FROM alpine:3.15.0

# Install required dependencies to build unbound (and bind-tools for dig in healthcheck)
RUN apk update && apk add --no-cache alpine-sdk bind-tools expat-dev git libressl-dev

# Clone and build unbound source (https://github.com/NLnetLabs/unbound)
RUN mkdir -p /tmp/unbound
RUN git clone --depth 1 --branch 'release-1.14.0' https://github.com/NLnetLabs/unbound.git /tmp/unbound
RUN cd /tmp/unbound && ./configure && make && make install

# Cleanup build tools
RUN apk del alpine-sdk expat-dev git
RUN rm -rf /tmp/*

# Prepare unbound files
COPY entrypoint.sh /
RUN mkdir -p /srv/unbound
COPY unbound.conf /srv/unbound/unbound.conf

# Prepare
RUN adduser unbound --disabled-password

# Health
HEALTHCHECK --interval=60s --timeout=3s --retries=2 \
    CMD dig ns1.gkcld.net @127.0.0.1 +dnssec || exit 1

ENTRYPOINT ["sh", "/entrypoint.sh"]