From 44ff6da5d2b37c26cb5c66f2935149a20dd64c87 Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Tue, 11 Mar 2025 11:59:26 +0100
Subject: [PATCH] DNS: add 9.9.9.9 to resolv.conf if unbound isn't there yet

---
 CHANGELOG.md                      | 3 +++
 cmdeploy/src/cmdeploy/__init__.py | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2bfbacc4..909f918d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,9 @@
 - unbound: check that port 53 is not occupied by a different process
   ([#537](https://github.com/chatmail/server/pull/537))
 
+- unbound: before unbound is there, use 9.9.9.9 for resolving
+  ([#518](https://github.com/chatmail/relay/pull/518))
+
 - Limit the bind for the HTTPS server on 8443 to 127.0.0.1 
   ([#522](https://github.com/chatmail/server/pull/522))
   ([#532](https://github.com/chatmail/server/pull/532))
diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index 0ac35fff..91d8921c 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -592,6 +592,12 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
         ensure_newline=True,
     )
 
+    if host.get_fact(Port, port=53) != "unbound":
+        files.line(
+            name="Add 9.9.9.9 to resolv.conf",
+            path="/etc/resolv.conf",
+            line="nameserver 9.9.9.9",
+        )
     apt.update(name="apt update", cache_time=24 * 3600)
     apt.upgrade(name="upgrade apt packages", auto_remove=True)