#!/bin/sh

unbound_user=unbound
unbound_conf_dir=/usr/local/etc/unbound
unbound_blocklist_dir="${unbound_conf_dir}/blocklists"
unbound_blocklist_url_file="${unbound_conf_dir}/blocklist_urls"
unbound_whitelist_file="${unbound_conf_dir}/whitelist"

: ${unbound_blocklist_urls:=''}
: ${unbound_whitelist:=''}
: ${unbound_cache_max_negative_ttl:='60'}
: ${unbound_rrset_cache_size:='104857600'} # 100 MB
: ${unbound_msg_cache_size:='52428800'} # 50 MB
: ${unbound_slabs:='2'}
: ${unbound_insecure_domains:=''}
: ${unbound_local_zones:=''}
: ${unbound_local_data:=''}
: ${unbound_blocklists:=''}
: ${unbound_threads:="$nproc"}

# Install unbound recursive resolver.
pkg install -y unbound

# Generate unbound configuration.
install_directory -m 0755 -o "$unbound_user" "$unbound_blocklist_dir"
install_template -m 0644 "${unbound_conf_dir}/unbound.conf"

# Download blocklists.
echo "$unbound_whitelist"  | tee "$unbound_whitelist_file"
echo "$unbound_blocklists" | tee "$unbound_blocklist_url_file"
install_file -m 0755 /usr/local/libexec/idm-update-unbound-blocklists
su -m "$unbound_user" -c "/usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_url_file} ${unbound_whitelist_file} ${unbound_blocklist_dir}"

# Enable and start unbound.
sysrc -v unbound_enable=YES
service unbound restart

# Now we are ready to use unbound as the local resolver.
install_template -m 0644 /etc/resolv.conf

# Update blocklists with a cron job.
install_template -m 0644 /etc/cron.d/unbound