Traefik and wireguard vpn

[ohkeenan]

I'm not entirely sure if your purpose for the VPN is intended to connect this stack to a remote endpoint (aka your home net) or to mask the outbound IP for anon purposes? Either way wireguard is implemented and works for masking outbound IP just drop a wg0.conf in the ./packages/vpn dir.

[iam4x]

I'm sure /lib/modules is required and for instance we don't have it on OSX

[ohkeenan]

That's a shame and you're definitely right the container relies on the wireguard linux kernel module. Unfortunately I don't even have a hackintosh to test on sorry :(

[iam4x]

Hi thank you for the contribution.

The VPN here is used only to traffic transmission/torrent through VPN in order to hide what we are downloading so your guess was right 👍

I need to setup myself a wireguard server and try this later this week.

[iam4x]

Alright thank you for the information about wireguard requirements.
What do you think of having two distinct docker-compose?

• docker-compose.vpn.yml
• docker-compose.wireguard.yml

So the two configurations are distinct.

[ohkeenan]

For sure, do you mean differently than f3615e3?

In the f3615e3 commit there's a docker-compose.traefik.yml for the base then 2 corresponding vpn compose files:
docker-compose.traefik.vpn.openvpn.yml
docker-compose.traefik.vpn.wireguard.yml

So for instance for openvpn config:

docker-compose -f docker-compose.traefik.yml -f docker-compose.traefik.vpn.openvpn.yml up -d

And for wireguard:

docker-compose -f docker-compose.traefik.yml -f docker-compose.traefik.vpn.wireguard.yml up -d

If you want a sample wg0.conf we should connect on discord or something and I'll send the one I have - just bought a month from Mullvad for testing.

[iam4x]

I mean, that we should replace nginx and default docker-compose with traefik out of the box.

I've checked the docs it looks awesome, and I really like this tagging/auto-discovery feature no need to create configuration for sub-domains, you made my day!

Bobarr need to be simple with less configuration possible, so having a lot of docker-compose files bother me, we should just have nginx or traefik.

I want to support the existing vpn with openvpn and wireguard with your docker-compose.

Dont worry for wireguard, I'll use https://github.com/angristan/wireguard-install from @angristan and start one server. I'll replace my openvpn with wireguard in the long term.

After that, you will need to update the README and the package.json for shortcuts (https://github.com/iam4x/bobarr/blob/master/package.json#L8-L10) and I'll be happy to merge it!

[ohkeenan]

Ohh that is excellent!!! I'm so happy thank you :) I'll make another commit shortly per your requests above.

Would it be alright if I added some environment variables to the .env file for:

BOBARR_DOMAIN=localhost #can be localhost or FQDN
BOBARR_SUBDOMAIN=bobarr
BOBARR_SUBDOMAIN_API=api
BOBARR_SUBDOMAIN_TRANSMISSION=transmission
BOBARR_SUBDOMAIN_JACKETT=jackett

Would provide some flexibility in case people want to use different subdomains for the services. Although I have noticed the API needs to expose :4000 currently to function correctly. And my intention in long term is thinking to add support for LetsEncrypt.

[iam4x]

Definitely go for it 👍

[ohkeenan]

Think I got it all - if anything needs changes let me know or feel free to go for it. I noticed some issues with permissions when changing my .env to match your UID and GID then going back. Planning to look into later - might need to check perms and chown on transmission startup to avoid conflicts if someone else does the same.

[iam4x]

Hi @ohkeenan could you fix the conflicts so I can test it?

I'm not sure traefik is going to work correctly on OSX, we don't have /var/run/docker.sock

[ohkeenan]

Can do. Using /var/run/docker.sock is actually not an ideal way of using traefik but it is faster to setup than reconfiguring the socket securely over TCP with certificates in place. If it's your first time setting that up it's a bit of a learning curve (or at least it was for me) and it may break docker completely until you get it all sorted.

Edit: @iam4x after a bit of searching it looks to me like osx does use /var/run/docker.sock but Windows definitely doesn't. Should be good to go. Also not sure why the bobarr-api docker image build failed.:/

[iam4x]

Ok this might be because I'm using docker-machine directly and not Docker for Mac and it's not working for me.

This is my /var/run folder =>

I'm sorry but I don't think I will be able to merge the replacement of nginx with traefik. It seems a bit overcomplicated for users who wants to run bobarr on their own computer just for downloading a movie.

I'm still thankfull about your contribution, but do you think you can modify the PR to only include wireguard? Otherwise I'll continue where you left.