#!/bin/sh

CONFDIR="/etc/unbound"
CONFFILE="always-deny.conf"
CONF="${CONFDIR}/${CONFFILE}"
SOURCES="${CONFDIR}/sources"
BUILDDIR="/tmp/$(openssl rand -hex 42)"

update_sources()
{
	mkdir -p "${BUILDDIR}" && cd "${BUILDDIR}" || exit 1
	cat "${SOURCES}" | while read -r src
	do
		curl -#LO "$src"
	done
	find . -type f | while read -r file
	do
		cat "$file" | tee -a domains
	done
}

format_sources()
{
	cat domains | tr -d '|' | tr -d '^' | grep -v '#' | sed -e 's|0.0.0.0 ||g' | sort -u | uniq > new_domains
	cat new_domains | while read -r domain
	do
		if ! [ -z "$domain" ]
		then
			printf 'local-zone: "%b" always_deny\n' "$domain"
		fi
	done | tee "${CONF}"
}

update_sources
format_sources