Rspamd: unbound fails to start if IPv6 is disabled via kernel

[nrauso]

In some cases the os on which we install NS8 can have IPv6 disable by kernel side:

~]# sysctl -n net.ipv6.conf.all.disable_ipv6
1

~]# ip -br ad
lo               UNKNOWN        127.0.0.1/8 
eth0             UP             99.88.77.66/20 10.20.0.11/16 
eth1             UP             10.114.0.2/20 
wg0              UNKNOWN        10.5.4.1/32

In this scenario the unbound service inside the rspamd container in mail module fails to start because it cannot bind to IPv6 address:

~]# journalctl --grep unbound
Apr 11 15:42:36 rl10 rspamd[37798]: [1744378956] unbound[21:0] error: can't bind socket: Address not available for ::1 port 11336
Apr 11 15:42:36 rl10 rspamd[37798]: [1744378956] unbound[21:0] fatal error: could not open ports

Steps to reproduce

• Install a new NS8 node
• Check the IPv6 status of the system:

  sysctl -n net.ipv6.conf.all.disable_ipv6
  

• If it is enabled (in that case, the previous command returns 0), disable it:

  sysctl -w net.ipv6.conf.all.disable_ipv6=1 | tee /etc/sysctl.d/89-custom.conf
  

• Install a Mail server

The "culprit" is this attribute: https://github.com/NethServer/ns8-mail/blob/0739e51bd4bc8b10d53734b002ac6a6cb7ac97b5/rspamd/etc/unbound/unbound.conf#L10

Can we try to make it conditionally bounded to IPv6 status?

Components

mail:1.6.1

[stephdl]

QA
Use the version ghcr.io/nethserver/mail:1.6.2-dev.1 on direct install and upgrade

Verify the bug is not more reproducible
in root set 0 or 1 to enable or disable ipv6
sysctl -w net.ipv6.conf.all.disable_ipv6=1 | tee /etc/sysctl.d/89-custom.conf # disable ipv6

• restart the container to enable the changes
  systemctl restart --user rspamd

then

• login into the container :
  podman exec -ti rspamd ash
• verify unbound is up
  ps aux
• display the unbound configuration
  cat /etc/unbound/unbound.conf