#!/bin/bash

# config
hostname=$(hostname)
mail_from="alias@domain.tld";
mail_to="alias@domain.tld";
mail_enabled="true"

# helper
send_error() {
	local CONTENTS=$1;
	# if enabled, send mail on error
	if [ $mail_enabled == 'true' ]; then
		SUBJECT="[$hostname] Failed to update unbound adservers";
		echo "${CONTENTS}" | mailx -Ssendwait -s "${SUBJECT}" $mail_to;                                                                                                             
	fi
echo "${CONTENTS}";
}

# main
bURL="https://raw.githubusercontent.com/oznu/dns-zone-blacklist/master/unbound/unbound-nxdomain.blacklist"
blacklist="$(curl -s -L --fail "$bURL")"
sha256="$(curl -s -L --fail "${bURL}.checksum")"

test -n "$blacklist"
res=$?;
if [ $res != 0 ]; then
	send_error "Cannot download blacklist.";
	exit 1;
fi


test -n "$sha256"
res=$?;
if [ $res != 0 ]; then
	send_error "Cannot download checksum.";
	exit 1;
fi

d_sha256="$(echo -n "$blacklist" | sha256sum)"
test "${d_sha256#$sha256}" != "$d_sha256"
res=$?;
if [ $res != 0 ]; then
	send_error "Checksum doesn't match the downloaded file";
	exit 1;
fi

echo "$blacklist" > /etc/unbound/adservers
res=$?;
if [ $res != 0 ]; then
	send_error "Cannot apply file";
	exit 1;
fi