LibrePortal/scripts/app/containers/gluetun/gluetun_recreate_routed.sh
librelad c6dd2659be refactor(de-sudo): apps DB access via runInstallOp, not sudo
The apps SQLite DB ($docker_dir/$db_file) is owned by the manager user, so
read/write it AS the manager via runInstallOp instead of sudo (root). 48 call
sites across 28 scripts. In rooted this drops root->manager (correct owner);
in rootless it's the manager too (using runFileOp/dockerinstall here was the
'unable to open database' bug). The broken 'command -v sudo sqlite3' check
lines are left untouched (separate pre-existing issue).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 16:23:33 +01:00

67 lines
2.5 KiB
Bash

#!/bin/bash
# Force-recreates every installed app whose `CFG_<APP>_NETWORK=gluetun`
# so they re-resolve `network_mode: container:gluetun-service` against
# the *current* gluetun container ID.
#
# Background: Docker resolves `container:<name>` once at start time. If
# gluetun is later recreated (port-forward change, version bump, manual
# `docker compose up`), every routed app keeps the *old* container ID
# embedded in its NetworkMode and ends up in its own private netns —
# the host port mapping silently stops reaching anything because the
# app's HTTP server is no longer in gluetun's namespace.
#
# Call this whenever you've just touched gluetun in a way that recreates
# its container — see tagsProcessorGluetunForwardedPorts and the gluetun
# install lifecycle for the two existing wiring sites.
appGluetunRecreateRouted()
{
if ! command -v sqlite3 >/dev/null 2>&1; then
return 0
fi
if [[ ! -f "$docker_dir/$db_file" ]]; then
return 0
fi
local installed_apps
installed_apps=$(runInstallOp sqlite3 "$docker_dir/$db_file" \
"SELECT name FROM apps WHERE status = 1 ORDER BY name;" 2>/dev/null)
if ! sudo docker ps --format '{{.Names}}' 2>/dev/null | grep -q '^gluetun-service$'; then
# Nothing to re-attach against; gluetun isn't running.
return 0
fi
local recreated=0
while IFS= read -r app; do
[[ -z "$app" || "$app" == "gluetun" ]] && continue
local app_config_file="${containers_dir}${app}/${app}.config"
[[ -f "$app_config_file" ]] || continue
local net
net=$(grep -E "^CFG_${app^^}_NETWORK=" "$app_config_file" 2>/dev/null \
| cut -d'=' -f2 | tr -d '"')
[[ "$net" != "gluetun" ]] && continue
local app_compose="${containers_dir}${app}/docker-compose.yml"
[[ -f "$app_compose" ]] || continue
# Skip apps with no running/created container — recreate would
# do nothing useful and we'd just emit noise.
if ! sudo docker ps -a --format '{{.Names}}' 2>/dev/null \
| grep -q "^${app}-service$"; then
continue
fi
isNotice "Re-attaching ${app} to gluetun's namespace (force-recreate)..."
(cd "${containers_dir}${app}" \
&& sudo docker compose up -d --force-recreate "${app}-service" \
>/dev/null 2>&1) || true
((recreated++))
done <<< "$installed_apps"
if (( recreated > 0 )); then
isSuccessful "Re-attached ${recreated} gluetun-routed app(s) to the new gluetun namespace."
fi
}