#!/bin/bash # Gluetun network-routing provider hooks. An app routes through gluetun by setting # CFG__NETWORK=gluetun; the central compose templater + uninstall flow call # these by convention (appNetworkApplyMode_ / appNetworkRegisterPorts_ # ) with no provider name hardcoded centrally — so this lives with the # app that owns it. # Switch a routed app's compose between default and gluetun networking by editing # its marker regions (GLUETUN_OFF_* / GLUETUN_ON_*) and forcing traefik off (the # app is reached via gluetun's published ports instead). appNetworkApplyMode_gluetun() { local file="$1" [[ -z "$file" || ! -f "$file" ]] && return 0 local tmp="${file}.netmode.$$" runFileOp awk ' BEGIN { in_off=0; in_on=0 } /# *GLUETUN_OFF_BEGIN/ { in_off=1; print; next } /# *GLUETUN_OFF_END/ { in_off=0; print; next } /# *GLUETUN_ON_BEGIN/ { in_on=1; print; next } /# *GLUETUN_ON_END/ { in_on=0; print; next } { if (in_off) { if ($0 ~ /^[[:space:]]*#/) { print; next } match($0, /^[[:space:]]*/) indent = substr($0, RSTART, RLENGTH) rest = substr($0, RLENGTH + 1) print indent "# " rest next } if (in_on) { match($0, /^[[:space:]]*/) indent = substr($0, 1, RLENGTH) rest = substr($0, RLENGTH + 1) sub(/^#[[:space:]]?/, "", rest) print indent rest next } print } ' "$file" | runFileWrite "$tmp" runFileOp mv "$tmp" "$file" tagsManagerUpdateUniversalTag "$file" "TRAEFIK_ENABLE_TAG" "false" } # Rebuild gluetun's GLUETUN_FORWARDED_PORTS region from every installed app whose # CFG__NETWORK is gluetun. Region is fully rewritten on every call so removed # apps drop out automatically. Self-skips if gluetun isn't installed. appNetworkRegisterPorts_gluetun() { local gluetun_compose="${containers_dir}gluetun/docker-compose.yml" if [[ ! -f "$gluetun_compose" ]]; then return 0; fi if ! command -v sqlite3 >/dev/null 2>&1; then return 0; fi if [[ ! -f "$docker_dir/$db_file" ]]; then return 0; fi local installed_apps installed_apps=$(runInstallOp sqlite3 "$docker_dir/$db_file" \ "SELECT name FROM apps WHERE status = 1 ORDER BY name;" 2>/dev/null) local routed_lines="" while IFS= read -r app; do [[ -z "$app" || "$app" == "gluetun" ]] && continue local app_config_file="${containers_dir}${app}/${app}.config" [[ -f "$app_config_file" ]] || continue local net net=$(grep -E "^CFG_${app^^}_NETWORK=" "$app_config_file" 2>/dev/null | cut -d'=' -f2 | tr -d '"') [[ "$net" != "gluetun" ]] && continue local ports ports=$(runInstallOp sqlite3 "$docker_dir/$db_file" \ "SELECT resource_value FROM network_resources WHERE app_name = '$app' AND resource_type = 'port' AND status = 'active';" 2>/dev/null) while IFS= read -r p; do [[ -z "$p" ]] && continue local ext_port int_port access ext_port=$(echo "$p" | cut -d':' -f1) int_port=$(echo "$p" | cut -d':' -f2) access=$(echo "$p" | cut -d':' -f3) [[ "$access" == "disabled" ]] && continue [[ -z "$ext_port" || "$ext_port" == "random" ]] && continue routed_lines+=" - \"${ext_port}:${int_port}\" # gluetun-routed: ${app}"$'\n' done <<< "$ports" done <<< "$installed_apps" local tmp="${gluetun_compose}.fwd.$$" runFileOp awk -v block="$routed_lines" ' BEGIN { in_region=0 } /# *GLUETUN_FORWARDED_PORTS_BEGIN/ { print printf "%s", block in_region=1 next } /# *GLUETUN_FORWARDED_PORTS_END/ { in_region=0; print; next } { if (!in_region) print } ' "$gluetun_compose" | runFileWrite "$tmp" if ! runFileOp cmp -s "$tmp" "$gluetun_compose"; then runFileOp mv "$tmp" "$gluetun_compose" if runFileOp docker ps --format '{{.Names}}' 2>/dev/null | grep -q '^gluetun-service$'; then isNotice "Gluetun forwarded ports changed; recreating gluetun-service to apply." (cd "${containers_dir}gluetun" && runFileOp docker compose up -d --force-recreate gluetun-service >/dev/null 2>&1) || true # Recreating gluetun gives it a new container ID, which orphans every # `network_mode: container:gluetun-service` reference. Re-attach all # routed apps so they share the new netns instead of getting their own. appGluetunRecreateRouted fi else runFileOp rm -f "$tmp" fi }