KeyArgo
/
seedbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #40 from jfroment/dev 

v2.1 - The Pearl
This commit is contained in:
Jean Froment 2023-03-14 22:50:11 +01:00 committed by GitHub
parent 0062095ae3 8ac3e52ce8
commit 3bb3662b14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 148 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
.env.sample
View File

@ -1,16 +1,19 @@
# Internal settings (they will not be passed to running services)
CHECK_FOR_OUTDATED_CONFIG=true
DOCKER_COMPOSE_BINARY="docker compose" # or "docker-compose"
# General Traefik (reverse proxy) settings
TRAEFIK_DOMAIN=mydomain.com
ACME_MAIL=my-email@my-provider.com
PILOT_TOKEN=mytraefiktoken # Keep it empty if not needed
# General settings
TZ="Europe/Paris"
# HTTP Auth
HTTP_USER=myuser
# Use this command to generate your password:
# docker run -it --rm --entrypoint htpasswd ubuntu/apache2 -nb your_user your_password | cut -d ":" -f 2
HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes!
# Host paths + containers permissions mapping
@ -22,25 +25,29 @@ PGID=1000
PUID=1000
# Database (for Nextcloud)
MYSQL_ROOT_PASSWORD=h4ckMePleAse889912101
MYSQL_ROOT_PASSWORD=changeme
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud
MYSQL_PASSWORD=h4ckMePleAse4256718
MYSQL_PASSWORD=changeme
# Nextcloud
NEXTCLOUD_ADMIN_USER=admin
NEXTCLOUD_ADMIN_PASSWORD=h4ckMePleAse873214668
NEXTCLOUD_ADMIN_USER=admin # you can change it
NEXTCLOUD_ADMIN_PASSWORD=changeme
# Portainer
PORTAINER_ADMIN_PASSWORD=h4ckMePleAse
# Please ensure you encrypt your password first using this command:
# docker run -it --rm --entrypoint htpasswd ubuntu/apache2 -nbB admin your_password | cut -d ":" -f 2 | sed -e s/\\$/\\$\\$/g
PORTAINER_ADMIN_PASSWORD=changeme
# Flood username declared in deluge rpc daemon
FLOOD_PASSWORD=myfloodpassword
# Flood username declared in deluge RPC daemon
FLOOD_PASSWORD=changeme # Flood Password for Deluge RPC daemon
FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false
CALIBRE_PASSWORD=mycalibrepassword
# Wireguard custom endpoint
WIREGUARD_ENDPOINT=<ENDPOINT>
WIREGUARD_ENDPOINT=changeme # Wireguard endpoint
WIREGUARD_PORT=51820
WIREGUARD_PUBLIC_KEY=<WIREGUARD_PUBLIC_KEY>
WIREGUARD_PRIVATE_KEY=<WIREGUARD_PRIVATE_KEY>
WIREGUARD_ADDRESS=<WIREGUARD_LAN_ADDRESS>
WIREGUARD_PUBLIC_KEY=changeme
WIREGUARD_PRIVATE_KEY=changeme
WIREGUARD_ADDRESS=changeme # Wireguard LAN address

2
.gitignore vendored
View File

@ -14,3 +14,5 @@ config.yaml
services/custom/*.yaml
services/custom/*.yml
services/generated/*.yaml
authelia/*

9
README.md
View File

@ -39,6 +39,8 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U
| Bazarr | bazarr.yourdomain.com | [linuxserver/bazarr](https://hub.docker.com/r/linuxserver/bazarr) | *latest* | Subtitles monitor |
| Lidarr | lidarr.yourdomain.com | [linuxserver/lidarr](https://hub.docker.com/r/linuxserver/lidarr) | *develop* | Music monitor |
| Readarr | readarr.yourdomain.com | [linuxserver/readarr](https://hub.docker.com/r/linuxserver/readarr) | *nightly* | Ebook and comic monitor |
| Calibre | calibre-admin.yourdomain.com | [linuxserver/calibre](https://hub.docker.com/r/linuxserver/calibre) | *latest* | eBook management |
| Calibre-web | calibre.yourdomain.com | [linuxserver/calibre-web](https://hub.docker.com/r/linuxserver/calibre-web) | *nightly* | Book management UI |
| Komga | komga.yourdomain.com | [gotson/komga](https://hub.docker.com/r/gotson/komga) | *latest* | Comic Book Manager |
| Kavita | Kavita.yourdomain.com | [gotson/komga](https://hub.docker.com/r/gotson/komga) | *latest* | Comic Book Manager |
| Ombi | ombi.yourdomain.com | [linuxserver/ombi](https://hub.docker.com/r/linuxserver/ombi) | *latest* | Plex content requests |
@ -75,7 +77,7 @@ Check the [Configuration Guide](doc/configuration.md).
### Dependencies
- [Docker](https://github.com/docker/docker) >= 20.10
- [Docker Compose](https://github.com/docker/compose) >= 2.2
- [Docker Compose](https://github.com/docker/compose) >= 2.2 *(2.16+ recommended)*
- [local-persist Docker plugin](https://github.com/MatchbookLab/local-persist): installed directly on host (not in container). This is a volume plugin that extends the default local drivers functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to always persist, even if the volume is removed via `docker volume rm`. Use *systemd* install for Ubuntu.
- [jq](https://stedolan.github.io/jq/download/) >= 1.5
- [yq](https://github.com/mikefarah/yq/releases) >= 4
@ -115,3 +117,8 @@ All data is saved in the docker volumes `seedbox_config` or
`seedbox_torrents`.
These volumes are mapped to the `config` and `torrents` folders located in `/data` on the host. You can change these static paths in the docker-compose.yml file.
Thanks to the **local-persist** Docker plugin, the data located in these volumes is persistent, meaning that volumes are not deleted, even when using the ```docker-compose down``` command. It would be a shame to loose everything by running a simple docker command ;-)
# Configure your apps
- Some indications here (more to come): [Apps Configuration](doc/configuration.md#apps-configuration)
- [TRaSH Guides](https://trash-guides.info/)

20
config.sample.yaml
View File

@ -111,6 +111,24 @@ services:
- host: readarr.${TRAEFIK_DOMAIN}
httpAuth: true
internalPort: 8787
- name: calibre
enabled: false
vpn: false
traefik:
enabled: true
rules:
- host: calibre-admin.${TRAEFIK_DOMAIN}
httpAuth: true
internalPort: 8080
- name: calibre-web
enabled: false
vpn: false
traefik:
enabled: true
rules:
- host: calibre.${TRAEFIK_DOMAIN}
httpAuth: true
internalPort: 8083
- name: komga
enabled: false
vpn: false
@ -192,7 +210,7 @@ services:
rules:
- host: portainer.${TRAEFIK_DOMAIN}
httpAuth: false
internalPort: 9443
internalPort: 9000
- name: netdata
enabled: true
vpn: false

15
doc/apps/deluge-flood.md Normal file
View File

@ -0,0 +1,15 @@
# Deluge + Flood configuration
Here is the recommended configuration for Deluge to work with Flood:
- In your ``.env`` configuration file, check that both ``FLOOD_PASSWORD`` and ``FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON`` variables are set and that ``FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON`` is ``true``.
- Check in your ``config.yaml`` that both ``Deluge`` and ``Flood`` are enabled.
- Run the stack: ``./run-seedbox.sh``
- Wait for services to be up and running.
- Go to Deluge UI (by default ``deluge.yourdomain.com``).
- Open Preferences
- In the "Daemon" menu, select "Allow remote connections".
![Deluge Daemon Config](img/deluge-remote-connections.png)
- Save changes and restart Flood: ``docker restart flood`` (if necessary).

BIN
doc/apps/img/deluge-remote-connections.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

13
doc/configuration.md
View File

@ -12,9 +12,10 @@
* [VPN](#vpn)
* [Default mode - Wireguard custom](#default-mode---wireguard-custom)
* [Your own mode (VPN provider supported by gluetun)](#your-own-mode-vpn-provider-supported-by-gluetun)
* [How does VPN is handled?](#how-does-vpn-is-handled)
* [How is VPN handled?](#how-is-vpn-handled)
* [Make the services communicate with each other](#make-the-services-communicate-with-each-other)
* [How does the configuration work?](#how-does-the-configuration-work)
* [Apps configuration](#apps-configuration)
## General principles
@ -249,7 +250,7 @@ By default, the file used is [gluetun.yaml](../services/gluetun.yaml), which is
* Run ``./run-seedbox.sh``.
* The service now uses your VPN by tunneling via gluetun container. If gluetun is down or if the VPN link is broken, your service won't have any access to Internet.
### How does VPN is handled?
### How is VPN handled?
Behind the scenes, the ``run-seedbox.sh`` script will mainly add 2 overrides when enabling VPN on a service:
@ -316,3 +317,11 @@ http:
```
This file will be automatically placed in [traefik/custom/](../traefik/custom/) directory (mounted by Traefik container) so the config will dynamically apply. This file is updated on each ``run-seedbox.sh`` execution.
# Apps configuration
List of currently available documentation for apps:
- [Deluge + Flood](apps/deluge-flood.md)
I also strongly recommend [TRaSH Guides](https://trash-guides.info/) to have a better overview of all *arrs apps configurations.

14
run-seedbox.sh
View File

@ -57,6 +57,7 @@ export COMPOSE_HTTP_TIMEOUT=240
[[ -z $HOST_CONFIG_PATH ]] && export HOST_CONFIG_PATH="/data/config"
[[ -z $HOST_MEDIA_PATH ]] && export HOST_MEDIA_PATH="/data/torrents"
[[ -z $DOWNLOAD_SUBFOLDER ]] && export DOWNLOAD_SUBFOLDER="deluge"
[[ -z $DOCKER_COMPOSE_BINARY ]] && export DOCKER_COMPOSE_BINARY="docker-compose"
if [[ ! -f config.yaml ]]; then
echo "[$0] No config.yaml file found. Copying from sample file..."
@ -119,6 +120,15 @@ if [[ $(cat config.json | jq '[.services[] | select(.name=="flood" and .enabled=
fi
fi
# Check that if calibre-web is enabled, calibre should also be enabled
if [[ $(cat config.json | jq '[.services[] | select(.name=="calibre-web" and .enabled==true)] | length') -eq 1 ]]; then
if [[ $(cat config.json | jq '[.services[] | select(.name=="calibre" and .enabled==false)] | length') -eq 1 ]]; then
echo "[$0] ERROR. Calibre-web is enabled but Calibre is not. Please either enable Calibre or disable Calibre-web as Calibre-web depends on Calibre."
echo "[$0] ******* Exiting *******"
exit 1
fi
fi
# Apply other arbitrary custom Traefik config files
rm -f $f traefik/custom/custom-*
for f in `find samples/custom-traefik -maxdepth 1 -mindepth 1 -type f | grep -E "\.yml$|\.yaml$" | sort`; do
@ -271,11 +281,11 @@ echo "[$0] ***** Config OK. Launching services... *****"
if [[ "${SKIP_PULL}" != "1" ]]; then
echo "[$0] ***** Pulling all images... *****"
docker-compose ${ALL_SERVICES} pull
${DOCKER_COMPOSE_BINARY} ${ALL_SERVICES} pull
fi
echo "[$0] ***** Recreating containers if required... *****"
docker-compose ${ALL_SERVICES} up -d --remove-orphans
${DOCKER_COMPOSE_BINARY} ${ALL_SERVICES} up -d --remove-orphans
echo "[$0] ***** Done updating containers *****"
echo "[$0] ***** Clean unused images and volumes... *****"

14
services/calibre-web.yaml Normal file
View File

@ -0,0 +1,14 @@
services:
calibre-web:
image: ghcr.io/linuxserver/calibre-web:nightly
container_name: calibre-web
restart: always
environment:
- PGID=${PGID}
- PUID=${PUID}
- TZ=${TZ}
- DOCKER_MODS=linuxserver/mods:universal-calibre
- OAUTHLIB_RELAX_TOKEN_SCOPE=1
volumes:
- configcalibre:/config
- torrents:/torrents

20
services/calibre.yaml Normal file
View File

@ -0,0 +1,20 @@
services:
calibre:
image: ghcr.io/linuxserver/calibre
container_name: calibre
restart: always
environment:
- PGID=${PGID}
- PUID=${PUID}
- TZ=${TZ}
- PASSWORD=${CALIBRE_PASSWORD}
- CLI_ARGS=
volumes:
- configcalibre:/config
- torrents:/torrents
volumes:
configcalibre:
driver: local-persist
driver_opts:
mountpoint: $HOST_CONFIG_PATH/calibre

2
services/gluetun.yaml
View File

@ -7,7 +7,7 @@ services:
- NET_ADMIN
environment:
- PUID=${PUID}
- PGIDq=${PGID}
- PGID=${PGID}
- TZ=${TZ}
- VPNSP=custom
- VPN_TYPE=wireguard

5
services/plex-hardware-transcoding.yaml
View File

@ -3,11 +3,16 @@ services:
image: ghcr.io/linuxserver/plex
container_name: plex
restart: always
network_mode: host
ports:
- "32400:32400"
- "32400:32400/udp"
- "32469:32469"
- "32469:32469/udp"
- "32410:32410/udp"
- "32412:32412/udp"
- "32413:32413/udp"
- "32414:32414/udp"
devices:
- /dev/dri:/dev/dri # for hardware transcoding
volumes:

5
services/plex.yaml
View File

@ -3,11 +3,16 @@ services:
image: ghcr.io/linuxserver/plex
container_name: plex
restart: always
network_mode: host
ports:
- "32400:32400"
- "32400:32400/udp"
- "32469:32469"
- "32469:32469/udp"
- "32410:32410/udp"
- "32412:32412/udp"
- "32413:32413/udp"
- "32414:32414/udp"
volumes:
- configplex:/config
- torrents:/torrents

1
services/traefik.yaml
View File

@ -5,7 +5,6 @@ services:
restart: always
command:
- --certificatesresolvers.le.acme.email=${ACME_MAIL}
- --pilot.token=${PILOT_TOKEN}
ports:
- "80:80"
- "443:443"

16
traefik/custom/middlewares.yaml
View File

@ -1,8 +1,6 @@
http:
middlewares:
common-auth:
basicAuth:
usersFile: "/etc/traefik/http_auth"
# Middleware applied globally at the entrypoint level (applied to all routers using "secure" entrypoint)
security-headers:
headers:
forceSTSHeader: true
@ -15,6 +13,18 @@ http:
frameDeny: true
contentTypeNosniff: true
browserXssFilter: true
customresponseheaders:
X-Frame-Options: sameorigin
Content-Security-Policy: frame-ancestors https://*.{{ env "TRAEFIK_DOMAIN" }}
customrequestheaders:
X-Frame-Options: sameorigin
Content-Security-Policy: frame-ancestors https://*.{{ env "TRAEFIK_DOMAIN" }}
# Middlewares which are used automatically by the run-seedbox.sh script according to the parameters applied
common-auth:
basicAuth:
usersFile: "/etc/traefik/http_auth"
redirect-to-https:
redirectScheme:
scheme: https