diff --git a/CHANGELOG.md b/CHANGELOG.md
index a61c82d..df26f7e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,6 @@
 # cdist-contrib changes
 
+* 2020-06-07: New type: __unbound_exporter (Timothée Floure)
+* 2020-06-07: Extended type: wire remote control configuration for __unbond (Timothée Floure)
 * 2020-06-03: New type: __unbound (Timothée Floure)
 * 2020-04-28: New type: __find_exec (Ander Punnar)
diff --git a/scripts/run-shellcheck.sh b/scripts/run-shellcheck.sh
index 769f853..475f426 100755
--- a/scripts/run-shellcheck.sh
+++ b/scripts/run-shellcheck.sh
@@ -15,7 +15,7 @@ check () {
 }
 
 check -path "*/explorer/*"
-check -path "*/files/*"
+check -path "*/files/*.sh"
 check -name manifest
 check -name gencode-local
 check -name gencode-remote
diff --git a/type/__unbound/files/unbound.conf.sh b/type/__unbound/files/unbound.conf.sh
index effea65..46d2824 100755
--- a/type/__unbound/files/unbound.conf.sh
+++ b/type/__unbound/files/unbound.conf.sh
@@ -857,14 +857,14 @@ python:
 remote-control:
 	# Enable remote control with unbound-control(8) here.
 	# set up the keys and certificates with unbound-control-setup.
-	# control-enable: no
+	control-enable: $RC_ENABLE
 
 	# what interfaces are listened to for remote control.
 	# give 0.0.0.0 and ::0 to listen to all interfaces.
 	# set to an absolute path to use a unix local name pipe, certificates
 	# are not used for that, so key and cert files need not be present.
 	# control-interface: 127.0.0.1
-	# control-interface: ::1
+	control-interface: $RC_INTERFACE
 
 	# port number for remote control operations.
 	# control-port: 8953
@@ -874,16 +874,16 @@ remote-control:
 	# control-use-cert: "yes"
 
 	# unbound server key file.
-	# server-key-file: "/unbound_server.key"
+	server-key-file: "$RC_SERVER_KEY_FILE"
 
 	# unbound server certificate file.
-	# server-cert-file: "/unbound_server.pem"
+	server-cert-file: "$RC_SERVER_CERT_FILE"
 
 	# unbound-control key file.
-	# control-key-file: "/unbound_control.key"
+	control-key-file: "$RC_CONTROL_KEY_FILE"
 
 	# unbound-control certificate file.
-	# control-cert-file: "/unbound_control.pem"
+	control-cert-file: "$RC_CONTROL_CERT_FILE"
 
 # Stub zones.
 # Create entries like below, to make all queries for 'example.com' and
diff --git a/type/__unbound/gencode-remote b/type/__unbound/gencode-remote
new file mode 100755
index 0000000..d12a395
--- /dev/null
+++ b/type/__unbound/gencode-remote
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+UNBOUND_CERTS_DIR=/etc/unbound
+
+if [ -f "$__object/parameter/enable_rc" ]; then
+	echo "unbound-control-setup -d $UNBOUND_CERTS_DIR"
+	echo "chown unbound:unbound $UNBOUND_CERTS_DIR/*.pem $UNBOUND_CERTS_DIR/*.key"
+fi
+
+cat << EOF
+if pgrep unbound; then
+	service unbound reload
+else
+	service unbounb start
+fi
+EOF
diff --git a/type/__unbound/man.rst b/type/__unbound/man.rst
index 6d113b0..679e601 100644
--- a/type/__unbound/man.rst
+++ b/type/__unbound/man.rst
@@ -31,6 +31,9 @@ access_control
   but localhost is refused by default), can be provided multiple times. The
   format is described in unbound.conf(5).
 
+rc_interface
+  Address or path to socket used for remote control (see `--enable_control`. Defaults to `127.0.0.1`).
+
 BOOLEAN PARAMETERS
 ------------------
 disable-ip4
@@ -41,6 +44,9 @@ disable-ip6
   Do not answer or issue queries over IPv6. Cannot be used alongside the
   `--disable-ip4` flag.
 
+enable_rc
+  Enable remote control (see `unbound-control(8)`).
+
 EXAMPLES
 --------
 
diff --git a/type/__unbound/manifest b/type/__unbound/manifest
index a25cdec..346f30c 100755
--- a/type/__unbound/manifest
+++ b/type/__unbound/manifest
@@ -49,6 +49,11 @@ if [ -f "$__object/parameter/access_control" ]; then
    export ACCESS_CONTROLS
 fi
 
+if [ -f "$__object/parameter/rc_interface" ]; then
+   RC_INTERFACE=$(cat "$__object/parameter/rc_interface")
+   export RC_INTERFACE
+fi
+
 # Boolean parameters:
 if [ -f "$__object/parameter/disable_ip4" ] && \
    [ -f "$__object/parameter/disable_ip6" ]; then
@@ -68,6 +73,18 @@ else
     export DO_IP6='yes'
 fi
 
+if [ -f "$__object/parameter/enable_rc" ]; then
+    export RC_ENABLE='yes'
+else
+    export RC_ENABLE='no'
+fi
+
+# Certs for remote control:
+export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key'
+export RC_SERVER_CERT_FILE='/etc/unbound/unbound_server.pem'
+export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key'
+export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem'
+
 # Generate and deploy configuration files.
 source_file="$__object/files/unbound.conf"
 target_file="/etc/unbound/unbound.conf"
@@ -78,6 +95,3 @@ require="__package/unbound" __file "$target_file" \
     --source "$source_file" \
     --owner root \
     --mode 644
-
-# Restart unbound server after reconfiguration.
-require="__file/$target_file" __service unbound --action restart
diff --git a/type/__unbound/parameter/boolean b/type/__unbound/parameter/boolean
index a2d5910..b6e53a1 100644
--- a/type/__unbound/parameter/boolean
+++ b/type/__unbound/parameter/boolean
@@ -1,2 +1,3 @@
 disable_ip6
 disable_ip4
+enable_rc
diff --git a/type/__unbound/parameter/default/rc_interface b/type/__unbound/parameter/default/rc_interface
new file mode 100644
index 0000000..7b9ad53
--- /dev/null
+++ b/type/__unbound/parameter/default/rc_interface
@@ -0,0 +1 @@
+127.0.0.1
diff --git a/type/__unbound/parameter/optional b/type/__unbound/parameter/optional
new file mode 100644
index 0000000..0826b6e
--- /dev/null
+++ b/type/__unbound/parameter/optional
@@ -0,0 +1 @@
+rc_interface
diff --git a/type/__unbound_exporter/files/openrc-service b/type/__unbound_exporter/files/openrc-service
new file mode 100644
index 0000000..6caed5e
--- /dev/null
+++ b/type/__unbound_exporter/files/openrc-service
@@ -0,0 +1,12 @@
+#!/sbin/openrc-run
+
+name=$RC_SVCNAME
+command="/usr/local/bin/unbound_exporter"
+command_args=""
+command_user="unbound"
+command_background="yes"
+pidfile="/var/run/$RC_SVCNAME.pid"
+
+depend() {
+        need unbound
+}
diff --git a/type/__unbound_exporter/gencode-remote b/type/__unbound_exporter/gencode-remote
new file mode 100755
index 0000000..fcd85fb
--- /dev/null
+++ b/type/__unbound_exporter/gencode-remote
@@ -0,0 +1,46 @@
+#!/bin/sh -e
+#
+# 2020 Timothée Floure (timothee.floure@ungleich.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+upstream=https://github.com/wish/unbound_exporter/archive
+version=$(cat "$__object/parameter/version")
+release="unbound_exporter-$version"
+
+cat << EOF
+if command -v unbound_exporter
+then
+    # already installed - ignoring.
+    echo "Nothing to do -"
+else
+    # Initialize working directory
+    workdir=\$(mktemp -d)
+    cd \$workdir
+
+    # Download and extract sources for requested release.
+    curl -L $upstream/v$version.tar.gz --output $release.tar.gz
+    tar xf $release.tar.gz
+
+    # Build and install binary.
+    cd $release
+    go build
+    install -m755 unbound_exporter /usr/local/bin/
+
+    # Clean up!
+    rm -r \$workdir
+fi
+EOF
diff --git a/type/__unbound_exporter/man.rst b/type/__unbound_exporter/man.rst
new file mode 100644
index 0000000..934bdd7
--- /dev/null
+++ b/type/__unbound_exporter/man.rst
@@ -0,0 +1,63 @@
+cdist-type__unbound_exporter(7)
+===============================
+
+NAME
+----
+cdist-type__unbound_exporter - A prometheus exporter for unbound
+
+
+DESCRIPTION
+-----------
+Simple Prometheus metrics exporter for the Unbound DNS
+resolver. It leverages the unbound remote control endpoint
+and exposes metrics on port 9167.
+
+
+REQUIRED PARAMETERS
+-------------------
+version
+  unbound_exporter release to be used.
+
+OPTIONAL PARAMETERS
+-------------------
+None.
+
+
+BOOLEAN PARAMETERS
+------------------
+None.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    __unbound \
+      --interface '::0' \
+      --forward_addr '2a0a:e5c0:2:1::5' \
+      --forward_addr '2a0a:e5c0:2:1::6' \
+      --access_control '::0/0 deny' \
+      --access_control '2a0a:e5c0::/29 allow' \
+      --access_control '2a09:2940::/29 allow' \
+      --disable_ip4 \
+      --enable_rc \
+      --rc_interface '::1'
+
+    __unbound_exporter --version 0.1.3
+
+SEE ALSO
+--------
+:strong:`cdist-type__unbound(7)`
+
+AUTHORS
+-------
+Timothée Floure <timothee.floure@ungleich.ch>
+
+
+COPYING
+-------
+Copyright \(C) 2020 Timothée Floure. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
diff --git a/type/__unbound_exporter/manifest b/type/__unbound_exporter/manifest
new file mode 100755
index 0000000..3602e47
--- /dev/null
+++ b/type/__unbound_exporter/manifest
@@ -0,0 +1,45 @@
+#!/bin/sh -e
+#
+# 2020 Timothée Floure (timothee.floure@ungleich.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+    alpine)
+        # Used in gencode-remote.
+        __package curl
+        __package tar
+        __package openssl
+        __package go
+        __package libc-dev
+        ;;
+    *)
+        printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
+        printf "Please contribute an implementation for it if you can.\n" >&2
+        exit 1
+        ;;
+esac
+
+__file /etc/init.d/unbound_exporter \
+    --source "$__type/files/openrc-service" \
+    --mode 755
+
+require="__file/etc/init.d/unbound_exporter" __service unbound_exporter --action start
+require="__file/etc/init.d/unbound_exporter" __start_on_boot unbound_exporter
diff --git a/type/__unbound_exporter/parameter/required b/type/__unbound_exporter/parameter/required
new file mode 100644
index 0000000..088eda4
--- /dev/null
+++ b/type/__unbound_exporter/parameter/required
@@ -0,0 +1 @@
+version
diff --git a/type/__unbound_exporter/singleton b/type/__unbound_exporter/singleton
new file mode 100644
index 0000000..e69de29