From cf95dfd49ddf3d8efcbcf245bd1b0906d84b1a7f Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Tue, 12 Dec 2023 20:56:20 +0000
Subject: [PATCH] Setup `unbound` DNS resolver

---
 cmdeploy/src/cmdeploy/__init__.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index 766edfd1..2942d017 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -378,6 +378,20 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
         system=True,
     )
 
+    # Run local DNS resolver `unbound`.
+    # `resolvconf` takes care of setting up /etc/resolv.conf
+    # to use 127.0.0.1 as the resolver.
+    apt.packages(
+        name="Install unbound",
+        packages="unbound",
+    )
+    systemd.service(
+        name="Start and enable unbound",
+        service="unbound.service",
+        running=True,
+        enabled=True,
+    )
+
     # Deploy acmetool to have TLS certificates.
     deploy_acmetool(nginx_hook=True, domains=[mail_server, f"mta-sts.{mail_server}"])