diff --git a/.env.custom.sample b/.env.custom.sample new file mode 100644 index 0000000..32db60b --- /dev/null +++ b/.env.custom.sample @@ -0,0 +1,76 @@ +################################################################# +################## CUSTOM ENVIRONMENT VARIABLES ################# +################################################################# + +# How to use: +# Copy this file first and name it ".env.custom" +# Uncomment *ONLY* the variables you want to use (!!! Always use the prefix APPNAME_) +# Set their values + +################################################################# +############## TRAEFIK CUSTOM CERTIFICATE RESOLVER ############## +################################################################# + +# Add your own by finding the variables for your provider here: https://go-acme.github.io/lego/dns/#dns-providers + +########################## Cloudflare ########################### +# TRAEFIK_CF_API_EMAIL=changeme +# TRAEFIK_CF_API_KEY=changeme +############################## OVH ############################## +# TRAEFIK_OVH_ENDPOINT=changeme +# TRAEFIK_OVH_APPLICATION_KEY=changeme +# TRAEFIK_OVH_APPLICATION_SECRET=changeme +# TRAEFIK_OVH_CONSUMER_KEY=changeme +############################## ... ############################## + +################################################################# +###################### OTHER APPS VARIABLES ##################### +################################################################# + +# Calibre admin password +CALIBRE_CALIBRE_PASSWORD=changeme + +# Flood Password for Deluge RPC daemon +FLOOD_FLOOD_PASSWORD=changeme + +# Please ensure you encrypt your password first using this command: +# docker run -it --rm --entrypoint htpasswd ubuntu/apache2 -nbB admin your_password | cut -d ":" -f 2 | sed -e s/\\$/\\$\\$/g +PORTAINER_PORTAINER_ADMIN_PASSWORD=changeme + +# Nextcloud +NEXTCLOUD_NEXTCLOUD_ADMIN_USER=admin # you can change it +NEXTCLOUD_NEXTCLOUD_ADMIN_PASSWORD=changeme + +# Nextcloud DB (mariadb) +MARIADB_MYSQL_ROOT_PASSWORD=changeme +MARIADB_MYSQL_DATABASE=nextcloud +MARIADB_MYSQL_USER=nextcloud +MARIADB_MYSQL_PASSWORD=changeme + +################################################################# +############# PAPERLESS CUSTOM ENVIRONMENT VARIABLES ############ +################################################################# + +PAPERLESS_PAPERLESS_SECRET_KEY=mykey +# list of language codes here: https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster +PAPERLESS_PAPERLESS_OCR_LANGUAGE=eng,fra +PAPERLESS_PAPERLESS_ADMIN_USER=admin +PAPERLESS_PAPERLESS_ADMIN_MAIL=yourmail@domain.com +PAPERLESS_PAPERLESS_ADMIN_PASSWORD=clear_password_changeme1234 +# Prevent errors when importing PDF files with digital signatures +PAPERLESS_PAPERLESS_OCR_USER_ARGS="{\"invalidate_digital_signatures\": true}" + +################################################################# +############## GLUETUN CUSTOM ENVIRONMENT VARIABLES ############# +################################################################# + +# Wireguard custom endpoint +GLUETUN_VPN_SERVICE_PROVIDER=custom +GLUETUN_VPN_TYPE=wireguard + +GLUETUN_VPN_ENDPOINT_IP=changeme # Wireguard endpoint +GLUETUN_VPN_ENDPOINT_PORT=51820 +GLUETUN_WIREGUARD_PUBLIC_KEY=changeme +GLUETUN_WIREGUARD_PRIVATE_KEY=changeme +GLUETUN_WIREGUARD_PRESHARED_KEY=changeme # optional +GLUETUN_WIREGUARD_ADDRESSES=changeme # Wireguard LAN address \ No newline at end of file diff --git a/.env.sample b/.env.sample index 4afa6b4..894ea34 100644 --- a/.env.sample +++ b/.env.sample @@ -17,37 +17,32 @@ HTTP_USER=myuser HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes! # Host paths + containers permissions mapping +# Default = "/data/config" HOST_CONFIG_PATH="/data/config" +# Default = "/data/torrents" HOST_MEDIA_PATH="/data/torrents" -# Will be located in $HOST_MEDIA_PATH +# Default = "deluge". Will be located in $HOST_CONFIG_PATH DOWNLOAD_SUBFOLDER="deluge" -PGID=1000 -PUID=1000 +DOCUMENTS_SUBFOLDER="documents" -# Database (for Nextcloud) -MYSQL_ROOT_PASSWORD=changeme -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud -MYSQL_PASSWORD=changeme +### NFS FOR MEDIA (only required if custom docker-compose file from sample/ directory is used) +# Volume share - beware of the starting ":" +NFS_MEDIA_VOLUME=":/volume1/homes/youruser/media" +# NFS Server IP +NFS_IP="192.168.0.XXX" -# Nextcloud -NEXTCLOUD_ADMIN_USER=admin # you can change it -NEXTCLOUD_ADMIN_PASSWORD=changeme - -# Portainer -# Please ensure you encrypt your password first using this command: -# docker run -it --rm --entrypoint htpasswd ubuntu/apache2 -nbB admin your_password | cut -d ":" -f 2 | sed -e s/\\$/\\$\\$/g -PORTAINER_ADMIN_PASSWORD=changeme +# Filesystem permissions +# PUID and PGID of the disk permissions +PUID=1000 +PGID=1000 -# Flood username declared in deluge RPC daemon -FLOOD_PASSWORD=changeme # Flood Password for Deluge RPC daemon -FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false +################################################################################# +################# Various seedbox's autoconfiguration variables ################# +################################################################################# -CALIBRE_PASSWORD=mycalibrepassword +# Custom resolver for Traefik / ACME (override existing httpChallenge) +# You also have to use .env-custom by copying .env-custom.sample and uncomment / edit appropriate variables first +# See list here: https://go-acme.github.io/lego/dns/#dns-providers +# TRAEFIK_CUSTOM_ACME_RESOLVER="changeme" # example "cloudflare" or "ovh" -# Wireguard custom endpoint -WIREGUARD_ENDPOINT=changeme # Wireguard endpoint -WIREGUARD_PORT=51820 -WIREGUARD_PUBLIC_KEY=changeme -WIREGUARD_PRIVATE_KEY=changeme -WIREGUARD_ADDRESS=changeme # Wireguard LAN address \ No newline at end of file +FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false diff --git a/.gitignore b/.gitignore index 369245a..778524d 100644 --- a/.gitignore +++ b/.gitignore @@ -9,10 +9,17 @@ services.conf traefik/custom/dynamic*.yaml traefik/custom/custom-*.yaml samples/custom*/*.yaml +samples/custom*/*.yaml.disabled config.yaml services/custom/*.yaml services/custom/*.yml services/generated/*.yaml -authelia/* \ No newline at end of file +authelia/* +.env.custom +*.env +env/* +env + +docker-compose.yaml \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..e63133e --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,286 @@ +# v2.2 (The Flame 🔥) + +## What's new? + +### New services 💫 + +* ``qBittorrent``: [Torrends downloader](https://github.com/qbittorrent/qBittorrent) + * Use of ``hotio`` build ([documentation here](https://hotio.dev/containers/qbittorrent/)) with VueTorrent and native VPN support (for those who want to avoid gluetun configuration) + * Use of qBittorrent is recommended over Deluge as the project is more active and its alternative UI setup is easier (no separate container). +* ``Filebrowser``: [Lightweight filebrowser](https://github.com/filebrowser/filebrowser) +* ``Homarr``: [Dashboard](https://github.com/ajnart/homarr) +* ``Homepage``: [Dashboard](https://github.com/gethomepage/homepage) (fix #54) +* ``Mylar``: [Comic Book downloader](https://github.com/mylar3/mylar3) +* ``ntfy``: [Push notifications for your services](https://github.com/binwiederhier/ntfy) +* ``Paperless-ngx``: [Documents management](https://github.com/paperless-ngx/paperless-ngx) + +### New features ✨ + +* Set app-specific environment variables in a dedicated files to load them only for the targeted application. + See [the documentation](doc/configuration.md#environment-variables) for more details on how it works. + **Now every app customization is possible**. +* Support Traefik Custom ACME resolver (Cloudflare, OVH, you-name-it...) + See the [corresponding documentation](doc/traefik.md) to use it. +* Support remote NFS storage for media. Just replace your ``docker-compose.yaml`` by the one in the [samples](samples/docker-compose.sample.nfs.yaml) directory (keep the same ``docker-compose.yaml`` filename). See the [configuration guide section](doc/configuration.md#media-on-nfs-server) to configure properly. + +## Bugfixes and improvements ⚙️ + +* **Gluetun (vpn)** + * Use ghcr.io image + * Add ``/dev/net/tun`` mount to container + * Use non-depracated environment variables +* **Kavita (ebook library management)** + * Use LinuxServer image and adapt accordingly. Update should be seamless. +* **Overseerr** + * Use public dns to workaround network issues +* **Plex** + * Remove useless port bindings as ``network_mode`` is ``host`` for Plex. +* Cleanup old files, refactoring +* Add ``local-persist driver`` installation in init script. It contains a fix which is not (yes) published on the Github official repository. +* Fix ``komga`` default port in config.yaml sample file. +* Docker compose supported version is now at least ``2.27.0``. +* Fix #43: fix warning for jq and output format. +* Refactor ``run-seedbox.sh`` script (use of functions, move code around, tiny fixes...) +* Due to newly added app-specific environment variables, gluetun VPN config and install mode has been refined. Please see the [documentation](doc/configuration.md#vpn) for specific details. +* Add the changelog in ``CHANGELOG.md``. +* Add the current version in ``VERSION``. May be useful later for automatic upgrades between versions. + +## ⚠️ Config changes ⚠️ + +### Nextcloud and DB + +MariaDB is now a separate service, and nextcloud is still dependant on it. +In order to enable ``mariadb`` service, either refer to ``config.sample.yaml`` or add the following to your ``config.yaml`` file: + +```yaml +# [...] + - name: mariadb + enabled: true + vpn: false + traefik: + enabled: false + rules: [] +# [...] +``` + +### Variables + +Due to the refactoring of the app-specific variables (by using ``.env.custom`` file), some old variables present in ``.env`` must be moved to ``.env.custom`` and prefixed with the service name. + +> The ``run-seedbox.sh`` script will detect obsolete configuration in .env and will notify yo and stop to prevent config errors. + +If the following variables are present (not commented not absent) in your ``.env`` file, copy it in the new ``.env.custom`` file (either copy the value by using the placeholder already in place in the new file or overriding completely the file). + +| Variable in **.env** | Variable in **.env.custom** | +|---|---| +| Variables starting by ``MYSQL_`` | Add prefix ``MARIADB_`` | +| Variables starting by ``NEXTCLOUD_``| Add **another** ``NEXTCLOUD_`` prefix | +| Variables starting by ``PAPERLESS_`` | Add **another** ``PAPERLESS_`` prefix | +| Variables starting by ``PORTAINER_``| Add **another** ``PORTAINER_`` prefix | +| Variable named ``FLOOD_PASSWORD`` | ``FLOOD_FLOOD_PASSWORD`` | +| Variable named ``CALIBRE_PASSWORD`` | ``CALIBRE_CALIBRE_PASSWORD`` | +| Variable named ``WIREGUARD_ENDPOINT`` | ``GLUETUN_VPN_ENDPOINT_IP`` | +| Variable named ``WIREGUARD_PORT`` | ``GLUETUN_VPN_ENDPOINT_PORT`` | +| Variable named ``WIREGUARD_PUBLIC_KEY`` | ``GLUETUN_WIREGUARD_PUBLIC_KEY`` | +| Variable named ``WIREGUARD_PRIVATE_KEY`` | ``GLUETUN_WIREGUARD_PRIVATE_KEY`` | +| Variable named ``WIREGUARD_PRESHARED_KEY`` | ``GLUETUN_WIREGUARD_PRESHARED_KEY`` | +| Variable named ``WIREGUARD_ADDRESS`` | ``GLUETUN_WIREGUARD_ADDRESSES`` (**plural!**) | + +# v2.1 (The Pearl ⚪) + +## What's new? +- Plex is now in host network mode. You can safely ignore warnings when Plex image is updated. With host mode, you'll be able to distinct local vs remote connections to Plex in Tautulli (and in Plex dashboard) if your server is at home. +- New services available: [Calibre](https://github.com/linuxserver/docker-calibre) + [Calibre-web](https://github.com/linuxserver/docker-calibre-web) added. They are disabled by default. + +## Fixes + +- Fix typo in gluetun PGID variable +- Documentation wording edits (thanks again @tromcho) +- Fix #24: now you can add .torrent files in deluge again +- Fix #37: Portainer port + explanation for password generation in .env.sample file +- Fix #32: Now you can specify which ``docker compose`` binary to use. Useful when using ``docker-compose`` binary, even for v2. Defaults to "docker-compose" for retro-compatibility purposes. Please check [.env.sample](.env.sample). +- Fix #20: New documentation in [doc/apps/deluge-flood.md](doc/apps/deluge-flood.md) to explain how deluge must be configured for Flood to work. +- Remove Traefik pilot token, as the feature has been removed from Traefik itself. + +# v2.0 (The Swan 🦢) + +**Seedbox version 2 is here!** 🔥 + +Since there are some breaking changes and a configuration structure migration, a major version was mandatory. + +## What's new? + +* **Configuration change to new YAML format** + * Run ``config-updater.sh`` to migrate your old services.conf to the new config.yaml format. + * ⚠️ ``jq`` (v1.5+) and ``yq`` (v4+) are now requirements + * Easier feature switches + * If a service is missing, it won't be enabled by default like before. The config is now more declarative. + * Traefik routing rules are now dynamically generated in a file in Traefik config directory, so no more Docker labels. They became hard to maintain due to all possibilities caused by VPN support or custom files for example. + * New config syntax documented in the [Configuration Guide](doc/configuration.md#configuration-structure-and-parameters). +* **VPN support** + * With ``gluetun`` service, you can now place any service behind a VPN. + * Default gluetun configuration is Wireguard "custom" mode, but see below... + * More details in the [VPN section of the Configuration Guide](doc/configuration.md#vpn). +* **Support custom services and docker-compose yaml files** + * Place a docker-compose yaml file in ``services/custom/`` directory, add a service in your config.yaml specifying a ``customFile``, and you are set. + * Support Plex hardware transcoding using a custom-file, already available in the ``services`` directory (just specify a ``customFile`` on plex service - see [config.sample.yaml](config.sample.yaml)). + * More details in the [Configuration Guide](doc/configuration.md#add-your-own-service). +* **Support arbitrary Traefik rules** + * Place a Traefik YAML in ``samples/custom-traefik/`` directory, it will be copied in the Traefik configuration folder. + * Ideal to forward traffic to other services which do not belong to this seedbox. + * More details in [this section of the Configuration Guide](doc/configuration.md#integration-with-other-services-custom-traefik-config) +* **Disable certificates for some domains** + * Using the flag ``httpOnly: true`` on a service, access any service in unsecure mode, delegating certificates management on a higher level (reverse proxy, firewall...). More details in the [Configuration Guide](doc/configuration.md#disable-https-completely). +* **Multiple hosts for any services** + * The new config structure allows for more customization, for example you can now have many routes on the same service. Let's say, a local unsecured route + a secured one for remote access. Or anything you want. +* **More customization** + * Such as http authentication which is no more hardcoded but configurable for each service. + * Configurable paths on host for persistent data +* **New services** + * ``Gluetun``: [VPN client (see above)](https://github.com/qdm12/gluetun) + * ``Heimdall``: [Dashboard](https://github.com/linuxserver/Heimdall) + * ``Readarr``: [Ebook and comic monitor](https://github.com/Readarr/Readarr) + * ``Komga``: [Comic Book Manager](https://github.com/gotson/komga) + * ``Kavita``: [Comic / Book Manager](https://github.com/Kareadita/Kavita) + * ``Syncthing``: [P2P files synchronization](https://github.com/linuxserver/docker-syncthing) +* ⚠️ Docker compose v2.2+ is now required + +And also: + +* ``update-all.sh`` is now called ``run-seedbox.sh`` but its purpose is the same. +* More checks in ``run-seedbox.sh``. For example, throws an error if Flood is enabled but not Deluge, or if VPN is enabled on a service but the VPN client is not. +* You can now specify where your data lives on your host through new environments variables (see [.env.sample](.env.sample)). + * This change is backward-compatible as the ``run-seedbox.sh`` script will default to the old "/data/torrents" and "/data/config" paths if these variables are not set. +* ``networks:`` section is now aligned with the new docker compose syntax +* ⚠️ Nextcloud-db has moved. It is now in ``/data/config`` (or somewhere else if you set the new variables for host paths) (see below how to mitigate the errors). [See the dedicated section below](#nextcloud-db-has-moved). +* Disable Traefik access logs +* New flag ``--debug`` for ``run-seedbox.sh`` to see what is happening during configuration parsing. +* Releases are named after LOST mythology. I exhausted all the characters of Person of Interest, so that's time for a change. Only geeks will get it, I know. + +## Some reading about configuration + +📖 Do not forget to read the [Configuration Guide](doc/configuration.md). + +## How to migrate + +```sh +./config-updater.sh +# Check the content of your .env file (in comparison with .env.sample which brings new variables) +# Also, check your generated config.yaml and read the config documentation (in doc/configuration.md) +./run-seedbox.sh +``` + +When everything runs smoothly, you can delete your old configuration file which is now useless: + +```sh +rm -f services.conf +``` + +> ⚠️ Also, please make sure you have read the next section about Nextcloud Database location. + +## Nextcloud-db has moved + +Since commit e4ede925a8ce09b177206f30487a889da9e10334, nextcloud-db directory (mapped on /var/lib/mysql) has moved from +``/data/nextcloud-db`` to ``$HOST_CONFIG_PATH/nextcloud-db`` (*/data/config/nextcloud-db by default*). + +To ensure a smooth transition, you will have to move the directory nextcloud-db into the correct new location, then run some commands to fix the schema: + +```sh +mv /data/nextcloud-db/ /data/config/ +./run-seedbox.sh +source .env +docker exec -it nextcloud-db mysql_upgrade -u root -p${MYSQL_ROOT_PASSWORD} +docker restart nextcloud nextcloud-db +``` + +Ensure everything runs nicely by looking at nextcloud-db and nextcloud logs, and by accessing your Nextcloud web UI. + +# v1.5 (Carl Elias) + +## Changes + +- **Prowlarr is set to develop branch** + +## Fixes and improvements + +- Fix docker-compose timeout variable +- JDownloader now always restarts (align behavior with all services) +- Tiny improvements on Nextcloud + - Fix startup command + - New script *update-nextcloud.sh* to update to latest sources and perform Nextcloud upgrades + +# v1.4 (Jocelyn Carter) + +## New + +- **Add Ombi** (disabled by default) +- **Add Overseer** +- **Add Prowlarr** (alternative to Jackett with *arr softwares indexers auto-sync) (*still in alpha*) +- **Add Flood UI** for Deluge (connects directly to Deluge daemon). It is still experimental. Beware of new environment variables in **.env.sample**, used to set password for Deluge RPC connection and (optional) auto-creation of the Deluge "flood" daemon user. +A ``sudo chown -R ${PUID}:${PGUID} /data/config/flood`` should be done if permissions are not correctly set when starting flood (see its logs). +- services.conf file is now per-user, so in this repository there is only the sample file now. Existing services.conf files will be retained, so there should be no impact for users. A warning is now displayed if there is a new service in services.conf.sample to alert users about a configuration "drift" between their file and the "upstream" one. + +## Improvements + +- Add ``--no-pull`` flag to ``update-all.sh`` script, which skips the pull step. Useful when configuring/debugging/recreating containers. +- Netdata tag is now "**stable**", and Docker socket is mounted as read-only. + +# v1.3 (Samantha Groves) + +## New + +- Sonarr and Lidarr are now on tag *develop* +- Tdarr is now v2 only, all configuration has moved and no procedure to migrate v1 config exist. + +## Improvements + +- Fix Nextcloud init script +- Fix typos + +# v1.2 (Lionel Fusco) + +## New + +- Use ghcr.io as registry when possible to limit DockerHub rate limits +- Add FlareSolverr to bypass Cloudflare protection with some Jackett indexers +- Possibility to disable each service separately. See README.md + +## Improvements + +- Netdata: enable new metrics by mapping more host volumes +- Split docker-compose.yml into separate YAML files. Now easier to use, hack and maintain. +- Explicit tag on Tdarr, as v2 is out and migration is not done yet. + +## Warning + +- Docker-compose 1.28+ is now required. +- After upgrading, all containers will be recreated. No data will be lost. It is due to the new file structure. + +# v1.1 (Sameen Shaw) + +Maintenance release with the following changes: + +- Added [Tdarr](https://github.com/HaveAGitGat/Tdarr) service +- Nextcloud now uses Linuxserver.io image, and has its own database (MariaDB). +- Radarr updated to V3 (channel is now develop) +- Traefik rules and labels a bit simplified (entrypoint declaration is now global for example) + +# v1.0 (Harold Finch) + +After Traefik 2 update, here's the first milestone. + +Initial changelog: +- Traefik v2 with configuration through environment only (config files work out-of-the-box) +- Automatic Let's Encrypt certificates creation and renewal. Launch it and forget it! +- Persistent storage (by using ``local-persist`` docker plugin) + - For media/downloads + - For configuration files (easier to backup) +- Shared HTTP authentication for services which have no build-in login enabled by default +- Traefik console enabled and secured by default +- Global HTTP to HTTPS redirection +- Permissions mapping by the use of GID/UID environment variables in containers +- Easy to install: see README.md +- Easy to update + - ``git pull`` + - ``./update-all.sh`` +- All is hackable diff --git a/README.md b/README.md index 1c2fbc6..b154e59 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Plex | plex.yourdomain.com | [linuxserver/plex](https://hub.docker.com/r/linuxserver/plex) | *latest* | Media Streaming | | Deluge | deluge.yourdomain.com | [linuxserver/deluge](https://hub.docker.com/r/linuxserver/deluge) | *latest* | Torrents downloader | | Flood | flood.yourdomain.com | [jesec/flood](https://hub.docker.com/r/jesec/flood) | *latest* | Web client for Deluge (experimental) | +| qBitTorrent | qbittorrent.yourdomain.com | [hotio/qbittorrent](cr.hotio.dev/hotio/qbittorrent) | *latest* | Torrents downloader + VuTorrent alternative WebUI built-in | | Sonarr | sonarr.yourdomain.com | [linuxserver/sonarr](https://hub.docker.com/r/linuxserver/sonarr) | *develop* | TV Shows monitor | | Radarr | radarr.yourdomain.com | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr) | *develop* | Movies monitor | | Bazarr | bazarr.yourdomain.com | [linuxserver/bazarr](https://hub.docker.com/r/linuxserver/bazarr) | *latest* | Subtitles monitor | @@ -42,28 +43,34 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Calibre | calibre-admin.yourdomain.com | [linuxserver/calibre](https://hub.docker.com/r/linuxserver/calibre) | *latest* | eBook management | | Calibre-web | calibre.yourdomain.com | [linuxserver/calibre-web](https://hub.docker.com/r/linuxserver/calibre-web) | *nightly* | Book management UI | | Komga | komga.yourdomain.com | [gotson/komga](https://hub.docker.com/r/gotson/komga) | *latest* | Comic Book Manager | -| Kavita | Kavita.yourdomain.com | [gotson/komga](https://hub.docker.com/r/gotson/komga) | *latest* | Comic Book Manager | +| Kavita | Kavita.yourdomain.com | [linuxserver/kavita](https://docs.linuxserver.io/images/docker-kavita/) | *latest* | Comic Book Manager | | Ombi | ombi.yourdomain.com | [linuxserver/ombi](https://hub.docker.com/r/linuxserver/ombi) | *latest* | Plex content requests | | Overseerr | overseerr.yourdomain.com | [linuxserver/overseerr](https://hub.docker.com/r/linuxserver/overseerr) | *latest* | Plex content requests | | Jackett | jackett.yourdomain.com | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett) | *latest* | Tracker indexer | | Prowlarr | prowlarr.yourdomain.com | [linuxserver/prowlarr](https://hub.docker.com/r/linuxserver/prowlarr) | *develop* | Tracker indexer | | JDownloader | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest* | Direct downloader | -| Tautulli (plexPy) | tautulli.yourdomain.com | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli) | *latest* | Plex stats and admin| +| Mylar3 | mylar.yourdomain.com | [linuxserver/mylar3](https://lscr.io/linuxserver/mylar3)| *latest* | Comics manager | +| Tautulli (plexPy) | tautulli.yourdomain.com | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli) | *latest* | Plex stats and admin | +| ntfy | ntfy.yourdomain.com | [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy) | *latest* | Notifications manager | | Tdarr | tdarr.yourdomain.com | [haveagitgat/tdarr](https://hub.docker.com/r/haveagitgat/tdarr) | *latest* | Re-encode files | | NextCloud | nextcloud.yourdomain.com | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud) | *latest* | Files management | | NextCloud-db (MariaDB) | *not reachable* | [mariadb](https://hub.docker.com/r/_/mariadb) | *10* | DB for Nextcloud | +| Filebrowser | files.yourdomain.com | [filebrowser/filebrowser](https://hub.docker.com/r/filebrowser/filebrowser) | *s6* | Files explorer | +| Paperless-ngx | paperless.yourdomain.com | [paperless-ngx/paperless-ngx](ghcr.io/paperless-ngx/paperless-ngx) | *latest* | Documents management and archiving (**BETA**) | | Portainer | portainer.yourdomain.com | [portainer/portainer](https://hub.docker.com/r/portainer/portainer) | *latest* | Container management| | Netdata | netdata.yourdomain.com | [netdata/netdata](https://hub.docker.com/r/netdata/netdata) | *latest* | Server monitoring | | Duplicati | duplicati.yourdomain.com | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest* | Backups | | Heimdall | yourdomain.com | [linuxserver/heimdall](https://hub.docker.com/r/linuxserver/heimdall)| *latest* | Main dashboard | +| Homarr | homarr.yourdomain.com | [ajnart/homarr](https://ghcr.io/ajnart/homarr)| *latest* | Main dashboard (alt) | +| Homepage | homepage.yourdomain.com | [gethomepage/homepage](ghcr.io/gethomepage/homepage)| *latest* | Main dashboard (alt) | | Syncthing | syncthing.yourdomain.com | [linuxserver/syncthing](https://hub.docker.com/r/linuxserver/syncthing) | *latest* | P2P files sharing | | Traefik | traefik.yourdomain.com | [traefik](https://hub.docker.com/_/traefik) | *latest* | Traefik reverse proxy (access to admin dashboard) | -| Gluetun | - | [qmcgaw/gluetun](https://hub.docker.com/r/qmcgaw/gluetun)| *latest* | VPN client | +| Gluetun | - | [qdm12/gluetun](https:/ghcr.io/qdm12/gluetun)| *latest* | VPN client | | *Any application you want!* | *whatever.yourdomain.com* | *Any image* | *Any tag* | *Any service - See the [Configuration Guide](doc/configuration.md)* | ## 🌐 Traefik -The front-end reverse proxy (Traefik - **check [this guide](doc/traefik_v2.md) if you still have the seedbox with Traefik v1**) routes based on the lowest level subdomain (e.g. `deluge.example.com` would route to deluge). Since this is how the router works, it is recommended for you to get a top level domain. If you do not have one, you can edit your domains locally by changing your hosts file or use a browser plugin that changes the host header. +The front-end reverse proxy (Traefik - **check [this guide](doc/traefik_v2_upgrade.md) if you still have the seedbox with Traefik v1**) routes based on the lowest level subdomain (e.g. `deluge.example.com` would route to deluge). Since this is how the router works, it is recommended for you to get a top level domain. If you do not have one, you can edit your domains locally by changing your hosts file or use a browser plugin that changes the host header. Traefik takes care of valid Let's Encrypt certificates and auto-renewal. @@ -77,8 +84,8 @@ Check the [Configuration Guide](doc/configuration.md). ### Dependencies - [Docker](https://github.com/docker/docker) >= 20.10 -- [Docker Compose](https://github.com/docker/compose) >= 2.2 *(2.16+ recommended)* -- [local-persist Docker plugin](https://github.com/MatchbookLab/local-persist): installed directly on host (not in container). This is a volume plugin that extends the default local driver’s functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to always persist, even if the volume is removed via `docker volume rm`. Use *systemd* install for Ubuntu. +- [Docker Compose](https://github.com/docker/compose) >= 2.27.0 +- [local-persist Docker plugin](https://github.com/MatchbookLab/local-persist): installed directly on host (not in container). This is a volume plugin that extends the default local driver’s functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to always persist, even if the volume is removed via `docker volume rm`. Use *systemd* install for Ubuntu. **Since v2.2 the install script is bundled in seedbox's init script.** - [jq](https://stedolan.github.io/jq/download/) >= 1.5 - [yq](https://github.com/mikefarah/yq/releases) >= 4 @@ -92,7 +99,7 @@ sudo su -c "mkdir /data && mkdir /data/config && mkdir /data/torrents" ./init.sh ``` -Edit the `.env` file and change the variables as desired. +Edit the ``.env`` and ``.env.custom`` files and change the variables as desired. The variables are all self-explanatory. ### Review the configuration diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..6161878 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +2.2 \ No newline at end of file diff --git a/config.sample.yaml b/config.sample.yaml index 3b465e6..7b1f219 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -29,6 +29,15 @@ services: - host: flood.${TRAEFIK_DOMAIN} httpAuth: true internalPort: 3000 + - name: qbittorrent + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: qbittorrent.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 8080 - name: plex enabled: true vpn: false @@ -137,7 +146,7 @@ services: rules: - host: komga.${TRAEFIK_DOMAIN} httpAuth: false - internalPort: 8080 + internalPort: 25600 - name: kavita enabled: false vpn: false @@ -147,6 +156,15 @@ services: - host: kavita.${TRAEFIK_DOMAIN} httpAuth: false internalPort: 5000 + - name: mylar + enabled: true + vpn: false + traefik: + enabled: true + rules: + - host: mylar.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 8090 - name: ombi enabled: false vpn: false @@ -174,6 +192,15 @@ services: - host: tautulli.${TRAEFIK_DOMAIN} httpAuth: false internalPort: 8181 + - name: ntfy + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: ntfy.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 2586 - name: jdownloader enabled: true vpn: false @@ -192,6 +219,12 @@ services: - host: tdarr.${TRAEFIK_DOMAIN} httpAuth: true internalPort: 8265 + - name: mariadb + enabled: false + vpn: false + traefik: + enabled: false + rules: [] - name: nextcloud enabled: true vpn: false @@ -202,6 +235,24 @@ services: httpAuth: false internalPort: 443 internalScheme: https + - name: filebrowser + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: files.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 8234 + - name: paperless + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: paperless.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 8000 - name: portainer enabled: true vpn: false @@ -248,6 +299,24 @@ services: - host: ${TRAEFIK_DOMAIN} httpAuth: true internalPort: 80 + - name: homarr + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: homarr.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 7575 + - name: homepage + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: homepage.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 3000 # Gluetun is the VPN client service. - name: gluetun enabled: false diff --git a/doc/UPGRADE_V2.md b/doc/UPGRADE_V2.md index 916b86d..9f72f86 100644 --- a/doc/UPGRADE_V2.md +++ b/doc/UPGRADE_V2.md @@ -7,7 +7,7 @@ Since there are some breaking changes and a configuration structure migration, a ## What's new? * **Configuration change to new YAML format** - * Run ``config-updater.sh`` to migrate your old services.conf to the new config.yaml format. + * Run ``cd tools/config-updater && ./config-updater.sh`` to migrate your old services.conf to the new config.yaml format. * ⚠️ ``jq`` (v1.5+) and ``yq`` (v4+) are now requirements * Easier feature switches * If a service is missing, it won't be enabled by default like before. The config is now more declarative. @@ -60,9 +60,11 @@ And also: ## How to migrate ```sh +cd tools/config-updater ./config-updater.sh # Check the content of your .env file (in comparison with .env.sample which brings new variables) # Also, check your generated config.yaml and read the config documentation (in doc/configuration.md) +cd ../.. ./run-seedbox.sh ``` diff --git a/doc/configuration.md b/doc/configuration.md index 278f515..75de564 100644 --- a/doc/configuration.md +++ b/doc/configuration.md @@ -13,6 +13,7 @@ * [Default mode - Wireguard custom](#default-mode---wireguard-custom) * [Your own mode (VPN provider supported by gluetun)](#your-own-mode-vpn-provider-supported-by-gluetun) * [How is VPN handled?](#how-is-vpn-handled) +* [Media on NFS server](#media-on-nfs-server) * [Make the services communicate with each other](#make-the-services-communicate-with-each-other) * [How does the configuration work?](#how-does-the-configuration-work) * [Apps configuration](#apps-configuration) @@ -132,11 +133,39 @@ Some general rules: Also, do not forget to edit your ``.env`` file, which is where all the data which will be sent to containers (passwords, tokens, uid for disk permission...) lives. +> ⚠️ Since v2.2 release, environment variable live in two places: ``.env`` for common/global variables, common for the whole stack, and ``.env.custom`` where variables are specific for services **and prefixed with the service name**. Read below for forther explanations. + +### Global variables + +All variables releated to the stack itself live in the ``.env`` file. They concern: + +* Traefik configuration (domain name, ACME mail, http-auth credentials...) +* Disk UUID/GUID +* Timezone +* Paths on your system/network and directories to organize your data and map docker volumes + +### Services variables + +This is a new feature in v2.2. For variables specific for a service, they are located in two places: + +* directly in the docker-compose service file (for example the one for [ntfy](../services/ntfy.yaml)) under the ``environment:`` section. Mostly, they are generic here and do not contain sensitive information or customization. +* in the [.env.custom](../.env.custom.sample) file, where variables **must be prefixed with the service name in uppercase and a "_"**, they will be injected on the corresponding service. + +*Example*: let's say you have a service called ``WONDERFULAPP``, and want it to use the environment variable ``MYKEY`` with the value ``ImAwesome``. +Simply add the following line in ``.env.custom``: + +```yaml +#[...] +# Add this line to add the variable "MYKEY" with value "ImAwesome" to the service "WONDERFULAPP". +WONDERFULAPP_MYKEY: "ImAwesome" +#[...] +``` + ## Add your own service Let's say you want to add a container nginx without interfering or creating conflicts in this git repository. That's possible. -Start by creating a file named nginx.yaml in the [services/custom/](services/custom/) directory: +Start by creating a file named nginx.yaml in the [services/custom/](../services/custom/) directory: ```yaml services: @@ -234,14 +263,23 @@ By default, the file used is [gluetun.yaml](../services/gluetun.yaml), which is ### Default mode - Wireguard custom -* Edit the ``.env`` file and replace the Wireguard variables with your own (take them in ``.env.sample``). -* Enable ``gluetun`` service. +* Edit the ``.env.custom`` file and replace the Gluetun/Wireguard variables with your own (take them in ``.env.custom.sample``). +* Enable ``gluetun`` service in ``config.yaml``. * Enable vpn (``vpn: true``) on any service. * Run ``./run-seedbox.sh``. * The service now uses Wireguard. If gluetun is down or if the VPN link is broken, your service won't have any access to Internet. ### Your own mode (VPN provider supported by gluetun) +> Old way of doing "your own mode" is deprecated (since v2.2) now that custom environment variables are available for all the services. + +#### Proper way (since v2.2) + +* Just edit the ``.env.custom`` file and adapt ``GLUETUN_VPN_SERVICE_PROVIDER``, ``GLUETUN_VPN_TYPE`` and all required variables based on your provider/configuration. **Do not forget to prefix all variables coming from Gluetun documentation with ``GLUETUN_``**. +* All possible environment variables for Gluetun are documented [here](https://github.com/qdm12/gluetun-wiki/tree/main/setup/providers). + +#### Legacy mode (**deprecated**) + * Create a ``gluetun-custom.yaml`` in the [services/custom/](../services/custom/) directory. You can duplicate [this one](../services/gluetun.yaml) to avoid starting from scratch. * Adapt it to your needs (variables, mode...) according to your provider. * Add all variables you may need (used in your custom yaml file) in your ``.env`` file (replacing the wireguard ones). @@ -257,9 +295,19 @@ Behind the scenes, the ``run-seedbox.sh`` script will mainly add 2 overrides whe * Adds a file in [services/generated/](../services/generated/) which adds a ``network_mode: gluetun`` for your service. * Specify in Traefik rule that the backend host is gluetun instead of the service directly. +## Media on NFS Server + +If your media is not on the same machine as your containers, do the following: + +* Configure a NFS share on the network. +* Use the ``docker-compose.sample.nfs.yaml`` from the ``samples`` directory by copying it at the project root level and name it ``docker-compose.yaml``. +* Specify in ``.env`` the following variables: + * ``NFS_IP``: the IP of your NFS server + * ``NFS_MEDIA_VOLUME``: the volume of the share (it must start with ":/"). + ## Make the services communicate with each other -With docker-compose, all services are in the same Docker network (it is called ``traefik-network`` and is defined [here](../docker-compose.yaml)). Docker provides DNS resolution in the same network based on the name of the services, which act as hostnames. +With docker-compose, all services are in the same Docker network (it is called ``traefik-network`` and is defined [here](../docker-compose.sample.yaml)). Docker provides DNS resolution in the same network based on the name of the services, which act as hostnames. So, for example, in order to setup Deluge in Sonarr, just add ``http://deluge:8112`` in the Download Clients settings section in Sonarr. diff --git a/doc/traefik.md b/doc/traefik.md new file mode 100644 index 0000000..70b8342 --- /dev/null +++ b/doc/traefik.md @@ -0,0 +1,18 @@ +# Traefik configuration + +## Table of content + +* [Use custom ACME provider](#use-custom-acme-provider) + +## Use custom ACME provider + +In order to use something else than the default HTTP challenge, you can set the variable ``TRAEFIK_CUSTOM_ACME_RESOLVER`` to the provider you want to use ([list of provider codes is here](https://doc.traefik.io/traefik/https/acme/#providers)) (e.g. ``cloudflare``) in your ``.env``. + +Then, configure the required environment variables (listed in the above referenced list) in ``.env.custom`` file. +For example, with Cloudflare you should *at least* set both ``CF_API_EMAIL`` and ``CF_API_KEY``. + +Then, the usual: + +```sh +./run-seedbox.sh +``` diff --git a/doc/traefik_v2.md b/doc/traefik_v2_upgrade.md similarity index 100% rename from doc/traefik_v2.md rename to doc/traefik_v2_upgrade.md diff --git a/docker-compose.yaml b/docker-compose.sample.yaml similarity index 85% rename from docker-compose.yaml rename to docker-compose.sample.yaml index 97e8dcb..357be7e 100644 --- a/docker-compose.yaml +++ b/docker-compose.sample.yaml @@ -1,5 +1,3 @@ -version: "3.8" - ############################################################################# ## Services are now located in separate files, in the services directory. ## ############################################################################# @@ -23,3 +21,7 @@ volumes: driver: local-persist driver_opts: mountpoint: $HOST_MEDIA_PATH/$DOWNLOAD_SUBFOLDER + documents: + driver: local-persist + driver_opts: + mountpoint: $HOST_MEDIA_PATH/$DOCUMENTS_SUBFOLDER diff --git a/init.sh b/init.sh index 061c564..52473ef 100755 --- a/init.sh +++ b/init.sh @@ -1,10 +1,29 @@ #!/bin/bash echo "[$0] Initializing..." + +# Create docker network docker network create traefik-network 2>&1 || true + +echo "Installing local-persist docker driver... (will prompt for password for sudo access)" +sudo tools/local-persist.sh + +# Copy env file if [[ ! -f .env ]]; then cp .env.sample .env echo "[$0] Please edit .env file" fi + +# Copy custom env file +if [[ ! -f .env.custom ]]; then + cp .env.custom.sample .env.custom + echo "[$0] Please edit .env.custom file if you want more customization (see documentation)." +fi + +# Copy sample docker compose file +if [[ ! -f docker-compose.yaml ]]; then + cp docker-compose.sample.yaml docker-compose.yaml +fi + echo "[$0] Done." exit 0 \ No newline at end of file diff --git a/run-seedbox.sh b/run-seedbox.sh index 96bb827..1b0f718 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -3,7 +3,7 @@ set -e # Load common functions -source config/tools.sh +source tools/tools.sh # Check that required tools are installed check_utilities @@ -27,7 +27,7 @@ for i in "$@"; do done cleanup_on_exit() { - rm -f rules.props *-vpn.props config.json + rm -f rules.props *-vpn.props *-envfile.props config.json } trap cleanup_on_exit EXIT @@ -46,10 +46,83 @@ if [[ ! -f .env ]]; then exit 1 fi +if [[ ! -f .env.custom ]]; then + echo "[$0] ERROR. \".env.custom\" file not found. Please copy \".env.custom.sample\" and edit its values. Be aware that since v2.2 update, some variables from .env must be moved to .env.custom. When done, re-run this script." + exit 1 +fi + +if [[ ! -f docker-compose.yaml ]]; then + echo "[$0] ERROR. \"docker-compose.yaml\" file not found. Please copy \"docker-compose.sample.yaml\" and edit its values if you need customization. Then, re-run this script." + exit 1 +fi + +# Check if there are obsolete config still in .env but should be moved to .env.custom +if [[ $(grep "^MYSQL_.*" .env | wc -l) != 0 || $(grep "^WIREGUARD_.*" .env | wc -l) != 0 || $(grep "^NEXTCLOUD_.*" .env | wc -l) != 0 || $(grep "^PORTAINER_.*" .env | wc -l) != 0 || $(grep "^FLOOD_PASSWORD.*" .env | wc -l) != 0 || $(grep "^CALIBRE_PASSWORD.*" .env | wc -l) != 0 || $(grep "^PAPERLESS_.*" .env | wc -l) != 0 ]]; then + echo "/!\ Some obsolete config has been detected in your .env." + echo "It should be moved in .env.custom as they apply to specific app (this is new since v2.2 update - see documentation)." + echo "" + echo "Please refer to the .env.custom file to see which variables should be ported to the new file." + echo "Exiting now as bad configuration for your services may break your config." + echo "" + echo "Run this script again when variables has been moved to the correct file." + read -r -p "Do you want more explanation (Y/n) ? " help_wanted + if [[ "$help_wanted" =~ ^([yY][eE][sS]|[yY])$ ]] + then + echo "These are the variables you must move to .env.custom:" + echo "" + echo " Variables starting by \"MYSQL_\" (if there are some) ==> Add prefix MARIADB_ in .env.custom" + echo " Variables starting by \"NEXTCLOUD_\" (if there are some) ==> Add another NEXTCLOUD_ prefix in .env.custom" + echo " Variables starting by \"PAPERLESS_\" (if there are some) => Add another PAPERLESS_ prefix in .env.custom" + echo " Variables starting by \"PORTAINER_\" (if there are some) ==> Add another PORTAINER_ prefix in .env.custom" + echo " Variable named \"FLOOD_PASSWORD\" (if existing) ==> Add another FLOOD_ prefix in .env.custom" + echo " Variable named \"CALIBRE_PASSWORD\" (if existing) ==> Add another CALIBRE_ prefix in .env.custom" + echo " Variable named \"WIREGUARD_ENDPOINT\" (if existing) ==> Replace by GLUETUN_VPN_ENDPOINT_IP in .env.custom" + echo " Variable named \"WIREGUARD_PORT\" (if existing) ==> Replace by GLUETUN_VPN_ENDPOINT_PORT in .env.custom" + echo " Variable named \"WIREGUARD_PUBLIC_KEY\" (if existing) ==> Replace by GLUETUN_WIREGUARD_PUBLIC_KEY in .env.custom" + echo " Variable named \"WIREGUARD_PRIVATE_KEY\" (if existing) ==> Replace by GLUETUN_WIREGUARD_PRIVATE_KEY in .env.custom" + echo " Variable named \"WIREGUARD_PRESHARED_KEY\" (if existing) ==> Replace by GLUETUN_WIREGUARD_PRESHARED_KEY in .env.custom" + echo " Variable named \"WIREGUARD_ADDRESS\" (if existing) ==> Replace by GLUETUN_WIREGUARD_ADDRESSES (**plural!**) in .env.custom" + else + echo "Ok bye." + fi + exit 1 +fi + # Create/update http_auth file according to values in .env file source .env echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth +if [[ ! -d env ]]; then + mkdir -p env +fi + +# Sanitize and extract variable (without prefixes) from .env.custom file +# Input => $1 = app name (exemple traefik) +# Output => app_name.env written with correct variables (exemple: traefik.env) +extract_custom_env_file() { + # sed explanation: + # 1 => Remove all lines starting with a comment (#) + # 2 => Remove all empty lines + # 3 => Remove all lines *NOT* starting by [uppercase_app_name + "_"] (exemple TRAEFIK_) + # 4 => Remove the pattern [uppercase_app_name + "_"] + sed '/^#/d' .env.custom | sed '/^$/d' | sed -n "/^${1^^}_/p" | sed "s/^${1^^}_//g" > env/$1.env +} + +## Traefik Certificate Resolver tweaks +if [[ ! -z ${TRAEFIK_CUSTOM_ACME_RESOLVER} ]]; then + if [[ ! -f .env.custom ]]; then + echo "[$0] Error. You need to have a .env.custom in order to use TRAEFIK_CUSTOM_ACME_RESOLVER variable." + exit 1 + fi + if [[ ${TRAEFIK_CUSTOM_ACME_RESOLVER} == "changeme" ]]; then + echo "[$0] Error. Wrong value for TRAEFIK_CUSTOM_ACME_RESOLVER variable." + exit 1 + fi + yq 'del(.certificatesResolvers.le.acme.httpChallenge)' -i traefik/traefik.yaml + yq '(.certificatesResolvers.le.acme.dnsChallenge.provider="'${TRAEFIK_CUSTOM_ACME_RESOLVER}'")' -i traefik/traefik.yaml + extract_custom_env_file traefik +fi + # Docker-compose settings export COMPOSE_HTTP_TIMEOUT=240 @@ -72,39 +145,62 @@ echo "[$0] ***** Checking configuration... *****" yq eval -o json config.yaml > config.json -if [[ ${CHECK_FOR_OUTDATED_CONFIG} == true ]]; then +if [[ "${CHECK_FOR_OUTDATED_CONFIG}" == true ]]; then nb_services=$(cat config.json | jq '.services | length') nb_services_sample=$(yq eval -o json config.sample.yaml | jq '.services | length') if [[ $nb_services_sample -gt $nb_services ]]; then echo "[$0] There are more services in the config.sample.yaml than in your config.yaml" echo "[$0] You should check config.sample.yaml because it seems there are new services available for you:" - diff -u config.yaml config.sample.yaml | grep "name:" | grep -E "^\+" || true + diff -u config.yaml config.sample.yaml | grep "name:" | grep -E "^\+" | sed "s/+ - name:/-/g" || true fi fi +# Internal function which checks another function's number ($2) and return a boolean instead +check_result_service() { + #$1 => service + #$2 => nb to check + if [[ $2 == 0 ]]; then + false; return + elif [[ $2 == 1 ]]; then + true; return + else + echo "[$0] Error. Service \"$1\" is enabled more than once. Check your config.yaml file." + exit 1 + fi +} + +# Check if a service ($1) has been enabled in the config file +is_service_enabled() { + local nb=$(cat config.json | jq --arg service $1 '[.services[] | select(.name==$service and .enabled==true)] | length') + check_result_service $1 $nb +} + +# Check if a service ($1) has been enabled AND has vpn enabled in the config file +has_vpn_enabled() { + local nb=$(cat config.json | jq --arg service $1 '[.services[] | select(.name==$service and .enabled==true and .vpn==true)] | length') + check_result_service $1 $nb +} + # Check if some services have vpn enabled, that gluetun itself is enabled nb_vpn=$(cat config.json | jq '[.services[] | select(.enabled==true and .vpn==true)] | length') -gluetun_enabled=$(cat config.json | jq '[.services[] | select(.name=="gluetun" and .enabled==true)] | length') -if [[ ${nb_vpn} -gt 0 && ${gluetun_enabled} == 0 ]]; then +if [[ ${nb_vpn} -gt 0 ]] && ! is_service_enabled gluetun; then echo "[$0] ERROR. ${nb_vpn} VPN-enabled services have been enabled BUT gluetun has not been enabled. Please check your config.yaml file." - echo "[$0] ******* Exiting *******" exit 1 fi # Determine what host Flood should connect to # => If deluge vpn is enabled => gluetun # => If deluge vpn is disabled => deluge -if [[ $(cat config.json | jq '[.services[] | select(.name=="flood" and .enabled==true)] | length') -eq 1 ]]; then +if is_service_enabled flood; then # Check that if flood is enabled, deluge should also be enabled - if [[ $(cat config.json | jq '[.services[] | select(.name=="deluge" and .enabled==false)] | length') -eq 1 ]]; then + if ! is_service_enabled deluge; then echo "[$0] ERROR. Flood is enabled but Deluge is not. Please either enable Deluge or disable Flood as Flood depends on Deluge." - echo "[$0] ******* Exiting *******" exit 1 fi # Determine deluge hostname (for flood) based on the VPN status (enabled or not) of deluge - if [[ $(cat config.json | jq '[.services[] | select(.name=="deluge" and .enabled==true and .vpn==true)] | length') -eq 1 ]]; then + if has_vpn_enabled deluge; then export DELUGE_HOST="gluetun" - elif [[ $(cat config.json | jq '[.services[] | select(.name=="deluge" and .enabled==true and .vpn==false)] | length') -eq 1 ]]; then + else export DELUGE_HOST="deluge" fi @@ -121,12 +217,15 @@ if [[ $(cat config.json | jq '[.services[] | select(.name=="flood" and .enabled= fi # Check that if calibre-web is enabled, calibre should also be enabled -if [[ $(cat config.json | jq '[.services[] | select(.name=="calibre-web" and .enabled==true)] | length') -eq 1 ]]; then - if [[ $(cat config.json | jq '[.services[] | select(.name=="calibre" and .enabled==false)] | length') -eq 1 ]]; then - echo "[$0] ERROR. Calibre-web is enabled but Calibre is not. Please either enable Calibre or disable Calibre-web as Calibre-web depends on Calibre." - echo "[$0] ******* Exiting *******" - exit 1 - fi +if is_service_enabled calibre-web && ! is_service_enabled calibre; then + echo "[$0] ERROR. Calibre-web is enabled but Calibre is not. Please either enable Calibre or disable Calibre-web as Calibre-web depends on Calibre." + exit 1 +fi + +# Check that if nextcloud is enabled, mariadb should also be enabled +if is_service_enabled nextcloud && ! is_service_enabled mariadb; then + echo "[$0] ERROR. Nextcloud is enabled but MariaDB is not. Please either enable MariaDB or disable Nextcloud as Nextcloud depends on MariaDB." + exit 1 fi # Apply other arbitrary custom Traefik config files @@ -137,7 +236,7 @@ for f in `find samples/custom-traefik -maxdepth 1 -mindepth 1 -type f | grep -E done # Detect Synology devices for Netdata compatibility -if [[ $(cat config.json | jq '[.services[] | select(.name=="netdata" and .enabled==true)] | length') -eq 1 ]]; then +if is_service_enabled netdata; then if [[ $(uname -a | { grep synology || true; } | wc -l) -eq 1 ]]; then export OS_RELEASE_FILEPATH="/etc/VERSION" else @@ -186,12 +285,25 @@ for json in $(yq eval -o json config.yaml | jq -c ".services[]"); do # go through gluetun (main vpn client service). if [[ ${vpn} == "true" ]]; then echo "services.${name}.network_mode: service:gluetun" > ${name}-vpn.props - yq -p=props ${name}-vpn.props > services/generated/${name}-vpn.yaml + yq -p=props ${name}-vpn.props -o yaml > services/generated/${name}-vpn.yaml rm -f ${name}-vpn.props # Append config/${name}-vpn.yaml to global list of files which will be passed to docker commands ALL_SERVICES="${ALL_SERVICES} -f services/generated/${name}-vpn.yaml" fi + # For services with existing custom environment variables in .env.custom, + # Extract those variables and add a docker-compose override file in order to load them + if [[ -f .env.custom ]]; then + if grep -q "^${name^^}_.*" .env.custom; then + extract_custom_env_file ${name} + echo "services.${name}.env_file.0: ./env/${name}.env" > ${name}-envfile.props + yq -p=props ${name}-envfile.props -o yaml > services/generated/${name}-envfile.yaml + rm -f ${name}-envfile.props + # Append config/${name}-envfile.yaml to global list of files which will be passed to docker commands + ALL_SERVICES="${ALL_SERVICES} -f services/generated/${name}-envfile.yaml" + fi + fi + ###################################### TRAEFIK RULES ###################################### # Skip this part for services which have Traefik rules disabled in config @@ -263,7 +375,7 @@ done # Convert properties files into Traefik-ready YAML and place it in the correct folder loaded by Traefik mv traefik/custom/dynamic-rules.yaml traefik/custom/dynamic-rules-old.yaml || true -yq -p=props rules.props > traefik/custom/dynamic-rules.yaml +yq -p=props rules.props -o yaml > traefik/custom/dynamic-rules.yaml rm -f rules.props # Post-transformations on the rules file diff --git a/samples/docker-compose.sample.nfs.yaml b/samples/docker-compose.sample.nfs.yaml new file mode 100644 index 0000000..da8540d --- /dev/null +++ b/samples/docker-compose.sample.nfs.yaml @@ -0,0 +1,36 @@ +############################################################################# +## Services are now located in separate files, in the services directory. ## +############################################################################# + +# Common network used by all services +networks: + default: + name: "traefik-network" + +# Common volumes used by at least 2 services +volumes: + config: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH + torrents: + driver_opts: + type: nfs + # Add NFS_IP to your .env with the corresponding value + o: addr=$NFS_IP,nolock,soft,nfsvers=4 + # Add NFS_MEDIA_VOLUME to your .env with the corresponding value + device: $NFS_MEDIA_VOLUME + downloads: + driver_opts: + type: nfs + # Add NFS_IP to your .env with the corresponding value + o: addr=$NFS_IP,nolock,soft,nfsvers=4 + # Add NFS_MEDIA_VOLUME to your .env with the corresponding value + device: $NFS_MEDIA_VOLUME/$DOWNLOAD_SUBFOLDER + documents: + driver_opts: + type: nfs + # Add NFS_IP to your .env with the corresponding value + o: addr=$NFS_IP,nolock,soft,nfsvers=4 + # Add NFS_MEDIA_VOLUME to your .env with the corresponding value + device: $NFS_MEDIA_VOLUME/$DOCUMENTS_SUBFOLDER diff --git a/services/filebrowser.yaml b/services/filebrowser.yaml new file mode 100644 index 0000000..b64efe4 --- /dev/null +++ b/services/filebrowser.yaml @@ -0,0 +1,29 @@ +services: + homepage: + image: filebrowser/filebrowser:s6 + container_name: filebrowser + restart: always + volumes: + - configfilebrowser:/config + - dbfilebrowser:/database + - torrents:/srv + environment: + - PGID=${PGID} + - PUID=${PUID} + - TZ=${TZ} + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8234/health"] + interval: 30s + timeout: 20s + retries: 3 + +volumes: + configfilebrowser: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/filebrowser/config + dbfilebrowser: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/filebrowser/db + diff --git a/services/gluetun.yaml b/services/gluetun.yaml index 45981ce..dfb73b7 100755 --- a/services/gluetun.yaml +++ b/services/gluetun.yaml @@ -1,25 +1,19 @@ services: gluetun: - image: qmcgaw/gluetun + image: ghcr.io/qdm12/gluetun container_name: gluetun restart: always cap_add: - NET_ADMIN + devices: + - /dev/net/tun:/dev/net/tun environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} - - VPNSP=custom - - VPN_TYPE=wireguard - # For Wireguard - - VPN_ENDPOINT_IP=${WIREGUARD_ENDPOINT} - - VPN_ENDPOINT_PORT=${WIREGUARD_PORT} - - WIREGUARD_PUBLIC_KEY=${WIREGUARD_PUBLIC_KEY} - - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY} - - WIREGUARD_ADDRESS=${WIREGUARD_ADDRESS} volumes: configgluetun: driver: local-persist driver_opts: - mountpoint: $HOST_CONFIG_PATH/gluetun \ No newline at end of file + mountpoint: $HOST_CONFIG_PATH/gluetun diff --git a/services/homarr.yaml b/services/homarr.yaml new file mode 100644 index 0000000..a37d5dc --- /dev/null +++ b/services/homarr.yaml @@ -0,0 +1,19 @@ +services: + homarr: + container_name: homarr + image: ghcr.io/ajnart/homarr:latest + restart: always + volumes: + - confighomarr:/app/data/configs + - iconshomarr:/app/public/icons + - /var/run/docker.sock:/var/run/docker.sock + +volumes: + confighomarr: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/homarr + iconshomarr: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/homarr-icons \ No newline at end of file diff --git a/services/homepage.yaml b/services/homepage.yaml new file mode 100644 index 0000000..c1ad4f0 --- /dev/null +++ b/services/homepage.yaml @@ -0,0 +1,18 @@ +services: + homepage: + image: ghcr.io/gethomepage/homepage + container_name: homepage + restart: always + volumes: + - confighomepage:/app/config + - /var/run/docker.sock:/var/run/docker.sock + environment: + - PGID=${PGID} + - PUID=${PUID} + - TZ=${TZ} + +volumes: + confighomepage: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/homepage \ No newline at end of file diff --git a/services/kavita.yaml b/services/kavita.yaml index 8b12b9e..f00cbc5 100755 --- a/services/kavita.yaml +++ b/services/kavita.yaml @@ -1,16 +1,16 @@ services: kavita: - image: kizaing/kavita:latest + image: lscr.io/linuxserver/kavita:latest container_name: kavita restart: always volumes: - - configkavita:/kavita/config + - configkavita:/config - torrents:/torrents - /etc/localtime:/etc/localtime:ro environment: - TZ=${TZ} - # Wait for https://github.com/Kareadita/Kavita/issues/301 to be resolved - #user: "${PUID}:${PGID}" + - PGID=${PGID} + - PUID=${PUID} volumes: configkavita: diff --git a/services/mariadb.yaml b/services/mariadb.yaml new file mode 100644 index 0000000..c5daa9e --- /dev/null +++ b/services/mariadb.yaml @@ -0,0 +1,23 @@ +services: + mariadb: + image: mariadb:10 + container_name: mariadb + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed + user: ${PUID}:${PGID} + restart: always + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - TZ=${TZ} + volumes: + - nextclouddb:/var/lib/mysql + labels: + - "traefik.enable=false" + +volumes: + nextclouddb: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/nextcloud-db \ No newline at end of file diff --git a/services/mylar.yaml b/services/mylar.yaml new file mode 100644 index 0000000..84b0803 --- /dev/null +++ b/services/mylar.yaml @@ -0,0 +1,19 @@ +services: + mylar: + image: lscr.io/linuxserver/mylar3:latest + container_name: mylar3 + restart: always + environment: + - PGID=${PGID} + - PUID=${PUID} + - TZ=${TZ} + volumes: + - configmylar:/config + - torrents:/comics + - downloads:/downloads + +volumes: + configmylar: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/mylar diff --git a/services/nextcloud.yaml b/services/nextcloud.yaml index f45253f..e0c64f5 100755 --- a/services/nextcloud.yaml +++ b/services/nextcloud.yaml @@ -1,25 +1,8 @@ services: - nextcloud-db: - image: mariadb:10 - container_name: nextcloud-db - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed - user: ${PUID}:${PGID} - restart: always - environment: - - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - - MYSQL_DATABASE=${MYSQL_DATABASE} - - MYSQL_USER=${MYSQL_USER} - - MYSQL_PASSWORD=${MYSQL_PASSWORD} - - TZ=${TZ} - volumes: - - nextclouddb:/var/lib/mysql - labels: - - "traefik.enable=false" - # See tools/init-setup-nextcloud.sh for first install nextcloud: depends_on: - - nextcloud-db + - mariadb image: linuxserver/nextcloud container_name: nextcloud restart: always @@ -34,10 +17,6 @@ services: - config:/seedbox-config volumes: - nextclouddb: - driver: local-persist - driver_opts: - mountpoint: $HOST_CONFIG_PATH/nextcloud-db confignextcloud: driver: local-persist driver_opts: diff --git a/services/ntfy.yaml b/services/ntfy.yaml new file mode 100644 index 0000000..fce629a --- /dev/null +++ b/services/ntfy.yaml @@ -0,0 +1,23 @@ +services: + ntfy: + image: binwiederhier/ntfy + container_name: ntfy + restart: always + user: ${PUID}:${PGID} + command: + - serve + environment: + - TZ=${TZ} + - NTFY_BASE_URL=https://ntfy.${TRAEFIK_DOMAIN} + - NTFY_LISTEN_HTTP=:2586 + - NTFY_BEHIND_PROXY=true + - NTFY_CACHE_FILE=/var/cache/ntfy/cache.db + - NTFY_ATTACHMENT_CACHE_DIR=/var/cache/ntfy/attachments + volumes: + - ntfycache:/var/cache/ntfy + +volumes: + ntfycache: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/ntfy-cache \ No newline at end of file diff --git a/services/overseerr.yaml b/services/overseerr.yaml index 2ed8948..4977815 100755 --- a/services/overseerr.yaml +++ b/services/overseerr.yaml @@ -9,6 +9,9 @@ services: - PGID=${PGID} - PUID=${PUID} - TZ=${TZ} + dns: + - 1.1.1.1 + - 8.8.8.8 volumes: configoverseerr: diff --git a/services/paperless.yaml b/services/paperless.yaml new file mode 100644 index 0000000..2030735 --- /dev/null +++ b/services/paperless.yaml @@ -0,0 +1,66 @@ +services: + paperless: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + container_name: paperless + restart: unless-stopped + depends_on: + - redis + # - gotenberg + # - tika + volumes: + - configpaperless:/usr/src/paperless/data + - documents:/usr/src/paperless/media + - configpaperlessexport:/usr/src/paperless/export + - configpaperlessconsume:/usr/src/paperless/consume + environment: + PAPERLESS_REDIS: redis://redis:6379 + #PAPERLESS_TIKA_ENABLED: 1 + #PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 + #PAPERLESS_TIKA_ENDPOINT: http://tika:9998 + USERMAP_UID: ${PUID} + USERMAP_GID: ${PGID} + PAPERLESS_TIME_ZONE: ${TZ} + PAPERLESS_URL: https://paperless.${TRAEFIK_DOMAIN} + + redis: + image: docker.io/library/redis:7 + container_name: redis + restart: unless-stopped + # TODO: fix it => redis container does not support PGID and PUID... + # user: root + # volumes: + # - redisdata:/data + + # gotenberg: + # image: docker.io/gotenberg/gotenberg:7.8 + # container_name: gotenberg + # restart: unless-stopped + # # The gotenberg chromium route is used to convert .eml files. We do not + # # want to allow external content like tracking pixels or even javascript. + # command: + # - "gotenberg" + # - "--chromium-disable-javascript=true" + # - "--chromium-allow-list=file:///tmp/.*" + + # tika: + # image: ghcr.io/paperless-ngx/tika:latest + # container_name: tika + # restart: unless-stopped + +volumes: + configpaperless: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/paperless + configpaperlessexport: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/paperless-export + configpaperlessconsume: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/paperless-import + # redisdata: + # driver: local-persist + # driver_opts: + # mountpoint: $HOST_CONFIG_PATH/redis \ No newline at end of file diff --git a/services/plex-hardware-transcoding.yaml b/services/plex-hardware-transcoding.yaml index 5b0ddd5..491723e 100755 --- a/services/plex-hardware-transcoding.yaml +++ b/services/plex-hardware-transcoding.yaml @@ -4,15 +4,6 @@ services: container_name: plex restart: always network_mode: host - ports: - - "32400:32400" - - "32400:32400/udp" - - "32469:32469" - - "32469:32469/udp" - - "32410:32410/udp" - - "32412:32412/udp" - - "32413:32413/udp" - - "32414:32414/udp" devices: - /dev/dri:/dev/dri # for hardware transcoding volumes: diff --git a/services/plex.yaml b/services/plex.yaml index c78134e..d2b6f65 100755 --- a/services/plex.yaml +++ b/services/plex.yaml @@ -4,15 +4,6 @@ services: container_name: plex restart: always network_mode: host - ports: - - "32400:32400" - - "32400:32400/udp" - - "32469:32469" - - "32469:32469/udp" - - "32410:32410/udp" - - "32412:32412/udp" - - "32413:32413/udp" - - "32414:32414/udp" volumes: - configplex:/config - torrents:/torrents diff --git a/services/qbittorrent.yaml b/services/qbittorrent.yaml new file mode 100755 index 0000000..0cf834a --- /dev/null +++ b/services/qbittorrent.yaml @@ -0,0 +1,18 @@ +services: + qbittorrent: + image: ghcr.io/hotio/qbittorrent + container_name: qbittorrent + restart: always + volumes: + - torrents:/torrents + - configqbittorrent:/config + environment: + - PGID=${PGID} + - PUID=${PUID} + - TZ=${TZ} + +volumes: + configqbittorrent: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/qbittorrent diff --git a/config-updater.sh b/tools/config-updater/config-updater.sh similarity index 89% rename from config-updater.sh rename to tools/config-updater/config-updater.sh index f150423..e37ccf8 100755 --- a/config-updater.sh +++ b/tools/config-updater/config-updater.sh @@ -12,20 +12,20 @@ cleanup_on_exit() { trap cleanup_on_exit EXIT # Load common functions -source config/tools.sh +source ../tools.sh # Check that required tools are installed check_utilities -if [[ ! -f services.conf ]]; then - echo "[$0] ERROR. Could nof find services.conf. Exiting." +if [[ ! -f ../../services.conf ]]; then + echo "[$0] ERROR. Could not find services.conf. Exiting." exit 1 fi jq -n '{"services": []}' > config.json # First, add Traefik as it was not explicitely set by default in old config file (services.conf) -if ! grep -q "traefik" services.conf; then +if ! grep -q "traefik" ../../services.conf; then jq -r '.services[.services| length] |= . + { "name": "traefik", @@ -45,7 +45,7 @@ if ! grep -q "traefik" services.conf; then mv tmp.json config.json fi -cat services.conf | while read line || [[ -n $line ]]; do +cat ../../services.conf | while read line || [[ -n $line ]]; do key=$(echo $line | sed -r "s/^(.*):.*$/\1/") enabled="true" if grep -q "disable" <<< $line; then @@ -89,7 +89,7 @@ cat services.conf | while read line || [[ -n $line ]]; do [[ $key == "nextcloud" ]] && internalScheme="https" # Define service default port from bundled config file - internalPort=$(cat config/ports | { grep $key || true; } | sed -r "s/^${key}: (.*)$/\1/") + internalPort=$(cat ports | { grep $key || true; } | sed -r "s/^${key}: (.*)$/\1/") rules=$(jq -n '[ { "host": "'"$key"'.'$(echo '${TRAEFIK_DOMAIN}')'", @@ -117,4 +117,4 @@ cat services.conf | while read line || [[ -n $line ]]; do done # Transform json into yaml, easier to manipulate for the user -cat config.json | yq e -P - > config.yaml \ No newline at end of file +cat config.json | yq e -P - > ../../config.yaml diff --git a/config/ports b/tools/config-updater/ports similarity index 100% rename from config/ports rename to tools/config-updater/ports diff --git a/tools/init-setup-nextcloud.sh b/tools/init-setup-nextcloud.sh index 66c4b50..6ee9951 100755 --- a/tools/init-setup-nextcloud.sh +++ b/tools/init-setup-nextcloud.sh @@ -8,7 +8,7 @@ docker exec -it -u abc -w /config/www/nextcloud \ nextcloud bash -c " \ php occ maintenance:install \ --database \"mysql\" \ - --database-host \"nextcloud-db\" \ + --database-host \"mariadb\" \ --database-name \"${MYSQL_DATABASE}\" \ --database-user \"${MYSQL_USER}\" \ --database-pass \"${MYSQL_PASSWORD}\" \ diff --git a/tools/local-persist.sh b/tools/local-persist.sh new file mode 100755 index 0000000..3b53faf --- /dev/null +++ b/tools/local-persist.sh @@ -0,0 +1,159 @@ +#!/usr/bin/env bash + +set -e + +VERSION="v1.3.0" + +gitDir=$(realpath `dirname $BASH_SOURCE`/..) +echo $gitDir + +# uname -s, uname -m +# Deb 32: Linux i686 +# Ubuntu 64: Linux x86_64 +# FreeBSD: FreeBSD amd64 + +if [[ "$UID" != 0 ]]; then + echo NOTE: sudo needed to set up and run start service + exit 1 +fi + + +if [[ `git -C "${gitDir}" rev-parse --is-inside-work-tree 2> /dev/null` == "true" ]]; then + thisGit=`git -C "${gitDir}" config --get remote.origin.url` + thisGit=${thisGit::-4} + GITHUB_BINARY_BASE="${thisGit}/releases/download" + GITHUB_RAW_BASE="${thisGit/github.com/raw.githubusercontent.com}/releases/download" +fi + +if [[ $thisGit == "" ]]; then + GITHUB_URL_PARTS="MatchbookLab/local-persist" + GITHUB_BINARY_BASE="https://github.com/${GITHUB_URL_PARTS}/releases/download" + GITHUB_RAW_BASE="https://raw.githubusercontent.com/${GITHUB_URL_PARTS}/" + GITHUB_URL_PARTS= +fi + + +function setenv { + OS=$(uname -s | tr "[:upper:]" "[:lower:]") + ARCH=$(uname -m) + + SUPPORTED=false + if [[ $OS == "linux" ]]; then + case $ARCH in + "x86_64") + ARCH="amd64" + SUPPORTED=true + ;; + "aarch64") + ARCH="arm64" + SUPPORTED=true + ;; + "i686") + # ARCH="386" + SUPPORTED=false + ;; + # untested + arm*) + # ARCH="arm" + SUPPORTED=false + ;; + esac + elif [[ $OS == 'freebsd' ]]; then + ARCH=$(uname -m) + SUPPORTED=false + fi + + if [[ $SUPPORTED == false ]]; then + echo $OS $ARCH is not supported + exit 2 + fi +} + +function install-binary { + echo Stopping docker-volume-local-persist service if running + echo '' + if [[ $* == *--upstart* ]]; then + (sudo service docker-volume-local-persist stop || true) + else + (sudo systemctl stop docker-volume-local-persist || true) + fi + + BINARY_URL="${GITHUB_BINARY_BASE}/${VERSION}/local-persist-${OS}-${ARCH}" + BINARY_DEST="/usr/bin/docker-volume-local-persist" + + echo Downloading binary: + echo " From: $BINARY_URL" + echo " To: $BINARY_DEST" + + curl -fLsS "$BINARY_URL" > $BINARY_DEST + chmod +x $BINARY_DEST + + echo Binary download + echo '' +} + +# Systemd (default) +function setup-systemd { + SYSTEMD_CONFIG_URL="${GITHUB_RAW_BASE}/${VERSION}/init/systemd.service" + SYSTEMD_CONFIG_DEST="/etc/systemd/system/docker-volume-local-persist.service" + + echo Downloading Systemd service conf: + echo " From: $SYSTEMD_CONFIG_URL" + echo " To: $SYSTEMD_CONFIG_DEST" + + sudo curl -fLsS "$SYSTEMD_CONFIG_URL" > $SYSTEMD_CONFIG_DEST + + echo Systemd conf downloaded + echo '' +} + +function start-systemd { + echo Starting docker-volume-local-persist service... + + sudo systemctl daemon-reload + sudo systemctl enable docker-volume-local-persist + sudo systemctl start docker-volume-local-persist + sudo systemctl status --full --no-pager docker-volume-local-persist + + echo '' + echo Done! If you see this message, that should mean everything is installed and is running. +} + +# Upstart +function setup-upstart { + UPSTART_CONFIG_URL="${GITHUB_RAW_BASE}/${VERSION}/init/upstart.conf" + UPSTART_CONFIG_DEST="/etc/init/docker-volume-local-persist.conf" + + echo Downloading binary: + echo " From: $UPSTART_CONFIG_URL" + echo " To: $UPSTART_CONFIG_DEST" + + sudo curl -fLsS "$UPSTART_CONFIG_URL" > $UPSTART_CONFIG_DEST + + echo Upstart conf downloaded + echo '' +} + +function start-upstart { + echo Reloading Upstart config and starting docker-volume-local-persist service... + + sudo initctl reload-configuration + sudo service docker-volume-local-persist start + sudo service docker-volume-local-persist status + + echo '' + echo Done! If you see this message, that should mean everything is installed and is running. +} + + +setenv + +if [[ $* == *--upstart* ]]; then + install-binary --upstart + setup-upstart + start-upstart +else + install-binary + setup-systemd + start-systemd +fi diff --git a/config/tools.sh b/tools/tools.sh similarity index 100% rename from config/tools.sh rename to tools/tools.sh diff --git a/update-nextcloud.sh b/tools/update-nextcloud.sh similarity index 100% rename from update-nextcloud.sh rename to tools/update-nextcloud.sh diff --git a/traefik/traefik.yaml b/traefik/traefik.yaml index 91d7823..46ddb93 100644 --- a/traefik/traefik.yaml +++ b/traefik/traefik.yaml @@ -1,12 +1,10 @@ api: dashboard: true - # Set Access logs timezone # accessLog: # fields: # names: # StartUTC: drop - providers: docker: endpoint: "unix:///var/run/docker.sock" @@ -15,7 +13,6 @@ providers: file: directory: /etc/traefik/custom watch: true - entryPoints: insecure: address: ":80" @@ -30,12 +27,10 @@ entryPoints: tls: certResolver: le middlewares: - - security-headers@file - + - security-headers@file # Allow self-signed certificates for https backends (nextcloud for example) serversTransport: insecureSkipVerify: true - certificatesResolvers: le: acme: @@ -43,3 +38,4 @@ certificatesResolvers: httpChallenge: # used during the challenge entryPoint: insecure +