defaults = {
    'apt': {
        'packages': {
            'unbound': {},
            'unbound-anchor': {},
        },
    },
    'cron': {
        'unbound_refresh_root-hints': '{} {} * * {}    root    wget -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root >/dev/null'.format(
            node.magic_number%60,
            node.magic_number%24,
            node.magic_number%7,
        ),
    },
    'nameservers': {
        '127.0.0.1',
    },
    'unbound': {
        'max_ttl': 3600,
        'cache_size': '512M',
    },
}


@metadata_reactor.provides(
    'unbound/threads',
    'unbound/cache_slabs',
)
def cpu_cores_to_config_values(metadata):
    num_cpus = metadata.get('vm/cpu', 1)

    return {
        'unbound': {
            'threads': num_cpus*2,
            'cache_slabs': 2**(num_cpus-1).bit_length(),
        },
    }


@metadata_reactor.provides(
    'iptables/bundle_rules/unbound',
)
def iptables(metadata):
    interfaces = metadata.get('unbound/restrict-to-interfaces', set())
    iptables = []

    for iface in sorted(interfaces):
        iptables.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 53 -j ACCEPT')
        iptables.append(f'iptables_both -A INPUT -i {iface} -p udp --dport 53 -j ACCEPT')

    return {
        'iptables': {
            'bundle_rules': {
                'unbound': iptables,
            },
        },
    }