
-        #    medium: Memory
-        #- name: var-log-lighttpd
-        #  emptyDir:
-        #    medium: Memory
-        #- name: ftlconf
         #  configMap:
-        #    name: pihole-ftl.conf
+        #    defaultMode: 420
-        #    items:
+        #    name: ftl-conf
-        #      - key: pihole-FTL.conf
+        - name: ad-lists
-        #        path: pihole-FTL.conf
+          configMap:
-        #- name: regex
+        #    defaultMode: 420
-        #  configMap:
+            name: adlists.list
-        #    name: regex.list
+        - name: regex
-        #    items:
+          configMap:
-        #      - key: regex.list
+        #    defaultMode: 420
-        #        path: regex.list
+            name: regex.list
-        #- name: whitelist
+        - name: whitelist
-        #  configMap:
+          configMap:
-        #    name: whitelist.txt
+        #    defaultMode: 420
-        #    items:
+            name: whitelist.txt
-        #      - key: whitelist.txt
-        #        path: whitelist.txt
-        #- name: adlists
-        #  configMap:
-        #    name: adlists.list
-        #    items:
-        #      - key: adlists.list
-        #        path: adlists.list

infra/pi-hole/kustomization.yaml

@@ -4,25 +4,32 @@ namespace: pi-hole
 commonLabels:
   app: pi-hole
 
-
 configMapGenerator:
   - name: pi-hole-env
     envs:
       - config/pi-hole-env
+  - name: ftl-conf
+    files:
+      - config/pihole-FTL.conf
   - name: custom-dnsmasq
     files:
       - config/02-custom.conf
+  - name: adlists.list
+    files:
+      - config/adlists.list
+  - name: regex.list
+    files:
+      - config/regex.list
+  - name: whitelist.txt
+    files:
+      - config/whitelist.txt
 
 resources:
   - namespace.yaml
   - auth-secret.yaml
   - ingress-route.yaml
   - service.yaml
-  #- cm-dnsmasq.yaml
+#  - pvc.yaml
-  #- cm-adlists.yaml
-  #- cm-ftl.yaml
-  #- cm-regex.yaml
-  #- cm-whitelist.yaml
   - deployment.yaml
 
 helmGlobals:

infra/pi-hole/pvc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pi-hole-config
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Mi