[Unbound] Fix logging, fixes #585

[Rspamd] Fix permissions of controller password file
[Unbound] Enable unbound-control

data/Dockerfiles/rspamd/docker-entrypoint.sh

@@ -3,6 +3,7 @@
 chown -R _rspamd:_rspamd /var/lib/rspamd
 chmod 755 /var/lib/rspamd
 [[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Placeholder' > /etc/rspamd/override.d/worker-controller-password.inc
+chown _rspamd:_rspamd /etc/rspamd/override.d/worker-controller-password.inc
 [[ ! -f /etc/rspamd/custom/sa-rules-heinlein ]] && echo '# to be auto-filled by dovecot-mailcow' > /etc/rspamd/custom/sa-rules-heinlein
 
 exec "$@"

data/Dockerfiles/unbound/Dockerfile

@@ -10,6 +10,7 @@ RUN apk add --update --no-cache \
 	drill \
 	&& curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
 	&& chown root:unbound /etc/unbound \
+  && adduser unbound tty \
 	&& chmod 775 /etc/unbound
 
 EXPOSE 53/udp 53/tcp

data/Dockerfiles/unbound/docker-entrypoint.sh

@@ -1,8 +1,11 @@
 #!/bin/bash
 
+echo "Setting console permissions..."
+chown root:tty /dev/console
+chmod g+rw /dev/console
 echo "Receiving anchor key..."
 /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key
 echo "Receiving root hints..."
 curl -#o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
-
+/usr/sbin/unbound-control-setup
 exec "$@"

data/conf/unbound/unbound.conf

@@ -2,7 +2,7 @@ server:
   verbosity: 1
   interface: 0.0.0.0
   interface: ::0
-  logfile: /dev/stdout
+  logfile: /dev/console
   do-ip4: yes
   do-ip6: yes
   do-udp: yes
@@ -27,3 +27,12 @@ server:
   hide-version: yes
   max-udp-size: 4096
   msg-buffer-size: 65552
+
+remote-control:
+    control-enable: yes
+    control-interface: 127.0.0.1
+    control-port: 8953
+    server-key-file: "/etc/unbound/unbound_server.key"
+    server-cert-file: "/etc/unbound/unbound_server.pem"
+    control-key-file: "/etc/unbound/unbound_control.key"
+    control-cert-file: "/etc/unbound/unbound_control.pem"