#!/bin/sh set -o errexit set -o nounset WIREGUARD_PRIVATE_KEY_PATH="${WIREGUARD_PRIVATE_KEY_PATH:-/etc/wireguard/privatekey}" WIREGUARD_ALLOWED_IPS="${WIREGUARD_ALLOWED_IPS:-0.0.0.0/0}" WIREGUARD_ADDRESS="${WIREGUARD_ADDRESS:-10.2.0.2/32}" WIREGUARD_DNS="${WIREGUARD_DNS:-10.2.0.1}" WIREGUARD_PEER_IP="${WIREGUARD_ENDPOINT%%:*}" DEFAULT_GATEWAY="$(ip route show default | awk '/default/ {print $3; exit}')" DEFAULT_INTERFACE="$(ip route show default | awk '/default/ {print $5; exit}')" ip link add dev wg0 type wireguard ip address add "$WIREGUARD_ADDRESS" dev wg0 wg set wg0 private-key "$WIREGUARD_PRIVATE_KEY_PATH" wg set wg0 peer "$WIREGUARD_PUBLIC_KEY" allowed-ips "$WIREGUARD_ALLOWED_IPS" endpoint "$WIREGUARD_ENDPOINT" ip link set up dev wg0 ip route add "$WIREGUARD_PEER_IP/32" via "$DEFAULT_GATEWAY" dev "$DEFAULT_INTERFACE" ip route add 0.0.0.0/0 dev wg0 echo "nameserver $WIREGUARD_DNS" > /etc/resolv.conf BIND_IP="${WIREGUARD_ADDRESS%%/*}" rm -f "$TRANSMISSION_HOME/settings.json" default_settings="$(\ transmission-daemon -d \ --no-portmap \ --bind-address-ipv4 "$BIND_IP" \ --bind-address-ipv6 "::1" \ "$@" 2>&1)" echo "$default_settings" > "$TRANSMISSION_HOME/settings.json" tmpfile="$(mktemp)" jq '. + { "rpc-whitelist-enabled": false, "rpc-host-whitelist-enabled": false, "rpc-url": "/", "download-dir": "/var/lib/transmission", "incomplete-dir": "/var/lib/transmission/incomplete", "rename-partial-files": true }' "$TRANSMISSION_HOME/settings.json" > "$tmpfile" mv "$tmpfile" "$TRANSMISSION_HOME/settings.json" if [ -f "$TRANSMISSION_HOME/settings.override.json" ]; then tmpfile="$(mktemp)" jq -s \ '.[0] * .[1]' \ "$TRANSMISSION_HOME/settings.json" \ "$TRANSMISSION_HOME/settings.override.json" \ > "$tmpfile" mv "$tmpfile" "$TRANSMISSION_HOME/settings.json" fi PIPE=$(mktemp -u) mkfifo "$PIPE" transmission-daemon -f \ --no-portmap \ --bind-address-ipv4 "$BIND_IP" \ --bind-address-ipv6 "::1" \ "$@" > "$PIPE" 2>&1 & PID=$! CAT_PIPE=$(mktemp -u) GREP_PIPE=$(mktemp -u) mkfifo "$CAT_PIPE" "$GREP_PIPE" tee "$CAT_PIPE" "$GREP_PIPE" < "$PIPE" > /dev/null & cat "$CAT_PIPE" & grep -q -m 1 "Serving RPC and Web requests on 0.0.0.0:9091" < "$GREP_PIPE" rpc_path="$(jq -r '.["rpc-url"]' "$TRANSMISSION_HOME/settings.json")" rpc_url="http://127.0.0.1:9091${rpc_path}rpc/" ( set +o errexit while true; do natpmp_output="$(natpmpc -a 1 0 udp 60 -g 10.2.0.1)" echo "$natpmp_output" natpmp_output="$(natpmpc -a 1 0 tcp 60 -g 10.2.0.1)" echo "$natpmp_output" natpmp_port="$(echo "$natpmp_output" | awk '/Mapped public port/ { print $4 }')" output_headers=$(curl -sf -D - -o /dev/null -X POST "$rpc_url" \ -H "Content-Type: application/json" \ -d '{"method": "session-get", "arguments": {"fields": ["session-id"]}}') session_id="$(echo "$output_headers" | awk '/X-Transmission-Session-Id:/ { print $2 }' | tr -d '\r')" curl -sf -X POST "$rpc_url" \ -H "X-Transmission-Session-Id: $session_id" \ -H "Content-Type: application/json" \ -d "{\"method\": \"session-set\", \"arguments\": {\"peer-port\": $natpmp_port}}" \ > /dev/null sleep 45 done ) & NATPMP_PID=$! # shellcheck disable=SC2317 cleanup() { kill -INT "$PID" "$NATPMP_PID" || true ip route del 0.0.0.0/0 dev wg0 ip route del "$WIREGUARD_PEER_IP/32" via "$DEFAULT_GATEWAY" dev "$DEFAULT_INTERFACE" ip link set down dev wg0 ip link delete dev wg0 rm -f "$PIPE" "$CAT_PIPE" "$GREP_PIPE" } trap cleanup INT TERM wait "$PID" exit $?