From 35de8a683e824575b57a7ae110af2df5cd037a42 Mon Sep 17 00:00:00 2001
From: AngeD <ange.duhayon@epitech.eu>
Date: Sat, 23 Dec 2023 18:18:42 +0100
Subject: [PATCH] feat: mullvad wireguard

---
 _nginx/compose.yaml                             |  2 +-
 matrix/TODO                                     |  2 ++
 {mullvad => mullvad_openvpn}/Dockerfile         |  4 +++-
 {mullvad => mullvad_openvpn}/compose.yaml       |  0
 mullvad_openvpn/entrypoint.sh                   | 15 +++++++++++++++
 {mullvad => mullvad_openvpn}/install_site       |  0
 {mullvad => mullvad_openvpn}/openvpn/.gitignore |  0
 {mullvad => mullvad_openvpn}/openvpn/README.md  |  1 -
 mullvad_wireguard/Dockerfile                    | 11 +++++++++++
 mullvad_wireguard/compose.yaml                  | 10 ++++++++++
 mullvad_wireguard/entrypoint.sh                 | 15 +++++++++++++++
 mullvad_wireguard/install_site                  |  1 +
 mullvad_wireguard/wireguard/.gitignore          |  3 +++
 mullvad_wireguard/wireguard/README.md           |  1 +
 searxng/.env                                    |  2 +-
 15 files changed, 63 insertions(+), 4 deletions(-)
 create mode 100644 matrix/TODO
 rename {mullvad => mullvad_openvpn}/Dockerfile (74%)
 rename {mullvad => mullvad_openvpn}/compose.yaml (100%)
 create mode 100755 mullvad_openvpn/entrypoint.sh
 rename {mullvad => mullvad_openvpn}/install_site (100%)
 rename {mullvad => mullvad_openvpn}/openvpn/.gitignore (100%)
 rename {mullvad => mullvad_openvpn}/openvpn/README.md (61%)
 create mode 100644 mullvad_wireguard/Dockerfile
 create mode 100644 mullvad_wireguard/compose.yaml
 create mode 100755 mullvad_wireguard/entrypoint.sh
 create mode 120000 mullvad_wireguard/install_site
 create mode 100644 mullvad_wireguard/wireguard/.gitignore
 create mode 100644 mullvad_wireguard/wireguard/README.md

diff --git a/_nginx/compose.yaml b/_nginx/compose.yaml
index 9ebb25b..fc1da55 100644
--- a/_nginx/compose.yaml
+++ b/_nginx/compose.yaml
@@ -11,7 +11,7 @@ services:
     volumes:
       - sites:/etc/nginx/conf.d/
       - certs:/etc/letsencrypt/
-      - certbotroot:/var/www/certbot/:ro
+      - certbotroot:/var/www/certbot/
     networks:
       - nginx
 
diff --git a/matrix/TODO b/matrix/TODO
new file mode 100644
index 0000000..8e1702a
--- /dev/null
+++ b/matrix/TODO
@@ -0,0 +1,2 @@
+message expiration
+mail bridge?
diff --git a/mullvad/Dockerfile b/mullvad_openvpn/Dockerfile
similarity index 74%
rename from mullvad/Dockerfile
rename to mullvad_openvpn/Dockerfile
index 339208c..31dbd40 100644
--- a/mullvad/Dockerfile
+++ b/mullvad_openvpn/Dockerfile
@@ -1,8 +1,10 @@
 FROM docker.io/debian:12-slim
 WORKDIR /etc/openvpn/
+ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update                                \
     && apt-get install -y --no-install-recommends \
         openvpn                                   \
     && rm -rf /var/lib/apt/lists/*
+COPY entrypoint.sh/ /usr/local/bin/
 COPY openvpn/ /etc/openvpn/
-CMD ["openvpn", "--config", "mullvad_00.conf"]
+CMD ["entrypoint.sh"]
diff --git a/mullvad/compose.yaml b/mullvad_openvpn/compose.yaml
similarity index 100%
rename from mullvad/compose.yaml
rename to mullvad_openvpn/compose.yaml
diff --git a/mullvad_openvpn/entrypoint.sh b/mullvad_openvpn/entrypoint.sh
new file mode 100755
index 0000000..755fff3
--- /dev/null
+++ b/mullvad_openvpn/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+# See https://mullvad.net/en/help/socks5-proxy
+SOCKS_IP='10.8.0.1'
+
+for file in /etc/openvpn/*.conf; do
+    cat <<EOF >> "$file"
+
+route-nopull
+route 10.0.0.0 255.0.0.0
+EOF
+done
+
+chmod +x /etc/openvpn/update-resolv-conf
+exec openvpn --config "$(printf '%q\n' /etc/openvpn/*.conf  | shuf -n1)"
diff --git a/mullvad/install_site b/mullvad_openvpn/install_site
similarity index 100%
rename from mullvad/install_site
rename to mullvad_openvpn/install_site
diff --git a/mullvad/openvpn/.gitignore b/mullvad_openvpn/openvpn/.gitignore
similarity index 100%
rename from mullvad/openvpn/.gitignore
rename to mullvad_openvpn/openvpn/.gitignore
diff --git a/mullvad/openvpn/README.md b/mullvad_openvpn/openvpn/README.md
similarity index 61%
rename from mullvad/openvpn/README.md
rename to mullvad_openvpn/openvpn/README.md
index 1286b22..29120c5 100644
--- a/mullvad/openvpn/README.md
+++ b/mullvad_openvpn/openvpn/README.md
@@ -1,2 +1 @@
-Put your openvpn config here
 https://mullvad.net/en/account/openvpn-config
diff --git a/mullvad_wireguard/Dockerfile b/mullvad_wireguard/Dockerfile
new file mode 100644
index 0000000..db4d775
--- /dev/null
+++ b/mullvad_wireguard/Dockerfile
@@ -0,0 +1,11 @@
+FROM docker.io/debian:12-slim as base
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update                                \
+    && apt-get install -y --no-install-recommends \
+        iproute2                                  \
+        openresolv                                \
+        wireguard                                 \
+    && rm -rf /var/lib/apt/lists/*
+COPY entrypoint.sh/ /usr/local/bin/
+COPY wireguard/ /etc/wireguard/
+CMD ["entrypoint.sh"]
diff --git a/mullvad_wireguard/compose.yaml b/mullvad_wireguard/compose.yaml
new file mode 100644
index 0000000..b761b3d
--- /dev/null
+++ b/mullvad_wireguard/compose.yaml
@@ -0,0 +1,10 @@
+---
+services:
+  mullvad:
+    build: .
+    restart: unless-stopped
+    network_mode: host
+    devices:
+      - /dev/net/
+    cap_add:
+      - NET_ADMIN
diff --git a/mullvad_wireguard/entrypoint.sh b/mullvad_wireguard/entrypoint.sh
new file mode 100755
index 0000000..fd59104
--- /dev/null
+++ b/mullvad_wireguard/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+stopwg() {
+    wg-quick down "$CONF"
+}
+
+# See https://mullvad.net/en/help/socks5-proxy
+SOCKS_IP='10.64.0.1'
+CONF="$(printf '%q\n' /etc/wireguard/*.conf | shuf -n1)"
+
+sed -i "s/^AllowedIPs.*/AllowedIPs = $SOCKS_IP/" /etc/wireguard/*.conf
+wg-quick up "$CONF"
+
+trap stopwg SIGHUP SIGINT SIGTERM
+sleep infinity & wait
diff --git a/mullvad_wireguard/install_site b/mullvad_wireguard/install_site
new file mode 120000
index 0000000..846f55c
--- /dev/null
+++ b/mullvad_wireguard/install_site
@@ -0,0 +1 @@
+../_nginx/install_site
\ No newline at end of file
diff --git a/mullvad_wireguard/wireguard/.gitignore b/mullvad_wireguard/wireguard/.gitignore
new file mode 100644
index 0000000..7c9d611
--- /dev/null
+++ b/mullvad_wireguard/wireguard/.gitignore
@@ -0,0 +1,3 @@
+*
+!.gitignore
+!README.md
diff --git a/mullvad_wireguard/wireguard/README.md b/mullvad_wireguard/wireguard/README.md
new file mode 100644
index 0000000..d313ea7
--- /dev/null
+++ b/mullvad_wireguard/wireguard/README.md
@@ -0,0 +1 @@
+https://mullvad.net/en/account/wireguard-config
diff --git a/searxng/.env b/searxng/.env
index 9eedaff..ef80946 100644
--- a/searxng/.env
+++ b/searxng/.env
@@ -1,4 +1,4 @@
 BASE_URL=searx.
 EMAIL=
 
-SEARXNG_SECRET=
+SEARXNG_SECRET=     #$(openssl rand -hex 32)