feat(vpn): Cloudflare DDNS in plex-vpn-bypass + tilsit.vip hostname#72
Merged
smartwatermelon merged 3 commits intomainfrom Feb 24, 2026
Merged
feat(vpn): Cloudflare DDNS in plex-vpn-bypass + tilsit.vip hostname#72smartwatermelon merged 3 commits intomainfrom
smartwatermelon merged 3 commits intomainfrom
Conversation
…Plex customConnections Extends plex-vpn-bypass.sh to update a Cloudflare A record on IP change, providing stable DDNS for tilsit.vip. Switches Plex customConnections from raw public IP to the stable external hostname. Reads CF API token from the System keychain at runtime (daemon runs as root). Adds EXTERNAL_HOSTNAME, CLOUDFLARE_ZONE_ID, CLOUDFLARE_RECORD_ID template variables with sed substitutions in transmission-setup.sh and corresponding entries in config.conf.template. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove unused public_ip param from update_plex_custom_connections() (hostname now comes from EXTERNAL_HOSTNAME config var, not caller) - Fix startup block: only set LAST_PUBLIC_IP after both DNS and Plex updates succeed (prevents silent retry failure if startup update fails) - Add 2>/dev/null to security keychain lookup (consistent with project pattern; clean warning message is sufficient) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
… deploy If EXTERNAL_HOSTNAME, CLOUDFLARE_ZONE_ID, or CLOUDFLARE_RECORD_ID are empty (not set in config.conf), plex-vpn-bypass.sh would be deployed with malformed URLs — e.g. https://:32400 for Plex and .../zones//dns_records/ for Cloudflare — silently failing every 60s. Guard now logs a warning and skips deployment, matching the existing pattern for missing templates. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
update_cloudflare_dns()toplex-vpn-bypass.shtemplate — readsCF_API_TOKENfrom System keychain at runtime, PATCHes the Cloudflare A record on IP changecustomConnectionsfrom raw IP to stable hostnametilsit.vip:32400__EXTERNAL_HOSTNAME__,__CLOUDFLARE_ZONE_ID__,__CLOUDFLARE_RECORD_ID__sedsubstitutions intransmission-setup.shand add variables toconfig.conf.templateWhy
NoIP DUC is deprecated in Homebrew. Cloudflare DNS-01 (via tilsit-caddy repo) replaces it. This PR extends the existing public-IP monitor daemon to also keep the Cloudflare A record current, eliminating the need for a separate DDNS client.
Deployment (manual steps on TILSIT)
See
docs/plans/2026-02-23-cloudflare-dns01.mdin tilsit-caddy-v1 repo, Tasks 9–10.Prerequisite: tilsit-caddy PR #1 must be deployed first (Tasks 6–7).
Test Plan
plex-vpn-bypass.sh, restart daemon, verifyCloudflare DNS updated: tilsit.vip -> 67.5.106.16in logdig +short tilsit.vip @1.1.1.1returns67.5.106.16🤖 Generated with Claude Code