bundles/unbound: introduce, add to nodes
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
c5e43188ca
commit
3eeb253e55
GPG key ID:
12E3D2136B818350
7 changed files with 141 additions and 13 deletions
42
bundles/unbound/metadata.py
Normal file
42
bundles/unbound/metadata.py
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
defaults = {
|
||||
'apt': {
|
||||
'packages': {
|
||||
'unbound': {},
|
||||
'unbound-anchor': {},
|
||||
},
|
||||
},
|
||||
'nameservers': {
|
||||
'127.0.0.1',
|
||||
},
|
||||
'unbound': {
|
||||
'max_ttl': 3600,
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor
|
||||
def cpu_cores_to_threads(metadata):
|
||||
return {
|
||||
'unbound': {
|
||||
'threads': metadata.get('vm/cpu', 1)*2,
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor
|
||||
def iptables(metadata):
|
||||
interfaces = metadata.get('unbound/restrict-to-interfaces', set())
|
||||
iptables = []
|
||||
|
||||
for iface in sorted(interfaces):
|
||||
iptables.append(f'iptables -A INPUT -i {iface} -p tcp --dport 53 -j ACCEPT')
|
||||
iptables.append(f'iptables -A INPUT -i {iface} -p udp --dport 53 -j ACCEPT')
|
||||
|
||||
return {
|
||||
'iptables': {
|
||||
'bundle_rules': {
|
||||
'unbound': iptables,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue