chore: publish 0.3.0+0.2.0 release

.gitignore

@@ -1 +1,2 @@
 .envrc
+*~

Dockerfile

@@ -5,3 +5,5 @@ RUN apk add \
   wireguard-tools \
   ip6tables \
   vim
+
+COPY persistwg.sh /

README.md

@@ -1,17 +1,18 @@
 # qbit
 
-> One line description of the recipe
+> A qbittorrent client, main usage is for *rr services (exist in other recipes).
 
 <!-- metadata -->
 
 * **Category**: Apps
 * **Status**: 0
 * **Image**: [`qbit`](https://hub.docker.com/r/qbit), 4, upstream
-* **Healthcheck**: No
+* **Healthcheck**: Partial (only vpn connectivity)
 * **Backups**: No
 * **Email**: No
 * **Tests**: No
 * **SSO**: No
+* **Maintainers**: RTM - POC: `@ammaratef45:matrix.org`
 
 <!-- endmetadata -->
 
@@ -28,4 +29,13 @@ For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
 * Save wireguard config file in a file named vpn.conf
 * `abra app cp <app-name> vpn.conf app:/etc/wireguard/vpn.conf`
 * `abra app cmd qbit.ammaratef45.ddns.net app setup_vpn` (this will also start the vpn)
-* `start_vpn`, `stop_vpn`, `vpn_status`, and `container_ip` functions commands can be used to manage the vpn connection.
+* `start_vpn`, `stop_vpn`, `vpn_status`, and `container_ip` functions commands can be used to manage the vpn connection.
+* `kill_siwtch_on` and `kill_switch_off` will cause health-check to fail or not fail respectively when the vpn is not connected.
+
+## Build
+
+```
+version=<specify-version>
+docker build --platform linux/amd64 -t git.coopcloud.tech/rtm/qbit-vpn:$version .
+docker push git.coopcloud.tech/rtm/qbit-vpn:$version
+```

abra.sh

@@ -1,11 +1,21 @@
 #!/bin/bash
 
+KILL_SWITCH_FILE=/etc/wireguard/kill-switch
+
 setup_vpn() {
   wgScript=`which wg-quick`
   sed -i '/sysctl -q net.ipv4.conf.all.src_valid_mark=1/d' $wgScript
   start_vpn
 }
 
+kill_switch_on() {
+    touch $KILL_SWITCH_FILE
+}
+
+kill_switch_off() {
+    rm $KILL_SWITCH_FILE
+}
+
 start_vpn() {
   wg-quick up vpn
 }

compose.vpn.yml

@@ -4,4 +4,14 @@ version: "3.8"
 services:
   app:
     cap_add:
-      - ALL
+      - ALL
+    volumes:
+      - wireguard:/etc/wireguard
+    healthcheck:
+      test: ["CMD", "bash", "/persistwg.sh"]
+      interval: 30s
+      timeout: 15s
+      start_period: 30s
+
+volumes:
+  wireguard:

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: git.coopcloud.tech/ammaratef45/qbit-vpn:0.1.1
+    image: git.coopcloud.tech/rtm/qbit-vpn:0.2.0
     networks:
       - proxy
     deploy:
@@ -19,7 +19,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.2.0+0.1.1"
+        - "coop-cloud.${STACK_NAME}.version=0.3.0+0.2.0"
     environment:
       - PUID=1000
       - PGID=1000
@@ -34,4 +34,4 @@ networks:
     external: true
 volumes:
   qbit_data:
-  qbit_downloads:
+  qbit_downloads:

persistwg.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+KILL_SWITCH_FILE=/etc/wireguard/kill-switch
+
+# 0. if kill-switch is not enabled, nothing to do
+if ! test -f "$KILL_SWITCH_FILE"; then
+    exit 0
+fi
+
+# 1. if vpn config don't exist, fail
+if test -f /etc/wireguard/vpn.conf; then
+    echo 'vpn config exist'
+else
+    echo 'could NOT find vpn config!'
+    exit 1
+fi
+
+# 2. if wireguard tunnel is not up, start it
+if ip link show vpn; then
+    echo 'wireguard is running'
+else
+    echo 'wireguard is NOT running, restarting it'
+    wgScript=`which wg-quick`
+    sed -i '/sysctl -q net.ipv4.conf.all.src_valid_mark=1/d' $wgScript
+    resolvconf -u
+    wg-quick down vpn
+    wg-quick up vpn
+fi
+
+# 3. verify public ip is what is expected
+ip=$(curl ifconfig.me)
+if grep "${ip%${ip##*.}}" /etc/wireguard/vpn.conf; then
+    echo "public ip is as expected by the wireguard config"
+else
+    echo "public ip is not what is expected by ip config!"
+    exit 1
+fi
+
+exit 0