bundlewrap/bundles/unbound/metadata.py

defaults = {
    'apt': {
        'packages': {
            'unbound': {},
            'unbound-anchor': {},
        },
    },
    'nameservers': {
        '127.0.0.1',
    },
    'unbound': {
        'max_ttl': 3600,
    },
}


@metadata_reactor
def cpu_cores_to_threads(metadata):
    return {
        'unbound': {
            'threads': metadata.get('vm/cpu', 1)*2,
        },
    }


@metadata_reactor
def iptables(metadata):
    interfaces = metadata.get('unbound/restrict-to-interfaces', set())
    iptables = []

    for iface in sorted(interfaces):
        iptables.append(f'iptables -A INPUT -i {iface} -p tcp --dport 53 -j ACCEPT')
        iptables.append(f'iptables -A INPUT -i {iface} -p udp --dport 53 -j ACCEPT')

    return {
        'iptables': {
            'bundle_rules': {
                'unbound': iptables,
            },
        },
    }
bundles/unbound: introduce, add to nodes 2020-12-13 13:59:44 +00:00			`defaults = {`
			`'apt': {`
			`'packages': {`
			`'unbound': {},`
			`'unbound-anchor': {},`
			`},`
			`},`
			`'nameservers': {`
			`'127.0.0.1',`
			`},`
			`'unbound': {`
			`'max_ttl': 3600,`
			`},`
			`}`


			`@metadata_reactor`
			`def cpu_cores_to_threads(metadata):`
			`return {`
			`'unbound': {`
			`'threads': metadata.get('vm/cpu', 1)*2,`
			`},`
			`}`


			`@metadata_reactor`
			`def iptables(metadata):`
			`interfaces = metadata.get('unbound/restrict-to-interfaces', set())`
			`iptables = []`

			`for iface in sorted(interfaces):`
			`iptables.append(f'iptables -A INPUT -i {iface} -p tcp --dport 53 -j ACCEPT')`
			`iptables.append(f'iptables -A INPUT -i {iface} -p udp --dport 53 -j ACCEPT')`

			`return {`
			`'iptables': {`
			`'bundle_rules': {`
			`'unbound': iptables,`
			`},`
			`},`
			`}`