karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
nix/packages/docker/transmission-protonvpn/entrypoint.sh
Nikolaos Karaolidis 453c8ecc65 Add gitea act runner 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-07-25 17:41:58 +01:00

129 lines
3.5 KiB
Bash
Raw Permalink Blame History

#!/bin/sh
set -o errexit
set -o nounset
WIREGUARD_PRIVATE_KEY_PATH="${WIREGUARD_PRIVATE_KEY_PATH:-/etc/wireguard/privatekey}"
WIREGUARD_ALLOWED_IPS="${WIREGUARD_ALLOWED_IPS:-0.0.0.0/0}"
WIREGUARD_ADDRESS="${WIREGUARD_ADDRESS:-10.2.0.2/32}"
WIREGUARD_DNS="${WIREGUARD_DNS:-10.2.0.1}"
WIREGUARD_PEER_IP="${WIREGUARD_ENDPOINT%%:*}"
DEFAULT_GATEWAY="$(ip route show default | awk '/default/ {print $3; exit}')"
DEFAULT_INTERFACE="$(ip route show default | awk '/default/ {print $5; exit}')"
ip link add dev wg0 type wireguard
ip address add "$WIREGUARD_ADDRESS" dev wg0
wg set wg0 private-key "$WIREGUARD_PRIVATE_KEY_PATH"
wg set wg0 peer "$WIREGUARD_PUBLIC_KEY" allowed-ips "$WIREGUARD_ALLOWED_IPS" endpoint "$WIREGUARD_ENDPOINT"
ip link set up dev wg0
ip route add "$WIREGUARD_PEER_IP/32" via "$DEFAULT_GATEWAY" dev "$DEFAULT_INTERFACE"
ip route add 0.0.0.0/0 dev wg0
echo "nameserver $WIREGUARD_DNS" > /etc/resolv.conf
BIND_IP="${WIREGUARD_ADDRESS%%/*}"
rm -f "$TRANSMISSION_HOME/settings.json"
default_settings="$(\
transmission-daemon -d \
--no-portmap \
--bind-address-ipv4 "$BIND_IP" \
--bind-address-ipv6 "::1" \
"$@" 2>&1)"
echo "$default_settings" > "$TRANSMISSION_HOME/settings.json"
tmpfile="$(mktemp)"
jq '. + {
"rpc-whitelist-enabled": false,
"rpc-host-whitelist-enabled": false,
"rpc-url": "/",
"download-dir": "/var/lib/transmission",
"incomplete-dir": "/var/lib/transmission/incomplete",
"rename-partial-files": true
}' "$TRANSMISSION_HOME/settings.json" > "$tmpfile"
mv "$tmpfile" "$TRANSMISSION_HOME/settings.json"
if [ -f "$TRANSMISSION_HOME/settings.override.json" ]; then
tmpfile="$(mktemp)"
jq -s \
'.[0] * .[1]' \
"$TRANSMISSION_HOME/settings.json" \
"$TRANSMISSION_HOME/settings.override.json" \
> "$tmpfile"
mv "$tmpfile" "$TRANSMISSION_HOME/settings.json"
fi
PIPE=$(mktemp -u)
mkfifo "$PIPE"
transmission-daemon -f \
--no-portmap \
--bind-address-ipv4 "$BIND_IP" \
--bind-address-ipv6 "::1" \
"$@" > "$PIPE" 2>&1 &
PID=$!
CAT_PIPE=$(mktemp -u)
GREP_PIPE=$(mktemp -u)
mkfifo "$CAT_PIPE" "$GREP_PIPE"
tee "$CAT_PIPE" "$GREP_PIPE" < "$PIPE" > /dev/null &
cat "$CAT_PIPE" &
grep -q -m 1 "Serving RPC and Web requests on 0.0.0.0:9091" < "$GREP_PIPE"
rpc_path="$(jq -r '.["rpc-url"]' "$TRANSMISSION_HOME/settings.json")"
rpc_url="http://127.0.0.1:9091${rpc_path}rpc/"
(
set +o errexit
while true; do
natpmp_output="$(natpmpc -a 1 0 udp 60 -g 10.2.0.1)"
echo "$natpmp_output"
natpmp_output="$(natpmpc -a 1 0 tcp 60 -g 10.2.0.1)"
echo "$natpmp_output"
natpmp_port="$(echo "$natpmp_output" | awk '/Mapped public port/ { print $4 }')"
output_headers=$(curl -sf -D - -o /dev/null -X POST "$rpc_url" \
-H "Content-Type: application/json" \
-d '{"method": "session-get", "arguments": {"fields": ["session-id"]}}')
session_id="$(echo "$output_headers" | awk '/X-Transmission-Session-Id:/ { print $2 }' | tr -d '\r')"
curl -sf -X POST "$rpc_url" \
-H "X-Transmission-Session-Id: $session_id" \
-H "Content-Type: application/json" \
-d "{\"method\": \"session-set\", \"arguments\": {\"peer-port\": $natpmp_port}}" \
> /dev/null
sleep 45
done
) &
NATPMP_PID=$!
# shellcheck disable=SC2317
cleanup() {
kill -INT "$PID" "$NATPMP_PID" || true
ip route del 0.0.0.0/0 dev wg0
ip route del "$WIREGUARD_PEER_IP/32" via "$DEFAULT_GATEWAY" dev "$DEFAULT_INTERFACE"
ip link set down dev wg0
ip link delete dev wg0
rm -f "$PIPE" "$CAT_PIPE" "$GREP_PIPE"
}
trap cleanup INT TERM
wait "$PID"
exit $?
Reference in New Issue View Git Blame Copy Permalink