avm/hassio-addons
1
0
Fork 0
mirror of https://github.com/alexbelgium/hassio-addons.git synced 2026-06-21 06:49:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Default container VPN binding

Browse Source
This commit is contained in:
Alexandre
2025-11-25 10:27:47 +01:00
parent 51fd1a7404
commit fa45da21a3
5 changed files with 41 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
qbittorrent/CHANGELOG.md
View File

@@ -1,3 +1,6 @@
## 5.1.2-23 (29-11-2025)
- Default VPN container binding for OpenVPN and WireGuard with optional qBittorrent-only interface binding.
## 5.1.2-22 (24-11-2025) ## 5.1.2-22 (24-11-2025)
- Minor bugs fixed - Minor bugs fixed
## 5.1.2-21 (24-11-2025) ## 5.1.2-21 (24-11-2025)

4
qbittorrent/README.md
View File

@@ -77,13 +77,15 @@ Network disk is mounted to `/mnt/<share_name>`. You need to map the exposed port
| `openvpn_config` | str | | OpenVPN config file name (in `/config/openvpn/`) | | `openvpn_config` | str | | OpenVPN config file name (in `/config/openvpn/`) |
| `openvpn_username` | str | | OpenVPN username | | `openvpn_username` | str | | OpenVPN username |
| `openvpn_password` | str | | OpenVPN password | | `openvpn_password` | str | | OpenVPN password |
| `openvpn_alt_mode` | bool | `false` | Bind at container level instead of app level | | `openvpn_alt_mode` | bool | `true` | Container binding for VPN traffic (disable to bind qBittorrent only) |
| `wireguard_enabled` | bool | `false` | Enable WireGuard tunnel | | `wireguard_enabled` | bool | `false` | Enable WireGuard tunnel |
| `wireguard_config` | str | _(empty)_ | WireGuard config file name (in `/config/wireguard/`) | | `wireguard_config` | str | _(empty)_ | WireGuard config file name (in `/config/wireguard/`) |
| `qbit_manage` | bool | `false` | Enable qBit Manage integration | | `qbit_manage` | bool | `false` | Enable qBit Manage integration |
| `run_duration` | str | | Run duration (e.g., `12h`, `5d`) | | `run_duration` | str | | Run duration (e.g., `12h`, `5d`) |
| `silent` | bool | `false` | Suppress debug messages | | `silent` | bool | `false` | Suppress debug messages |
By default, VPN traffic is container-bound (OpenVPN and WireGuard). Disable `openvpn_alt_mode` only if you prefer binding qBittorrent itself to the VPN interface while exposing the rest of the container on the host network.
### WireGuard Setup ### WireGuard Setup
WireGuard configuration files must be stored in `/config/wireguard`. If several `.conf` files are present, set `wireguard_config` to the file name you want to use (for example `wg0.conf`). Expose UDP port `51820` in the add-on options and forward it from your router only when your tunnel expects inbound peers (for example, site-to-site setups). Outbound-only commercial VPN providers usually do not require a mapped port. The runtime configuration now preserves both IPv4 and IPv6 entries, so you can use dual-stack WireGuard peers when your endpoint supports them. WireGuard configuration files must be stored in `/config/wireguard`. If several `.conf` files are present, set `wireguard_config` to the file name you want to use (for example `wg0.conf`). Expose UDP port `51820` in the add-on options and forward it from your router only when your tunnel expects inbound peers (for example, site-to-site setups). Outbound-only commercial VPN providers usually do not require a mapped port. The runtime configuration now preserves both IPv4 and IPv6 entries, so you can use dual-stack WireGuard peers when your endpoint supports them.

7
qbittorrent/config.yaml
View File

@@ -89,6 +89,11 @@ options:
certfile: fullchain.pem certfile: fullchain.pem
customUI: vuetorrent customUI: vuetorrent
keyfile: privkey.pem keyfile: privkey.pem
openvpn_alt_mode: true
openvpn_config: ""
openvpn_enabled: false
openvpn_password: ""
openvpn_username: ""
qbit_manage: false qbit_manage: false
ssl: false ssl: false
wireguard_enabled: false wireguard_enabled: false
@@ -145,4 +150,4 @@ schema:
slug: qbittorrent slug: qbittorrent
udev: true udev: true
url: https://github.com/alexbelgium/hassio-addons url: https://github.com/alexbelgium/hassio-addons
version: 5.1.2-22 version: 5.1.2-23

15
qbittorrent/rootfs/etc/cont-init.d/94-wireguard.sh
View File

@@ -19,10 +19,6 @@ if bashio::config.true 'openvpn_enabled'; then
bashio::exit.nok 'OpenVPN and WireGuard cannot be enabled simultaneously. Disable one of them.' bashio::exit.nok 'OpenVPN and WireGuard cannot be enabled simultaneously. Disable one of them.'
fi fi
if bashio::config.true 'openvpn_alt_mode'; then
bashio::log.warning 'The openvpn_alt_mode option is ignored when WireGuard is enabled.'
fi
if bashio::config.has_value 'wireguard_config'; then if bashio::config.has_value 'wireguard_config'; then
configured_name="$(bashio::config 'wireguard_config')" configured_name="$(bashio::config 'wireguard_config')"
configured_name="${configured_name##*/}" configured_name="${configured_name##*/}"
@@ -66,6 +62,17 @@ bashio::log.info 'Prepared WireGuard runtime configuration for initial connectio
echo "${wireguard_runtime_config}" > "${WIREGUARD_STATE_DIR}/config" echo "${wireguard_runtime_config}" > "${WIREGUARD_STATE_DIR}/config"
echo "${interface_name}" > "${WIREGUARD_STATE_DIR}/interface" echo "${interface_name}" > "${WIREGUARD_STATE_DIR}/interface"
if bashio::config.true 'openvpn_alt_mode'; then
bashio::log.info 'Using container-wide WireGuard binding (default).'
if bashio::fs.file_exists "${QBT_CONFIG_FILE}"; then
sed -i '/Interface/d' "${QBT_CONFIG_FILE}"
else
bashio::log.warning 'qBittorrent config file not found. Unable to remove interface binding entries.'
fi
bashio::log.info "WireGuard prepared with interface ${interface_name} using configuration ${wireguard_config##*/}."
exit 0
fi
if bashio::fs.file_exists "${QBT_CONFIG_FILE}"; then if bashio::fs.file_exists "${QBT_CONFIG_FILE}"; then
sed -i '/Interface/d' "${QBT_CONFIG_FILE}" sed -i '/Interface/d' "${QBT_CONFIG_FILE}"
sed -i "/\\[Preferences\\]/ i\\Connection\\\\Interface=${interface_name}" "${QBT_CONFIG_FILE}" sed -i "/\\[Preferences\\]/ i\\Connection\\\\Interface=${interface_name}" "${QBT_CONFIG_FILE}"

25
qbittorrent/rootfs/etc/services.d/vpn-monitor/run
View File

@@ -129,17 +129,28 @@ if bashio::config.true 'openvpn_enabled'; then
vpn_openvpn=true vpn_openvpn=true
fi fi
if [[ "${vpn_openvpn}" == true ]] && ! bashio::config.true 'openvpn_alt_mode'; then
VPN_INTERFACE="tun0"
bashio::log.info "VPN monitor set to query external IP through interface ${VPN_INTERFACE} (interface binding)."
else
VPN_INTERFACE=""
fi
if bashio::config.true 'wireguard_enabled'; then if bashio::config.true 'wireguard_enabled'; then
vpn_wireguard=true vpn_wireguard=true
fi fi
if ! bashio::config.true 'openvpn_alt_mode'; then
if [[ "${vpn_openvpn}" == true ]]; then
VPN_INTERFACE="tun0"
bashio::log.info "VPN monitor set to query external IP through interface ${VPN_INTERFACE} (interface binding)."
elif [[ "${vpn_wireguard}" == true ]]; then
if [[ -f /var/run/wireguard/interface ]]; then
VPN_INTERFACE="$(cat /var/run/wireguard/interface)"
else
VPN_INTERFACE="wg0"
fi
bashio::log.info "VPN monitor set to query external IP through interface ${VPN_INTERFACE} (interface binding)."
else
VPN_INTERFACE=""
fi
else
VPN_INTERFACE=""
fi
if [[ "${vpn_openvpn}" != true && "${vpn_wireguard}" != true ]]; then if [[ "${vpn_openvpn}" != true && "${vpn_wireguard}" != true ]]; then
bashio::log.info "VPN leak monitor not started because no VPN is enabled." bashio::log.info "VPN leak monitor not started because no VPN is enabled."
exit 0 exit 0