feat: mullvad wireguard

2023-12-23 18:18:42 +01:00 · 2023-12-23 18:18:42 +01:00 · 35de8a683e
commit 35de8a683e
parent 9fe01dd93c
15 changed files with 63 additions and 4 deletions
--- a/_nginx/compose.yaml
+++ b/_nginx/compose.yaml
@ -11,7 +11,7 @@ services:
    volumes:
      - sites:/etc/nginx/conf.d/
      - certs:/etc/letsencrypt/
-      - certbotroot:/var/www/certbot/:ro
+      - certbotroot:/var/www/certbot/
    networks:
      - nginx

--- a/matrix/TODO
+++ b/matrix/TODO
@ -0,0 +1,2 @@
+message expiration
+mail bridge?
--- a/mullvad_openvpn/Dockerfile
+++ b/mullvad_openvpn/Dockerfile
@ -1,8 +1,10 @@
 FROM docker.io/debian:12-slim
 WORKDIR /etc/openvpn/
+ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update                                \
    && apt-get install -y --no-install-recommends \
        openvpn                                   \
    && rm -rf /var/lib/apt/lists/*
+COPY entrypoint.sh/ /usr/local/bin/
 COPY openvpn/ /etc/openvpn/
-CMD ["openvpn", "--config", "mullvad_00.conf"]
+CMD ["entrypoint.sh"]
--- a/mullvad_openvpn/compose.yaml
+++ b/mullvad_openvpn/compose.yaml
--- a/mullvad_openvpn/entrypoint.sh
+++ b/mullvad_openvpn/entrypoint.sh
@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+# See https://mullvad.net/en/help/socks5-proxy
+SOCKS_IP='10.8.0.1'
+
+for file in /etc/openvpn/*.conf; do
+    cat <<EOF >> "$file"
+
+route-nopull
+route 10.0.0.0 255.0.0.0
+EOF
+done
+
+chmod +x /etc/openvpn/update-resolv-conf
+exec openvpn --config "$(printf '%q\n' /etc/openvpn/*.conf  | shuf -n1)"
--- a/mullvad_openvpn/install_site
+++ b/mullvad_openvpn/install_site
--- a/mullvad_openvpn/openvpn/.gitignore
+++ b/mullvad_openvpn/openvpn/.gitignore
--- a/mullvad_openvpn/openvpn/README.md
+++ b/mullvad_openvpn/openvpn/README.md
@ -1,2 +1 @@
-Put your openvpn config here
 https://mullvad.net/en/account/openvpn-config
--- a/mullvad_wireguard/Dockerfile
+++ b/mullvad_wireguard/Dockerfile
@ -0,0 +1,11 @@
+FROM docker.io/debian:12-slim as base
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update                                \
+    && apt-get install -y --no-install-recommends \
+        iproute2                                  \
+        openresolv                                \
+        wireguard                                 \
+    && rm -rf /var/lib/apt/lists/*
+COPY entrypoint.sh/ /usr/local/bin/
+COPY wireguard/ /etc/wireguard/
+CMD ["entrypoint.sh"]
--- a/mullvad_wireguard/compose.yaml
+++ b/mullvad_wireguard/compose.yaml
@ -0,0 +1,10 @@
+---
+services:
+  mullvad:
+    build: .
+    restart: unless-stopped
+    network_mode: host
+    devices:
+      - /dev/net/
+    cap_add:
+      - NET_ADMIN
--- a/mullvad_wireguard/entrypoint.sh
+++ b/mullvad_wireguard/entrypoint.sh
@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+stopwg() {
+    wg-quick down "$CONF"
+}
+
+# See https://mullvad.net/en/help/socks5-proxy
+SOCKS_IP='10.64.0.1'
+CONF="$(printf '%q\n' /etc/wireguard/*.conf | shuf -n1)"
+
+sed -i "s/^AllowedIPs.*/AllowedIPs = $SOCKS_IP/" /etc/wireguard/*.conf
+wg-quick up "$CONF"
+
+trap stopwg SIGHUP SIGINT SIGTERM
+sleep infinity & wait
--- a/mullvad_wireguard/install_site
+++ b/mullvad_wireguard/install_site
@ -0,0 +1 @@
+../_nginx/install_site
--- a/mullvad_wireguard/wireguard/.gitignore
+++ b/mullvad_wireguard/wireguard/.gitignore
@ -0,0 +1,3 @@
+*
+!.gitignore
+!README.md
--- a/mullvad_wireguard/wireguard/README.md
+++ b/mullvad_wireguard/wireguard/README.md
@ -0,0 +1 @@
+https://mullvad.net/en/account/wireguard-config
--- a/searxng/.env
+++ b/searxng/.env
@ -1,4 +1,4 @@
 BASE_URL=searx.
 EMAIL=

-SEARXNG_SECRET=
+SEARXNG_SECRET=     #$(openssl rand -hex 32)
				`@ -0,0 +1 @@`
				`https://mullvad.net/en/account/wireguard-config`