New script: Unbound LXC (#547)

* Create unbound-install.sh * Create unbound.sh * Update unbound.sh * Update unbound.sh * Update unbound-install.sh * Update unbound.sh * Create unbound.json * Fix logo font * Update unbound-install.sh * Update unbound-install.sh * Update unbound-install.sh * Update unbound-install.sh * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update unbound-install.sh * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update json/unbound.json Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update unbound.json * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> * Update unbound-install.sh --------- Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>
2024-12-02 09:07:53 +01:00 · 2024-12-02 09:07:53 +01:00 · 342e145273
commit 342e145273
parent 85b80393bd
3 changed files with 206 additions and 0 deletions
--- a/ct/unbound.sh
+++ b/ct/unbound.sh
@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: wimb0
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+function header_info {
+clear
+cat <<"EOF"
+   __  __      __                          __
+  / / / /___  / /_  ____  __  ______  ____/ /
+ / / / / __ \/ __ \/ __ \/ / / / __ \/ __  / 
+/ /_/ / / / / /_/ / /_/ / /_/ / / / / /_/ /  
+\____/_/ /_/_.___/\____/\__,_/_/ /_/\__,_/   
+                                             
+EOF
+}
+header_info
+echo -e "Loading..."
+APP="Unbound"
+var_disk="2"
+var_cpu="1"
+var_ram="512"
+var_os="debian"
+var_version="12"
+variables
+color
+catch_errors
+
+function default_settings() {
+  CT_TYPE="1"
+  PW=""
+  CT_ID=$NEXTID
+  HN=$NSAPP
+  DISK_SIZE="$var_disk"
+  CORE_COUNT="$var_cpu"
+  RAM_SIZE="$var_ram"
+  BRG="vmbr0"
+  NET="dhcp"
+  GATE=""
+  APT_CACHER=""
+  APT_CACHER_IP=""
+  DISABLEIP6="no"
+  MTU=""
+  SD=""
+  NS=""
+  MAC=""
+  VLAN=""
+  SSH="no"
+  VERB="no"
+  echo_default
+}
+
+function update_script() {
+header_info
+check_container_storage
+check_container_resources
+if [[ ! -d /etc/unbound ]]; then msg_error "No ${APP} Installation Found!"; exit; fi
+msg_info "Updating $APP LXC"
+apt-get update &>/dev/null
+apt-get -y upgrade &>/dev/null
+msg_ok "Updated $APP LXC"
+exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${APP} should be online.
+         ${BL} Set your DNS server to ${IP}:5335 ${CL} \n"
--- a/install/unbound-install.sh
+++ b/install/unbound-install.sh
@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: wimb0
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt-get install -y \
+  sudo \
+  curl \
+  mc 
+msg_ok "Installed Dependencies"
+
+msg_info "Installing Unbound"
+$STD apt-get install -y \
+  unbound \
+  unbound-host
+msg_info "Installed Unbound"
+
+cat <<EOF >/etc/unbound/unbound.conf.d/unbound.conf
+server:
+  interface: 0.0.0.0
+  port: 5335
+  do-ip6: no
+  hide-identity: yes
+  hide-version: yes
+  harden-referral-path: yes
+  cache-min-ttl: 300
+  cache-max-ttl: 14400
+  serve-expired: yes
+  serve-expired-ttl: 3600
+  prefetch: yes
+  prefetch-key: yes
+  target-fetch-policy: "3 2 1 1 1"
+  unwanted-reply-threshold: 10000000
+  rrset-cache-size: 256m
+  msg-cache-size: 128m
+  so-rcvbuf: 1m
+  private-address: 192.168.0.0/16
+  private-address: 169.254.0.0/16
+  private-address: 172.16.0.0/12
+  private-address: 10.0.0.0/8
+  private-address: fd00::/8
+  private-address: fe80::/10
+  access-control: 192.168.0.0/16 allow
+  access-control: 172.16.0.0/12 allow
+  access-control: 10.0.0.0/8 allow
+  access-control: 127.0.0.1/32 allow
+  chroot: ""
+  logfile: /var/log/unbound.log
+EOF
+
+touch /var/log/unbound.log
+chown unbound:unbound /var/log/unbound.log
+
+systemctl restart unbound
+msg_ok "Installed Unbound"
+
+msg_ok "Configuring Logrotate"
+cat <<EOF >/etc/logrotate.d/unbound
+/var/log/unbound.log {
+  daily
+  rotate 7
+  missingok
+  notifempty
+  compress
+  delaycompress
+  sharedscripts
+  create 644
+  postrotate
+    /usr/sbin/unbound-control log_reopen
+  endscript
+}
+EOF
+
+systemctl restart logrotate
+msg_ok "Configured Logrotate"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"
--- a/json/unbound.json
+++ b/json/unbound.json
@ -0,0 +1,39 @@
+{
+    "name": "Unbound",
+    "slug": "unbound",
+    "categories": [
+        13
+    ],
+    "date_created": "2024-11-27",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": "5335",
+    "documentation": null,
+    "website": "https://www.nlnetlabs.nl/projects/unbound/about/",
+    "logo": "https://nlnetlabs.nl/static/logos/Unbound/Unbound_FC_Shaded_cropped.svg",
+    "description": "Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/unbound.sh",
+            "resources": {
+                "cpu": "1",
+                "ram": "512",
+                "hdd": "2",
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "Unbound Configuration Path: `/etc/unbound/unbound.conf.d/unbound.conf`",
+            "type": "info"
+        }
+    ]
+}