defaults = {
    'apt': {
        'packages': {
            'unbound': {},
            'unbound-anchor': {},
        },
    },
    'cron': {
        'unbound_refresh_root-hints': '{} {} * * {}    root    wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
            node.magic_number%60,
            node.magic_number%24,
            node.magic_number%7,
        ),
    },
    'nameservers': {
        '127.0.0.1',
    },
    'unbound': {
        'max_ttl': 3600,
        'cache_size': '512M',
    },
}


@metadata_reactor.provides(
    'unbound/threads',
    'unbound/cache_slabs',
)
def cpu_cores_to_config_values(metadata):
    num_cpus = metadata.get('vm/cpu', 1)

    return {
        'unbound': {
            'threads': num_cpus*2,
            'cache_slabs': 2**(num_cpus-1).bit_length(),
        },
    }


@metadata_reactor.provides(
    'iptables/bundle_rules/unbound',
)
def iptables(metadata):
    identifiers = metadata.get('unbound/restrict-to', set())
    rules = set()

    if identifiers:
        for identifier in sorted(identifiers):
            resolved = repo.libs.tools.resolve_identifier(repo, identifier)

            for address in resolved['ipv4']:
                rules.add(f'iptables -A INPUT -p tcp -s {address} --dport 53 -j ACCEPT')
                rules.add(f'iptables -A INPUT -p udp -s {address} --dport 53 -j ACCEPT')

            for address in resolved['ipv6']:
                rules.add(f'ip6tables -A INPUT -p tcp -s {address} --dport 53 -j ACCEPT')
                rules.add(f'ip6tables -A INPUT -p udp -s {address} --dport 53 -j ACCEPT')

    return {
        'iptables': {
            'bundle_rules': {
                'unbound': list(sorted(rules)),
            },
        },
    }