Open sashazykov opened 1 year ago
sashazykov
commented
1 year ago What is the correct way to allow users to set secrets to be passed to the app via env variables? In this case users need to set VPN credentials that are passed to the container via env variables.
ceramicwhite
commented
1 year ago You would have to make a frontend for gluetun config or a gotty container and then you would still have to restart the gluetun container after the credentials were added, meaning the frontend would need access to docker.sock. Also every app you want tunneled through you would need to make edits to their compose files.
Your best bet is to add a service to the main umbrel compose at ${UMBREL_ROOT}/docker-compose.yml, for example:
vpn:
container_name: vpn
image: qdm12/gluetun
cap_add:
- net_admin
devices:
- /dev/net/tun:/dev/net/tun
# No ipv6 for Mullvad
#sysctls:
#- net.ipv6.conf.all.disable_ipv6=0
environment:
#- OPENVPN_IPV6=on
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=
- WIREGUARD_ADDRESSES=
- SERVER_COUNTRIES=USA
- SERVER_CITIES=Los Angeles CA
- FIREWALL_VPN_INPUT_PORTS=
- UPDATER_PERIOD=24h
ports:
- 6380:6380
- 4443:4443
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 51413:51413 # Transmission
- 51413:51413/udp # Transmission
restart: unless-stopped
volumes:
- ${PWD}/gluetun:/gluetun
networks:
default:add the ports for the apps you want tunneled like I listed for Transmission. Then edit the transmission compose file at app-data/transmission/docker-compose.yml so it looks like this:
version: "3.7"
services:
app_proxy:
environment:
APP_HOST: transmission_server_1
APP_PORT: 9091
server:
image: linuxserver/transmission:version-3.00-r5@sha256:f0b885f211dd6fde7b64f0d6b9e5931929cfc2331fb83d6f3171e412f22b3f87
environment:
- PUID=1000
- PGID=1000
- PEERPORT=51413
volumes:
- ${APP_DATA_DIR}/data/config:/config
- ${UMBREL_ROOT}/data/storage/downloads:/downloads
#ports:
# - 51413:51413
# - 51413:51413/udp
restart: on-failure
network_mode: "service:vpn"
depends_on:
- vpnIf your using Mullvad you can get a port from them and then update the ports for transmission otherwise you will be able to download but no one will be able to connect to you i.e. can't seed. Also It's possible you'll leak your IP as Transmission doesn't let you specifically set your Network Interface to Tun
You can check this using: https://ipleak.net/
This would all be erased with an umbrel update or Transmission update.
Tbh, if you really wanted to torrent from your Umbrel I would just use qbit and a quick and dirty way would be to replace transmissions compose file with this:
version: "3.7"
services:
services:
app_proxy:
environment:
APP_HOST: transmission_server_1
APP_PORT: 9091
server:
image: linuxserver/qbittorrent:latest
stop_grace_period: 1m
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- WEBUI_PORT=9091
volumes:
- ${APP_DATA_DIR}/data/config:/config
- ${UMBREL_ROOT}/data/storage/downloads:/downloads
#ports:
# - 51413:51413
# - 51413:51413/udp
restart: unless-stopped
network_mode: "service:vpn"
depends_on:
- vpnThen under Advanced tab in qbit setting set Network Interface to Tun0, in order to make sure you don't leak your IP and under the Connections tab set your port to 51413 unless your acquired one from your VPN so you can seed properly and also editted the vpn container ports
Or setup glutun on it's own docker network outside of the umbrel stack, then do this for each app you want to add:
docker network connect --alias vpn_gateway gluetun_network transmission_server_1
docker exec -it transmission_server_1 bash
ip route del default
ip route add default via vpn_gateway
FYI, I haven't tried any of this but it should work.
Repo: https://github.com/qdm12/gluetun