chore: release v0.1.0

- Parse AllowedIPs dynamically from WireGuard config instead of hardcoding routes
- Remove auto-created default route by wg setconf to prevent breaking endpoint connection
- Fix DNS parsing: write comma-separated DNS servers as separate nameserver lines
- Add test for AllowedIPs route verification and DNS configuration
- Update test to skip container runtime tests when not running as root

Docker/VERSION

@@ -1 +1 @@
-v0.0.1
+v0.1.0

Docker/entrypoint.sh

@@ -120,7 +120,10 @@ start_vpn() {
     ip link add "$INTERFACE" type wireguard
 
     # Apply the WireGuard config (keys, peer, endpoint)
-    wg setconf "$INTERFACE" <(grep -v -i '^\(Address\|DNS\|MTU\|Table\|PreUp\|PostUp\|PreDown\|PostDown\|SaveConfig\)' "$CONFIG_FILE")
+    # We filter out Address/DNS/MTU/PreUp/PostUp/PreDown/PostDown/SaveConfig
+    # AllowedIPs is kept because WireGuard needs it to know which traffic to tunnel.
+    # We remove the auto-created default route afterwards and set our own.
+    wg setconf "$INTERFACE" <(grep -v -i '^\(Address\|DNS\|MTU\|PreUp\|PostUp\|PreDown\|PostDown\|SaveConfig\)' "$CONFIG_FILE")
 
     # Assign the address
     ip -4 address add "$VPN_ADDRESS" dev "$INTERFACE"
@@ -128,6 +131,10 @@ start_vpn() {
     # Set MTU
     ip link set mtu 1420 up dev "$INTERFACE"
 
+    # Remove the auto-created default route by wg setconf (if AllowedIPs = 0.0.0.0/0)
+    # We set our own routes manually to avoid breaking the endpoint connection
+    ip route del default dev "$INTERFACE" 2>/dev/null || true
+
     # Find default gateway/interface for the endpoint route
     DEFAULT_GW=$(ip route | grep '^default' | head -1 | awk '{print $3}')
     DEFAULT_IF=$(ip route | grep '^default' | head -1 | awk '{print $5}')
@@ -137,9 +144,21 @@ start_vpn() {
         ip route add "$VPN_ENDPOINT/32" via "$DEFAULT_GW" dev "$DEFAULT_IF" 2>/dev/null || true
     fi
 
-    # Route all traffic through the WireGuard tunnel
-    ip route add 0.0.0.0/1 dev "$INTERFACE"
-    ip route add 128.0.0.0/1 dev "$INTERFACE"
+    # Parse AllowedIPs from config and add routes dynamically
+    ALLOWED_IPS=$(grep -i '^AllowedIPs' "$CONFIG_FILE" | head -1 | sed 's/.*= *//;s/ //g')
+
+    if [ -n "$ALLOWED_IPS" ]; then
+        for ip in $(echo "$ALLOWED_IPS" | tr ',' ' '); do
+            if [ "$ip" = "0.0.0.0/0" ]; then
+                # Use the split route trick to avoid overriding the default route
+                # (which would break the endpoint connection)
+                ip route add 0.0.0.0/1 dev "$INTERFACE" 2>/dev/null || true
+                ip route add 128.0.0.0/1 dev "$INTERFACE" 2>/dev/null || true
+            else
+                ip route add "$ip" dev "$INTERFACE" 2>/dev/null || true
+            fi
+        done
+    fi
 
     # ── Policy routing: ensure responses to incoming LAN traffic go back via eth0 ──
     if [ -n "$DEFAULT_GW" ] && [ -n "$DEFAULT_IF" ]; then
@@ -155,11 +174,15 @@ start_vpn() {
         fi
     fi
 
-    # Set up DNS
+    # Set up DNS (handle comma-separated DNS servers)
     VPN_DNS=$(grep -i '^DNS' "$CONFIG_FILE" | head -1 | sed 's/.*= *//;s/ //g')
     if [ -n "$VPN_DNS" ]; then
-        echo "nameserver $VPN_DNS" > /etc/resolv.conf
-        echo "[vpn] DNS set to ${VPN_DNS}"
+        # Clear resolv.conf and add each DNS server on its own line
+        > /etc/resolv.conf
+        for dns in $(echo "$VPN_DNS" | tr ',' ' '); do
+            echo "nameserver $dns" >> /etc/resolv.conf
+        done
+        echo "[vpn] DNS set to: ${VPN_DNS}"
     fi
 
     echo "[vpn] WireGuard interface ${INTERFACE} is up."
@@ -170,6 +193,25 @@ start_vpn() {
 # ──────────────────────────────────────────────
 stop_vpn() {
     echo "[vpn] Stopping WireGuard interface ${INTERFACE}..."
+
+    # Remove routes added for AllowedIPs
+    ALLOWED_IPS=$(grep -i '^AllowedIPs' "$CONFIG_FILE" | head -1 | sed 's/.*= *//;s/ //g')
+    if [ -n "$ALLOWED_IPS" ]; then
+        for ip in $(echo "$ALLOWED_IPS" | tr ',' ' '); do
+            if [ "$ip" = "0.0.0.0/0" ]; then
+                ip route del 0.0.0.0/1 dev "$INTERFACE" 2>/dev/null || true
+                ip route del 128.0.0.0/1 dev "$INTERFACE" 2>/dev/null || true
+            else
+                ip route del "$ip" dev "$INTERFACE" 2>/dev/null || true
+            fi
+        done
+    fi
+
+    # Remove endpoint route
+    if [ -n "$VPN_ENDPOINT" ]; then
+        ip route del "$VPN_ENDPOINT/32" 2>/dev/null || true
+    fi
+
     ip link del "$INTERFACE" 2>/dev/null || true
 }
 

Docker/nl.conf

@@ -1,17 +1,16 @@
 [Interface]
-PrivateKey = iO5spIue/6ciwUoR95hYtuxdtQxV/Q9EOoQ/jHe18kM=
-Address = 10.2.0.2/32
-DNS = 10.2.0.1
+PrivateKey = EPRa2f/v72LvIXAY4yqIRJifsSb+nCcYHqC2rwA94UI=
+Address = 100.64.244.78/32
+DNS = 198.18.0.1,198.18.0.2
 
 # Route zum VPN-Server direkt über dein lokales Netz
-PostUp = ip route add 185.183.34.149 via 192.168.178.1 dev wlp4s0f0
+PostUp = ip route add 91.148.236.64 via 192.168.178.1 dev wlp4s0f0
 PostUp = ip route add 192.168.178.0/24 via 192.168.178.1 dev wlp4s0f0
-PostDown = ip route del 185.183.34.149 via 192.168.178.1 dev wlp4s0f0
+PostDown = ip route del 91.148.236.64 via 192.168.178.1 dev wlp4s0f0
 PostDown = ip route del 192.168.178.0/24 via 192.168.178.1 dev wlp4s0f0
 
 [Peer]
-PublicKey = J4XVdtoBVc/EoI2Yk673Oes97WMnQSH5KfamZNjtM2s=
-AllowedIPs = 0.0.0.0/1, 128.0.0.0/1
-Endpoint = 185.183.34.149:51820
-
+PublicKey = KgTUh3KLijVluDvNpzDCJJfrJ7EyLzYLmdHCksG4sRg=
+AllowedIPs = 0.0.0.0/0
+Endpoint = 91.148.236.64:51820
 

Docker/push.sh

@@ -1,15 +1,19 @@
 #!/usr/bin/env bash
-# filepath: /home/lukas/Volume/repo/Aniworld/Docker/push.sh
 #
-# Build and push Aniworld container images to the Gitea registry.
+# Build and push AniWorld container images to the Gitea registry.
 #
 # Usage:
-#   ./push.sh              # builds & pushes with tag "latest"
-#   ./push.sh v1.2.3       # builds & pushes with tag "v1.2.3"
-#   ./push.sh v1.2.3 --no-build   # pushes existing images only
+#   ./push.sh              # builds & pushes app with tag "latest"
+#   ./push.sh app          # builds & pushes app image
+#   ./push.sh vpn          # builds & pushes vpn image
+#   ./push.sh all          # builds & pushes both images
+#   ./push.sh app v1.2.3   # builds & pushes app with tag "v1.2.3"
+#   ./push.sh vpn v1.2.3   # builds & pushes vpn with tag "v1.2.3"
+#   ./push.sh all v1.2.3   # builds & pushes both images
+#   ./push.sh app v1.2.3 --no-build   # pushes existing image only
 #
 # Prerequisites:
-#   podman login git.lpl-mind.de
+#   podman login git.lpl-mind.de   (or: docker login git.lpl-mind.de)
 
 set -euo pipefail
 
@@ -23,12 +27,20 @@ PROJECT="aniworld"
 APP_IMAGE="${REGISTRY}/${NAMESPACE}/${PROJECT}/app"
 VPN_IMAGE="${REGISTRY}/${NAMESPACE}/${PROJECT}/vpn"
 
-TAG="${1:-latest}"
+# Parse arguments
+TARGET="${1:-app}"
+TAG="${2:-latest}"
 SKIP_BUILD=false
-if [[ "${2:-}" == "--no-build" ]]; then
+if [[ "${3:-}" == "--no-build" ]]; then
     SKIP_BUILD=true
 fi
 
+# Validate target
+if [[ "${TARGET}" != "app" && "${TARGET}" != "vpn" && "${TARGET}" != "all" ]]; then
+    echo "ERROR: Invalid target '${TARGET}'. Must be one of: app, vpn, all" >&2
+    exit 1
+fi
+
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
 
@@ -36,62 +48,93 @@ PROJECT_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
 # Helpers
 # ---------------------------------------------------------------------------
 log() { echo -e "\n>>> $*"; }
-err() { echo -e "\n❌ ERROR: $*" >&2; exit 1; }
+err() { echo -e "\nERROR: $*" >&2; exit 1; }
+
+# Detect container engine (podman preferred, docker fallback)
+if command -v podman &>/dev/null; then
+    ENGINE="podman"
+elif command -v docker &>/dev/null; then
+    ENGINE="docker"
+else
+    err "Neither podman nor docker is installed."
+fi
 
 # ---------------------------------------------------------------------------
 # Pre-flight checks
 # ---------------------------------------------------------------------------
 echo "============================================"
-echo " Aniworld — Build & Push"
+echo " AniWorld — Build & Push"
+echo " Engine   : ${ENGINE}"
 echo " Registry : ${REGISTRY}"
+echo " Target   : ${TARGET}"
 echo " Tag      : ${TAG}"
 echo "============================================"
 
-command -v podman &>/dev/null || err "podman is not installed."
-
-if ! podman login --get-login "${REGISTRY}" &>/dev/null; then
-    err "Not logged in. Run:\n  podman login ${REGISTRY}"
-fi
+log "Logging in to ${REGISTRY}"
+"${ENGINE}" login "${REGISTRY}"
 
 # ---------------------------------------------------------------------------
 # Build
 # ---------------------------------------------------------------------------
-if [[ "${SKIP_BUILD}" == false ]]; then
+build_app() {
     log "Building app image  →  ${APP_IMAGE}:${TAG}"
-    podman build \
+    "${ENGINE}" build \
         -t "${APP_IMAGE}:${TAG}" \
         -f "${SCRIPT_DIR}/Dockerfile.app" \
         "${PROJECT_ROOT}"
+}
 
-    log "Building VPN image  →  ${VPN_IMAGE}:${TAG}"
-    podman build \
+build_vpn() {
+    log "Building vpn image  →  ${VPN_IMAGE}:${TAG}"
+    "${ENGINE}" build \
         -t "${VPN_IMAGE}:${TAG}" \
         -f "${SCRIPT_DIR}/Containerfile" \
         "${SCRIPT_DIR}"
+}
+
+if [[ "${SKIP_BUILD}" == false ]]; then
+    case "${TARGET}" in
+        app)  build_app ;;
+        vpn)  build_vpn ;;
+        all)  build_app; build_vpn ;;
+    esac
 fi
 
 # ---------------------------------------------------------------------------
 # Push
 # ---------------------------------------------------------------------------
-log "Pushing ${APP_IMAGE}:${TAG}"
-podman push "${APP_IMAGE}:${TAG}"
+push_app() {
+    log "Pushing ${APP_IMAGE}:${TAG}"
+    "${ENGINE}" push "${APP_IMAGE}:${TAG}"
+}
 
-log "Pushing ${VPN_IMAGE}:${TAG}"
-podman push "${VPN_IMAGE}:${TAG}"
+push_vpn() {
+    log "Pushing ${VPN_IMAGE}:${TAG}"
+    "${ENGINE}" push "${VPN_IMAGE}:${TAG}"
+}
+
+case "${TARGET}" in
+    app)  push_app ;;
+    vpn)  push_vpn ;;
+    all)  push_app; push_vpn ;;
+esac
 
 # ---------------------------------------------------------------------------
 # Summary
 # ---------------------------------------------------------------------------
 echo ""
 echo "============================================"
-echo " ✅  Push complete!"
+echo "  Push complete!"
 echo ""
 echo " Images:"
-echo "   ${APP_IMAGE}:${TAG}"
-echo "   ${VPN_IMAGE}:${TAG}"
+case "${TARGET}" in
+    app)  echo "   ${APP_IMAGE}:${TAG}" ;;
+    vpn)  echo "   ${VPN_IMAGE}:${TAG}" ;;
+    all)  echo "   ${APP_IMAGE}:${TAG}"; echo "   ${VPN_IMAGE}:${TAG}" ;;
+esac
 echo ""
 echo " Deploy on server:"
-echo "   podman login ${REGISTRY}"
-echo "   podman-compose -f podman-compose.prod.yml pull"
-echo "   podman-compose -f podman-compose.prod.yml up -d"
+echo "   ${ENGINE} login ${REGISTRY}"
+echo "   ${ENGINE} compose -f Docker/podman-compose.prod.yml pull"
+echo "   ${ENGINE} compose -f Docker/podman-compose.prod.yml up -d"
 echo "============================================"

Docker/release.sh

@@ -0,0 +1,129 @@
+#!/usr/bin/env bash
+#
+# Bump the project version and push images to the registry.
+#
+# Usage:
+#   ./release.sh
+#
+# The current version is stored in VERSION (next to this script).
+# You will be asked whether to bump major, minor, or patch.
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+VERSION_FILE="${SCRIPT_DIR}/VERSION"
+
+# ---------------------------------------------------------------------------
+# Read current version
+# ---------------------------------------------------------------------------
+if [[ ! -f "${VERSION_FILE}" ]]; then
+    echo "0.0.0" > "${VERSION_FILE}"
+fi
+
+CURRENT="$(cat "${VERSION_FILE}")"
+# Strip leading 'v' for arithmetic
+VERSION="${CURRENT#v}"
+
+IFS='.' read -r MAJOR MINOR PATCH <<< "${VERSION}"
+
+echo "============================================"
+echo " AniWorld — Release"
+echo " Current version: v${MAJOR}.${MINOR}.${PATCH}"
+echo "============================================"
+echo ""
+echo "Which image(s) would you like to release?"
+echo "  1) app  (Dockerfile.app)"
+echo "  2) vpn  (Containerfile)"
+echo "  3) all  (both images)"
+echo ""
+read -rp "Enter choice [1/2/3]: " TARGET_CHOICE
+
+case "${TARGET_CHOICE}" in
+    1) TARGET="app" ;;
+    2) TARGET="vpn" ;;
+    3) TARGET="all" ;;
+    *)
+        echo "Invalid choice. Aborting." >&2
+        exit 1
+        ;;
+esac
+
+echo ""
+echo "How would you like to bump the version?"
+echo "  1) patch  (v${MAJOR}.${MINOR}.${PATCH} → v${MAJOR}.${MINOR}.$((PATCH + 1)))"
+echo "  2) minor  (v${MAJOR}.${MINOR}.${PATCH} → v${MAJOR}.$((MINOR + 1)).0)"
+echo "  3) major  (v${MAJOR}.${MINOR}.${PATCH} → v$((MAJOR + 1)).0.0)"
+echo ""
+read -rp "Enter choice [1/2/3]: " CHOICE
+
+case "${CHOICE}" in
+    1) NEW_TAG="v${MAJOR}.${MINOR}.$((PATCH + 1))" ;;
+    2) NEW_TAG="v${MAJOR}.$((MINOR + 1)).0" ;;
+    3) NEW_TAG="v$((MAJOR + 1)).0.0" ;;
+    *)
+        echo "Invalid choice. Aborting." >&2
+        exit 1
+        ;;
+esac
+
+echo ""
+echo "New version: ${NEW_TAG}"
+echo "Target: ${TARGET}"
+read -rp "Confirm? [y/N]: " CONFIRM
+if [[ ! "${CONFIRM}" =~ ^[yY]$ ]]; then
+    echo "Aborted."
+    exit 0
+fi
+
+# ---------------------------------------------------------------------------
+# Write new version
+# ---------------------------------------------------------------------------
+echo "${NEW_TAG}" > "${VERSION_FILE}"
+echo "Version file updated → ${VERSION_FILE}"
+
+# Keep root package.json in sync.
+FRONT_VERSION="${NEW_TAG#v}"
+FRONT_PKG="${SCRIPT_DIR}/../package.json"
+if [[ -f "${FRONT_PKG}" ]]; then
+    sed -i "s/\"version\": \"[^\"]*\"/\"version\": \"${FRONT_VERSION}\"/" "${FRONT_PKG}"
+    echo "package.json version updated → ${FRONT_VERSION}"
+else
+    echo "Warning: package.json not found, skipping package.json version sync" >&2
+fi
+
+# Keep root pyproject.toml in sync.
+BACKEND_PYPROJECT="${SCRIPT_DIR}/../pyproject.toml"
+if [[ -f "${BACKEND_PYPROJECT}" ]]; then
+    # Update version under [project] section if present
+    if grep -q '^\[project\]' "${BACKEND_PYPROJECT}"; then
+        sed -i "/^\[project\]/,/^\[/ s/^version = \".*\"/version = \"${FRONT_VERSION}\"/" "${BACKEND_PYPROJECT}"
+    else
+        sed -i "s/^version = \".*\"/version = \"${FRONT_VERSION}\"/" "${BACKEND_PYPROJECT}"
+    fi
+    echo "pyproject.toml version updated → ${FRONT_VERSION}"
+else
+    echo "Warning: pyproject.toml not found, skipping pyproject.toml version sync" >&2
+fi
+
+# ---------------------------------------------------------------------------
+# Push containers
+# ---------------------------------------------------------------------------
+bash "${SCRIPT_DIR}/push.sh" "${TARGET}" "${NEW_TAG}"
+bash "${SCRIPT_DIR}/push.sh" "${TARGET}"
+
+
+# ---------------------------------------------------------------------------
+# Git tag (local only; push after container build)
+# ---------------------------------------------------------------------------
+cd "${SCRIPT_DIR}/.."
+git add Docker/VERSION package.json pyproject.toml
+git commit -m "chore: release ${NEW_TAG}"
+git tag -a "${NEW_TAG}" -m "Release ${NEW_TAG}"
+echo "Local git commit + tag ${NEW_TAG} created."
+
+# ---------------------------------------------------------------------------
+# Push git commits & tag
+# ---------------------------------------------------------------------------
+git push origin HEAD
+git push origin "${NEW_TAG}"
+echo "Git commit and tag ${NEW_TAG} pushed."

Docker/test_vpn.py

@@ -6,23 +6,29 @@ Verifies:
 2. The container starts and becomes healthy.
 3. The public IP inside the VPN differs from the host IP.
 4. Kill switch blocks traffic when WireGuard is down.
+5. AllowedIPs routes are set dynamically from the config.
 
 Requirements:
     - podman installed
-    - Root/sudo (NET_ADMIN capability)
+    - Root/sudo (NET_ADMIN capability) for container runtime tests
     - A valid WireGuard config at ./wg0.conf (or ./nl.conf)
 
 Usage:
+    # Build-only test (no sudo needed):
+    python3 -m pytest test_vpn.py::TestVPNImage::test_00_build_image -v
+
+    # Full integration test (requires sudo):
     sudo python3 -m pytest test_vpn.py -v
     # or
     sudo python3 test_vpn.py
 """
 
 import logging
+import os
 import subprocess
+import sys
 import time
 import unittest
-import os
 
 logger = logging.getLogger(__name__)
 
@@ -35,6 +41,11 @@ STARTUP_TIMEOUT = 30  # seconds to wait for VPN to come up
 HEALTH_POLL_INTERVAL = 2  # seconds between health checks
 
 
+def is_root() -> bool:
+    """Check if running as root."""
+    return os.geteuid() == 0
+
+
 def run(cmd: list[str], timeout: int = 30, check: bool = True) -> subprocess.CompletedProcess:
     """Run a command and return the result."""
     return subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, check=check)
@@ -55,6 +66,7 @@ class TestVPNImage(unittest.TestCase):
     """Test suite for the WireGuard VPN container."""
 
     host_ip: str = ""
+    container_id: str = ""
 
     @classmethod
     def setUpClass(cls):
@@ -84,6 +96,12 @@ class TestVPNImage(unittest.TestCase):
         assert result.returncode == 0, f"Build failed:\n{result.stderr}"
         logger.info("Image built successfully.")
 
+        # Skip container runtime tests if not root
+        if not is_root():
+            logger.warning("Not running as root — skipping container runtime tests.")
+            cls.container_id = ""
+            return
+
         # ── 3. Start the container ──
         logger.info("Starting container '%s'...", CONTAINER_NAME)
         result = run(
@@ -120,6 +138,8 @@ class TestVPNImage(unittest.TestCase):
     @classmethod
     def tearDownClass(cls):
         """Stop and remove the container."""
+        if not is_root():
+            return
         logger.info("Cleaning up test container...")
         subprocess.run(["podman", "rm", "-f", CONTAINER_NAME], capture_output=True, check=False)
         logger.info("Cleanup complete.")
@@ -144,10 +164,22 @@ class TestVPNImage(unittest.TestCase):
         )
         return result.stdout.strip()
 
+    def _skip_if_not_root(self):
+        """Skip test if not running as root."""
+        if not is_root():
+            self.skipTest("This test requires root/sudo privileges")
+
     # ── Tests ────────────────────────────────────────────────
 
+    def test_00_build_image(self):
+        """The image builds successfully."""
+        # This is already verified in setUpClass, just confirm here
+        result = run(["podman", "images", "--format", "{{.Repository}}:{{.Tag}}"])
+        self.assertIn(IMAGE_NAME, result.stdout, "Image was not built")
+
     def test_01_ip_differs_from_host(self):
         """Public IP inside VPN is different from host IP."""
+        self._skip_if_not_root()
         vpn_ip = self._get_vpn_ip()
         logger.info("VPN public IP: %s", vpn_ip)
         logger.info("Host public IP: %s", self.host_ip)
@@ -161,12 +193,42 @@ class TestVPNImage(unittest.TestCase):
 
     def test_02_wireguard_interface_exists(self):
         """The wg0 interface is present in the container."""
+        self._skip_if_not_root()
         result = podman_exec(CONTAINER_NAME, ["wg", "show", "wg0"])
         self.assertEqual(result.returncode, 0, f"wg show failed:\n{result.stderr}")
         self.assertIn("peer", result.stdout.lower(), "No peer information in wg show output")
+        # AllowedIPs should be present in wg show output
+        self.assertIn("allowed ips", result.stdout.lower(), "AllowedIPs not found in wg show output")
 
-    def test_03_kill_switch_blocks_traffic(self):
+    def test_03_allowedips_routes_set(self):
+        """Routes are set dynamically based on AllowedIPs from config."""
+        self._skip_if_not_root()
+        # Check that routes exist for the AllowedIPs
+        result = podman_exec(CONTAINER_NAME, ["ip", "route", "show", "dev", "wg0"])
+        self.assertEqual(result.returncode, 0, f"ip route show failed:\n{result.stderr}")
+        # The config has AllowedIPs = 0.0.0.0/0, which should result in:
+        # 0.0.0.0/1 dev wg0 and 128.0.0.0/1 dev wg0
+        self.assertIn("0.0.0.0/1", result.stdout, "Route 0.0.0.0/1 not found")
+        self.assertIn("128.0.0.0/1", result.stdout, "Route 128.0.0.0/1 not found")
+        # Make sure there is NO default route through wg0 (Table = off should prevent this)
+        self.assertNotIn("default dev wg0", result.stdout, "Default route through wg0 found — Table = off not working!")
+        logger.info("AllowedIPs routes verified: %s", result.stdout.strip())
+
+    def test_03b_dns_configured(self):
+        """DNS is configured correctly with multiple nameserver lines."""
+        self._skip_if_not_root()
+        result = podman_exec(CONTAINER_NAME, ["cat", "/etc/resolv.conf"])
+        self.assertEqual(result.returncode, 0, f"cat /etc/resolv.conf failed:\n{result.stderr}")
+        # Should have two separate nameserver lines, not one with commas
+        self.assertIn("nameserver 198.18.0.1", result.stdout, "DNS 198.18.0.1 not found")
+        self.assertIn("nameserver 198.18.0.2", result.stdout, "DNS 198.18.0.2 not found")
+        # Make sure there are no commas in nameserver lines
+        self.assertNotIn("nameserver 198.18.0.1,198.18.0.2", result.stdout, "DNS servers written on one line with comma!")
+        logger.info("DNS config verified: %s", result.stdout.strip())
+
+    def test_04_kill_switch_blocks_traffic(self):
         """When WireGuard is down, traffic is blocked (kill switch)."""
+        self._skip_if_not_root()
         # Bring down the WireGuard interface by deleting it
         down_result = podman_exec(CONTAINER_NAME, ["ip", "link", "del", "wg0"], timeout=10)
         self.assertEqual(down_result.returncode, 0, f"ip link del wg0 failed:\n{down_result.stderr}")

Docker/wg0.conf

@@ -1,10 +1,16 @@
 [Interface]
-PrivateKey = iO5spIue/6ciwUoR95hYtuxdtQxV/Q9EOoQ/jHe18kM=
-Address = 10.2.0.2/32
-DNS = 10.2.0.1
+PrivateKey = EPRa2f/v72LvIXAY4yqIRJifsSb+nCcYHqC2rwA94UI=
+Address = 100.64.244.78/32
+DNS = 198.18.0.1,198.18.0.2
+
+# Route zum VPN-Server direkt über dein lokales Netz
+PostUp = ip route add 91.148.236.64 via 192.168.178.1 dev wlp4s0f0
+PostUp = ip route add 192.168.178.0/24 via 192.168.178.1 dev wlp4s0f0
+PostDown = ip route del 91.148.236.64 via 192.168.178.1 dev wlp4s0f0
+PostDown = ip route del 192.168.178.0/24 via 192.168.178.1 dev wlp4s0f0
 
 [Peer]
-PublicKey = J4XVdtoBVc/EoI2Yk673Oes97WMnQSH5KfamZNjtM2s=
+PublicKey = KgTUh3KLijVluDvNpzDCJJfrJ7EyLzYLmdHCksG4sRg=
 AllowedIPs = 0.0.0.0/0
-Endpoint = 185.183.34.149:51820
-PersistentKeepalive = 25
+Endpoint = 91.148.236.64:51820
+

docs/bla

@@ -1,10 +0,0 @@
-review frontend code and check for architektre issues
-
-write the tasks in Task.md
-for each task add the following informations
-
-where is that found
-goal. how it should be
-possibale traps and issues
-docs changes needed
-why this is needed

package.json

@@ -1,6 +1,6 @@
 {
   "name": "aniworld-web",
-  "version": "0.0.1",
+  "version": "0.1.0",
   "description": "Aniworld Anime Download Manager - Web Frontend",
   "type": "module",
   "scripts": {