From 6fa3abe492d57ee6eede52a91523b3c7ee63c379 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Tue, 18 Jun 2024 00:07:40 -0700
Subject: [PATCH] Work around Debian's very broken paclaging

Signed-off-by: Tommy <contact@tommytran.io>
---
 Ubuntu-24.04-Server.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Ubuntu-24.04-Server.sh b/Ubuntu-24.04-Server.sh
index 492ed6a..bbf2a92 100644
--- a/Ubuntu-24.04-Server.sh
+++ b/Ubuntu-24.04-Server.sh
@@ -134,7 +134,11 @@ fi
 
 # Setup unbound
 
-sudo apt install -y unbound
+sudo apt install -y unbound unbound-anchor
+sudo mkdir -p /usr/share/dns
+sudo chmod 755 /usr/share/dns
+sudo unbound-anchor
+sudo chmod 644 /usr/share/dns/root.key
 
 echo 'server:
   trust-anchor-signaling: yes
@@ -171,6 +175,8 @@ forward-zone:
 
 sudo chmod 644 /etc/unbound/unbound.conf.d/custom.conf
 
+sudo sed -i 's#/var/lib/unbound#/usr/share/dns#g' /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
+
 mkdir -p /etc/systemd/system/unbound.service.d
 echo $'[Service]
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW