from bundlewrap.metadata import atomic

defaults = {
    'apt': {
        'packages': {
            'unbound': {},
            'unbound-anchor': {},
        },
    },
    'cron': {
        'unbound_refresh_root-hints': '{} {} * * {}    root    wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
            node.magic_number%60,
            node.magic_number%24,
            node.magic_number%7,
        ),
        'unbound-auto-restart': '* * * * *    root    /usr/local/sbin/unbound-auto-restart',
    },
    'nameservers': {
        '127.0.0.1',
    },
    'unbound': {
        'max_ttl': 3600,
        'cache_size': '512M',
    },
}

if node.has_bundle('telegraf'):
    defaults['telegraf'] = {
        'input_plugins': {
            'builtin': {
                'unbound': [{
                    'thread_as_tag': True,
                    'use_sudo': True
                }],
            },
        },
        'sudo_commands': {
            '/usr/sbin/unbound-control',
        },
    }



@metadata_reactor.provides(
    'unbound/threads',
    'unbound/cache_slabs',
)
def cpu_cores_to_config_values(metadata):
    num_cpus = metadata.get('vm/cpu', 1)

    return {
        'unbound': {
            'threads': num_cpus*2,
            'cache_slabs': 2**(num_cpus-1).bit_length(),
        },
    }


@metadata_reactor.provides(
    'firewall/port_rules',
)
def firewall(metadata):
    return {
        'firewall': {
            'port_rules': {
                '53': atomic(metadata.get('unbound/restrict-to', set())),
                '53/udp': atomic(metadata.get('unbound/restrict-to', set())),
            },
        },
    }