From 342e145273c0cbb028467bcacbd47d07d0675a95 Mon Sep 17 00:00:00 2001
From: Wim <11030068+wimb0@users.noreply.github.com>
Date: Mon, 2 Dec 2024 09:07:53 +0100
Subject: [PATCH] New script: Unbound LXC (#547)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Create unbound-install.sh

* Create unbound.sh

* Update unbound.sh

* Update unbound.sh

* Update unbound-install.sh

* Update unbound.sh

* Create unbound.json

* Fix logo font

* Update unbound-install.sh

* Update unbound-install.sh

* Update unbound-install.sh

* Update unbound-install.sh

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update unbound-install.sh

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update json/unbound.json

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update unbound.json

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update install/unbound-install.sh

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>

* Update unbound-install.sh

---------

Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>
---
 ct/unbound.sh              | 73 +++++++++++++++++++++++++++++
 install/unbound-install.sh | 94 ++++++++++++++++++++++++++++++++++++++
 json/unbound.json          | 39 ++++++++++++++++
 3 files changed, 206 insertions(+)
 create mode 100644 ct/unbound.sh
 create mode 100644 install/unbound-install.sh
 create mode 100644 json/unbound.json

diff --git a/ct/unbound.sh b/ct/unbound.sh
new file mode 100644
index 00000000..94d0a405
--- /dev/null
+++ b/ct/unbound.sh
@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: wimb0
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+function header_info {
+clear
+cat <<"EOF"
+   __  __      __                          __
+  / / / /___  / /_  ____  __  ______  ____/ /
+ / / / / __ \/ __ \/ __ \/ / / / __ \/ __  / 
+/ /_/ / / / / /_/ / /_/ / /_/ / / / / /_/ /  
+\____/_/ /_/_.___/\____/\__,_/_/ /_/\__,_/   
+                                             
+EOF
+}
+header_info
+echo -e "Loading..."
+APP="Unbound"
+var_disk="2"
+var_cpu="1"
+var_ram="512"
+var_os="debian"
+var_version="12"
+variables
+color
+catch_errors
+
+function default_settings() {
+  CT_TYPE="1"
+  PW=""
+  CT_ID=$NEXTID
+  HN=$NSAPP
+  DISK_SIZE="$var_disk"
+  CORE_COUNT="$var_cpu"
+  RAM_SIZE="$var_ram"
+  BRG="vmbr0"
+  NET="dhcp"
+  GATE=""
+  APT_CACHER=""
+  APT_CACHER_IP=""
+  DISABLEIP6="no"
+  MTU=""
+  SD=""
+  NS=""
+  MAC=""
+  VLAN=""
+  SSH="no"
+  VERB="no"
+  echo_default
+}
+
+function update_script() {
+header_info
+check_container_storage
+check_container_resources
+if [[ ! -d /etc/unbound ]]; then msg_error "No ${APP} Installation Found!"; exit; fi
+msg_info "Updating $APP LXC"
+apt-get update &>/dev/null
+apt-get -y upgrade &>/dev/null
+msg_ok "Updated $APP LXC"
+exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${APP} should be online.
+         ${BL} Set your DNS server to ${IP}:5335 ${CL} \n"
diff --git a/install/unbound-install.sh b/install/unbound-install.sh
new file mode 100644
index 00000000..19867022
--- /dev/null
+++ b/install/unbound-install.sh
@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: wimb0
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt-get install -y \
+  sudo \
+  curl \
+  mc 
+msg_ok "Installed Dependencies"
+
+msg_info "Installing Unbound"
+$STD apt-get install -y \
+  unbound \
+  unbound-host
+msg_info "Installed Unbound"
+
+cat <<EOF >/etc/unbound/unbound.conf.d/unbound.conf
+server:
+  interface: 0.0.0.0
+  port: 5335
+  do-ip6: no
+  hide-identity: yes
+  hide-version: yes
+  harden-referral-path: yes
+  cache-min-ttl: 300
+  cache-max-ttl: 14400
+  serve-expired: yes
+  serve-expired-ttl: 3600
+  prefetch: yes
+  prefetch-key: yes
+  target-fetch-policy: "3 2 1 1 1"
+  unwanted-reply-threshold: 10000000
+  rrset-cache-size: 256m
+  msg-cache-size: 128m
+  so-rcvbuf: 1m
+  private-address: 192.168.0.0/16
+  private-address: 169.254.0.0/16
+  private-address: 172.16.0.0/12
+  private-address: 10.0.0.0/8
+  private-address: fd00::/8
+  private-address: fe80::/10
+  access-control: 192.168.0.0/16 allow
+  access-control: 172.16.0.0/12 allow
+  access-control: 10.0.0.0/8 allow
+  access-control: 127.0.0.1/32 allow
+  chroot: ""
+  logfile: /var/log/unbound.log
+EOF
+
+touch /var/log/unbound.log
+chown unbound:unbound /var/log/unbound.log
+
+systemctl restart unbound
+msg_ok "Installed Unbound"
+
+msg_ok "Configuring Logrotate"
+cat <<EOF >/etc/logrotate.d/unbound
+/var/log/unbound.log {
+  daily
+  rotate 7
+  missingok
+  notifempty
+  compress
+  delaycompress
+  sharedscripts
+  create 644
+  postrotate
+    /usr/sbin/unbound-control log_reopen
+  endscript
+}
+EOF
+
+systemctl restart logrotate
+msg_ok "Configured Logrotate"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"
diff --git a/json/unbound.json b/json/unbound.json
new file mode 100644
index 00000000..6478dd0a
--- /dev/null
+++ b/json/unbound.json
@@ -0,0 +1,39 @@
+{
+    "name": "Unbound",
+    "slug": "unbound",
+    "categories": [
+        13
+    ],
+    "date_created": "2024-11-27",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": "5335",
+    "documentation": null,
+    "website": "https://www.nlnetlabs.nl/projects/unbound/about/",
+    "logo": "https://nlnetlabs.nl/static/logos/Unbound/Unbound_FC_Shaded_cropped.svg",
+    "description": "Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/unbound.sh",
+            "resources": {
+                "cpu": "1",
+                "ram": "512",
+                "hdd": "2",
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "Unbound Configuration Path: `/etc/unbound/unbound.conf.d/unbound.conf`",
+            "type": "info"
+        }
+    ]
+}