blob: d38194f4cb109e9ebdf50825cc389767bb7d1216 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/bin/sh
unbound_user=unbound
unbound_conf_dir=/usr/local/etc/unbound
unbound_blocklist_dir="${unbound_conf_dir}/blocklists"
unbound_blocklist_url_file="${unbound_conf_dir}/blocklist_urls"
unbound_whitelist_file="${unbound_conf_dir}/whitelist"
: ${unbound_blocklist_urls:=''}
: ${unbound_whitelist:=''}
: ${unbound_cache_max_negative_ttl:='60'}
: ${unbound_rrset_cache_size:='104857600'} # 100 MB
: ${unbound_msg_cache_size:='52428800'} # 50 MB
: ${unbound_slabs:='2'}
: ${unbound_insecure_domains:=''}
: ${unbound_local_zones:=''}
: ${unbound_local_data:=''}
: ${unbound_blocklists:=''}
: ${unbound_threads:="$nproc"}
# Install unbound recursive resolver.
pkg install -y unbound
# Generate unbound configuration.
install_directory -m 0755 -o "$unbound_user" "$unbound_blocklist_dir"
install_template -m 0644 "${unbound_conf_dir}/unbound.conf"
# Download blocklists.
echo "$unbound_whitelist" | tee "$unbound_whitelist_file"
echo "$unbound_blocklists" | tee "$unbound_blocklist_url_file"
install_file -m 0755 /usr/local/libexec/idm-update-unbound-blocklists
su -m "$unbound_user" -c "/usr/local/libexec/idm-update-unbound-blocklists ${unbound_blocklist_url_file} ${unbound_whitelist_file} ${unbound_blocklist_dir}"
# Enable and start unbound.
sysrc -v unbound_enable=YES
service unbound restart
# Now we are ready to use unbound as the local resolver.
install_template -m 0644 /etc/resolv.conf
# Update blocklists with a cron job.
install_template -m 0644 /etc/cron.d/unbound
|