ab99d1d23e
It has the service and requires unbound user created. Make it separate, because some users of unbound-libs might not want or need anchor maintenance. Make it also easier to add custom options to unbound-anchor running from the service. Do not start timer from unbound.service, start instead unbound-anchor service before starting unbound. It would ensure root anchor is in the place. Run it from single place from both timer and unbound service.
11 lines
408 B
Desktop File
11 lines
408 B
Desktop File
[Unit]
|
|
Description=update of the root trust anchor for DNSSEC validation in unbound
|
|
Documentation=man:unbound-anchor(8)
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
User=unbound
|
|
EnvironmentFile=-/etc/sysconfig/unbound
|
|
ExecStart=/bin/bash -c 'if [ "$DISABLE_UNBOUND_ANCHOR" = "yes" ]; then echo "Updates of root keys with unbound-anchor is disabled"; else /usr/sbin/unbound-anchor $UNBOUND_ANCHOR_OPTIONS; fi'
|
|
SuccessExitStatus=1
|