Arr, my friends. I have an old laptop already running some servoces on docker 24/7 at home and looking to extend it’s functionalities to become torrent downloader with media server for TV. Need VPN for obvious reasons.

I was wondering if there are already all-in-one solutions to just run docler compose file and get 2 containers: one running torrent client with all traffic via VPN in another?

I plan to use Mullvad VPN.

Upd. Updated title to highlight it’s a request. Not sure why getting downvotes, please elaborate :)

  • Kekin@lemy.lol
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I recently went through setting this up. I can give you a base compose.yaml based on the one I have

    For the wireguard config, you would throw your .conf file to /path/to/wireguard/config, like so: /path/to/wireguard/config/wg0.conf

    This setup assumes you have ipv6 working and enabled. The wg0.conf would also have the VPNs ipv6 address. I use Mullvad too btw.

    You can access Qbittorrent’s web UI through http://localhost:8090.

    I’d like to note that the image I use for Qbittorrent has support built in for VPN, but with the setup I have I basically have the wireguard container with its network, and multiple containers on that same network. In theory it should work with other bittorrent clients.

    And the docker images for reference:

    version: '3.7'
    services:
        wireguard:
            image: lscr.io/linuxserver/wireguard:latest
            container_name: wireguard
            cap_add:
              - NET_ADMIN
              - SYS_MODULE #optional
            networks:
              - wireguard_network
            environment:
              - PUID=1000
              - PGID=1000
              - TZ=Etc/UTC
            volumes:
              - /path/to/wireguard/config:/config
              - /lib/modules:/lib/modules #optional
            ports:
              - 51820:51820/udp   # Wireguard
              - 8090:8090         # QBittorrent
            sysctls:
              - net.ipv4.conf.all.src_valid_mark=1
              - net.ipv6.conf.all.disable_ipv6=0
            restart: unless-stopped
    
        qbittorrentvpn:
            privileged: true
            container_name: qbtwg
            network_mode: service:wireguard
            depends_on:
                - wireguard
            volumes:
                - '/path/to/qbtconfig/:/config'
                - '/path/to/downloads/:/downloads'
            environment:
                - VPN_ENABLED=no
                - VPN_TYPE=wireguard
                - PUID=1000
                - PGID=1000
                - LAN_NETWORK=192.168.1.0/24
                - 'NAME_SERVERS=1.1.1.1,1.0.0.1'
            restart: unless-stopped
            image: dyonr/qbittorrentvpn
    networks:
      wireguard_network:
        driver: bridge
    
    • max2078@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Don‘t run privileged images! Drop all CAPS, enable no-new-privileged, use non-privileged users only.

      • Kekin@lemy.lol
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Hey there, thanks for the tips. It seems I can’t get the wireguard container working without the NET_ADMIN CAP. I looked at the gluetun image and it has it too. Is it possible to run a docker wireguard client without that CAP?

        • Andi
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Wireguard needs kernel access so needs to run privileged.