KeyArgo
/
seedbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add VPN support (modularizable) + refactoring + variables changes

This commit is contained in:
Jean Froment 2022-02-14 00:24:04 +01:00
parent ef286306c4
commit e4ede925a8
35 changed files with 235 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.env.sample
View File

@ -10,7 +10,11 @@ TZ="Europe/Paris"
HTTP_USER=myuser
HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes!
# Containers permissions mapping
# Host paths + containers permissions mapping
HOST_CONFIG_PATH="/data/config"
HOST_MEDIA_PATH="/data/torrents"
# Will be located in $HOST_MEDIA_PATH
DOWNLOAD_SUBFOLDER="deluge"
PGID=1000
PUID=1000
@ -29,4 +33,11 @@ PORTAINER_ADMIN_PASSWORD=h4ckMePleAse
# Flood username declared in deluge rpc daemon
FLOOD_PASSWORD=myfloodpassword
FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false
FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false
# Wireguard custom endpoint
WIREGUARD_ENDPOINT=<ENDPOINT>
WIREGUARD_PORT=51820
WIREGUARD_PUBLIC_KEY=<WIREGUARD_PUBLIC_KEY>
WIREGUARD_PRIVATE_KEY=<WIREGUARD_PRIVATE_KEY>
WIREGUARD_ADDRESS=<WIREGUARD_LAN_ADDRESS>

1
.gitignore vendored
View File

@ -6,3 +6,4 @@
**/traefik/http_auth
backup/
services.conf
traefik/custom/dynamic*.yaml

6
README.md
View File

@ -9,6 +9,7 @@ seedbox and personal media server.
-----------------------|----------------------------|------------------------------------------------------------------------|-------------------------|---------------------|
| Plex | plex.yourdomain.com | [linuxserver/plex](https://hub.docker.com/r/linuxserver/plex) | *latest* | Media Streaming |
| Deluge | deluge.yourdomain.com | [linuxserver/deluge](https://hub.docker.com/r/linuxserver/deluge) | *latest* | Torrents downloader |
| Deluge (VPN) | deluge.yourdomain.com | [linuxserver/deluge](https://hub.docker.com/r/linuxserver/deluge) | *latest* | Torrents downloader (behind VPN) |
| Flood | flood.yourdomain.com | [jesec/flood](https://hub.docker.com/r/jesec/flood) | *latest* | Web client for Deluge (experimental) |
| Sonarr | sonarr.yourdomain.com | [linuxserver/sonarr](https://hub.docker.com/r/linuxserver/sonarr) | *develop* | TV Shows monitor |
| Radarr | radarr.yourdomain.com | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr) | *develop* | Movies monitor |
@ -22,6 +23,7 @@ seedbox and personal media server.
| Jackett | jackett.yourdomain.com | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett) | *latest* | Tracker indexer |
| Prowlarr | prowlarr.yourdomain.com | [linuxserver/prowlarr](https://hub.docker.com/r/linuxserver/prowlarr) | *develop* | Tracker indexer |
| JDownloader | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest* | Direct downloader |
| JDownloader (VPN) | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest* | Direct downloader (behind VPN) |
| Tautulli (plexPy) | tautulli.yourdomain.com | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli) | *latest* | Plex stats and admin|
| Tdarr | tdarr.yourdomain.com | [haveagitgat/tdarr](https://hub.docker.com/r/haveagitgat/tdarr) | *latest* | Re-encode files |
| NextCloud | nextcloud.yourdomain.com | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud) | *latest* | Files management |
@ -29,6 +31,7 @@ seedbox and personal media server.
| Portainer | portainer.yourdomain.com | [portainer/portainer](https://hub.docker.com/r/portainer/portainer) | *latest* | Container management|
| Netdata | netdata.yourdomain.com | [netdata/netdata](https://hub.docker.com/r/netdata/netdata) | *latest* | Server monitoring |
| Duplicati | duplicati.yourdomain.com | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest* | Backups |
| Gluetun | - | [qmcgaw/gluetun](https://hub.docker.com/r/qmcgaw/gluetun)| *latest* | VPN client (still WIP...) |
The front-end reverse proxy (Traefik - **check the next section if you have already the seedbox with Traefik v1**) routes based on the lowest level subdomain
(e.g. `deluge.example.com` would route to deluge). Since this is how the router
@ -77,6 +80,7 @@ sudo rm -rf /opt/traefik /tmp/migration
## Configuration
Before running, please create the volumes which will be statically mapped to the ones on the host:
For example:
```sh
sudo su -c "mkdir /data && mkdir /data/config && mkdir /data/torrents"
@ -106,7 +110,7 @@ this.
## PlexPass
Just set the `VERSION` environment variable to `latest` on the Plex service (enabled by default).
See https://hub.docker.com/r/linuxserver/plex.
See [this link](https://hub.docker.com/r/linuxserver/plex).
## Where is my data?

11
docker-compose.yaml
View File

@ -6,21 +6,20 @@ version: "3.8"
# Common network used by all services
networks:
default:
external:
name: "traefik-network"
default:
name: "traefik-network"
# Common volumes used by at least 2 services
volumes:
config:
driver: local-persist
driver_opts:
mountpoint: /data/config
mountpoint: $HOST_CONFIG_PATH
torrents:
driver: local-persist
driver_opts:
mountpoint: /data/torrents
mountpoint: $HOST_MEDIA_PATH
downloads:
driver: local-persist
driver_opts:
mountpoint: /data/torrents/deluge
mountpoint: $HOST_MEDIA_PATH/$DOWNLOAD_SUBFOLDER

12
samples/traefik-deluge-vpn.yaml Executable file
View File

@ -0,0 +1,12 @@
http:
routers:
deluge:
rule: 'Host(`deluge.{{ env "TRAEFIK_DOMAIN" }}`)'
middlewares:
- common-auth@file
service: deluge
services:
deluge:
loadBalancer:
servers:
- url: "http://gluetun:8112"

12
samples/traefik-jdownloader-vpn.yaml Executable file
View File

@ -0,0 +1,12 @@
http:
routers:
jdownloader:
rule: 'Host(`jdownloader.{{ env "TRAEFIK_DOMAIN" }}`)'
middlewares:
- common-auth@file
service: deluge
services:
jdownloader:
loadBalancer:
servers:
- url: "http://gluetun:5800"

5
services.conf.sample
View File

@ -1,6 +1,8 @@
deluge: enable
deluge-vpn: disable
flood: enable
plex: enable
plex-hardware-transcoding: disable
flaresolverr: enable
jackett: enable
prowlarr: enable
@ -19,4 +21,5 @@ tdarr: enable
nextcloud: enable
portainer: enable
netdata: enable
duplicati: enable
duplicati: enable
gluetun: disable

2
services/bazarr.yaml Normal file → Executable file
View File

@ -19,4 +19,4 @@ volumes:
configbazarr:
driver: local-persist
driver_opts:
mountpoint: /data/config/bazarr
mountpoint: $HOST_CONFIG_PATH/bazarr

21
services/deluge-vpn.yaml Executable file
View File

@ -0,0 +1,21 @@
services:
deluge:
image: ghcr.io/linuxserver/deluge
container_name: deluge
restart: always
network_mode: "service:gluetun"
volumes:
- torrents:/torrents
- configdeluge:/config
- downloads:/downloads
environment:
- PGID=${PGID}
- PUID=${PUID}
- TZ=${TZ}
# Traefik labels are in Gluetun YAML as deluge must be accessed via Gluetun
volumes:
configdeluge:
driver: local-persist
driver_opts:
mountpoint: $HOST_CONFIG_PATH/deluge

2
services/deluge.yaml Normal file → Executable file
View File

@ -20,4 +20,4 @@ volumes:
configdeluge:
driver: local-persist
driver_opts:
mountpoint: /data/config/deluge
mountpoint: $HOST_CONFIG_PATH/deluge

10
services/duplicati.yaml Normal file → Executable file
View File

@ -10,22 +10,18 @@ services:
volumes:
- configduplicati:/config
- backups:/backups
- alldata:/source
- config:/source
labels:
- "traefik.enable=true"
- "traefik.http.routers.duplicati.rule=Host(`duplicati.${TRAEFIK_DOMAIN}`)"
- "traefik.http.routers.duplicati.middlewares=common-auth@file"
volumes:
alldata:
driver: local-persist
driver_opts:
mountpoint: /data
configduplicati:
driver: local-persist
driver_opts:
mountpoint: /data/config/duplicati
mountpoint: $HOST_CONFIG_PATH/duplicati
backups:
driver: local-persist
driver_opts:
mountpoint: /data/backups
mountpoint: $HOST_CONFIG_PATH/backups

0
services/flaresolverr.yaml Normal file → Executable file
View File

4
services/flood.yaml Normal file → Executable file
View File

@ -8,7 +8,7 @@ services:
user: ${PUID}:${PGID}
command:
- --auth=none
- --dehost=deluge
- --dehost=${DELUGE_HOST}
- --deport=58846
- --deuser=flood
- --depass=${FLOOD_PASSWORD}
@ -29,4 +29,4 @@ volumes:
configflood:
driver: local-persist
driver_opts:
mountpoint: /data/config/flood
mountpoint: $HOST_CONFIG_PATH/flood

34
services/gluetun.yaml Executable file
View File

@ -0,0 +1,34 @@
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
restart: always
cap_add:
- NET_ADMIN
environment:
- PUID=${PUID}
- PGIDq=${PGID}
- TZ=${TZ}
- VPNSP=custom
- VPN_TYPE=wireguard
# For Wireguard
- VPN_ENDPOINT_IP=${WIREGUARD_ENDPOINT}
- VPN_ENDPOINT_PORT=${WIREGUARD_PORT}
- WIREGUARD_PUBLIC_KEY=${WIREGUARD_PUBLIC_KEY}
- WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
- WIREGUARD_ADDRESS=${WIREGUARD_ADDRESS}
#labels:
# Control Panel
# - "traefik.enable=true"
# - "traefik.http.routers.gluetun.rule=Host(`gluetun.${TRAEFIK_DOMAIN}`)"
# - "traefik.http.routers.gluetun.middlewares=common-auth@file"
# - "traefik.http.routers.gluetun.service=gluetun"
# - "traefik.http.services.gluetun.loadbalancer.server.port=8000"
# Traefik rules for VPN-enabled services (which have ot be accessed through gluetun) are defined in the samples/ directory
# and are applied automatically in the update-all.sh script.
volumes:
configgluetun:
driver: local-persist
driver_opts:
mountpoint: $HOST_CONFIG_PATH/gluetun

0
services/jackett.yaml Normal file → Executable file
View File

20
services/jdownloader-vpn.yaml Executable file
View File

@ -0,0 +1,20 @@
services:
jdownloader:
image: jlesage/jdownloader-2
container_name: jdownloader
restart: always
network_mode: "service:gluetun"
volumes:
- configjdownloader:/config
- downloads:/output
environment:
- USER_ID=${PUID}
- GROUP_ID=${PGID}
- TZ=${TZ}
# Traefik routing rules are defined in the samples/ directory and applied automatically when this service is enabled
volumes:
configjdownloader:
driver: local-persist
driver_opts:
mountpoint: $HOST_CONFIG_PATH/jdownloader

2
services/jdownloader.yaml Normal file → Executable file
View File

@ -20,4 +20,4 @@ volumes:
configjdownloader:
driver: local-persist
driver_opts:
mountpoint: /data/config/jdownloader
mountpoint: $HOST_CONFIG_PATH/jdownloader

2
services/kavita.yaml Normal file → Executable file
View File

@ -19,4 +19,4 @@ volumes:
configkavita:
driver: local-persist
driver_opts:
mountpoint: /data/config/kavita
mountpoint: $HOST_CONFIG_PATH/kavita

2
services/komga.yaml Normal file → Executable file
View File

@ -18,4 +18,4 @@ volumes:
configkomga:
driver: local-persist
driver_opts:
mountpoint: /data/config/komga
mountpoint: $HOST_CONFIG_PATH/komga

2
services/lidarr.yaml Normal file → Executable file
View File

@ -19,4 +19,4 @@ volumes:
configlidarr:
driver: local-persist
driver_opts:
mountpoint: /data/config/lidarr
mountpoint: $HOST_CONFIG_PATH/lidarr

0
services/netdata.yaml Normal file → Executable file
View File

6
services/nextcloud.yaml Normal file → Executable file
View File

@ -41,12 +41,12 @@ volumes:
nextclouddb:
driver: local-persist
driver_opts:
mountpoint: /data/nextcloud-db
mountpoint: $HOST_CONFIG_PATH/nextcloud-db
confignextcloud:
driver: local-persist
driver_opts:
mountpoint: /data/config/nextcloud
mountpoint: $HOST_CONFIG_PATH/nextcloud
nextclouddata:
driver: local-persist
driver_opts:
mountpoint: /data/config/nextcloud-data
mountpoint: $HOST_CONFIG_PATH/nextcloud-data

2
services/ombi.yaml Normal file → Executable file
View File

@ -19,4 +19,4 @@ volumes:
configombi:
driver: local-persist
driver_opts:
mountpoint: /data/config/ombi
mountpoint: $HOST_CONFIG_PATH/ombi

2
services/overseerr.yaml Normal file → Executable file
View File

@ -17,4 +17,4 @@ volumes:
configoverseerr:
driver: local-persist
driver_opts:
mountpoint: /data/config/overseerr
mountpoint: $HOST_CONFIG_PATH/overseerr

31
services/plex-hardware-transcoding.yaml Executable file
View File

@ -0,0 +1,31 @@
services:
plex:
image: ghcr.io/linuxserver/plex
container_name: plex
restart: always
ports:
- "32400:32400"
- "32400:32400/udp"
- "32469:32469"
- "32469:32469/udp"
devices:
- /dev/dri:/dev/dri # for hardware transcoding
volumes:
- configplex:/config
- torrents:/torrents
- /dev/shm:/transcode
environment:
- PGID=${PGID}
- PUID=${PUID}
- TZ=${TZ}
- VERSION=latest
labels:
- "traefik.enable=true"
- "traefik.http.services.plex-seedbox.loadbalancer.server.port=32400"
- "traefik.http.routers.plex.rule=Host(`plex.${TRAEFIK_DOMAIN}`)"
volumes:
configplex:
driver: local-persist
driver_opts:
mountpoint: $HOST_CONFIG_PATH/Plex

4
services/plex.yaml Normal file → Executable file
View File

@ -8,8 +8,6 @@ services:
- "32400:32400/udp"
- "32469:32469"
- "32469:32469/udp"
- "5353:5353/udp"
- "1900:1900/udp"
volumes:
- configplex:/config
- torrents:/torrents
@ -27,4 +25,4 @@ volumes:
configplex:
driver: local-persist
driver_opts:
mountpoint: /data/config/Plex
mountpoint: $HOST_CONFIG_PATH/Plex

0
services/portainer.yaml Normal file → Executable file
View File

2
services/prowlarr.yaml Normal file → Executable file
View File

@ -18,4 +18,4 @@ volumes:
configprowlarr:
driver: local-persist
driver_opts:
mountpoint: /data/config/prowlarr
mountpoint: $HOST_CONFIG_PATH/prowlarr

2
services/radarr.yaml Normal file → Executable file
View File

@ -20,4 +20,4 @@ volumes:
configradarr:
driver: local-persist
driver_opts:
mountpoint: /data/config/radarr
mountpoint: $HOST_CONFIG_PATH/radarr

2
services/readarr.yaml Normal file → Executable file
View File

@ -20,4 +20,4 @@ volumes:
configreadarr:
driver: local-persist
driver_opts:
mountpoint: /data/config/readarr
mountpoint: $HOST_CONFIG_PATH/readarr

2
services/sonarr.yaml Normal file → Executable file
View File

@ -20,4 +20,4 @@ volumes:
configsonarr:
driver: local-persist
driver_opts:
mountpoint: /data/config/sonarr
mountpoint: $HOST_CONFIG_PATH/sonarr

2
services/tautulli.yaml Normal file → Executable file
View File

@ -18,4 +18,4 @@ volumes:
configtautulli:
driver: local-persist
driver_opts:
mountpoint: /data/config/tautulli
mountpoint: $HOST_CONFIG_PATH/tautulli

6
services/tdarr.yaml Normal file → Executable file
View File

@ -45,12 +45,12 @@ volumes:
configtdarrv2:
driver: local-persist
driver_opts:
mountpoint: /data/config/tdarrv2/server
mountpoint: $HOST_CONFIG_PATH/tdarrv2/server
settingstdarrv2:
driver: local-persist
driver_opts:
mountpoint: /data/config/tdarrv2/configs
mountpoint: $HOST_CONFIG_PATH/tdarrv2/configs
transcodes:
driver: local-persist
driver_opts:
mountpoint: /data/config/tdarrv2/transcodes
mountpoint: $HOST_CONFIG_PATH/tdarrv2/transcodes

2
services/traefik.yaml Normal file → Executable file
View File

@ -27,4 +27,4 @@ volumes:
configtraefik:
driver: local-persist
driver_opts:
mountpoint: /data/config/traefik
mountpoint: $HOST_CONFIG_PATH/traefik

54
update-all.sh
View File

@ -1,5 +1,7 @@
#!/bin/bash
set -e
SKIP_PULL=0
for i in "$@"; do
@ -21,6 +23,11 @@ echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth
# Docker-compose settings
export COMPOSE_HTTP_TIMEOUT=240
# Retro-compatibility
[[ -z $HOST_CONFIG_PATH ]] && export HOST_CONFIG_PATH="/data/config"
[[ -z $HOST_MEDIA_PATH ]] && export HOST_MEDIA_PATH="/data/torrents"
[[ -z $DOWNLOAD_SUBFOLDER ]] && export DOWNLOAD_SUBFOLDER="deluge"
if [[ ! -f services.conf ]]; then
echo "[$0] No services.conf file found. Copying from sample file..."
cp services.conf.sample services.conf
@ -31,9 +38,50 @@ NB_SERVICES_ACTIVE=$(cat services.conf | wc -l)
NB_SERVICES_ORIG=$(cat services.conf.sample | wc -l)
if [[ ${NB_SERVICES_ACTIVE} != ${NB_SERVICES_ORIG} ]]; then
echo "[$0] Your services.conf file seems outdated. It appears there are new services available, or services that have been removed."
diff -yt services.conf services.conf.sample
diff -yt services.conf services.conf.sample || true
echo ""
fi
# Check if *-vpn services are enabled. If so, check that gluetun is enabled.
if [[ $(cat services.conf | { grep -E ".*vpn: enable" || true; } | wc -l) -ge 1 ]]; then
if [[ $(cat services.conf | { grep "gluetun: enable" || true; } | wc -l) -eq 0 ]]; then
echo "[$0] ERROR. A VPN-enabled service has been enabled BUT gluetun has not been enabled. Please check your services.conf file."
echo "******* Exiting *******"
exit 1
fi
fi
# Check if there are no conflict in enabled services (for example, you cannot enable deluge AND deluge-vpn)
for svc in deluge plex jdownloader; do
if [[ $(cat services.conf | { grep -E "${svc}.*: enable" || true; } | wc -l) -gt 1 ]]; then
echo "[$0] ERROR. You cannot enable multiple ${svc^} services simultaneously. Please edit this section in your services.conf file:"
cat services.conf | { grep -E "${svc}.*: enable" || true; }
echo "******* Exiting *******"
exit 1
fi
done
# Determine what host Flood should connect to
# => If deluge-vpn is enabled => gluetun
# => If deluge is enabled => deluge
if [[ $(cat services.conf | { grep -E "flood\: enable" || true; } | wc -l) -eq 1 ]]; then
if [[ $(cat services.conf | { grep -E "deluge\-vpn\: enable" || true; } | wc -l) -eq 1 ]]; then
export DELUGE_HOST="gluetun"
elif [[ $(cat services.conf | { grep -E "deluge\: enable" || true; } | wc -l) -eq 1 ]]; then
export DELUGE_HOST="deluge"
fi
fi
# Apply Traefik dynamic files in traefik conf directory if VPN are enabled for some services
for svc in $(cat services.conf | grep "\-vpn: enable" | sed -E "s/(.*)\: enable/\1/g"); do
if [[ -f samples/traefik-${svc}.yaml ]]; then
echo "[$0] traefik-$svc.yaml file detected in samples/ directory. Applying into Traefik runtime config directory..."
cp samples/traefik-${svc}.yaml traefik/custom/dynamic-${svc}.yaml
else
echo "[$0] No custom traefik file found in samples/directory for app $svc. Skipping..."
fi
done
# Fetch all YAML files
disabled_pattern=""
while read -r line ; do
@ -46,8 +94,8 @@ ALL_SERVICES="-f docker-compose.yaml $SERVICES"
# Specific instructions for Flood
# User for Deluge daemon RPC has to be created in deluge auth config file
if [[ ! -z ${FLOOD_PASSWORD} && ${FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON} == true ]]; then
if ! grep -q "flood" /data/config/deluge/auth; then
echo "flood:${FLOOD_PASSWORD}:10" >> /data/config/deluge/auth
if ! grep -q "flood" $HOST_CONFIG_PATH/deluge/auth; then
echo "flood:${FLOOD_PASSWORD}:10" >> $HOST_CONFIG_PATH/deluge/auth
else
echo "[$0] No need to add user/password for flood as it has already been created."
echo "[$0] Consider setting FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON variable to false in .env file."