#!/bin/sh

### BEGIN INIT INFO
# Provides:          unbound
# Required-Start:    $network $remote_fs $syslog
# Required-Stop:     $network $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: validating, recursive, caching DNS resolver
# Description:       Unbound is a recursive-only caching DNS server which can
#                    optionally perform DNSSEC validation of results. It 
#                    implements only a minimum amount of authoritative service
#                    to prevent leakage to the root nameservers: forward lookups
#                    for localhost, reverse for 127.0.0.1 and ::1, and NXDOMAIN
#                    for zones served by AS112. Stub and forward zones are 
#                    supported.
#                    Unbound implements a number of security features, including
#                    chrooting and privilege dropping. The Debian init script
#                    will populate a chroot by default.
#                    
### END INIT INFO


NAME=unbound
UNBOUND_ENABLE=false
DESC="recursive DNS server"
DAEMON=/usr/sbin/unbound
CHROOT_DIR=/var/lib/unbound
PIDFILE=$CHROOT_DIR/unbound.pid

test -x $DAEMON || exit 0

. /lib/lsb/init-functions

if [ -f /etc/default/$NAME ]; then
  . /etc/default/$NAME
  case "x$UNBOUND_ENABLE" in 
       xtrue|xfalse) ;;
       *) log_failure_msg \
           "Value of UNBOUND_ENABLE in /etc/default/$NAME must be either 'true' or 'false';"
          log_failure_msg \
           "not starting unbound daemon."
          exit 1;
          ;;
   esac
fi

install_chroot() {
    if [ "$CHROOT" != "no" ]; then
        uninstall_chroot
        [ -d $CHROOT_DIR/etc ] || mkdir -p $CHROOT_DIR/etc
        [ -d $CHROOT_DIR/dev ] || mkdir -p $CHROOT_DIR/dev
        [ -c $CHROOT_DIR/dev/random ] || ( cd $CHROOT_DIR/dev && MAKEDEV random )
        [ -c $CHROOT_DIR/dev/urandom ] || ( cd $CHROOT_DIR/dev && MAKEDEV urandom )
        test -f /etc/localtime && cp -fp /etc/localtime $CHROOT_DIR/etc
        install_chroot_conf
    fi
}

install_chroot_conf() {
    test -d $CHROOT_DIR/etc/unbound && rm -rf $CHROOT_DIR/etc/unbound
    cp -a /etc/unbound $CHROOT_DIR/etc
}

uninstall_chroot() {
    test -d $CHROOT_DIR/etc/unbound && rm -rf $CHROOT_DIR/etc/unbound
}

daemon_stopped() {
    start-stop-daemon --start --pidfile $PIDFILE \
        --startas $DAEMON --test >/dev/null 2>&1
}

case "$1" in
    start)
        if "$UNBOUND_ENABLE"; then
          log_daemon_msg "Starting $DESC" "$NAME"
          if daemon_stopped; then
              install_chroot
          fi
          if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE \
             --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then
              log_end_msg 0
          else
              log_end_msg 1
          fi
        else
         log_warning_msg \
          "$NAME daemon is not enabled in /etc/default/$NAME, not starting..."
        fi
        ;;

    stop)
        log_daemon_msg "Stopping $DESC" "$NAME"
        if start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --name $NAME; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
        ;;

    restart|force-reload)
        if $UNBOUND_ENABLE; then
          log_daemon_msg "Restarting $DESC" "$NAME"
          start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME --retry 5
          uninstall_chroot
          install_chroot
          if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE \
             --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then
              log_end_msg 0
          else
              log_end_msg 1
          fi
        fi
        ;;

    *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac

exit 0;

