unbound: generate root.key manually if it doesn't exist

2026-05-14 01:44:38 +00:00 · 2023-12-19 16:48:36 +01:00
parent 3d00ca1672
commit 1e4b776de5
1 changed files with 5 additions and 1 deletions
--- a/cmdeploy/src/cmdeploy/init.py
+++ b/cmdeploy/src/cmdeploy/init.py
@@ -399,7 +399,11 @@ def deploy_chatmail(config_path: Path) -> None:
    # to use 127.0.0.1 as the resolver.
    apt.packages(
        name="Install unbound",
-        packages="unbound",
+        packages=["unbound", "unbound-anchor"],
+    )
+    server.shell(
+        name="Generate root keys for validating DNSSEC",
+        commands=["unbound-anchor -a /var/lib/unbound/root.key || true"],
    )
    systemd.service(
        name="Start and enable unbound",