From 45686778ea6d1c5f24367ce68fb0ebb0ed5446ea Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Tue, 9 Jan 2024 18:30:40 +0100
Subject: [PATCH] unbound: ensure systemd service can be started after root
 keys were generated

---
 cmdeploy/src/cmdeploy/__init__.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index 0963c230..92712da0 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -442,7 +442,10 @@ def deploy_chatmail(config_path: Path) -> None:
     )
     server.shell(
         name="Generate root keys for validating DNSSEC",
-        commands=["unbound-anchor -a /var/lib/unbound/root.key || true"],
+        commands=[
+            "unbound-anchor -a /var/lib/unbound/root.key || true",
+            "systemctl reset-failed unbound.service",
+        ],
     )
     systemd.service(
         name="Start and enable unbound",