unbound(role): reformat config template and use all vcpus

roles/unbound/templates/unbound.conf.j2

@@ -1,22 +1,18 @@
 # ref: https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html
 #      unbound.conf(5) man page
 server:
-    {% if unbound_enable_dnssec -%}
+  {% if unbound_enable_dnssec -%}
-    # disable chroot because unbound is the only thing running on the VM
+  # location of the trust anchor file that enables DNSSEC
-    # and because it has issues with how archlinux configures the systemd units write protection regarding the anchor file
+  # this file is generated by the `unbound-anchor` command
-    chroot: ""
+  auto-trust-anchor-file: "/etc/unbound/trusted-key.key"
-
+  {% endif -%}
-    # location of the trust anchor file that enables DNSSEC
-    # this file is generated by the `unbound-anchor` command
-    auto-trust-anchor-file: "/etc/unbound/trusted-key.key"
-    {% endif -%}
 
 	# use all CPUs
-	num-threads: 2
+	num-threads: {{ ansible_facts['processor_vcpus'] }}
 
 	# more cache memory
-    rrset-cache-size: 60m
+  rrset-cache-size: 60m
-    msg-cache-size: 30m
+  msg-cache-size: 30m
 
 	# prefetch to keep the cache up to date
 	prefetch: yes
@@ -25,49 +21,48 @@ server:
 	prefetch-key: yes
 
 	# Faster UDP with multithreading (only on Linux).
-    so-reuseport: yes
+  so-reuseport: yes
 
 	# disable special large send buffer handling and just use kernel defaults
-    so-sndbuf: 0
+  so-sndbuf: 0
 
-    # send minimal amount of information to upstream servers to enhance privacy
+  # send minimal amount of information to upstream servers to enhance privacy
-    qname-minimisation: yes
+  qname-minimisation: yes
 
-    # specify the interface to answer queries from by ip-address.
+  # specify the interface to answer queries from by ip-address.
-    {% for i in unbound_bind_interfaces -%}
+  {% for i in unbound_bind_interfaces -%}
-    interface: "{{ i }}"
+  interface: "{{ i }}"
-    {% endfor %}
+  {% endfor %}
 
-    # addresses from the IP range that are allowed to connect to the resolver
+  # addresses from the IP range that are allowed to connect to the resolver
-    {% for i in unbound_access_control -%}
+  {% for i in unbound_access_control -%}
-    access-control: {{ i }}
+  access-control: {{ i }}
-    {% endfor -%}
+  {% endfor -%}
 
-    {% for i in unbound_private_domain -%}
+  {% for i in unbound_private_domain -%}
-    private-domain: {{ i }}
+  private-domain: {{ i }}
-    {% endfor -%}
+  {% endfor -%}
 
-    # The number of seconds between printing statistics to the log for every thread.
+  # The number of seconds between printing statistics to the log for every thread.
-    statistics-interval: 0
+  statistics-interval: 0
 
-    # Extended statistics are printed, Keeping track of more statistics takes time.
+  # Extended statistics are printed, Keeping track of more statistics takes time.
-    extended-statistics: yes
+  extended-statistics: yes
 
 remote-control:
-    control-enable: {{ "yes" if unbound_enable_unbound_control else "no" }}
+  control-enable: {{ "yes" if unbound_enable_unbound_control else "no" }}
-    control-interface: /run/unbound-control.sock
+  control-interface: /run/unbound-control.sock
 
 
 # configure some zones for which this resolver will act authoritatively
 # https://www.dns.icann.org/services/axfr/
 {% for i in [ ".", "in-addr.arpa.", "arpa.", "root-servers.net.", "ip6.arpa.", "ip6-servers.arpa.", "mcast.net." ] %}
 auth-zone:
-    name: "{{ i }}"
+  name: "{{ i }}"
-    primary: "lax.xfr.dns.icann.org"
+  primary: "lax.xfr.dns.icann.org"
-    primary: "iad.xfr.dns.icann.org"
+  primary: "iad.xfr.dns.icann.org"
-    fallback-enabled: yes
+  fallback-enabled: yes
-    for-downstream: no
+  for-downstream: no
-    for-upstream: yes
+  for-upstream: yes
-
 
 {% endfor %}