kunsi/bundlewrap
1
0
Fork 0
Code Issues 2 Pull requests 1 Releases Activity
bundlewrap/bundles/unbound/metadata.py
Franzi 2d42e5f7dd
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details
update bw to 4.3, add .provides() to metadata reactors
2021-01-07 18:44:38 +01:00

59 lines
1.4 KiB
Python
Raw Blame History

defaults = {
'apt': {
'packages': {
'unbound': {},
'unbound-anchor': {},
},
},
'cron': {
'unbound_refresh_root-hints': '{} {} * * {} root wget -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root >/dev/null'.format(
node.magic_number%60,
node.magic_number%24,
node.magic_number%7,
),
},
'nameservers': {
'127.0.0.1',
},
'unbound': {
'max_ttl': 3600,
'cache_size': '512M',
},
}
@metadata_reactor.provides(
'unbound/threads',
'unbound/cache_slabs',
)
def cpu_cores_to_config_values(metadata):
num_cpus = metadata.get('vm/cpu', 1)
return {
'unbound': {
'threads': num_cpus*2,
'cache_slabs': 2**(num_cpus-1).bit_length(),
},
}
@metadata_reactor.provides(
'iptables/bundle_rules/unbound',
)
def iptables(metadata):
interfaces = metadata.get('unbound/restrict-to-interfaces', set())
iptables = []
for iface in sorted(interfaces):
iptables.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 53 -j ACCEPT')
iptables.append(f'iptables_both -A INPUT -i {iface} -p udp --dport 53 -j ACCEPT')
return {
'iptables': {
'bundle_rules': {
'unbound': iptables,
},
},
}
Reference in a new issue View git blame Copy permalink