From 853b489caaecc0b8b378736232a8ae66b57d779b Mon Sep 17 00:00:00 2001 From: librelad Date: Tue, 26 May 2026 10:43:49 +0100 Subject: [PATCH] refactor(gluetun): move the network-routing feature into gluetun's folder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If it's gluetun code, it lives with gluetun. Both functions in scripts/config/tags/processors/tags_processor_network_mode.sh manipulate gluetun markers / gluetun's compose, so move them into containers/gluetun/scripts/ gluetun_network.sh and rename to the per-app-hook convention: tagsProcessorNetworkMode -> appNetworkApplyMode_gluetun tagsProcessorGluetunForwardedPorts -> appNetworkRegisterPorts_gluetun Central call sites are now provider-agnostic — no "gluetun" literal anywhere: - docker_config_setup_data.sh: an app routing via CFG__NETWORK= triggers `appNetworkApplyMode_` + `appNetworkRegisterPorts_` via declare -F, so any future gateway provider plugs in with no engine edits. - uninstall_app.sh: loops every `appNetworkRegisterPorts_*` hook (each self-skips when its provider isn't installed), so removing a routed app refreshes the right provider with no provider name in central code. Delete tags_processor_network_mode.sh; regenerate arrays. Verified with stubs: default mode no-ops, gluetun-routed app fires both hooks, gluetun itself is skipped, unknown provider is silently no-op, uninstall loop calls registerPorts. Drive-by cleanup: 9 stale "${X_scripts[@]}" array references in app_files.sh / cli_files.sh (gluetun + headscale from this session's moves, plus 7 pre-existing: command/ssl/swapfile/ufw/ufwd/user — all from older refactors that left them behind). Each expanded to nothing at runtime (harmless), but they're dead misleading refs. Cleaned both files; every remaining array ref now points to a real files_*.sh. Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- .../gluetun/scripts/gluetun_compose_tags.sh | 2 +- .../gluetun/scripts/gluetun_network.sh | 41 ++++++++----------- .../scripts/gluetun_recreate_routed.sh | 2 +- .../config/docker/docker_config_setup_data.sh | 15 +++++-- scripts/docker/app/uninstall/uninstall_app.sh | 10 +++-- scripts/source/files/app_files.sh | 8 ---- scripts/source/files/arrays/files_config.sh | 1 - scripts/source/files/cli_files.sh | 8 ---- 8 files changed, 38 insertions(+), 49 deletions(-) rename scripts/config/tags/processors/tags_processor_network_mode.sh => containers/gluetun/scripts/gluetun_network.sh (77%) diff --git a/containers/gluetun/scripts/gluetun_compose_tags.sh b/containers/gluetun/scripts/gluetun_compose_tags.sh index 9447e71..98331f5 100644 --- a/containers/gluetun/scripts/gluetun_compose_tags.sh +++ b/containers/gluetun/scripts/gluetun_compose_tags.sh @@ -12,5 +12,5 @@ appSetupComposeTags_gluetun() { tagsManagerUpdateUniversalTag "$full_file_path" "GLUETUN_WIREGUARD_ADDRESSES_TAG" "$CFG_GLUETUN_WIREGUARD_ADDRESSES" tagsManagerUpdateUniversalTag "$full_file_path" "GLUETUN_HEALTH_TARGETS_TAG" "${CFG_GLUETUN_HEALTH_TARGETS:-mullvad.net:443,eff.org:443}" tagsManagerUpdateUniversalTag "$full_file_path" "GLUETUN_HEALTH_ICMP_IPS_TAG" "${CFG_GLUETUN_HEALTH_ICMP_IPS:-9.9.9.9}" - tagsProcessorGluetunForwardedPorts + appNetworkRegisterPorts_gluetun } diff --git a/scripts/config/tags/processors/tags_processor_network_mode.sh b/containers/gluetun/scripts/gluetun_network.sh similarity index 77% rename from scripts/config/tags/processors/tags_processor_network_mode.sh rename to containers/gluetun/scripts/gluetun_network.sh index 45b8865..b2dcc42 100644 --- a/scripts/config/tags/processors/tags_processor_network_mode.sh +++ b/containers/gluetun/scripts/gluetun_network.sh @@ -1,22 +1,18 @@ #!/bin/bash -# Toggles a per-app compose between default networking and gluetun-routed -# networking by editing marker regions: GLUETUN_OFF_* and GLUETUN_ON_*. -# -# default → keep OFF region as-is, ON region stays commented (no-op). -# gluetun → comment out everything in OFF region, uncomment ON region, -# force traefik.enable to false (app reached via gluetun ports). -tagsProcessorNetworkMode() +# Gluetun network-routing provider hooks. An app routes through gluetun by setting +# CFG__NETWORK=gluetun; the central compose templater + uninstall flow call +# these by convention (appNetworkApplyMode_ / appNetworkRegisterPorts_ +# ) with no provider name hardcoded centrally — so this lives with the +# app that owns it. + +# Switch a routed app's compose between default and gluetun networking by editing +# its marker regions (GLUETUN_OFF_* / GLUETUN_ON_*) and forcing traefik off (the +# app is reached via gluetun's published ports instead). +appNetworkApplyMode_gluetun() { local file="$1" - local mode="$2" - - if [[ -z "$file" || ! -f "$file" ]]; then - return 0 - fi - if [[ "$mode" != "gluetun" ]]; then - return 0 - fi + [[ -z "$file" || ! -f "$file" ]] && return 0 local tmp="${file}.netmode.$$" runFileOp awk ' @@ -51,10 +47,10 @@ tagsProcessorNetworkMode() tagsManagerUpdateUniversalTag "$file" "TRAEFIK_ENABLE_TAG" "false" } -# Rebuilds gluetun's GLUETUN_FORWARDED_PORTS region from every installed -# app whose CFG__NETWORK is gluetun. Region is fully rewritten on every -# call so removed apps drop out automatically. -tagsProcessorGluetunForwardedPorts() +# Rebuild gluetun's GLUETUN_FORWARDED_PORTS region from every installed app whose +# CFG__NETWORK is gluetun. Region is fully rewritten on every call so removed +# apps drop out automatically. Self-skips if gluetun isn't installed. +appNetworkRegisterPorts_gluetun() { local gluetun_compose="${containers_dir}gluetun/docker-compose.yml" if [[ ! -f "$gluetun_compose" ]]; then return 0; fi @@ -107,10 +103,9 @@ tagsProcessorGluetunForwardedPorts() if runFileOp docker ps --format '{{.Names}}' 2>/dev/null | grep -q '^gluetun-service$'; then isNotice "Gluetun forwarded ports changed; recreating gluetun-service to apply." (cd "${containers_dir}gluetun" && runFileOp docker compose up -d --force-recreate gluetun-service >/dev/null 2>&1) || true - # Recreating gluetun gives it a new container ID, which orphans - # every `network_mode: container:gluetun-service` reference. Re- - # attach all routed apps so they share the new netns instead of - # silently getting their own. + # Recreating gluetun gives it a new container ID, which orphans every + # `network_mode: container:gluetun-service` reference. Re-attach all + # routed apps so they share the new netns instead of getting their own. appGluetunRecreateRouted fi else diff --git a/containers/gluetun/scripts/gluetun_recreate_routed.sh b/containers/gluetun/scripts/gluetun_recreate_routed.sh index d887d43..79ac7ec 100644 --- a/containers/gluetun/scripts/gluetun_recreate_routed.sh +++ b/containers/gluetun/scripts/gluetun_recreate_routed.sh @@ -12,7 +12,7 @@ # app's HTTP server is no longer in gluetun's namespace. # # Call this whenever you've just touched gluetun in a way that recreates -# its container — see tagsProcessorGluetunForwardedPorts and the gluetun +# its container — see appNetworkRegisterPorts_gluetun and the gluetun # install lifecycle for the two existing wiring sites. appGluetunRecreateRouted() { diff --git a/scripts/config/docker/docker_config_setup_data.sh b/scripts/config/docker/docker_config_setup_data.sh index 732a93f..dcabc15 100755 --- a/scripts/config/docker/docker_config_setup_data.sh +++ b/scripts/config/docker/docker_config_setup_data.sh @@ -118,13 +118,20 @@ dockerConfigSetupFileWithData() fi ############################################### - # Network mode (gluetun routing) + # Network mode (route through a gateway provider, e.g. gluetun) ############################################### + # An app may route through a gateway named in CFG__NETWORK. The + # provider owns the wiring via hooks in containers//scripts/: + # appNetworkApplyMode_ "$file" — switch this app's compose + # appNetworkRegisterPorts_ — refresh the provider's ports + # so no provider name is hardcoded here. local network_var="CFG_${app_name^^}_NETWORK" local network_mode="${!network_var:-default}" - tagsProcessorNetworkMode "$full_file_path" "$network_mode" - if [[ "$network_mode" == "gluetun" && "$app_name" != "gluetun" ]]; then - tagsProcessorGluetunForwardedPorts + if [[ "$network_mode" != "default" && "$network_mode" != "$app_name" ]]; then + declare -F "appNetworkApplyMode_${network_mode}" >/dev/null 2>&1 \ + && "appNetworkApplyMode_${network_mode}" "$full_file_path" + declare -F "appNetworkRegisterPorts_${network_mode}" >/dev/null 2>&1 \ + && "appNetworkRegisterPorts_${network_mode}" fi else diff --git a/scripts/docker/app/uninstall/uninstall_app.sh b/scripts/docker/app/uninstall/uninstall_app.sh index 5de5c8f..06897e6 100755 --- a/scripts/docker/app/uninstall/uninstall_app.sh +++ b/scripts/docker/app/uninstall/uninstall_app.sh @@ -82,9 +82,13 @@ dockerUninstallApp() webuiContainerSetup $stored_app_name uninstall; - if [[ $(dockerCheckAppInstalled "gluetun" "docker") == "installed" ]]; then - tagsProcessorGluetunForwardedPorts - fi + # A removed app may have been routed through a network gateway (e.g. + # gluetun); let each provider refresh its forwarded-port registration. + # Each hook self-skips when its provider isn't installed. + local _np_fn + for _np_fn in $(compgen -A function 2>/dev/null | grep '^appNetworkRegisterPorts_'); do + "$_np_fn" + done if [[ "$delete_tasks" == "true" ]]; then ((menu_number++)) diff --git a/scripts/source/files/app_files.sh b/scripts/source/files/app_files.sh index e803c21..107bc26 100755 --- a/scripts/source/files/app_files.sh +++ b/scripts/source/files/app_files.sh @@ -6,14 +6,11 @@ files_libreportal_app=( "${backup_scripts[@]}" "${checks_scripts[@]}" "${cli_scripts[@]}" - "${command_scripts[@]}" "${config_scripts[@]}" "${crontab_scripts[@]}" "${database_scripts[@]}" "${docker_scripts[@]}" "${function_scripts[@]}" - "${gluetun_scripts[@]}" - "${headscale_scripts[@]}" "${install_scripts[@]}" "${logs_scripts[@]}" "${menu_scripts[@]}" @@ -24,12 +21,7 @@ files_libreportal_app=( "${setup_scripts[@]}" "${source_scripts[@]}" "${ssh_scripts[@]}" - "${ssl_scripts[@]}" "${start_scripts[@]}" - "${swapfile_scripts[@]}" - "${ufw_scripts[@]}" - "${ufwd_scripts[@]}" "${update_scripts[@]}" - "${user_scripts[@]}" "${webui_scripts[@]}" ) diff --git a/scripts/source/files/arrays/files_config.sh b/scripts/source/files/arrays/files_config.sh index 04f11a5..5023aaa 100755 --- a/scripts/source/files/arrays/files_config.sh +++ b/scripts/source/files/arrays/files_config.sh @@ -43,7 +43,6 @@ config_scripts=( "config/tags/processors/tags_processor_app_url.sh" "config/tags/processors/tags_processor_docker_installation.sh" "config/tags/processors/tags_processor_healthcheck.sh" - "config/tags/processors/tags_processor_network_mode.sh" "config/tags/processors/tags_processor_password_generation.sh" "config/tags/processors/tags_processor_random_user.sh" "config/tags/processors/tags_processor_socket_configuration.sh" diff --git a/scripts/source/files/cli_files.sh b/scripts/source/files/cli_files.sh index 65f0e7e..fbcdfb2 100755 --- a/scripts/source/files/cli_files.sh +++ b/scripts/source/files/cli_files.sh @@ -6,14 +6,11 @@ files_libreportal_cli=( "${backup_scripts[@]}" "${checks_scripts[@]}" "${cli_scripts[@]}" - "${command_scripts[@]}" "${config_scripts[@]}" "${crontab_scripts[@]}" "${database_scripts[@]}" "${docker_scripts[@]}" "${function_scripts[@]}" - "${gluetun_scripts[@]}" - "${headscale_scripts[@]}" "${install_scripts[@]}" "${logs_scripts[@]}" "${menu_scripts[@]}" @@ -24,12 +21,7 @@ files_libreportal_cli=( "${setup_scripts[@]}" "${source_scripts[@]}" "${ssh_scripts[@]}" - "${ssl_scripts[@]}" "${start_scripts[@]}" - "${swapfile_scripts[@]}" - "${ufw_scripts[@]}" - "${ufwd_scripts[@]}" "${update_scripts[@]}" - "${user_scripts[@]}" "${webui_scripts[@]}" )