unbound: wrap unbound startup + preparation into unbound_start.sh and move startup to background configd task

src/etc/inc/plugins.inc.d/unbound.inc

@@ -430,21 +430,9 @@ function unbound_configure_do($verbose = false, $interface = '')
         flush();
     }
 
-    mwexecf(
-        'chroot -u unbound -g unbound / %s -a %s',
-        array('/usr/local/sbin/unbound-anchor', '/var/unbound/root.key'),
-        true
-    );
-
-    if (!file_exists('/var/unbound/unbound_control.key')) {
-        mwexecf(
-            'chroot -u unbound -g unbound / %s -d %s',
-            array('/usr/local/sbin/unbound-control-setup', '/var/unbound')
-        );
-    }
-
     unbound_generate_config();
     configd_run("template reload OPNsense/Unbound/*");
+    configd_run("unbound start", true);
 
     if (isset($config['unbound']['regdhcp'])) {
         $domain = $config['system']['domain'];
@@ -453,7 +441,6 @@ function unbound_configure_do($verbose = false, $interface = '')
         }
         mwexecf('/usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain %s', $domain);
     }
-    mwexecf('/usr/local/sbin/unbound -c %s', '/var/unbound/unbound.conf');
 
     //configd_run('unbound cache load');
 

src/opnsense/scripts/unbound/unbound_start.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+# Copyright (c) 2020 Deciso B.V.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+# prepare and startup unbound, so we can easily background it
+
+chroot -u unbound -g unbound / /usr/local/sbin/unbound-anchor -a /var/unbound/root.key
+
+if [ ! -f /var/unbound/unbound_control.key ]; then
+    chroot -u unbound -g unbound / /usr/local/sbin/unbound-control-setup -d /var/unbound
+fi
+
+/usr/local/sbin/unbound -c /var/unbound/unbound.conf

src/opnsense/service/conf/actions.d/actions_unbound.conf

@@ -45,3 +45,10 @@ command:/usr/local/sbin/unbound-control -c /var/unbound/unbound.conf reload
 parameters:
 type:script
 message:Reloading Unbound
+
+
+[start]
+command:/usr/local/opnsense/scripts/unbound/unbound_start.sh
+parameters:
+type:script
+message:Start Unbound