I spent some time trying to get this to work so I thought I might as well share it if anyone is interested.
First create a new network: $ podman network create gluetun, then create a new container file:
$ touch ~/.config/containers/systemd/gluetun.container
Populate it with the VPN configuration, below is an example using Proton.
[Unit]
Description=Gluetun VPN Client
Wants=network-online.target
After=network-online.target
After=local-fs.target
[Container]
Network=gluetun
Image=docker.io/qmcgaw/gluetun
ContainerName=gluetun
AutoUpdate=registry
AddCapability=NET_ADMIN
AddCapability=NET_RAW
PodmanArgs=--device=/dev/net/tun:/dev/net/tun --privileged
Environment=VPN_SERVICE_PROVIDER=protonvpn
Environment=VPN_TYPE=wireguard
Environment=WIREGUARD_PRIVATE_KEY=
Environment=VPN_PORT_FORWARDING=off
Environment=PORT_FORWARD_ONLY=off
Environment=SERVER_COUNTRIES=
[Service]
Restart=always
[Install]
WantedBy=multi-user.target default.target
Reload the systemd daemons and run the container.
$ systemctl --user daemon-reload
$ systemctl --user start gluetun
Then create a distrobox-assemble ini file:
[fedora]
additional_packages="brave-browser"
pre_init_hooks="dnf config-manager addrepo --from-repofile=https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo"
init=false
image="registry.fedoraproject.org/fedora:latest"
nvidia=false
pull=true
root=false
replace=true
start_now=true
unshare_netns=true
additional_flags="--network container:gluetun"
Feel free to replace Brave with something else. Then create it, enter it and run the browser:
$ distrobox-assemble create --file /path/to/file.ini
$ distrobox enter fedora
$ brave-browser
If you have any suggestions on how to improve this setup I’d love to hear them!
Could also export the app too? Then you can run things without having to drop to the command line.
Definitely, that’s what I’ve done. Just run
distrobox-export --app brave-browserfrom within the container.
