chore: publish 0.3.0+0.2.0 release

Add healthcheck to fail when vpn is not working
chore: publish 0.2.0+0.1.1 release
2025-08-04 20:54:57 -07:00 · 2025-08-04 20:53:13 -07:00 · 2025-01-16 21:37:47 -08:00 · 2025-01-16 21:36:31 -08:00 · 2025-01-08 10:09:13 -08:00
11 changed files with 127 additions and 6 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -32,7 +32,7 @@ steps:
        from_secret: drone_abra-bot_token
      fork: true
      repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json

 trigger:
  event: tag
--- a/.env.sample
+++ b/.env.sample
@ -6,3 +6,7 @@ DOMAIN=qbit.example.com
 #EXTRA_DOMAINS=', `www.qbit.example.com`'

 LETS_ENCRYPT_ENV=production
+
+COMPOSE_FILE="compose.yml"
+# Be careful, uncommenting the line below runs the container in privileged mode
+# COMPOSE_FILE="$COMPOSE_FILE:compose.vpn.yml"
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 .envrc
+*~
--- a/9
+++ b/9
@ -0,0 +1,9 @@
+FROM linuxserver/qbittorrent:latest
+
+RUN apk update && apk upgrade
+RUN apk add \
+  wireguard-tools \
+  ip6tables \
+  vim
+
+COPY persistwg.sh /
--- a/README.md
+++ b/README.md
@ -1,17 +1,18 @@
 # qbit

-> One line description of the recipe
+> A qbittorrent client, main usage is for *rr services (exist in other recipes).

 <!-- metadata -->

 * **Category**: Apps
 * **Status**: 0
 * **Image**: [`qbit`](https://hub.docker.com/r/qbit), 4, upstream
-* **Healthcheck**: No
+* **Healthcheck**: Partial (only vpn connectivity)
 * **Backups**: No
 * **Email**: No
 * **Tests**: No
 * **SSO**: No
+* **Maintainers**: RTM - POC: `@ammaratef45:matrix.org`

 <!-- endmetadata -->

@ -22,3 +23,19 @@
 * `abra app deploy <app-name>`

 For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
+
+## VPN
+
+* Save wireguard config file in a file named vpn.conf
+* `abra app cp <app-name> vpn.conf app:/etc/wireguard/vpn.conf`
+* `abra app cmd qbit.ammaratef45.ddns.net app setup_vpn` (this will also start the vpn)
+* `start_vpn`, `stop_vpn`, `vpn_status`, and `container_ip` functions commands can be used to manage the vpn connection.
+* `kill_siwtch_on` and `kill_switch_off` will cause health-check to fail or not fail respectively when the vpn is not connected.
+
+## Build
+
+```
+version=<specify-version>
+docker build --platform linux/amd64 -t git.coopcloud.tech/rtm/qbit-vpn:$version .
+docker push git.coopcloud.tech/rtm/qbit-vpn:$version
+```
--- a/abra.sh
+++ b/abra.sh
@ -0,0 +1,33 @@
+#!/bin/bash
+
+KILL_SWITCH_FILE=/etc/wireguard/kill-switch
+
+setup_vpn() {
+  wgScript=`which wg-quick`
+  sed -i '/sysctl -q net.ipv4.conf.all.src_valid_mark=1/d' $wgScript
+  start_vpn
+}
+
+kill_switch_on() {
+    touch $KILL_SWITCH_FILE
+}
+
+kill_switch_off() {
+    rm $KILL_SWITCH_FILE
+}
+
+start_vpn() {
+  wg-quick up vpn
+}
+
+stop_vpn() {
+  wg-quick down vpn
+}
+
+vpn_status() {
+  wg
+}
+
+container_ip() {
+  curl ifconfig.me
+}
--- a/compose.vpn.yml
+++ b/compose.vpn.yml
@ -0,0 +1,17 @@
+---
+version: "3.8"
+
+services:
+  app:
+    cap_add:
+      - ALL
+    volumes:
+      - wireguard:/etc/wireguard
+    healthcheck:
+      test: ["CMD", "bash", "/persistwg.sh"]
+      interval: 30s
+      timeout: 15s
+      start_period: 30s
+
+volumes:
+  wireguard:
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: lscr.io/linuxserver/qbittorrent:5.0.2-r0-ls366
+    image: git.coopcloud.tech/rtm/qbit-vpn:0.2.0
    networks:
      - proxy
    deploy:
@ -19,7 +19,7 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.1.0+5.0.2-r0-ls366"
+        - "coop-cloud.${STACK_NAME}.version=0.3.0+0.2.0"
    environment:
      - PUID=1000
      - PGID=1000
@ -34,4 +34,4 @@ networks:
    external: true
 volumes:
  qbit_data:
-  qbit_downloads:
+  qbit_downloads:
--- a/0
+++ b/0
--- a/persistwg.sh
+++ b/persistwg.sh
@ -0,0 +1,39 @@
+#!/bin/sh
+
+KILL_SWITCH_FILE=/etc/wireguard/kill-switch
+
+# 0. if kill-switch is not enabled, nothing to do
+if ! test -f "$KILL_SWITCH_FILE"; then
+    exit 0
+fi
+
+# 1. if vpn config don't exist, fail
+if test -f /etc/wireguard/vpn.conf; then
+    echo 'vpn config exist'
+else
+    echo 'could NOT find vpn config!'
+    exit 1
+fi
+
+# 2. if wireguard tunnel is not up, start it
+if ip link show vpn; then
+    echo 'wireguard is running'
+else
+    echo 'wireguard is NOT running, restarting it'
+    wgScript=`which wg-quick`
+    sed -i '/sysctl -q net.ipv4.conf.all.src_valid_mark=1/d' $wgScript
+    resolvconf -u
+    wg-quick down vpn
+    wg-quick up vpn
+fi
+
+# 3. verify public ip is what is expected
+ip=$(curl ifconfig.me)
+if grep "${ip%${ip##*.}}" /etc/wireguard/vpn.conf; then
+    echo "public ip is as expected by the wireguard config"
+else
+    echo "public ip is not what is expected by ip config!"
+    exit 1
+fi
+
+exit 0
--- a/release/0.2.0+0.1.1
+++ b/release/0.2.0+0.1.1
@ -0,0 +1 @@
+Add VPN support using wireguard
Author	SHA1	Message	Date
Ammar Hussein	7a8160a871	chore: publish 0.3.0+0.2.0 release	2025-08-04 20:54:57 -07:00
Ammar Hussein	3a9419c53a	Add healthcheck to fail when vpn is not working	2025-08-04 20:53:13 -07:00
Ammar Hussein	605733edd6	chore: publish 0.2.0+0.1.1 release	2025-01-16 21:37:47 -08:00
Ammar Hussein	be6f480fc9	add support for vpn using wireguard	2025-01-16 21:36:31 -08:00
Cassowary	94e777f311	Update .drone.yml	2025-01-08 10:09:13 -08:00