ProxmoxVE/install/unbound-install.sh

#!/usr/bin/env bash

# Copyright (c) 2021-2024 community-scripts ORG
# Author: wimb0
# License: MIT
# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE

source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os

msg_info "Installing Dependencies"
$STD apt-get install -y \
  sudo \
  curl \
  mc 
msg_ok "Installed Dependencies"

msg_info "Installing Unbound"
$STD apt-get install -y \
  unbound \
  unbound-host
msg_info "Installed Unbound"

cat <<EOF >/etc/unbound/unbound.conf.d/unbound.conf
server:
  verbosity: 0
  interface: 0.0.0.0
  port: 5335
  do-ip6: no
  do-ip4: yes
  do-udp: yes
  do-tcp: yes
  num-threads: 1
  hide-identity: yes
  hide-version: yes
  harden-referral-path: yes
  cache-min-ttl: 300
  cache-max-ttl: 14400
  rrset-cache-slabs: 8
  infra-cache-slabs: 8
  key-cache-slabs: 8
  serve-expired: yes
  serve-expired-ttl: 3600
  prefetch: yes
  prefetch-key: yes
  target-fetch-policy: "3 2 1 1 1"
  unwanted-reply-threshold: 10000000
  rrset-cache-size: 256m
  msg-cache-size: 128m
  so-rcvbuf: 1m
  private-address: 192.168.0.0/16
  private-address: 169.254.0.0/16
  private-address: 172.16.0.0/12
  private-address: 10.0.0.0/8
  private-address: fd00::/8
  private-address: fe80::/10
  access-control: 192.168.0.0/16 allow
  access-control: 172.16.0.0/12 allow
  access-control: 10.0.0.0/8 allow
  access-control: 127.0.0.1/32 allow
  chroot: ""
  logfile: /var/log/unbound.log
  log-queries: yes
  extended-statistics: yes
EOF

touch /var/log/unbound.log
chown unbound:unbound /var/log/unbound.log

systemctl restart unbound
msg_ok "Installed Unbound"

msg_ok "Configuring Logrotate"
cat <<EOF >/etc/logrotate.d/unbound
/var/log/unbound.log {
  daily
  rotate 7
  missingok
  notifempty
  compress
  delaycompress
  sharedscripts
  create 644
  postrotate
    /usr/sbin/unbound-control log_reopen
  endscript
}
EOF

systemctl restart logrotate
msg_ok "Configured Logrotate"

motd_ssh
customize

msg_info "Cleaning up"
$STD apt-get -y autoremove
$STD apt-get -y autoclean
msg_ok "Cleaned"
Create unbound-install.sh 2024-11-27 14:37:42 +00:00			`#!/usr/bin/env bash`

			`# Copyright (c) 2021-2024 community-scripts ORG`
			`# Author: wimb0`
			`# License: MIT`
			`# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE`

			`source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"`
			`color`
			`verb_ip6`
			`catch_errors`
			`setting_up_container`
			`network_check`
			`update_os`

Update unbound-install.sh 2024-11-27 15:59:28 +00:00			`msg_info "Installing Dependencies"`
			`$STD apt-get install -y \`
			`sudo \`
			`curl \`
			`mc`
			`msg_ok "Installed Dependencies"`

Create unbound-install.sh 2024-11-27 14:37:42 +00:00			`msg_info "Installing Unbound"`
Update unbound-install.sh 2024-11-27 15:59:28 +00:00			`$STD apt-get install -y \`
			`unbound \`
			`unbound-host`
			`msg_info "Installed Unbound"`
Create unbound-install.sh 2024-11-27 14:37:42 +00:00
Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> 2024-11-28 09:14:56 +00:00			`cat <<EOF >/etc/unbound/unbound.conf.d/unbound.conf`
Create unbound-install.sh 2024-11-27 14:37:42 +00:00			`server:`
			`verbosity: 0`
			`interface: 0.0.0.0`
			`port: 5335`
			`do-ip6: no`
			`do-ip4: yes`
			`do-udp: yes`
			`do-tcp: yes`
			`num-threads: 1`
			`hide-identity: yes`
			`hide-version: yes`
			`harden-referral-path: yes`
			`cache-min-ttl: 300`
			`cache-max-ttl: 14400`
			`rrset-cache-slabs: 8`
			`infra-cache-slabs: 8`
			`key-cache-slabs: 8`
			`serve-expired: yes`
			`serve-expired-ttl: 3600`
			`prefetch: yes`
			`prefetch-key: yes`
			`target-fetch-policy: "3 2 1 1 1"`
			`unwanted-reply-threshold: 10000000`
			`rrset-cache-size: 256m`
			`msg-cache-size: 128m`
			`so-rcvbuf: 1m`
			`private-address: 192.168.0.0/16`
			`private-address: 169.254.0.0/16`
			`private-address: 172.16.0.0/12`
			`private-address: 10.0.0.0/8`
			`private-address: fd00::/8`
			`private-address: fe80::/10`
			`access-control: 192.168.0.0/16 allow`
Update unbound-install.sh 2024-11-27 15:09:41 +00:00			`access-control: 172.16.0.0/12 allow`
			`access-control: 10.0.0.0/8 allow`
Update unbound-install.sh 2024-11-27 17:03:02 +00:00			`access-control: 127.0.0.1/32 allow`
Create unbound-install.sh 2024-11-27 14:37:42 +00:00			`chroot: ""`
			`logfile: /var/log/unbound.log`
			`log-queries: yes`
			`extended-statistics: yes`
			`EOF`

			`touch /var/log/unbound.log`
			`chown unbound:unbound /var/log/unbound.log`
Update unbound-install.sh 2024-11-27 16:04:46 +00:00
Create unbound-install.sh 2024-11-27 14:37:42 +00:00			`systemctl restart unbound`
			`msg_ok "Installed Unbound"`

			`msg_ok "Configuring Logrotate"`
			`cat <<EOF >/etc/logrotate.d/unbound`
			`/var/log/unbound.log {`
			`daily`
			`rotate 7`
			`missingok`
			`notifempty`
			`compress`
			`delaycompress`
			`sharedscripts`
			`create 644`
			`postrotate`
			`/usr/sbin/unbound-control log_reopen`
			`endscript`
			`}`
			`EOF`

			`systemctl restart logrotate`
Update install/unbound-install.sh Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> 2024-11-28 09:12:51 +00:00			`msg_ok "Configured Logrotate"`
Create unbound-install.sh 2024-11-27 14:37:42 +00:00
			`motd_ssh`
			`customize`

			`msg_info "Cleaning up"`
			`$STD apt-get -y autoremove`
			`$STD apt-get -y autoclean`
			`msg_ok "Cleaned"`