If it's gluetun code, it lives with gluetun. Both functions in
scripts/config/tags/processors/tags_processor_network_mode.sh manipulate gluetun
markers / gluetun's compose, so move them into containers/gluetun/scripts/
gluetun_network.sh and rename to the per-app-hook convention:
tagsProcessorNetworkMode -> appNetworkApplyMode_gluetun
tagsProcessorGluetunForwardedPorts -> appNetworkRegisterPorts_gluetun
Central call sites are now provider-agnostic — no "gluetun" literal anywhere:
- docker_config_setup_data.sh: an app routing via CFG_<APP>_NETWORK=<provider>
triggers `appNetworkApplyMode_<provider>` + `appNetworkRegisterPorts_<provider>`
via declare -F, so any future gateway provider plugs in with no engine edits.
- uninstall_app.sh: loops every `appNetworkRegisterPorts_*` hook (each self-skips
when its provider isn't installed), so removing a routed app refreshes the
right provider with no provider name in central code.
Delete tags_processor_network_mode.sh; regenerate arrays. Verified with stubs:
default mode no-ops, gluetun-routed app fires both hooks, gluetun itself is
skipped, unknown provider is silently no-op, uninstall loop calls registerPorts.
Drive-by cleanup: 9 stale "${X_scripts[@]}" array references in app_files.sh /
cli_files.sh (gluetun + headscale from this session's moves, plus 7 pre-existing:
command/ssl/swapfile/ufw/ufwd/user — all from older refactors that left them
behind). Each expanded to nothing at runtime (harmless), but they're dead
misleading refs. Cleaned both files; every remaining array ref now points to a
real files_*.sh.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
115 lines
4.7 KiB
Bash
115 lines
4.7 KiB
Bash
#!/bin/bash
|
|
|
|
# Gluetun network-routing provider hooks. An app routes through gluetun by setting
|
|
# CFG_<APP>_NETWORK=gluetun; the central compose templater + uninstall flow call
|
|
# these by convention (appNetworkApplyMode_<provider> / appNetworkRegisterPorts_
|
|
# <provider>) with no provider name hardcoded centrally — so this lives with the
|
|
# app that owns it.
|
|
|
|
# Switch a routed app's compose between default and gluetun networking by editing
|
|
# its marker regions (GLUETUN_OFF_* / GLUETUN_ON_*) and forcing traefik off (the
|
|
# app is reached via gluetun's published ports instead).
|
|
appNetworkApplyMode_gluetun()
|
|
{
|
|
local file="$1"
|
|
[[ -z "$file" || ! -f "$file" ]] && return 0
|
|
|
|
local tmp="${file}.netmode.$$"
|
|
runFileOp awk '
|
|
BEGIN { in_off=0; in_on=0 }
|
|
/# *GLUETUN_OFF_BEGIN/ { in_off=1; print; next }
|
|
/# *GLUETUN_OFF_END/ { in_off=0; print; next }
|
|
/# *GLUETUN_ON_BEGIN/ { in_on=1; print; next }
|
|
/# *GLUETUN_ON_END/ { in_on=0; print; next }
|
|
{
|
|
if (in_off) {
|
|
if ($0 ~ /^[[:space:]]*#/) { print; next }
|
|
match($0, /^[[:space:]]*/)
|
|
indent = substr($0, RSTART, RLENGTH)
|
|
rest = substr($0, RLENGTH + 1)
|
|
print indent "# " rest
|
|
next
|
|
}
|
|
if (in_on) {
|
|
match($0, /^[[:space:]]*/)
|
|
indent = substr($0, 1, RLENGTH)
|
|
rest = substr($0, RLENGTH + 1)
|
|
sub(/^#[[:space:]]?/, "", rest)
|
|
print indent rest
|
|
next
|
|
}
|
|
print
|
|
}
|
|
' "$file" | runFileWrite "$tmp"
|
|
|
|
runFileOp mv "$tmp" "$file"
|
|
|
|
tagsManagerUpdateUniversalTag "$file" "TRAEFIK_ENABLE_TAG" "false"
|
|
}
|
|
|
|
# Rebuild gluetun's GLUETUN_FORWARDED_PORTS region from every installed app whose
|
|
# CFG_<APP>_NETWORK is gluetun. Region is fully rewritten on every call so removed
|
|
# apps drop out automatically. Self-skips if gluetun isn't installed.
|
|
appNetworkRegisterPorts_gluetun()
|
|
{
|
|
local gluetun_compose="${containers_dir}gluetun/docker-compose.yml"
|
|
if [[ ! -f "$gluetun_compose" ]]; then return 0; fi
|
|
if ! command -v sqlite3 >/dev/null 2>&1; then return 0; fi
|
|
if [[ ! -f "$docker_dir/$db_file" ]]; then return 0; fi
|
|
|
|
local installed_apps
|
|
installed_apps=$(runInstallOp sqlite3 "$docker_dir/$db_file" \
|
|
"SELECT name FROM apps WHERE status = 1 ORDER BY name;" 2>/dev/null)
|
|
|
|
local routed_lines=""
|
|
while IFS= read -r app; do
|
|
[[ -z "$app" || "$app" == "gluetun" ]] && continue
|
|
local app_config_file="${containers_dir}${app}/${app}.config"
|
|
[[ -f "$app_config_file" ]] || continue
|
|
local net
|
|
net=$(grep -E "^CFG_${app^^}_NETWORK=" "$app_config_file" 2>/dev/null | cut -d'=' -f2 | tr -d '"')
|
|
[[ "$net" != "gluetun" ]] && continue
|
|
|
|
local ports
|
|
ports=$(runInstallOp sqlite3 "$docker_dir/$db_file" \
|
|
"SELECT resource_value FROM network_resources WHERE app_name = '$app' AND resource_type = 'port' AND status = 'active';" 2>/dev/null)
|
|
while IFS= read -r p; do
|
|
[[ -z "$p" ]] && continue
|
|
local ext_port int_port access
|
|
ext_port=$(echo "$p" | cut -d':' -f1)
|
|
int_port=$(echo "$p" | cut -d':' -f2)
|
|
access=$(echo "$p" | cut -d':' -f3)
|
|
[[ "$access" == "disabled" ]] && continue
|
|
[[ -z "$ext_port" || "$ext_port" == "random" ]] && continue
|
|
routed_lines+=" - \"${ext_port}:${int_port}\" # gluetun-routed: ${app}"$'\n'
|
|
done <<< "$ports"
|
|
done <<< "$installed_apps"
|
|
|
|
local tmp="${gluetun_compose}.fwd.$$"
|
|
runFileOp awk -v block="$routed_lines" '
|
|
BEGIN { in_region=0 }
|
|
/# *GLUETUN_FORWARDED_PORTS_BEGIN/ {
|
|
print
|
|
printf "%s", block
|
|
in_region=1
|
|
next
|
|
}
|
|
/# *GLUETUN_FORWARDED_PORTS_END/ { in_region=0; print; next }
|
|
{ if (!in_region) print }
|
|
' "$gluetun_compose" | runFileWrite "$tmp"
|
|
|
|
if ! runFileOp cmp -s "$tmp" "$gluetun_compose"; then
|
|
runFileOp mv "$tmp" "$gluetun_compose"
|
|
if runFileOp docker ps --format '{{.Names}}' 2>/dev/null | grep -q '^gluetun-service$'; then
|
|
isNotice "Gluetun forwarded ports changed; recreating gluetun-service to apply."
|
|
(cd "${containers_dir}gluetun" && runFileOp docker compose up -d --force-recreate gluetun-service >/dev/null 2>&1) || true
|
|
# Recreating gluetun gives it a new container ID, which orphans every
|
|
# `network_mode: container:gluetun-service` reference. Re-attach all
|
|
# routed apps so they share the new netns instead of getting their own.
|
|
appGluetunRecreateRouted
|
|
fi
|
|
else
|
|
runFileOp rm -f "$tmp"
|
|
fi
|
|
}
|