upstreams:
  init:
    strategy: blocking
  groups:
    default:
      - tcp-tls:dns.quad9.net
      - tcp-tls:dns.mullvad.net

ports:
  dns: 53
  http: 4000
  tls: 853

customDNS:
  filterUnmappedTypes: false

blocking:
  denylists:
    ads:
      - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
      - http://sysctl.org/cameleon/hosts
      - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
    nsfw:
      - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/nsfw-onlydomains.txt
  clientGroupsBlock:
    default:
      - ads
      - nsfw
  blockType: zeroIp
  loading:
    refreshPeriod: 24h
    strategy: blocking

minTlsServeVersion: 1.3

bootstrapDns:
  - upstream: tcp-tls:dns.quad9.net
    ips:
      - 9.9.9.9
  - upstream: tcp-tls:dns.mullvad.net
    ips:
      - 194.242.2.2

certFile: /opt/blocky/certs/fullchain.pem
keyFile: /opt/blocky/certs/privkey.pem

log:
  level: warn
  privacy: true