#!/bin/bash

# Variables
	BASEDIR=$(dirname "$0")
	localsrc="/usr/local/src"
	ub_log="/var/log/unbound"
	ub="unbound-1.12.0"
	opnssl="openssl-1.1.1h"
	libmnl="libmnl-1.0.4"
	libnghttp2="nghttp2-1.41.0"

# Download required software
function dwnlsw() {
	ubsrc="https://nlnetlabs.nl/downloads/unbound/$ub.tar.gz"
	opensslsrc="https://www.openssl.org/source/$opnssl.tar.gz"
	libmnlsrc="https://www.netfilter.org/projects/libmnl/files/$libmnl.tar.bz2"
	libnghttp2src="https://github.com/nghttp2/nghttp2/releases/download/v1.41.0/$libnghttp2.tar.gz"
	wget -P $localsrc $ubsrc $opensslsrc $libmnlsrc $libnghttp2src
}

# Unpack software
function extractsw() {
	tar -xvf $localsrc/$ub.tar.gz -C $localsrc
	tar -xvf $localsrc/$opnssl.tar.gz -C $localsrc
	tar -xvf $localsrc/$libmnl.tar.bz2 -C $localsrc
	tar -xvf $localsrc/$libnghttp2.tar.gz -C $localsrc
}

# Install needed software from repo
function installfromrepo() {
	yum install -y epel-release ;
	yum install -y expat-devel libmnl libevent-devel openssl-devel systemd-devel hiredis-devel python3 python3-devel swig systemd-timesyncd ;
	yum groupinstall -y "Development Tools" ;
	yum erase -y unbound
	alternatives --set python /usr/bin/python3
}

# Add unbound user and group
function adduser() {
	useradd -M unbound
	usermod -L unbound
	groupadd unbound
	usermod -a -G unbound unbound
}

# Compile OpenSSL
function compileopenssl() {
	cd $localsrc/$opnssl ; ./config ; make ; make install
}

# Compile libmnl
function compilelibmnl() {
	cd $localsrc/$libmnl ; ./configure ; make ; make install
}

# Compile libnghttp2
function compilelibnghttp2() {
	cd $localsrc/$libnghttp2 ; ./configure ; make ; make install
}

# Compile Unbound
function compileub() {
	cd $localsrc/$ub ; ./configure --prefix=/usr --sysconfdir=/etc --disable-static --with-pidfile=/etc/unbound/unbound.pid --with-username=unbound --with-ssl --with-libexpat=/usr --with-libmnl --with-libevent --with-pthreads --with-libhiredis --with-libnghttp2 --with-pyunbound --with-pythonmodule --enable-cachedb --enable-checking --enable-subnet --enable-ipset ; make; make install
}

# Install systemd function
function ubsystemd() {
	#cp $localsrc/$ub/contrib/unbound.service /lib/systemd/system/unbound.service
	cp /root/Unbound-DNS/contrib/unbound.service /usr/lib/systemd/system/unbound.service
	systemctl daemon-reload
	systemctl stop systemd-resolved.service
	systemctl disable systemd-resolved.service
	systemctl enable --now systemd-timesyncd.service
	systemctl enable unbound.service
	systemctl start unbound.service
}

# Create logfile
function ublogfile() {
	touch /var/log/unbound/unbound.log
	chown unbound:unbound /var/log/unbound/unbound.log
}

# Setup function. Runs the above functions
function setup() {
	mkdir $ub_log
	dwnlsw
	extractsw | tee $ub_log/untar_software.log
	installfromrepo | tee $ub_log/install_dependencies.log
	compileopenssl | tee $ub_log/compile_openssl.log
	compilelibmnl | tee $ub_log/compile_limnl.log
	compilelibnghttp2 | tee $ub_log/compile_libnghttp2.log
	adduser
	compileub | tee $ub_log/compile_unbound.log
	ublogfile
	ubsystemd
	echo ""
	echo "logs can be found in $ub_log!!"
	echo ""
}

# Run setup function
if [ -e /etc/centos-release ]; then
	if [ $(whoami) != "root" ]; then
		echo "please run as root"
	else
		setup
	fi
else
	echo "Your distribution is not supported!"
	echo "This script is only supported on CentOS 8"
fi