defaults = { 'apt': { 'packages': { 'unbound': {}, 'unbound-anchor': {}, }, }, 'cron': { 'unbound_refresh_root-hints': '{} {} * * {} root wget -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root >/dev/null'.format( node.magic_number%60, node.magic_number%24, node.magic_number%7, ), }, 'nameservers': { '127.0.0.1', }, 'unbound': { 'max_ttl': 3600, }, } @metadata_reactor def cpu_cores_to_threads(metadata): return { 'unbound': { 'threads': metadata.get('vm/cpu', 1)*2, }, } @metadata_reactor def iptables(metadata): interfaces = metadata.get('unbound/restrict-to-interfaces', set()) iptables = [] for iface in sorted(interfaces): iptables.append(f'iptables -A INPUT -i {iface} -p tcp --dport 53 -j ACCEPT') iptables.append(f'iptables -A INPUT -i {iface} -p udp --dport 53 -j ACCEPT') return { 'iptables': { 'bundle_rules': { 'unbound': iptables, }, }, }