Merge pull request #40 from jfroment/dev

v2.1 - The Pearl ⚪
2023-03-14 22:50:11 +01:00 · 2023-03-14 22:50:11 +01:00 · 3bb3662b14
parent 0062095ae3 8ac3e52ce8
commit 3bb3662b14
15 changed files with 148 additions and 27 deletions
--- a/.env.sample
+++ b/.env.sample
@ -1,16 +1,19 @@
 # Internal settings (they will not be passed to running services)
 CHECK_FOR_OUTDATED_CONFIG=true
 DOCKER_COMPOSE_BINARY="docker compose" # or "docker-compose"
 # General Traefik (reverse proxy) settings
 TRAEFIK_DOMAIN=mydomain.com
 ACME_MAIL=my-email@my-provider.com
 PILOT_TOKEN=mytraefiktoken # Keep it empty if not needed
 # General settings
 TZ="Europe/Paris"
 # HTTP Auth
 HTTP_USER=myuser
 # Use this command to generate your password: 
 # docker run -it --rm --entrypoint htpasswd ubuntu/apache2 -nb your_user your_password | cut -d ":" -f 2
 HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes!
 # Host paths + containers permissions mapping
@ -22,25 +25,29 @@ PGID=1000
 PUID=1000
 # Database (for Nextcloud)
-MYSQL_ROOT_PASSWORD=h4ckMePleAse889912101
+MYSQL_ROOT_PASSWORD=changeme
 MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
-MYSQL_PASSWORD=h4ckMePleAse4256718
+MYSQL_PASSWORD=changeme
 # Nextcloud
-NEXTCLOUD_ADMIN_USER=admin
+NEXTCLOUD_ADMIN_USER=admin # you can change it
-NEXTCLOUD_ADMIN_PASSWORD=h4ckMePleAse873214668
+NEXTCLOUD_ADMIN_PASSWORD=changeme
 # Portainer
-PORTAINER_ADMIN_PASSWORD=h4ckMePleAse
+# Please ensure you encrypt your password first using this command:
 # docker run -it --rm --entrypoint htpasswd ubuntu/apache2 -nbB admin your_password | cut -d ":" -f 2 | sed -e s/\\$/\\$\\$/g
 PORTAINER_ADMIN_PASSWORD=changeme
-# Flood username declared in  deluge rpc daemon
+# Flood username declared in  deluge RPC daemon
-FLOOD_PASSWORD=myfloodpassword
+FLOOD_PASSWORD=changeme # Flood Password for Deluge RPC daemon
 FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false
 CALIBRE_PASSWORD=mycalibrepassword
 # Wireguard custom endpoint
-WIREGUARD_ENDPOINT=<ENDPOINT>
+WIREGUARD_ENDPOINT=changeme # Wireguard endpoint
 WIREGUARD_PORT=51820
-WIREGUARD_PUBLIC_KEY=<WIREGUARD_PUBLIC_KEY>
+WIREGUARD_PUBLIC_KEY=changeme
-WIREGUARD_PRIVATE_KEY=<WIREGUARD_PRIVATE_KEY>
+WIREGUARD_PRIVATE_KEY=changeme
-WIREGUARD_ADDRESS=<WIREGUARD_LAN_ADDRESS>
+WIREGUARD_ADDRESS=changeme # Wireguard LAN address
--- a/.gitignore
+++ b/.gitignore
@ -14,3 +14,5 @@ config.yaml
 services/custom/*.yaml
 services/custom/*.yml
 services/generated/*.yaml
 authelia/*
--- a/README.md
+++ b/README.md
@ -39,6 +39,8 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U
 | Bazarr               | bazarr.yourdomain.com      | [linuxserver/bazarr](https://hub.docker.com/r/linuxserver/bazarr)      | *latest*                | Subtitles monitor   |
 | Lidarr               | lidarr.yourdomain.com      | [linuxserver/lidarr](https://hub.docker.com/r/linuxserver/lidarr)      | *develop*               | Music monitor       |
 | Readarr               | readarr.yourdomain.com      | [linuxserver/readarr](https://hub.docker.com/r/linuxserver/readarr)      | *nightly*               | Ebook and comic monitor       |
 | Calibre | calibre-admin.yourdomain.com | [linuxserver/calibre](https://hub.docker.com/r/linuxserver/calibre)  | *latest* | eBook management |
 | Calibre-web | calibre.yourdomain.com | [linuxserver/calibre-web](https://hub.docker.com/r/linuxserver/calibre-web)  | *nightly* | Book management UI |
 | Komga               | komga.yourdomain.com      | [gotson/komga](https://hub.docker.com/r/gotson/komga)      | *latest*               | Comic Book Manager       |
 | Kavita               | Kavita.yourdomain.com      | [gotson/komga](https://hub.docker.com/r/gotson/komga)      | *latest*               | Comic Book Manager       |
 | Ombi               | ombi.yourdomain.com      | [linuxserver/ombi](https://hub.docker.com/r/linuxserver/ombi)      | *latest*               | Plex content requests       |
@ -75,7 +77,7 @@ Check the [Configuration Guide](doc/configuration.md).
 ### Dependencies
 - [Docker](https://github.com/docker/docker) >= 20.10
- [Docker Compose](https://github.com/docker/compose) >= 2.2
+- [Docker Compose](https://github.com/docker/compose) >= 2.2 *(2.16+ recommended)*
 - [local-persist Docker plugin](https://github.com/MatchbookLab/local-persist): installed directly on host (not in container). This is a volume plugin that extends the default local driver’s functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to always persist, even if the volume is removed via `docker volume rm`. Use *systemd* install for Ubuntu.
 - [jq](https://stedolan.github.io/jq/download/) >= 1.5
 - [yq](https://github.com/mikefarah/yq/releases) >= 4
@ -115,3 +117,8 @@ All data is saved in the docker volumes `seedbox_config` or
 `seedbox_torrents`.
 These volumes are mapped to the `config` and `torrents` folders located in `/data` on the host. You can change these static paths in the docker-compose.yml file.
 Thanks to the **local-persist** Docker plugin, the data located in these volumes is persistent, meaning that volumes are not deleted, even when using the ```docker-compose down``` command. It would be a shame to loose everything by running a simple docker command ;-)
 # Configure your apps
 - Some indications here (more to come): [Apps Configuration](doc/configuration.md#apps-configuration)
 - [TRaSH Guides](https://trash-guides.info/)
--- a/config.sample.yaml
+++ b/config.sample.yaml
@ -111,6 +111,24 @@ services:
        - host: readarr.${TRAEFIK_DOMAIN}
          httpAuth: true
          internalPort: 8787
  - name: calibre
    enabled: false
    vpn: false
    traefik:
      enabled: true
      rules:
        - host: calibre-admin.${TRAEFIK_DOMAIN}
          httpAuth: true
          internalPort: 8080
  - name: calibre-web
    enabled: false
    vpn: false
    traefik:
      enabled: true
      rules:
        - host: calibre.${TRAEFIK_DOMAIN}
          httpAuth: true
          internalPort: 8083
  - name: komga
    enabled: false
    vpn: false
@ -192,7 +210,7 @@ services:
      rules:
        - host: portainer.${TRAEFIK_DOMAIN}
          httpAuth: false
-          internalPort: 9443
+          internalPort: 9000
  - name: netdata
    enabled: true
    vpn: false
--- a/doc/apps/deluge-flood.md
+++ b/doc/apps/deluge-flood.md
@ -0,0 +1,15 @@
 # Deluge + Flood configuration
 Here is the recommended configuration for Deluge to work with Flood:
 - In your ``.env`` configuration file, check that both ``FLOOD_PASSWORD`` and ``FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON`` variables are set and that ``FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON`` is ``true``.
 - Check in your ``config.yaml`` that both ``Deluge`` and ``Flood`` are enabled.
 - Run the stack: ``./run-seedbox.sh``
 - Wait for services to be up and running.
 - Go to Deluge UI (by default ``deluge.yourdomain.com``).
 - Open Preferences
 - In the "Daemon" menu, select "Allow remote connections".
 ![Deluge Daemon Config](img/deluge-remote-connections.png)
 - Save changes and restart Flood: ``docker restart flood`` (if necessary).
--- a/doc/apps/img/deluge-remote-connections.png
+++ b/doc/apps/img/deluge-remote-connections.png
--- a/doc/configuration.md
+++ b/doc/configuration.md
@ -12,9 +12,10 @@
 * [VPN](#vpn)
  * [Default mode - Wireguard custom](#default-mode---wireguard-custom)
  * [Your own mode (VPN provider supported by gluetun)](#your-own-mode-vpn-provider-supported-by-gluetun)
-  * [How does VPN is handled?](#how-does-vpn-is-handled)
+  * [How is VPN handled?](#how-is-vpn-handled)
 * [Make the services communicate with each other](#make-the-services-communicate-with-each-other)
 * [How does the configuration work?](#how-does-the-configuration-work)
 * [Apps configuration](#apps-configuration)
 ## General principles
@ -249,7 +250,7 @@ By default, the file used is [gluetun.yaml](../services/gluetun.yaml), which is
 * Run ``./run-seedbox.sh``.
 * The service now uses your VPN by tunneling via gluetun container. If gluetun is down or if the VPN link is broken, your service won't have any access to Internet.
-### How does VPN is handled?
+### How is VPN handled?
 Behind the scenes, the ``run-seedbox.sh`` script will mainly add 2 overrides when enabling VPN on a service:
@ -316,3 +317,11 @@ http:
 ```
 This file will be automatically placed in [traefik/custom/](../traefik/custom/) directory (mounted by Traefik container) so the config will dynamically apply. This file is updated on each ``run-seedbox.sh`` execution.
 # Apps configuration
 List of currently available documentation for apps:
 - [Deluge + Flood](apps/deluge-flood.md)
 I also strongly recommend [TRaSH Guides](https://trash-guides.info/) to have a better overview of all *arrs apps configurations.
--- a/run-seedbox.sh
+++ b/run-seedbox.sh
@ -57,6 +57,7 @@ export COMPOSE_HTTP_TIMEOUT=240
 [[ -z $HOST_CONFIG_PATH ]] && export HOST_CONFIG_PATH="/data/config"
 [[ -z $HOST_MEDIA_PATH ]] && export HOST_MEDIA_PATH="/data/torrents"
 [[ -z $DOWNLOAD_SUBFOLDER ]] && export DOWNLOAD_SUBFOLDER="deluge"
 [[ -z $DOCKER_COMPOSE_BINARY ]] && export DOCKER_COMPOSE_BINARY="docker-compose"
 if [[ ! -f config.yaml ]]; then
  echo "[$0] No config.yaml file found. Copying from sample file..."
@ -119,6 +120,15 @@ if [[ $(cat config.json | jq '[.services[] | select(.name=="flood" and .enabled=
  fi
 fi
 # Check that if calibre-web is enabled, calibre should also be enabled
 if [[ $(cat config.json | jq '[.services[] | select(.name=="calibre-web" and .enabled==true)] | length') -eq 1 ]]; then
  if [[ $(cat config.json | jq '[.services[] | select(.name=="calibre" and .enabled==false)] | length') -eq 1 ]]; then
    echo "[$0] ERROR. Calibre-web is enabled but Calibre is not. Please either enable Calibre or disable Calibre-web as Calibre-web depends on Calibre."
    echo "[$0] ******* Exiting *******"
    exit 1
  fi
 fi
 # Apply other arbitrary custom Traefik config files
 rm -f $f traefik/custom/custom-*
 for f in `find samples/custom-traefik -maxdepth 1 -mindepth 1 -type f | grep -E "\.yml$|\.yaml$" | sort`; do
@ -271,11 +281,11 @@ echo "[$0] ***** Config OK. Launching services... *****"
 if [[ "${SKIP_PULL}" != "1" ]]; then
  echo "[$0] ***** Pulling all images... *****"
-  docker-compose ${ALL_SERVICES} pull
+  ${DOCKER_COMPOSE_BINARY} ${ALL_SERVICES} pull
 fi
 echo "[$0] ***** Recreating containers if required... *****"
-docker-compose ${ALL_SERVICES} up -d --remove-orphans
+${DOCKER_COMPOSE_BINARY} ${ALL_SERVICES} up -d --remove-orphans
 echo "[$0] ***** Done updating containers *****"
 echo "[$0] ***** Clean unused images and volumes... *****"
--- a/services/calibre-web.yaml
+++ b/services/calibre-web.yaml
@ -0,0 +1,14 @@
 services:
  calibre-web:
    image: ghcr.io/linuxserver/calibre-web:nightly
    container_name: calibre-web
    restart: always
    environment:
      - PGID=${PGID}
      - PUID=${PUID}
      - TZ=${TZ}
      - DOCKER_MODS=linuxserver/mods:universal-calibre
      - OAUTHLIB_RELAX_TOKEN_SCOPE=1
    volumes:
      - configcalibre:/config
      - torrents:/torrents
--- a/services/calibre.yaml
+++ b/services/calibre.yaml
@ -0,0 +1,20 @@
 services:
  calibre:
    image: ghcr.io/linuxserver/calibre
    container_name: calibre
    restart: always
    environment:
      - PGID=${PGID}
      - PUID=${PUID}
      - TZ=${TZ}
      - PASSWORD=${CALIBRE_PASSWORD}
      - CLI_ARGS=
    volumes:
      - configcalibre:/config
      - torrents:/torrents
 volumes:
  configcalibre: 
    driver: local-persist
    driver_opts:
      mountpoint: $HOST_CONFIG_PATH/calibre
--- a/services/gluetun.yaml
+++ b/services/gluetun.yaml
@ -7,7 +7,7 @@ services:
      - NET_ADMIN
    environment:
      - PUID=${PUID}
-      - PGIDq=${PGID}
+      - PGID=${PGID}
      - TZ=${TZ}
      - VPNSP=custom
      - VPN_TYPE=wireguard
--- a/services/plex-hardware-transcoding.yaml
+++ b/services/plex-hardware-transcoding.yaml
@ -3,11 +3,16 @@ services:
    image: ghcr.io/linuxserver/plex
    container_name: plex
    restart: always
    network_mode: host
    ports:
      - "32400:32400"
      - "32400:32400/udp"
      - "32469:32469"
      - "32469:32469/udp"
      - "32410:32410/udp"
      - "32412:32412/udp"
      - "32413:32413/udp"
      - "32414:32414/udp"
    devices:
      - /dev/dri:/dev/dri # for hardware transcoding
    volumes:
--- a/services/plex.yaml
+++ b/services/plex.yaml
@ -3,11 +3,16 @@ services:
    image: ghcr.io/linuxserver/plex
    container_name: plex
    restart: always
    network_mode: host
    ports:
      - "32400:32400"
      - "32400:32400/udp"
      - "32469:32469"
      - "32469:32469/udp"
      - "32410:32410/udp"
      - "32412:32412/udp"
      - "32413:32413/udp"
      - "32414:32414/udp"
    volumes:
      - configplex:/config
      - torrents:/torrents
--- a/services/traefik.yaml
+++ b/services/traefik.yaml
@ -5,7 +5,6 @@ services:
    restart: always
    command:
      - --certificatesresolvers.le.acme.email=${ACME_MAIL}
      - --pilot.token=${PILOT_TOKEN}
    ports:
      - "80:80"
      - "443:443"
--- a/traefik/custom/middlewares.yaml
+++ b/traefik/custom/middlewares.yaml
@ -1,8 +1,6 @@
 http:
  middlewares:
-    common-auth:
+    # Middleware applied globally at the entrypoint level (applied to all routers using "secure" entrypoint)
      basicAuth:
        usersFile: "/etc/traefik/http_auth"
    security-headers:
      headers:
        forceSTSHeader: true
@ -15,6 +13,18 @@ http:
        frameDeny: true
        contentTypeNosniff: true
        browserXssFilter: true
        customresponseheaders:
          X-Frame-Options: sameorigin
          Content-Security-Policy: frame-ancestors https://*.{{ env "TRAEFIK_DOMAIN" }}
        customrequestheaders:
          X-Frame-Options: sameorigin
          Content-Security-Policy: frame-ancestors https://*.{{ env "TRAEFIK_DOMAIN" }}
    # Middlewares which are used automatically by the run-seedbox.sh script according to the parameters applied
    common-auth:
      basicAuth:
        usersFile: "/etc/traefik/http_auth"
    redirect-to-https:
      redirectScheme:
        scheme: https