From ae2160851cf887160121d297dfb0cdcbc435d06b Mon Sep 17 00:00:00 2001
From: mat ess <mat@mat.services>
Date: Sun, 23 Jul 2023 21:13:23 -0400
Subject: [PATCH] Add gluetun

---
 compose.libsonnet | 13 ++++++++----
 services.jsonnet  | 51 +++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 52 insertions(+), 12 deletions(-)

diff --git a/compose.libsonnet b/compose.libsonnet
index e503e42..f93bfc8 100644
--- a/compose.libsonnet
+++ b/compose.libsonnet
@@ -22,9 +22,14 @@ local traefikLabels(name, host, port, extras) = toLabels({
   'traefik.docker.network': 'traefik',
 } + extras);
 
+local mkNetwork(svc) = if std.get(svc, 'gluetun', false) then {
+  network_mode: 'service:gluetun',
+} else {
+  networks: ['traefik'],
+};
+
 local mkService(name, svc) = svc {
   container_name: name,
-  networks: ['traefik'],
   volumes: toVolumes(optional(svc, 'volumes'))
            + toVolumes(optional(svc, 'mounts'))
            + if std.get(svc, 'docker', false)
@@ -32,7 +37,7 @@ local mkService(name, svc) = svc {
            else [],
   labels: traefikLabels(name, std.get(svc, 'host', name), svc.webPort, optional(svc, 'traefik')),
   restart: 'always',
-};
+} + mkNetwork(svc);
 
 local extractVolumes(cfg) = {
   [name]: {
@@ -65,12 +70,12 @@ local mediaMounts(mounts) = {
 
   MediaMounts:: mediaMounts,
 
-  MediaService(name, tag='latest', env={}, mounts={}, webPort, ports=[]):: {
+  MediaService(name, tag='latest', env={}, mounts={}, webPort, ports=[], extras={}):: {
     image: 'lscr.io/linuxserver/%s:%s' % [name, tag],
     environment: mediaEnv + env,
     volumes: { ['media_%s_config' % name]: '/config' },
     mounts:: mediaMounts(mounts),
     webPort:: webPort,
     ports: ports,
-  },
+  } + extras,
 }
diff --git a/services.jsonnet b/services.jsonnet
index 4a112f2..92e89a1 100644
--- a/services.jsonnet
+++ b/services.jsonnet
@@ -7,6 +7,30 @@ local MediaMounts = compose.MediaMounts;
 
 function(secrets={})
   Compose({
+    gluetun: {
+      image: 'qmcgaw/gluetun',
+      cap_add: ['NET_ADMIN'],
+      devices: ['/dev/net/tun:/dev/net/tun'],
+      environment: {
+        TZ: 'America/New_York',
+        VPN_SERVICE_PROVIDER: 'custom',
+        VPN_TYPE: 'wireguard',
+        // VPN_PORT_FORWARDING: 'on',
+        // VPN_PORT_FORWARDING_PROVIDER: 'protonvpn',
+        VPN_ENDPOINT_IP: std.get(secrets, 'VPN_ENDPOINT_IP'),
+        VPN_ENDPOINT_PORT: std.get(secrets, 'VPN_ENDPOINT_PORT'),
+        WIREGUARD_PUBLIC_KEY: std.get(secrets, 'WIREGUARD_PUBLIC_KEY'),
+        WIREGUARD_PRIVATE_KEY: std.get(secrets, 'WIREGUARD_PRIVATE_KEY'),
+        WIREGUARD_ADDRESSES: std.get(secrets, 'WIREGUARD_ADDRESSES'),
+      },
+      ports: [
+        Port(8888),
+        Port(8388),
+        Port(8388, kind='udp'),
+      ],
+      webPort:: 8000,
+      volumes: { gluetun_data: '/gluetun' },
+    },
     traefik: {
       image: 'traefik:latest',
       command: Command({
@@ -19,7 +43,10 @@ function(secrets={})
       }),
       docker:: true,
       webPort:: 8080,
-      ports: [Port(80) /* Port(443) */],
+      ports: [
+        Port(80),
+        // Port(443),
+      ],
       traefik:: {
         // 'traefik.http.routers.http-catchall.rule': 'hostregexp(`{host:.+}`)'
         // 'traefik.http.routers.http-catchall.entrypoints': 'web'
@@ -39,7 +66,11 @@ function(secrets={})
       env={ DELUGE_LOGLEVEL: 'error' },
       mounts={ torrents: '/downloads' },
       webPort=8112,
-      ports=[Port(54979), Port(54979, kind='udp')],
+      // ports=[
+      //   Port(54979),
+      //   Port(54979, kind='udp'),
+      // ],
+      extras={ gluetun:: true },
     ),
     prowlarr: MediaService(
       name='prowlarr',
@@ -50,6 +81,7 @@ function(secrets={})
         'passport-5tb': '/passport-5tb',
         'passport-1tb': '/passport-1tb',
       },
+      extras={ gluetun:: true },
     ),
     bazarr: MediaService(
       name='bazarr',
@@ -58,6 +90,7 @@ function(secrets={})
         'passport-5tb': '/passport-5tb',
         'passport-1tb': '/passport-1tb',
       },
+      extras={ gluetun:: true },
     ),
     radarr: MediaService(
       name='radarr',
@@ -67,6 +100,7 @@ function(secrets={})
         'passport-1tb/movies': '/passport-1tb',
         torrents: '/downloads',
       },
+      extras={ gluetun:: true },
     ),
     sonarr: MediaService(
       name='sonarr',
@@ -75,14 +109,15 @@ function(secrets={})
         'passport-5tb/tv': '/passport-5tb',
         'passport-1tb/tv': '/passport-1tb',
         torrents: '/downloads',
-      }
+      },
+      extras={ gluetun:: true },
     ),
     plex: {
       image: 'plexinc/pms-docker',
       environment: {
         TZ: 'America/New_York',
         PLEX_CLAIM: std.get(secrets, 'PLEX_CLAIM'),
-        ADVERTISE_IP: std.get(secrets, 'PLEX_ADVERTISE_IP'),
+        // ADVERTISE_IP: std.get(secrets, 'PLEX_ADVERTISE_IP'),
       },
       volumes: { media_plex_config: '/config' },
       mounts:: MediaMounts({
@@ -93,7 +128,7 @@ function(secrets={})
       devices: ['/dev/dri:/dev/dri'],
       webPort:: 32400,
       ports: [
-        Port(56463, src=32400),
+        Port(32400),
         Port(3005),
         Port(8324),
         Port(32469),
@@ -106,10 +141,10 @@ function(secrets={})
     },
     archivebox: {
       image: 'archivebox/archivebox:dev',
-      // command: 'server --quick-init 0.0.0.0:8000',
+      command: 'server --quick-init 0.0.0.0:8000',
       // TODO: hack to workaround https://github.com/ArchiveBox/ArchiveBox/issues/1002
-      entrypoint: '/bin/bash',
-      command: '-c "chown -R archivebox:archivebox /app/archivebox/core/migrations && /app/bin/docker_entrypoint.sh server --quick-init 0.0.0.0:8000"',
+      // entrypoint: '/bin/bash',
+      // command: '-c "chown -R archivebox:archivebox /app/archivebox/core/migrations && /app/bin/docker_entrypoint.sh server --quick-init 0.0.0.0:8000"',
       environment: {
         ALLOWED_HOSTS: '*',
         MEDIA_MAX_SIZE: '750m',