Compare commits
3 Commits
0.2.0+0.1.
...
forceSsl
| Author | SHA1 | Date | |
|---|---|---|---|
| d1b8ef4021 | |||
| 7a8160a871 | |||
| 3a9419c53a |
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
.envrc
|
||||
*~
|
||||
|
||||
@ -5,3 +5,5 @@ RUN apk add \
|
||||
wireguard-tools \
|
||||
ip6tables \
|
||||
vim
|
||||
|
||||
COPY persistwg.sh /
|
||||
16
README.md
16
README.md
@ -1,17 +1,18 @@
|
||||
# qbit
|
||||
|
||||
> One line description of the recipe
|
||||
> A qbittorrent client, main usage is for *rr services (exist in other recipes).
|
||||
|
||||
<!-- metadata -->
|
||||
|
||||
* **Category**: Apps
|
||||
* **Status**: 0
|
||||
* **Image**: [`qbit`](https://hub.docker.com/r/qbit), 4, upstream
|
||||
* **Healthcheck**: No
|
||||
* **Healthcheck**: Partial (only vpn connectivity)
|
||||
* **Backups**: No
|
||||
* **Email**: No
|
||||
* **Tests**: No
|
||||
* **SSO**: No
|
||||
* **Maintainers**: RTM - POC: `@ammaratef45:matrix.org`
|
||||
|
||||
<!-- endmetadata -->
|
||||
|
||||
@ -28,4 +29,13 @@ For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
|
||||
* Save wireguard config file in a file named vpn.conf
|
||||
* `abra app cp <app-name> vpn.conf app:/etc/wireguard/vpn.conf`
|
||||
* `abra app cmd qbit.ammaratef45.ddns.net app setup_vpn` (this will also start the vpn)
|
||||
* `start_vpn`, `stop_vpn`, `vpn_status`, and `container_ip` functions commands can be used to manage the vpn connection.
|
||||
* `start_vpn`, `stop_vpn`, `vpn_status`, and `container_ip` functions commands can be used to manage the vpn connection.
|
||||
* `kill_siwtch_on` and `kill_switch_off` will cause health-check to fail or not fail respectively when the vpn is not connected.
|
||||
|
||||
## Build
|
||||
|
||||
```
|
||||
version=<specify-version>
|
||||
docker build --platform linux/amd64 -t git.coopcloud.tech/rtm/qbit-vpn:$version .
|
||||
docker push git.coopcloud.tech/rtm/qbit-vpn:$version
|
||||
```
|
||||
|
||||
10
abra.sh
10
abra.sh
@ -1,11 +1,21 @@
|
||||
#!/bin/bash
|
||||
|
||||
KILL_SWITCH_FILE=/etc/wireguard/kill-switch
|
||||
|
||||
setup_vpn() {
|
||||
wgScript=`which wg-quick`
|
||||
sed -i '/sysctl -q net.ipv4.conf.all.src_valid_mark=1/d' $wgScript
|
||||
start_vpn
|
||||
}
|
||||
|
||||
kill_switch_on() {
|
||||
touch $KILL_SWITCH_FILE
|
||||
}
|
||||
|
||||
kill_switch_off() {
|
||||
rm $KILL_SWITCH_FILE
|
||||
}
|
||||
|
||||
start_vpn() {
|
||||
wg-quick up vpn
|
||||
}
|
||||
|
||||
@ -4,4 +4,14 @@ version: "3.8"
|
||||
services:
|
||||
app:
|
||||
cap_add:
|
||||
- ALL
|
||||
- ALL
|
||||
volumes:
|
||||
- wireguard:/etc/wireguard
|
||||
healthcheck:
|
||||
test: ["CMD", "bash", "/persistwg.sh"]
|
||||
interval: 30s
|
||||
timeout: 15s
|
||||
start_period: 30s
|
||||
|
||||
volumes:
|
||||
wireguard:
|
||||
|
||||
10
compose.yml
10
compose.yml
@ -3,7 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: git.coopcloud.tech/ammaratef45/qbit-vpn:0.1.1
|
||||
image: git.coopcloud.tech/rtm/qbit-vpn:0.2.0
|
||||
networks:
|
||||
- proxy
|
||||
deploy:
|
||||
@ -17,9 +17,9 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
# Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.2.0+0.1.1"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.3.0+0.2.0"
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
@ -34,4 +34,4 @@ networks:
|
||||
external: true
|
||||
volumes:
|
||||
qbit_data:
|
||||
qbit_downloads:
|
||||
qbit_downloads:
|
||||
|
||||
0
kill-switch
Normal file
0
kill-switch
Normal file
39
persistwg.sh
Executable file
39
persistwg.sh
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/sh
|
||||
|
||||
KILL_SWITCH_FILE=/etc/wireguard/kill-switch
|
||||
|
||||
# 0. if kill-switch is not enabled, nothing to do
|
||||
if ! test -f "$KILL_SWITCH_FILE"; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# 1. if vpn config don't exist, fail
|
||||
if test -f /etc/wireguard/vpn.conf; then
|
||||
echo 'vpn config exist'
|
||||
else
|
||||
echo 'could NOT find vpn config!'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 2. if wireguard tunnel is not up, start it
|
||||
if ip link show vpn; then
|
||||
echo 'wireguard is running'
|
||||
else
|
||||
echo 'wireguard is NOT running, restarting it'
|
||||
wgScript=`which wg-quick`
|
||||
sed -i '/sysctl -q net.ipv4.conf.all.src_valid_mark=1/d' $wgScript
|
||||
resolvconf -u
|
||||
wg-quick down vpn
|
||||
wg-quick up vpn
|
||||
fi
|
||||
|
||||
# 3. verify public ip is what is expected
|
||||
ip=$(curl ifconfig.me)
|
||||
if grep "${ip%${ip##*.}}" /etc/wireguard/vpn.conf; then
|
||||
echo "public ip is as expected by the wireguard config"
|
||||
else
|
||||
echo "public ip is not what is expected by ip config!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Reference in New Issue
Block a user