diff options
author | Cullum Smith <cullum@sacredheartsc.com> | 2024-09-24 22:35:45 -0400 |
---|---|---|
committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-09-24 22:35:45 -0400 |
commit | 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb (patch) | |
tree | 9279f7a330affbb5da6a1f147739b8dfd92d4a19 /scripts/hostclass/idm_server/40-unbound | |
parent | d9c18b3fcb9b036b6cdf69397828b59ab4c53091 (diff) | |
download | infrastructure-6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb.tar.gz |
finish up idm_server hostclass
Diffstat (limited to 'scripts/hostclass/idm_server/40-unbound')
-rw-r--r-- | scripts/hostclass/idm_server/40-unbound | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/scripts/hostclass/idm_server/40-unbound b/scripts/hostclass/idm_server/40-unbound new file mode 100644 index 0000000..39f1317 --- /dev/null +++ b/scripts/hostclass/idm_server/40-unbound @@ -0,0 +1,40 @@ +#!/bin/sh + +unbound_user=unbound +unbound_conf_dir=/usr/local/etc/unbound +unbound_blocklist_dir="${unbound_conf_dir}/blocklists" +unbound_blocklist_url_file="${unbound_conf_dir}/blocklist_urls" + +: ${unbound_blocklist_urls:=''} +: ${unbound_cache_max_negative_ttl:='60'} +: ${unbound_rrset_cache_size:='104857600'} # 100 MB +: ${unbound_msg_cache_size:='52428800'} # 50 MB +: ${unbound_slabs:='2'} +: ${unbound_insecure_domains:=''} +: ${unbound_local_zones:=''} +: ${unbound_local_data:=''} +: ${unbound_blocklists:=''} +: ${unbound_threads:="$nproc"} + +# Install unbound recursive resolver. +pkg install -y unbound + +# Generate unbound configuration. +install_directory -m 0755 -o "$unbound_user" "$unbound_blocklist_dir" +install_template -m 0644 "${unbound_conf_dir}/unbound.conf" + +# Download blocklists. +echo "$unbound_blocklists" | tee "$unbound_blocklist_url_file" +install_file -m 0755 /usr/local/libexec/idm-update-unbound-blocklists +su -m "$unbound_user" -c "/usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_dir} < ${unbound_blocklist_url_file}" + +# Enable and start unbound. +sysrc -v unbound_enable=YES +service unbound restart + +# Now we are ready to us unbound as the local resolver. +install_template -m 0644 /etc/resolv.conf + +# Update blocklists with a cron job. +echo "@daily root su -m ${unbound_user} -c \"/usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_dir} < ${unbound_blocklist_url_file}\" && service unbound reload" \ + | tee /etc/cron.d/idm-update-unbound-blocklists |