first commit

.dockerignore

@@ -0,0 +1,33 @@
+# Exclude development and build artifacts
+.git
+.github
+.vscode
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+.pytest_cache
+.coverage
+.coverage.*
+htmlcov/
+.tox/
+.mypy_cache/
+.python-version
+
+# Exclude logs and local files
+*.log
+connection_monitor.log
+
+# Exclude test files
+test_*.py
+
+# Exclude documentation
+*.md
+LICENSE
+
+# Exclude backup files
+*_backup_*.py
+*_old.py
+
+# Exclude Nomad job files (we'll create this separately)
+*.nomad

.github/workflows/container-build.yml

@@ -0,0 +1,57 @@
+name: Build and Push Docker Image
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set registry URL
+        id: registry
+        run: |
+          if [ "${{ github.server_url }}" = "https://github.com" ]; then
+            echo "url=ghcr.io" >> $GITHUB_OUTPUT
+          else
+            echo "url=${{ github.server_url }}" | sed 's|https://||' >> $GITHUB_OUTPUT
+          fi
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ steps.registry.outputs.url }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.PACKAGE_TOKEN || secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push multi-arch Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ steps.registry.outputs.url }}/${{ github.repository }}:latest
+            ${{ steps.registry.outputs.url }}/${{ github.repository }}:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      
+      # --- AUTOMATIC REPOSITORY LINKING ---
+      # This label adds an OCI annotation that Gitea uses to automatically
+      # link the package to the repository source code.
+          labels: org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}

DEPLOYMENT.md

@@ -0,0 +1,153 @@
+# Qbitcheck Deployment Guide
+
+## Overview
+
+Qbitcheck is a Python application that monitors qBittorrent connection status and manages remediation when connections fail. This document covers deployment using Docker and Nomad.
+
+## Docker Container
+
+### Building the Container
+
+The container can be built using the provided Dockerfile:
+
+```bash
+docker build -t gitea.service.dc1.fbleagh.duckdns.org/sstent/qbitcheck:latest .
+```
+
+### Container Details
+
+- **Base Image**: Python 3.11-slim
+- **Working Directory**: `/app`
+- **Entrypoint**: `python main.py`
+- **Health Check**: Process check every 30 seconds
+- **Dependencies**: requests, python-consul
+
+### Running Locally
+
+```bash
+docker run -d --name qbitcheck gitea.service.dc1.fbleagh.duckdns.org/sstent/qbitcheck:latest
+```
+
+## Nomad Deployment
+
+### Job Specification
+
+The Nomad job specification is located in [`qbitcheck.nomad`](qbitcheck.nomad:1). Key features:
+
+- **Job Type**: Service
+- **Resources**: 100MHz CPU, 128MB RAM
+- **Network**: Host mode
+- **Restart Policy**: Exponential backoff with 10 attempts
+- **Health Checks**: Process verification
+
+### Deploying to Nomad
+
+```bash
+# Plan the job
+nomad plan qbitcheck.nomad
+
+# Run the job
+nomad run qbitcheck.nomad
+
+# Check job status
+nomad status qbitcheck
+```
+
+### Service Discovery
+
+The job includes Consul service registration with:
+- Service name: `qbitcheck`
+- Health checks for process monitoring
+- URL prefix tag for routing
+
+## GitHub Actions CI/CD
+
+### Automated Build Pipeline
+
+The GitHub workflow (`.github/workflows/container-build.yml`) automatically builds and pushes the container on:
+
+- Push to `main` branch with changes to relevant files
+- Manual workflow dispatch
+
+### Build Process
+
+1. **Multi-architecture**: Builds for both `linux/amd64` and `linux/arm64`
+2. **Registry**: Pushes to `gitea.service.dc1.fbleagh.duckdns.org/sstent/qbitcheck`
+3. **Tags**: `latest` and git commit SHA
+4. **Caching**: Uses GitHub Actions caching for faster builds
+
+### Required Secrets
+
+Ensure these secrets are configured in GitHub:
+
+- `GITEA_TOKEN`: Authentication token for Gitea registry
+- `PACKAGE_TOKEN`: Alternative token (fallback)
+- `GITHUB_TOKEN`: Default GitHub token (fallback)
+
+## Configuration
+
+### Hardcoded Values
+
+All configuration is currently hardcoded in the application:
+
+- **qBittorrent URL**: `http://sp.service.dc1.consul:8080`
+- **Nomad URL**: `http://192.168.4.36:4646`
+- **Consul URL**: `http://consul.service.dc1.consul:8500`
+- **Tracker Name**: `https://t.myanonamouse.net/tracker.php/VPRYYAL-WpTwnr9G9aIN6044YVZ7x8Ao/announce`
+- **Credentials**: admin/adminpass
+
+### Service Dependencies
+
+The application requires access to:
+- qBittorrent API (port 8080)
+- Nomad API (port 4646)
+- VPN Monitoring API (port 8000)
+- Consul (port 8500)
+
+## Monitoring and Logging
+
+### Logs
+
+- Container logs output to stdout/stderr
+- Nomad captures and manages logs
+- Connection status and remediation actions are logged
+
+### Health Checks
+
+- Process health check every 30 seconds
+- Automatic restart on failure
+- Exponential backoff for restart attempts
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Network Connectivity**: Ensure all dependent services are accessible
+2. **Authentication**: Verify qBittorrent credentials if changed
+3. **Resource Limits**: Monitor memory usage if experiencing OOM kills
+
+### Debugging
+
+```bash
+# View container logs
+docker logs qbitcheck
+
+# View Nomad allocation logs
+nomad alloc logs -f <allocation-id>
+
+# Check service health in Consul
+consul catalog services
+```
+
+## Versioning
+
+- Container tags include git commit SHA for traceability
+- `latest` tag points to most recent successful build
+- Rollback by deploying previous SHA-tagged image
+
+## Security Considerations
+
+- Runs with minimal privileges
+- No sensitive data in environment variables (all hardcoded)
+- Network access limited to required services
+- Regular security updates via base image updates

Dockerfile

@@ -0,0 +1,26 @@
+# Qbitcheck Docker Container
+# Monitors qBittorrent connection status and manages remediation
+
+FROM python:3.11-slim
+
+# Set working directory
+WORKDIR /app
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy requirements and install Python dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY . .
+
+# Set entrypoint
+ENTRYPOINT ["python", "main.py"]
+
+# Health check (simple process check)
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD ps aux | grep python | grep main.py || exit 1

qbitcheck.nomad

@@ -0,0 +1,50 @@
+job "qbitcheck" {
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "qbitcheck" {
+    count = 1
+
+    network {
+      mode = "host"
+    }
+
+    task "qbitcheck" {
+      driver = "docker"
+
+      config {
+        image = "gitea.service.dc1.fbleagh.duckdns.org/sstent/qbitcheck:latest"
+        force_pull = true
+      }
+
+      resources {
+        cpu    = 100  # 100 MHz
+        memory = 128  # 128 MB
+      }
+
+      restart {
+        attempts = 10
+        interval = "5m"
+        delay    = "25s"
+        mode     = "delay"
+      }
+
+      service {
+        name = "qbitcheck"
+        port = "http"
+        
+        check {
+          type     = "script"
+          command  = "/bin/sh"
+          args     = ["-c", "ps aux | grep python | grep main.py"]
+          interval = "30s"
+          timeout  = "5s"
+        }
+
+        tags = [
+          "urlprefix-qbitcheck.service.dc1.consul/",
+        ]
+      }
+    }
+  }
+}