feat: make defaults configurable

templates/unbound/unbound.conf.j2

@@ -1,35 +1,41 @@
 server:
-  verbosity: 1
+  verbosity: {{ unbound_verbosity }}
   interface-automatic: yes
   ip-freebind: yes
-  port: 53
+  port: {{ unbound_port }}
   do-ip4: yes
-  do-ip6: yes
+  do-ip6: {{ 'yes' if unbound_do_ip6 else 'no' }}
   do-udp: yes
-  do-tcp: no
-    
+  do-tcp: {{ 'yes' if unbound_do_tcp else 'no' }}
+
   # access control
 {% for network in unbound_allow_access %}
   ## {{ network.name }}
   access-control: {{ network.network }} allow
 
 {% endfor %}
-  
-  # security and performance
-  cache-max-ttl: 86400
-  cache-min-ttl: 3600
-  harden-dnssec-stripped: yes
-  harden-glue: yes
-  hide-identity: yes
-  hide-version: yes
-  infra-cache-slabs: 8
-  key-cache-slabs: 8
-  msg-cache-slabs: 8
-  num-threads: 2
-  prefetch: yes
-  rrset-cache-slabs: 8
-  use-caps-for-id: no
-  
+
+  # performance
+  num-threads: {{ unbound_num_threads }}
+  so-reuseport: {{ 'yes' if unbound_so_reuseport else 'no' }}
+  infra-cache-slabs: {{ unbound_num_threads }}
+  key-cache-slabs: {{ unbound_num_threads }}
+  msg-cache-slabs: {{ unbound_num_threads }}
+  rrset-cache-slabs: {{ unbound_num_threads }}
+
+  # cache
+  cache-max-ttl: {{ unbound_cache_max_ttl }}
+  cache-min-ttl: {{ unbound_cache_min_ttl }}
+  prefetch: {{ 'yes' if unbound_prefetch else 'no' }}
+
+  # security
+  harden-dnssec-stripped: {{ 'yes' if unbound_harden_dnssec_stripped else 'no' }}
+  harden-glue: {{ 'yes' if unbound_harden_glue else 'no' }}
+  hide-identity: {{ 'yes' if unbound_hide_identity else 'no' }}
+  hide-version: {{ 'yes' if unbound_hide_version else 'no' }}
+  use-caps-for-id: {{ 'yes' if unbound_use_caps_for_id else 'no' }}
+  qname-minimisation: {{ 'yes' if unbound_qname_minimisation else 'no' }}
+
   # include zone configurations
   include: "/etc/unbound/zones.conf"