66 lines
2.9 KiB
Markdown
66 lines
2.9 KiB
Markdown
# Gluetun (Mullvad Wireguard)
|
|
|
|
This module runs Gluetun to provide a VPN network stack for other containers.
|
|
You can route qBittorrent through Gluetun by setting its `network_mode` to `container:gluetun` using the provided toggle in the qBittorrent module.
|
|
|
|
- Image: `qmcgaw/gluetun:v3.39.0`
|
|
- Requires: NET_ADMIN capability and `/dev/net/tun` device
|
|
- Default: No ports exposed on host. Publish only if you need host access.
|
|
- Attach Gluetun to the same Docker network as services that should reach apps running through it (e.g., `media-network`).
|
|
|
|
## Usage
|
|
|
|
Example in `services/main.tf`:
|
|
|
|
```hcl
|
|
module "gluetun" {
|
|
source = "${local.module_dir}/20-services-apps/gluetun"
|
|
volume_path = "${local.volume_host}/gluetun"
|
|
networks = [module.media_docker_network.name]
|
|
# Optionally expose qBittorrent's Web UI to the host via Gluetun:
|
|
# ports = [{ internal = 8080, external = 8080, protocol = "tcp" }]
|
|
}
|
|
|
|
module "qbittorrent" {
|
|
source = "${local.module_dir}/20-services-apps/qbittorrent"
|
|
volume_path = "${local.volume_host}/qbittorrent"
|
|
downloads_path = "${local.data_host}/torrents"
|
|
networks = [module.media_docker_network.name]
|
|
connect_via_gluetun = true
|
|
gluetun_container_name = "gluetun"
|
|
}
|
|
|
|
module "arr" {
|
|
source = "${local.module_dir}/20-services-apps/arr"
|
|
volume_path = "${local.volume_host}/arr"
|
|
data_path = local.data_host
|
|
downloads_path = "${local.data_host}/torrents"
|
|
networks = [module.media_docker_network.name]
|
|
proxy_networks = [module.homelab_docker_network.name]
|
|
qbittorrent_host = "gluetun" # arr containers will reach qBt at http://gluetun:8080
|
|
}
|
|
```
|
|
|
|
## Environment variables
|
|
|
|
Place a `.env` file in this module directory (`modules/20-services-apps/gluetun/.env`). See `.env.example` for all options. Key variables:
|
|
|
|
- VPN_SERVICE_PROVIDER=mullvad
|
|
- VPN_TYPE=wireguard
|
|
- WIREGUARD_PRIVATE_KEY=... (required)
|
|
- WIREGUARD_ADDRESSES=10.64.0.2/32 (example)
|
|
- SERVER_CITIES=... or SERVER_COUNTRIES=...
|
|
- SERVER_HOSTNAMES=id-jpu-wg-001 (optional exact server pin; supports comma-separated list)
|
|
- UPDATER_PERIOD=24h (optional)
|
|
- FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/8,192.168.0.0/16 (optional; allow containers to reach LAN subnets)
|
|
- Optional: `FIREWALL_INPUT_PORTS=8080` if you need other containers/LAN to initiate connections to services through Gluetun.
|
|
|
|
Notes:
|
|
- When qBittorrent shares Gluetun's network, other containers should use `http://gluetun:8080`.
|
|
- To access qBittorrent UI from the host, publish `8080/tcp` on Gluetun via this module's `ports` input or set `FIREWALL_INPUT_PORTS` accordingly.
|
|
- Do not publish ports on qBittorrent when using Gluetun network mode; publish on Gluetun instead.
|
|
|
|
Pinning a specific server:
|
|
- Set `SERVER_HOSTNAMES=id-jpu-wg-001` to pin to Mullvad Jakarta `id-jpu-wg-001`.
|
|
- The module also accepts `SERVER_HOSTNAME` for compatibility (falls back to it if `SERVER_HOSTNAMES` is not set).
|