From 0c93537fa997ae92e87b8b128ad1172cbeb4ac5c Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Thu, 16 Mar 2023 15:53:32 +0100 Subject: [PATCH 01/43] Add qBitTorrent --- README.md | 1 + config.sample.yaml | 9 +++++++++ services/qbittorrent.yaml | 18 ++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100755 services/qbittorrent.yaml diff --git a/README.md b/README.md index 1c2fbc6..703f91e 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Plex | plex.yourdomain.com | [linuxserver/plex](https://hub.docker.com/r/linuxserver/plex) | *latest* | Media Streaming | | Deluge | deluge.yourdomain.com | [linuxserver/deluge](https://hub.docker.com/r/linuxserver/deluge) | *latest* | Torrents downloader | | Flood | flood.yourdomain.com | [jesec/flood](https://hub.docker.com/r/jesec/flood) | *latest* | Web client for Deluge (experimental) | +| qBitTorrent | qbittorrent.yourdomain.com | [hotio/qbittorrent](cr.hotio.dev/hotio/qbittorrent) | *latest* | Torrents downloader + VuTorrent alternative WebUI built-in | | Sonarr | sonarr.yourdomain.com | [linuxserver/sonarr](https://hub.docker.com/r/linuxserver/sonarr) | *develop* | TV Shows monitor | | Radarr | radarr.yourdomain.com | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr) | *develop* | Movies monitor | | Bazarr | bazarr.yourdomain.com | [linuxserver/bazarr](https://hub.docker.com/r/linuxserver/bazarr) | *latest* | Subtitles monitor | diff --git a/config.sample.yaml b/config.sample.yaml index 3b465e6..b3fcfe4 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -29,6 +29,15 @@ services: - host: flood.${TRAEFIK_DOMAIN} httpAuth: true internalPort: 3000 + - name: qbittorrent + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: qbittorrent.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 8080 - name: plex enabled: true vpn: false diff --git a/services/qbittorrent.yaml b/services/qbittorrent.yaml new file mode 100755 index 0000000..2e183ec --- /dev/null +++ b/services/qbittorrent.yaml @@ -0,0 +1,18 @@ +services: + qbittorrent: + image: cr.hotio.dev/hotio/qbittorrent + container_name: qbittorrent + restart: always + volumes: + - torrents:/torrents + - configqbittorrent:/config + environment: + - PGID=${PGID} + - PUID=${PUID} + - TZ=${TZ} + +volumes: + configqbittorrent: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/qbittorrent \ No newline at end of file From edc2fbde5b7ea99514308f2e6d1e72d67d480879 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Thu, 16 Mar 2023 17:08:28 +0100 Subject: [PATCH 02/43] Add Cloudflare support --- .env.sample | 5 +++++ .gitignore | 3 ++- run-seedbox.sh | 9 +++++++++ services/traefik.yaml | 2 ++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index 4afa6b4..ba75e5a 100644 --- a/.env.sample +++ b/.env.sample @@ -7,6 +7,11 @@ DOCKER_COMPOSE_BINARY="docker compose" # or "docker-compose" TRAEFIK_DOMAIN=mydomain.com ACME_MAIL=my-email@my-provider.com +# CloudFlare TLS challenge for Traefik (override existing httpChallenge) +ENABLE_CLOUDFLARE_TLS_CHALLENGE="false" +CF_API_EMAIL=changeme +CF_API_KEY=changeme + # General settings TZ="Europe/Paris" diff --git a/.gitignore b/.gitignore index 369245a..51d9944 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,5 @@ services/custom/*.yaml services/custom/*.yml services/generated/*.yaml -authelia/* \ No newline at end of file +authelia/* +traefik.env \ No newline at end of file diff --git a/run-seedbox.sh b/run-seedbox.sh index 96bb827..6f587b7 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -50,6 +50,15 @@ fi source .env echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth +## Traefik Certificate Resolver tweaks +touch traefik.env +if [[ ${ENABLE_CLOUDFLARE_TLS_CHALLENGE} == "true" ]]; then + yq 'del(.certificatesResolvers.le.acme.httpChallenge)' -i traefik/traefik.yaml + yq '(.certificatesResolvers.le.acme.dnsChallenge.provider="cloudflare")' -i traefik/traefik.yaml + echo "CF_API_EMAIL=${CF_API_EMAIL}" >> traefik.env + echo "CF_API_KEY=${CF_API_KEY}" >> traefik.env +fi + # Docker-compose settings export COMPOSE_HTTP_TIMEOUT=240 diff --git a/services/traefik.yaml b/services/traefik.yaml index f620e0e..57e832b 100755 --- a/services/traefik.yaml +++ b/services/traefik.yaml @@ -15,6 +15,8 @@ services: environment: - TRAEFIK_DOMAIN=${TRAEFIK_DOMAIN} - TZ=${TZ} + env_file: + - ./traefik.env volumes: configtraefik: From 3a3d33b03517188e6354045dc2a1d9fb7cb82a03 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Thu, 16 Mar 2023 21:29:20 +0100 Subject: [PATCH 03/43] Fix traefik dotenv file --- run-seedbox.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-seedbox.sh b/run-seedbox.sh index 6f587b7..49c2968 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -51,7 +51,7 @@ source .env echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth ## Traefik Certificate Resolver tweaks -touch traefik.env +rm -f traefik.env && touch traefik.env if [[ ${ENABLE_CLOUDFLARE_TLS_CHALLENGE} == "true" ]]; then yq 'del(.certificatesResolvers.le.acme.httpChallenge)' -i traefik/traefik.yaml yq '(.certificatesResolvers.le.acme.dnsChallenge.provider="cloudflare")' -i traefik/traefik.yaml From 33d208692bceeb010b00a8d0f10baf0641274358 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Thu, 16 Mar 2023 22:07:31 +0100 Subject: [PATCH 04/43] Support all acme resolvers + refactoring --- .env-custom.sample | 24 ++++++++++++++++++++++++ .env.sample | 8 ++++---- .gitignore | 1 + run-seedbox.sh | 16 ++++++++++++---- 4 files changed, 41 insertions(+), 8 deletions(-) create mode 100644 .env-custom.sample diff --git a/.env-custom.sample b/.env-custom.sample new file mode 100644 index 0000000..12f7c2b --- /dev/null +++ b/.env-custom.sample @@ -0,0 +1,24 @@ +################################################################# +################## CUSTOM ENVIRONMENT VARIABLES ################# +################################################################# + +# How to use: +# Copy this file first and name it ".env-custom" +# Uncomment *ONLY* the variables you want to use +# Set their values + +################################################################# +############## TRAEFIK CUSTOM CERTIFICATE RESOLVER ############## +################################################################# + +# Add your own by finding the variables for your provider here: https://go-acme.github.io/lego/dns/#dns-providers + +########################## Cloudflare ########################### +# CF_API_EMAIL=changeme +# CF_API_KEY=changeme +############################## OVH ############################## +# OVH_ENDPOINT=changeme +# OVH_APPLICATION_KEY=changeme +# OVH_APPLICATION_SECRET=changeme +# OVH_CONSUMER_KEY=changeme +################################################################# \ No newline at end of file diff --git a/.env.sample b/.env.sample index ba75e5a..01a4777 100644 --- a/.env.sample +++ b/.env.sample @@ -7,10 +7,10 @@ DOCKER_COMPOSE_BINARY="docker compose" # or "docker-compose" TRAEFIK_DOMAIN=mydomain.com ACME_MAIL=my-email@my-provider.com -# CloudFlare TLS challenge for Traefik (override existing httpChallenge) -ENABLE_CLOUDFLARE_TLS_CHALLENGE="false" -CF_API_EMAIL=changeme -CF_API_KEY=changeme +# Custom resolver for Traefik / ACME (override existing httpChallenge) +# You also have to use .env-custom by copying .env-custom.sample and uncomment / edit appropriate variables first +# See list here: https://go-acme.github.io/lego/dns/#dns-providers +# TRAEFIK_CUSTOM_ACME_RESOLVER="changeme" # example "cloudflare" or "ovh" # General settings TZ="Europe/Paris" diff --git a/.gitignore b/.gitignore index 51d9944..da7f69b 100644 --- a/.gitignore +++ b/.gitignore @@ -16,4 +16,5 @@ services/custom/*.yml services/generated/*.yaml authelia/* +.custom-env traefik.env \ No newline at end of file diff --git a/run-seedbox.sh b/run-seedbox.sh index 49c2968..eec8262 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -52,11 +52,19 @@ echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth ## Traefik Certificate Resolver tweaks rm -f traefik.env && touch traefik.env -if [[ ${ENABLE_CLOUDFLARE_TLS_CHALLENGE} == "true" ]]; then +if [[ ! -z ${TRAEFIK_CUSTOM_ACME_RESOLVER} ]]; then + if [[ ! -f .env-custom ]]; then + echo "[$0] Error. You need to have a .env-custom in order to use TRAEFIK_CUSTOM_ACME_RESOLVER variable." + exit 1 + fi + if [[ ${TRAEFIK_CUSTOM_ACME_RESOLVER} == "changeme" ]]; then + echo "[$0] Error. Wrong value for TRAEFIK_CUSTOM_ACME_RESOLVER variable." + exit 1 + fi yq 'del(.certificatesResolvers.le.acme.httpChallenge)' -i traefik/traefik.yaml - yq '(.certificatesResolvers.le.acme.dnsChallenge.provider="cloudflare")' -i traefik/traefik.yaml - echo "CF_API_EMAIL=${CF_API_EMAIL}" >> traefik.env - echo "CF_API_KEY=${CF_API_KEY}" >> traefik.env + yq '(.certificatesResolvers.le.acme.dnsChallenge.provider="'${TRAEFIK_CUSTOM_ACME_RESOLVER}'")' -i traefik/traefik.yaml + sed -e '/^#/d' .env-custom + cat .env-custom >> traefik.env fi # Docker-compose settings From b20024fa749453f98f3d5e3f678e80be6cbad773 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Thu, 16 Mar 2023 22:09:37 +0100 Subject: [PATCH 05/43] Fix typo on sed --- run-seedbox.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-seedbox.sh b/run-seedbox.sh index eec8262..4a25144 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -63,7 +63,7 @@ if [[ ! -z ${TRAEFIK_CUSTOM_ACME_RESOLVER} ]]; then fi yq 'del(.certificatesResolvers.le.acme.httpChallenge)' -i traefik/traefik.yaml yq '(.certificatesResolvers.le.acme.dnsChallenge.provider="'${TRAEFIK_CUSTOM_ACME_RESOLVER}'")' -i traefik/traefik.yaml - sed -e '/^#/d' .env-custom + sed -i '/^#/d' .env-custom cat .env-custom >> traefik.env fi From 5ab220e58f47f848443590357976e634a7ecb12d Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Thu, 16 Mar 2023 22:16:51 +0100 Subject: [PATCH 06/43] Do not touch .env-custom and write directly in traefik_env --- run-seedbox.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/run-seedbox.sh b/run-seedbox.sh index 4a25144..1e4a209 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -63,8 +63,7 @@ if [[ ! -z ${TRAEFIK_CUSTOM_ACME_RESOLVER} ]]; then fi yq 'del(.certificatesResolvers.le.acme.httpChallenge)' -i traefik/traefik.yaml yq '(.certificatesResolvers.le.acme.dnsChallenge.provider="'${TRAEFIK_CUSTOM_ACME_RESOLVER}'")' -i traefik/traefik.yaml - sed -i '/^#/d' .env-custom - cat .env-custom >> traefik.env + sed '/^#/d' .env-custom >> traefik.env fi # Docker-compose settings From bfc9ccee3693dc3e73ad5365a17e20dbdc8645f1 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 17 Mar 2023 17:42:30 +0100 Subject: [PATCH 07/43] Add paperless (wip) --- .env.sample | 5 ++++ README.md | 1 + config.sample.yaml | 9 ++++++ services/paperless.yaml | 64 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 79 insertions(+) create mode 100644 services/paperless.yaml diff --git a/.env.sample b/.env.sample index 01a4777..0a20977 100644 --- a/.env.sample +++ b/.env.sample @@ -50,6 +50,11 @@ FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false CALIBRE_PASSWORD=mycalibrepassword +# Paperless +PAPERLESS_SECRET_KEY=changeme +# list of language codes here: https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster +PAPERLESS_OCR_LANGUAGE=eng + # Wireguard custom endpoint WIREGUARD_ENDPOINT=changeme # Wireguard endpoint WIREGUARD_PORT=51820 diff --git a/README.md b/README.md index 703f91e..0403874 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Tdarr | tdarr.yourdomain.com | [haveagitgat/tdarr](https://hub.docker.com/r/haveagitgat/tdarr) | *latest* | Re-encode files | | NextCloud | nextcloud.yourdomain.com | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud) | *latest* | Files management | | NextCloud-db (MariaDB) | *not reachable* | [mariadb](https://hub.docker.com/r/_/mariadb) | *10* | DB for Nextcloud | +| Paperless-ngx | paperless.yourdomain.com | [paperless-ngx/paperless-ngx](ghcr.io/paperless-ngx/paperless-ngx) | *latest* | Documents management and archiving (**BETA**) | | Portainer | portainer.yourdomain.com | [portainer/portainer](https://hub.docker.com/r/portainer/portainer) | *latest* | Container management| | Netdata | netdata.yourdomain.com | [netdata/netdata](https://hub.docker.com/r/netdata/netdata) | *latest* | Server monitoring | | Duplicati | duplicati.yourdomain.com | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest* | Backups | diff --git a/config.sample.yaml b/config.sample.yaml index b3fcfe4..1c192ac 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -211,6 +211,15 @@ services: httpAuth: false internalPort: 443 internalScheme: https + - name: paperless + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: paperless.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 8000 - name: portainer enabled: true vpn: false diff --git a/services/paperless.yaml b/services/paperless.yaml new file mode 100644 index 0000000..6f172d9 --- /dev/null +++ b/services/paperless.yaml @@ -0,0 +1,64 @@ +services: + paperless-ngx: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + container_name: paperless-ngx + restart: unless-stopped + depends_on: + - redis + - gotenberg + - tika + volumes: + - configpaperless:/usr/src/paperless/data + - documents:/usr/src/paperless/media + - configpaperlessexport:/usr/src/paperless/export + - configpaperlessconsume:/usr/src/paperless/consume + environment: + PAPERLESS_REDIS: redis://redis:6379 + PAPERLESS_TIKA_ENABLED: 1 + PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 + PAPERLESS_TIKA_ENDPOINT: http://tika:9998 + USERMAP_UID: ${PUID} + USERMAP_GID: ${PGID} + PAPERLESS_TIME_ZONE: ${TZ} + PAPERLESS_URL: https://paperless.${TRAEFIK_DOMAIN} + PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} + PAPERLESS_OCR_LANGUAGE: ${PAPERLESS_OCR_LANGUAGE} + + redis: + image: docker.io/library/redis:7 + container_name: redis + restart: unless-stopped + volumes: + - redisdata:/data + + gotenberg: + image: docker.io/gotenberg/gotenberg:7.8 + restart: unless-stopped + # The gotenberg chromium route is used to convert .eml files. We do not + # want to allow external content like tracking pixels or even javascript. + command: + - "gotenberg" + - "--chromium-disable-javascript=true" + - "--chromium-allow-list=file:///tmp/.*" + + tika: + image: ghcr.io/paperless-ngx/tika:latest + restart: unless-stopped + +volumes: + configpaperless: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/paperless + documents: + driver: local-persist + driver_opts: + mountpoint: $HOST_MEDIA_PATH/documents + configpaperlessexport: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/paperless-export + configpaperlessconsume: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/paperless-import \ No newline at end of file From 083415adface440c8f517d6fc7a2a0ff58704290 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 17 Mar 2023 17:45:31 +0100 Subject: [PATCH 08/43] Fix redis volume path --- services/paperless.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/paperless.yaml b/services/paperless.yaml index 6f172d9..624f3bc 100644 --- a/services/paperless.yaml +++ b/services/paperless.yaml @@ -61,4 +61,8 @@ volumes: configpaperlessconsume: driver: local-persist driver_opts: - mountpoint: $HOST_CONFIG_PATH/paperless-import \ No newline at end of file + mountpoint: $HOST_CONFIG_PATH/paperless-import + redisdata: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/redis \ No newline at end of file From 3bd1c60b574967f2edadd574e0f2c09e23a840a4 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 17 Mar 2023 17:56:33 +0100 Subject: [PATCH 09/43] Fix paperless service name --- services/paperless.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/paperless.yaml b/services/paperless.yaml index 624f3bc..375157e 100644 --- a/services/paperless.yaml +++ b/services/paperless.yaml @@ -1,7 +1,7 @@ services: - paperless-ngx: + paperless: image: ghcr.io/paperless-ngx/paperless-ngx:latest - container_name: paperless-ngx + container_name: paperless restart: unless-stopped depends_on: - redis From 47b6bb552b2c3b9cbf5abfb8b61dc3c87ed02f4b Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 17 Mar 2023 18:01:30 +0100 Subject: [PATCH 10/43] Specify superadmin for paperless using env vars --- .env.sample | 3 +++ services/paperless.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.env.sample b/.env.sample index 0a20977..5c7d277 100644 --- a/.env.sample +++ b/.env.sample @@ -54,6 +54,9 @@ CALIBRE_PASSWORD=mycalibrepassword PAPERLESS_SECRET_KEY=changeme # list of language codes here: https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster PAPERLESS_OCR_LANGUAGE=eng +PAPERLESS_ADMIN_USER=changeme +PAPERLESS_ADMIN_MAIL=changeme +PAPERLESS_ADMIN_PASSWORD=changeme # Wireguard custom endpoint WIREGUARD_ENDPOINT=changeme # Wireguard endpoint diff --git a/services/paperless.yaml b/services/paperless.yaml index 375157e..0bce6f7 100644 --- a/services/paperless.yaml +++ b/services/paperless.yaml @@ -23,6 +23,9 @@ services: PAPERLESS_URL: https://paperless.${TRAEFIK_DOMAIN} PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} PAPERLESS_OCR_LANGUAGE: ${PAPERLESS_OCR_LANGUAGE} + PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USER} + PAPERLESS_ADMIN_MAIL: ${PAPERLESS_ADMIN_MAIL} + PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD} redis: image: docker.io/library/redis:7 From 874230d64752fe88f5a7f811161f6243c6c5b3e5 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 17 Mar 2023 23:40:17 +0100 Subject: [PATCH 11/43] Fix redis permission on volume --- services/paperless.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/paperless.yaml b/services/paperless.yaml index 0bce6f7..c53ff31 100644 --- a/services/paperless.yaml +++ b/services/paperless.yaml @@ -31,6 +31,8 @@ services: image: docker.io/library/redis:7 container_name: redis restart: unless-stopped + # TODO: fix it => redis container does not support PGID and PUID... + user: root volumes: - redisdata:/data From 9948e183adfa8a8e72e8e232cea399853d11abed Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sat, 18 Mar 2023 22:45:59 +0100 Subject: [PATCH 12/43] Refactor main script and use functions --- run-seedbox.sh | 50 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/run-seedbox.sh b/run-seedbox.sh index 1e4a209..6cfc4af 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -98,29 +98,52 @@ if [[ ${CHECK_FOR_OUTDATED_CONFIG} == true ]]; then fi fi +# Internal function which checks another function's number ($2) and return a boolean instead +check_result_service() { + #$1 => service + #$2 => nb to check + if [[ $2 == 0 ]]; then + false; return + elif [[ $2 == 1 ]]; then + true; return + else + echo "[$0] Error. Service \"$1\" is enabled more than once. Check your config.yaml file." + exit 1 + fi +} + +# Check if a service ($1) has been enabled in the config file +is_service_enabled() { + local nb=$(cat config.json | jq --arg service $1 '[.services[] | select(.name==$service and .enabled==true)] | length') + check_result_service $1 $nb +} + +# Check if a service ($1) has been enabled AND has vpn enabled in the config file +has_vpn_enabled() { + local nb=$(cat config.json | jq --arg service $1 '[.services[] | select(.name==$service and .enabled==true and .vpn==true)] | length') + check_result_service $1 $nb +} + # Check if some services have vpn enabled, that gluetun itself is enabled nb_vpn=$(cat config.json | jq '[.services[] | select(.enabled==true and .vpn==true)] | length') -gluetun_enabled=$(cat config.json | jq '[.services[] | select(.name=="gluetun" and .enabled==true)] | length') -if [[ ${nb_vpn} -gt 0 && ${gluetun_enabled} == 0 ]]; then +if [[ ${nb_vpn} -gt 0 ]] && ! is_service_enabled gluetun; then echo "[$0] ERROR. ${nb_vpn} VPN-enabled services have been enabled BUT gluetun has not been enabled. Please check your config.yaml file." - echo "[$0] ******* Exiting *******" exit 1 fi # Determine what host Flood should connect to # => If deluge vpn is enabled => gluetun # => If deluge vpn is disabled => deluge -if [[ $(cat config.json | jq '[.services[] | select(.name=="flood" and .enabled==true)] | length') -eq 1 ]]; then +if is_service_enabled flood; then # Check that if flood is enabled, deluge should also be enabled - if [[ $(cat config.json | jq '[.services[] | select(.name=="deluge" and .enabled==false)] | length') -eq 1 ]]; then + if ! is_service_enabled deluge; then echo "[$0] ERROR. Flood is enabled but Deluge is not. Please either enable Deluge or disable Flood as Flood depends on Deluge." - echo "[$0] ******* Exiting *******" exit 1 fi # Determine deluge hostname (for flood) based on the VPN status (enabled or not) of deluge - if [[ $(cat config.json | jq '[.services[] | select(.name=="deluge" and .enabled==true and .vpn==true)] | length') -eq 1 ]]; then + if has_vpn_enabled deluge; then export DELUGE_HOST="gluetun" - elif [[ $(cat config.json | jq '[.services[] | select(.name=="deluge" and .enabled==true and .vpn==false)] | length') -eq 1 ]]; then + else export DELUGE_HOST="deluge" fi @@ -137,12 +160,9 @@ if [[ $(cat config.json | jq '[.services[] | select(.name=="flood" and .enabled= fi # Check that if calibre-web is enabled, calibre should also be enabled -if [[ $(cat config.json | jq '[.services[] | select(.name=="calibre-web" and .enabled==true)] | length') -eq 1 ]]; then - if [[ $(cat config.json | jq '[.services[] | select(.name=="calibre" and .enabled==false)] | length') -eq 1 ]]; then - echo "[$0] ERROR. Calibre-web is enabled but Calibre is not. Please either enable Calibre or disable Calibre-web as Calibre-web depends on Calibre." - echo "[$0] ******* Exiting *******" - exit 1 - fi +if is_service_enabled calibre-web && ! is_service_enabled calibre; then + echo "[$0] ERROR. Calibre-web is enabled but Calibre is not. Please either enable Calibre or disable Calibre-web as Calibre-web depends on Calibre." + exit 1 fi # Apply other arbitrary custom Traefik config files @@ -153,7 +173,7 @@ for f in `find samples/custom-traefik -maxdepth 1 -mindepth 1 -type f | grep -E done # Detect Synology devices for Netdata compatibility -if [[ $(cat config.json | jq '[.services[] | select(.name=="netdata" and .enabled==true)] | length') -eq 1 ]]; then +if is_service_enabled netdata; then if [[ $(uname -a | { grep synology || true; } | wc -l) -eq 1 ]]; then export OS_RELEASE_FILEPATH="/etc/VERSION" else From cff06e94dad0444b4a7d8aaac8f29b7df625f0ae Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sat, 18 Mar 2023 22:50:14 +0100 Subject: [PATCH 13/43] Improve new services availability logging --- run-seedbox.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-seedbox.sh b/run-seedbox.sh index 6cfc4af..4bc8759 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -94,7 +94,7 @@ if [[ ${CHECK_FOR_OUTDATED_CONFIG} == true ]]; then if [[ $nb_services_sample -gt $nb_services ]]; then echo "[$0] There are more services in the config.sample.yaml than in your config.yaml" echo "[$0] You should check config.sample.yaml because it seems there are new services available for you:" - diff -u config.yaml config.sample.yaml | grep "name:" | grep -E "^\+" || true + diff -u config.yaml config.sample.yaml | grep "name:" | grep -E "^\+" | sed "s/+ - name:/-/g" || true fi fi From b77ce4935f677e7f0831a0f03f57a3266e398e54 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sat, 18 Mar 2023 22:52:30 +0100 Subject: [PATCH 14/43] Rename .env-custom into .env.custom --- .env-custom.sample => .env.custom.sample | 2 +- .env.sample | 2 +- run-seedbox.sh | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) rename .env-custom.sample => .env.custom.sample (95%) diff --git a/.env-custom.sample b/.env.custom.sample similarity index 95% rename from .env-custom.sample rename to .env.custom.sample index 12f7c2b..444ccbd 100644 --- a/.env-custom.sample +++ b/.env.custom.sample @@ -3,7 +3,7 @@ ################################################################# # How to use: -# Copy this file first and name it ".env-custom" +# Copy this file first and name it ".env.custom" # Uncomment *ONLY* the variables you want to use # Set their values diff --git a/.env.sample b/.env.sample index 5c7d277..f301ce5 100644 --- a/.env.sample +++ b/.env.sample @@ -8,7 +8,7 @@ TRAEFIK_DOMAIN=mydomain.com ACME_MAIL=my-email@my-provider.com # Custom resolver for Traefik / ACME (override existing httpChallenge) -# You also have to use .env-custom by copying .env-custom.sample and uncomment / edit appropriate variables first +# You also have to use .env.custom by copying .env.custom.sample and uncomment / edit appropriate variables first # See list here: https://go-acme.github.io/lego/dns/#dns-providers # TRAEFIK_CUSTOM_ACME_RESOLVER="changeme" # example "cloudflare" or "ovh" diff --git a/run-seedbox.sh b/run-seedbox.sh index 4bc8759..79685c9 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -53,8 +53,8 @@ echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth ## Traefik Certificate Resolver tweaks rm -f traefik.env && touch traefik.env if [[ ! -z ${TRAEFIK_CUSTOM_ACME_RESOLVER} ]]; then - if [[ ! -f .env-custom ]]; then - echo "[$0] Error. You need to have a .env-custom in order to use TRAEFIK_CUSTOM_ACME_RESOLVER variable." + if [[ ! -f .env.custom ]]; then + echo "[$0] Error. You need to have a .env.custom in order to use TRAEFIK_CUSTOM_ACME_RESOLVER variable." exit 1 fi if [[ ${TRAEFIK_CUSTOM_ACME_RESOLVER} == "changeme" ]]; then @@ -63,7 +63,7 @@ if [[ ! -z ${TRAEFIK_CUSTOM_ACME_RESOLVER} ]]; then fi yq 'del(.certificatesResolvers.le.acme.httpChallenge)' -i traefik/traefik.yaml yq '(.certificatesResolvers.le.acme.dnsChallenge.provider="'${TRAEFIK_CUSTOM_ACME_RESOLVER}'")' -i traefik/traefik.yaml - sed '/^#/d' .env-custom >> traefik.env + sed '/^#/d' .env.custom >> traefik.env fi # Docker-compose settings From 39fda9d0e56cf1f8d4ec52f27fcdd16e3af85133 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sat, 18 Mar 2023 23:31:44 +0100 Subject: [PATCH 15/43] Add support for custom environment variables for any application --- .env.custom.sample | 22 ++++++++++++++-------- .gitignore | 4 ++-- run-seedbox.sh | 28 ++++++++++++++++++++++++++-- 3 files changed, 42 insertions(+), 12 deletions(-) diff --git a/.env.custom.sample b/.env.custom.sample index 444ccbd..69b6f27 100644 --- a/.env.custom.sample +++ b/.env.custom.sample @@ -4,7 +4,7 @@ # How to use: # Copy this file first and name it ".env.custom" -# Uncomment *ONLY* the variables you want to use +# Uncomment *ONLY* the variables you want to use (!!! Always use the prefix APPNAME_) # Set their values ################################################################# @@ -14,11 +14,17 @@ # Add your own by finding the variables for your provider here: https://go-acme.github.io/lego/dns/#dns-providers ########################## Cloudflare ########################### -# CF_API_EMAIL=changeme -# CF_API_KEY=changeme +# TRAEFIK_CF_API_EMAIL=changeme +# TRAEFIK_CF_API_KEY=changeme ############################## OVH ############################## -# OVH_ENDPOINT=changeme -# OVH_APPLICATION_KEY=changeme -# OVH_APPLICATION_SECRET=changeme -# OVH_CONSUMER_KEY=changeme -################################################################# \ No newline at end of file +# TRAEFIK_OVH_ENDPOINT=changeme +# TRAEFIK_OVH_APPLICATION_KEY=changeme +# TRAEFIK_OVH_APPLICATION_SECRET=changeme +# TRAEFIK_OVH_CONSUMER_KEY=changeme +############################## ... ############################## + +################################################################# +###################### OTHER APPS VARIABLES ##################### +################################################################# + +# DELUGE_CUSTOM_ENVIRONMENT_VARIABLE=exemple_value diff --git a/.gitignore b/.gitignore index da7f69b..8dadb37 100644 --- a/.gitignore +++ b/.gitignore @@ -16,5 +16,5 @@ services/custom/*.yml services/generated/*.yaml authelia/* -.custom-env -traefik.env \ No newline at end of file +.env.custom +*.env \ No newline at end of file diff --git a/run-seedbox.sh b/run-seedbox.sh index 79685c9..0e3ba6d 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -50,8 +50,19 @@ fi source .env echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth +# Sanitize and extract variable (without prefixes) from .env.custom file +# Input => $1 = app name (exemple traefik) +# Output => app_name.env written with correct variables (exemple: traefik.env) +extract_custom_env_file() { + # sed explanation: + # 1 => Remove all lines starting with a comment (#) + # 2 => Remove all empty lines + # 3 => Remove all lines *NOT* starting by [uppercase_app_name + "_"] (exemple TRAEFIK_) + # 4 => Remove the pattern [uppercase_app_name + "_"] + sed '/^#/d' .env.custom | sed '/^$/d' | sed -n "/^${1^^}_/p" | sed "s/^${1^^}_//g" > $1.env +} + ## Traefik Certificate Resolver tweaks -rm -f traefik.env && touch traefik.env if [[ ! -z ${TRAEFIK_CUSTOM_ACME_RESOLVER} ]]; then if [[ ! -f .env.custom ]]; then echo "[$0] Error. You need to have a .env.custom in order to use TRAEFIK_CUSTOM_ACME_RESOLVER variable." @@ -63,7 +74,7 @@ if [[ ! -z ${TRAEFIK_CUSTOM_ACME_RESOLVER} ]]; then fi yq 'del(.certificatesResolvers.le.acme.httpChallenge)' -i traefik/traefik.yaml yq '(.certificatesResolvers.le.acme.dnsChallenge.provider="'${TRAEFIK_CUSTOM_ACME_RESOLVER}'")' -i traefik/traefik.yaml - sed '/^#/d' .env.custom >> traefik.env + extract_custom_env_file traefik fi # Docker-compose settings @@ -228,6 +239,19 @@ for json in $(yq eval -o json config.yaml | jq -c ".services[]"); do ALL_SERVICES="${ALL_SERVICES} -f services/generated/${name}-vpn.yaml" fi + # For services with existing custom environment variables in .env.custom, + # Extract those variables and add a docker-compose override file in order to load them + if [[ -f .env.custom ]]; then + if grep -q "^${name^^}_.*" .env.custom; then + extract_custom_env_file ${name} + echo "services.${name}.env_file.0: ./${name}.env" > ${name}-envfile.props + yq -p=props ${name}-envfile.props > services/generated/${name}-envfile.yaml + rm -f ${name}-envfile.props + # Append config/${name}-envfile.yaml to global list of files which will be passed to docker commands + ALL_SERVICES="${ALL_SERVICES} -f services/generated/${name}-envfile.yaml" + fi + fi + ###################################### TRAEFIK RULES ###################################### # Skip this part for services which have Traefik rules disabled in config From 3c12d48b3f34a3fee657c529daddf9bd0da3e3f0 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sat, 18 Mar 2023 23:36:42 +0100 Subject: [PATCH 16/43] Remove hardcoded env_file for traefik as it is dynamic now --- services/traefik.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/services/traefik.yaml b/services/traefik.yaml index 57e832b..f620e0e 100755 --- a/services/traefik.yaml +++ b/services/traefik.yaml @@ -15,8 +15,6 @@ services: environment: - TRAEFIK_DOMAIN=${TRAEFIK_DOMAIN} - TZ=${TZ} - env_file: - - ./traefik.env volumes: configtraefik: From 58f7c30b7b5b3c7668e8c17cffec9dbc9ac09596 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sat, 18 Mar 2023 23:39:38 +0100 Subject: [PATCH 17/43] Format traefik.yaml --- traefik/traefik.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik/traefik.yaml b/traefik/traefik.yaml index 91d7823..fd94988 100644 --- a/traefik/traefik.yaml +++ b/traefik/traefik.yaml @@ -30,7 +30,7 @@ entryPoints: tls: certResolver: le middlewares: - - security-headers@file + - security-headers@file # Allow self-signed certificates for https backends (nextcloud for example) serversTransport: From 46e2aeceb164f9649ea9b26532f2e6767a996288 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Thu, 30 Mar 2023 23:00:00 +0200 Subject: [PATCH 18/43] Disable persistence on redis, disable gotenberg and tika --- services/paperless.yaml | 50 +++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/services/paperless.yaml b/services/paperless.yaml index c53ff31..ebe8ec0 100644 --- a/services/paperless.yaml +++ b/services/paperless.yaml @@ -5,8 +5,8 @@ services: restart: unless-stopped depends_on: - redis - - gotenberg - - tika + # - gotenberg + # - tika volumes: - configpaperless:/usr/src/paperless/data - documents:/usr/src/paperless/media @@ -14,9 +14,9 @@ services: - configpaperlessconsume:/usr/src/paperless/consume environment: PAPERLESS_REDIS: redis://redis:6379 - PAPERLESS_TIKA_ENABLED: 1 - PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 - PAPERLESS_TIKA_ENDPOINT: http://tika:9998 + #PAPERLESS_TIKA_ENABLED: 1 + #PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 + #PAPERLESS_TIKA_ENDPOINT: http://tika:9998 USERMAP_UID: ${PUID} USERMAP_GID: ${PGID} PAPERLESS_TIME_ZONE: ${TZ} @@ -32,23 +32,25 @@ services: container_name: redis restart: unless-stopped # TODO: fix it => redis container does not support PGID and PUID... - user: root - volumes: - - redisdata:/data + # user: root + # volumes: + # - redisdata:/data - gotenberg: - image: docker.io/gotenberg/gotenberg:7.8 - restart: unless-stopped - # The gotenberg chromium route is used to convert .eml files. We do not - # want to allow external content like tracking pixels or even javascript. - command: - - "gotenberg" - - "--chromium-disable-javascript=true" - - "--chromium-allow-list=file:///tmp/.*" + # gotenberg: + # image: docker.io/gotenberg/gotenberg:7.8 + # container_name: gotenberg + # restart: unless-stopped + # # The gotenberg chromium route is used to convert .eml files. We do not + # # want to allow external content like tracking pixels or even javascript. + # command: + # - "gotenberg" + # - "--chromium-disable-javascript=true" + # - "--chromium-allow-list=file:///tmp/.*" - tika: - image: ghcr.io/paperless-ngx/tika:latest - restart: unless-stopped + # tika: + # image: ghcr.io/paperless-ngx/tika:latest + # container_name: tika + # restart: unless-stopped volumes: configpaperless: @@ -67,7 +69,7 @@ volumes: driver: local-persist driver_opts: mountpoint: $HOST_CONFIG_PATH/paperless-import - redisdata: - driver: local-persist - driver_opts: - mountpoint: $HOST_CONFIG_PATH/redis \ No newline at end of file + # redisdata: + # driver: local-persist + # driver_opts: + # mountpoint: $HOST_CONFIG_PATH/redis \ No newline at end of file From 8ec05489091dd5952b05d8659e34b848afb35db5 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sat, 20 May 2023 23:39:19 +0200 Subject: [PATCH 19/43] Try t improve overseerr performance --- services/overseerr.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/overseerr.yaml b/services/overseerr.yaml index 2ed8948..4977815 100755 --- a/services/overseerr.yaml +++ b/services/overseerr.yaml @@ -9,6 +9,9 @@ services: - PGID=${PGID} - PUID=${PUID} - TZ=${TZ} + dns: + - 1.1.1.1 + - 8.8.8.8 volumes: configoverseerr: From 6c35b62efbbf5de7197d9a7fa93a66c39a2af620 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 23 Jun 2023 21:25:39 +0200 Subject: [PATCH 20/43] Fix #43: eplicit output format for yq in run-seedbox.sh --- run-seedbox.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run-seedbox.sh b/run-seedbox.sh index 0e3ba6d..3b58599 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -233,7 +233,7 @@ for json in $(yq eval -o json config.yaml | jq -c ".services[]"); do # go through gluetun (main vpn client service). if [[ ${vpn} == "true" ]]; then echo "services.${name}.network_mode: service:gluetun" > ${name}-vpn.props - yq -p=props ${name}-vpn.props > services/generated/${name}-vpn.yaml + yq -p=props ${name}-vpn.props -o yaml > services/generated/${name}-vpn.yaml rm -f ${name}-vpn.props # Append config/${name}-vpn.yaml to global list of files which will be passed to docker commands ALL_SERVICES="${ALL_SERVICES} -f services/generated/${name}-vpn.yaml" @@ -245,7 +245,7 @@ for json in $(yq eval -o json config.yaml | jq -c ".services[]"); do if grep -q "^${name^^}_.*" .env.custom; then extract_custom_env_file ${name} echo "services.${name}.env_file.0: ./${name}.env" > ${name}-envfile.props - yq -p=props ${name}-envfile.props > services/generated/${name}-envfile.yaml + yq -p=props ${name}-envfile.props -o yaml > services/generated/${name}-envfile.yaml rm -f ${name}-envfile.props # Append config/${name}-envfile.yaml to global list of files which will be passed to docker commands ALL_SERVICES="${ALL_SERVICES} -f services/generated/${name}-envfile.yaml" @@ -323,7 +323,7 @@ done # Convert properties files into Traefik-ready YAML and place it in the correct folder loaded by Traefik mv traefik/custom/dynamic-rules.yaml traefik/custom/dynamic-rules-old.yaml || true -yq -p=props rules.props > traefik/custom/dynamic-rules.yaml +yq -p=props rules.props -o yaml > traefik/custom/dynamic-rules.yaml rm -f rules.props # Post-transformations on the rules file From 26909f2a7edc8b18cdbd986b462f6d50a2de295a Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 1 Sep 2023 09:17:44 +0200 Subject: [PATCH 21/43] Plex: remove useless ports mappings due to host network mode --- services/plex-hardware-transcoding.yaml | 9 --------- services/plex.yaml | 9 --------- 2 files changed, 18 deletions(-) diff --git a/services/plex-hardware-transcoding.yaml b/services/plex-hardware-transcoding.yaml index 5b0ddd5..491723e 100755 --- a/services/plex-hardware-transcoding.yaml +++ b/services/plex-hardware-transcoding.yaml @@ -4,15 +4,6 @@ services: container_name: plex restart: always network_mode: host - ports: - - "32400:32400" - - "32400:32400/udp" - - "32469:32469" - - "32469:32469/udp" - - "32410:32410/udp" - - "32412:32412/udp" - - "32413:32413/udp" - - "32414:32414/udp" devices: - /dev/dri:/dev/dri # for hardware transcoding volumes: diff --git a/services/plex.yaml b/services/plex.yaml index c78134e..d2b6f65 100755 --- a/services/plex.yaml +++ b/services/plex.yaml @@ -4,15 +4,6 @@ services: container_name: plex restart: always network_mode: host - ports: - - "32400:32400" - - "32400:32400/udp" - - "32469:32469" - - "32469:32469/udp" - - "32410:32410/udp" - - "32412:32412/udp" - - "32413:32413/udp" - - "32414:32414/udp" volumes: - configplex:/config - torrents:/torrents From cddda00465754b1faa9829b6bd294bb221efa739 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 1 Sep 2023 09:23:38 +0200 Subject: [PATCH 22/43] Improvements on Gluetun config --- .env.sample | 3 ++- README.md | 2 +- services/gluetun.yaml | 11 +++++++---- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.env.sample b/.env.sample index f301ce5..147defd 100644 --- a/.env.sample +++ b/.env.sample @@ -63,4 +63,5 @@ WIREGUARD_ENDPOINT=changeme # Wireguard endpoint WIREGUARD_PORT=51820 WIREGUARD_PUBLIC_KEY=changeme WIREGUARD_PRIVATE_KEY=changeme -WIREGUARD_ADDRESS=changeme # Wireguard LAN address \ No newline at end of file +WIREGUARD_ADDRESS=changeme # Wireguard LAN address +WIREGUARD_PRESHARED_KEY=changeme # optional \ No newline at end of file diff --git a/README.md b/README.md index 0403874..524ddac 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Heimdall | yourdomain.com | [linuxserver/heimdall](https://hub.docker.com/r/linuxserver/heimdall)| *latest* | Main dashboard | | Syncthing | syncthing.yourdomain.com | [linuxserver/syncthing](https://hub.docker.com/r/linuxserver/syncthing) | *latest* | P2P files sharing | | Traefik | traefik.yourdomain.com | [traefik](https://hub.docker.com/_/traefik) | *latest* | Traefik reverse proxy (access to admin dashboard) | -| Gluetun | - | [qmcgaw/gluetun](https://hub.docker.com/r/qmcgaw/gluetun)| *latest* | VPN client | +| Gluetun | - | [qdm12/gluetun](https:/ghcr.io/qdm12/gluetun)| *latest* | VPN client | | *Any application you want!* | *whatever.yourdomain.com* | *Any image* | *Any tag* | *Any service - See the [Configuration Guide](doc/configuration.md)* | ## 🌐 Traefik diff --git a/services/gluetun.yaml b/services/gluetun.yaml index 45981ce..1fcc468 100755 --- a/services/gluetun.yaml +++ b/services/gluetun.yaml @@ -1,25 +1,28 @@ services: gluetun: - image: qmcgaw/gluetun + image: ghcr.io/qdm12/gluetun container_name: gluetun restart: always cap_add: - NET_ADMIN + devices: + - /dev/net/tun:/dev/net/tun environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} - - VPNSP=custom + - VPN_SERVICE_PROVIDER=custom - VPN_TYPE=wireguard # For Wireguard - VPN_ENDPOINT_IP=${WIREGUARD_ENDPOINT} - VPN_ENDPOINT_PORT=${WIREGUARD_PORT} - WIREGUARD_PUBLIC_KEY=${WIREGUARD_PUBLIC_KEY} - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY} - - WIREGUARD_ADDRESS=${WIREGUARD_ADDRESS} + - WIREGUARD_PRESHARED_KEY=${WIREGUARD_PRESHARED_KEY} + - WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESS} volumes: configgluetun: driver: local-persist driver_opts: - mountpoint: $HOST_CONFIG_PATH/gluetun \ No newline at end of file + mountpoint: $HOST_CONFIG_PATH/gluetun From dc4914a2bf9b5e6514449c390f8b2fd0665e7262 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Tue, 5 Sep 2023 09:36:57 +0200 Subject: [PATCH 23/43] Add Homarr --- README.md | 1 + config.sample.yaml | 9 +++++++++ services/homarr.yaml | 19 +++++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 services/homarr.yaml diff --git a/README.md b/README.md index 524ddac..76044ba 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Netdata | netdata.yourdomain.com | [netdata/netdata](https://hub.docker.com/r/netdata/netdata) | *latest* | Server monitoring | | Duplicati | duplicati.yourdomain.com | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest* | Backups | | Heimdall | yourdomain.com | [linuxserver/heimdall](https://hub.docker.com/r/linuxserver/heimdall)| *latest* | Main dashboard | +| Homarr | homarr.yourdomain.com | [ajnart/homarr](https://ghcr.io/ajnart/homarr)| *latest* | Main dashboard (alt) | | Syncthing | syncthing.yourdomain.com | [linuxserver/syncthing](https://hub.docker.com/r/linuxserver/syncthing) | *latest* | P2P files sharing | | Traefik | traefik.yourdomain.com | [traefik](https://hub.docker.com/_/traefik) | *latest* | Traefik reverse proxy (access to admin dashboard) | | Gluetun | - | [qdm12/gluetun](https:/ghcr.io/qdm12/gluetun)| *latest* | VPN client | diff --git a/config.sample.yaml b/config.sample.yaml index 1c192ac..0d9d2d4 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -266,6 +266,15 @@ services: - host: ${TRAEFIK_DOMAIN} httpAuth: true internalPort: 80 + - name: homarr + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: homarr.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 7575 # Gluetun is the VPN client service. - name: gluetun enabled: false diff --git a/services/homarr.yaml b/services/homarr.yaml new file mode 100644 index 0000000..53b959b --- /dev/null +++ b/services/homarr.yaml @@ -0,0 +1,19 @@ +services: + homarr: + container_name: homarr + image: ghcr.io/ajnart/homarr:latest + restart: always + volumes: + - confighomarr:/app/data/configs + - iconshomarr:/app/public/icons + - /var/run/docker.sock:/var/run/docker.sock:ro + +volumes: + confighomarr: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/homarr + iconshomarr: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/homarr-icons \ No newline at end of file From ecb86c2d5d47ce8a858a56c1ef2d763708f561ff Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Tue, 5 Sep 2023 10:05:44 +0200 Subject: [PATCH 24/43] Edit homarr socket binding --- services/homarr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/homarr.yaml b/services/homarr.yaml index 53b959b..a37d5dc 100644 --- a/services/homarr.yaml +++ b/services/homarr.yaml @@ -6,7 +6,7 @@ services: volumes: - confighomarr:/app/data/configs - iconshomarr:/app/public/icons - - /var/run/docker.sock:/var/run/docker.sock:ro + - /var/run/docker.sock:/var/run/docker.sock volumes: confighomarr: From 4b7497b6ec402c3c8f90ce1a71b6a79f5a315ecd Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 6 Oct 2023 15:42:25 +0200 Subject: [PATCH 25/43] Add ntfy --- README.md | 3 ++- config.sample.yaml | 9 +++++++++ services/ntfy.yaml | 23 +++++++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 services/ntfy.yaml diff --git a/README.md b/README.md index 76044ba..bc64c42 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,8 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Jackett | jackett.yourdomain.com | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett) | *latest* | Tracker indexer | | Prowlarr | prowlarr.yourdomain.com | [linuxserver/prowlarr](https://hub.docker.com/r/linuxserver/prowlarr) | *develop* | Tracker indexer | | JDownloader | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest* | Direct downloader | -| Tautulli (plexPy) | tautulli.yourdomain.com | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli) | *latest* | Plex stats and admin| +| Tautulli (plexPy) | tautulli.yourdomain.com | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli) | *latest* | Plex stats and admin | +| ntfy | ntfy.yourdomain.com | [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy) | *latest* | Notifications manager | | Tdarr | tdarr.yourdomain.com | [haveagitgat/tdarr](https://hub.docker.com/r/haveagitgat/tdarr) | *latest* | Re-encode files | | NextCloud | nextcloud.yourdomain.com | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud) | *latest* | Files management | | NextCloud-db (MariaDB) | *not reachable* | [mariadb](https://hub.docker.com/r/_/mariadb) | *10* | DB for Nextcloud | diff --git a/config.sample.yaml b/config.sample.yaml index 0d9d2d4..537f64d 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -183,6 +183,15 @@ services: - host: tautulli.${TRAEFIK_DOMAIN} httpAuth: false internalPort: 8181 + - name: ntfy + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: ntfy.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 2586 - name: jdownloader enabled: true vpn: false diff --git a/services/ntfy.yaml b/services/ntfy.yaml new file mode 100644 index 0000000..0408a0d --- /dev/null +++ b/services/ntfy.yaml @@ -0,0 +1,23 @@ +services: + ntfy: + image: binwiederhier/ntfy + container_name: ntfy + restart: always + user: ${PUID}:${PGID} + command: + - serve + environment: + - TZ=${TZ} + - NTFY_BASE_URL=ntfy.${TRAEFIK_DOMAIN} + - NTFY_LISTEN_HTTP=:2586 + - NTFY_BEHIND_PROXY=true + - NTFY_CACHE_FILE=/var/cache/ntfy/cache.db + - NTFY_ATTACHMENT_CACHE_DIR=/var/cache/ntfy/attachments + volumes: + - ntfycache:/var/cache/ntfy + +volumes: + ntfycache: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/ntfy-cache \ No newline at end of file From ef96cb489ad55e42d5b5ad837fd0e6b7f012dfc9 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 6 Oct 2023 15:44:29 +0200 Subject: [PATCH 26/43] Fix outdated config detection --- run-seedbox.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-seedbox.sh b/run-seedbox.sh index 3b58599..afbf465 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -99,7 +99,7 @@ echo "[$0] ***** Checking configuration... *****" yq eval -o json config.yaml > config.json -if [[ ${CHECK_FOR_OUTDATED_CONFIG} == true ]]; then +if [[ "${CHECK_FOR_OUTDATED_CONFIG}" == true ]]; then nb_services=$(cat config.json | jq '.services | length') nb_services_sample=$(yq eval -o json config.sample.yaml | jq '.services | length') if [[ $nb_services_sample -gt $nb_services ]]; then From f33ee7234611ddb1ba860613792ead1960fc852f Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Fri, 6 Oct 2023 15:59:41 +0200 Subject: [PATCH 27/43] Fix ntfy base url variable --- services/ntfy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/ntfy.yaml b/services/ntfy.yaml index 0408a0d..fce629a 100644 --- a/services/ntfy.yaml +++ b/services/ntfy.yaml @@ -8,7 +8,7 @@ services: - serve environment: - TZ=${TZ} - - NTFY_BASE_URL=ntfy.${TRAEFIK_DOMAIN} + - NTFY_BASE_URL=https://ntfy.${TRAEFIK_DOMAIN} - NTFY_LISTEN_HTTP=:2586 - NTFY_BEHIND_PROXY=true - NTFY_CACHE_FILE=/var/cache/ntfy/cache.db From deea21ccb969bf5e0b2b04f59c42edcc84cd6150 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Thu, 4 Jan 2024 16:31:01 +0100 Subject: [PATCH 28/43] Update qbittorrent image location --- services/qbittorrent.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/qbittorrent.yaml b/services/qbittorrent.yaml index 2e183ec..0cf834a 100755 --- a/services/qbittorrent.yaml +++ b/services/qbittorrent.yaml @@ -1,6 +1,6 @@ services: qbittorrent: - image: cr.hotio.dev/hotio/qbittorrent + image: ghcr.io/hotio/qbittorrent container_name: qbittorrent restart: always volumes: @@ -15,4 +15,4 @@ volumes: configqbittorrent: driver: local-persist driver_opts: - mountpoint: $HOST_CONFIG_PATH/qbittorrent \ No newline at end of file + mountpoint: $HOST_CONFIG_PATH/qbittorrent From a2a852079090fadb4a8164c65e0d6634eb11e4ef Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Tue, 27 Feb 2024 21:54:28 +0100 Subject: [PATCH 29/43] Fix #54 - Add new service Homepage --- README.md | 1 + config.sample.yaml | 9 +++++++++ services/homepage.yaml | 18 ++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 services/homepage.yaml diff --git a/README.md b/README.md index bc64c42..bff264d 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Duplicati | duplicati.yourdomain.com | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest* | Backups | | Heimdall | yourdomain.com | [linuxserver/heimdall](https://hub.docker.com/r/linuxserver/heimdall)| *latest* | Main dashboard | | Homarr | homarr.yourdomain.com | [ajnart/homarr](https://ghcr.io/ajnart/homarr)| *latest* | Main dashboard (alt) | +| Homepage | homepage.yourdomain.com | [gethomepage/homepage](ghcr.io/gethomepage/homepage)| *latest* | Main dashboard (alt) | | Syncthing | syncthing.yourdomain.com | [linuxserver/syncthing](https://hub.docker.com/r/linuxserver/syncthing) | *latest* | P2P files sharing | | Traefik | traefik.yourdomain.com | [traefik](https://hub.docker.com/_/traefik) | *latest* | Traefik reverse proxy (access to admin dashboard) | | Gluetun | - | [qdm12/gluetun](https:/ghcr.io/qdm12/gluetun)| *latest* | VPN client | diff --git a/config.sample.yaml b/config.sample.yaml index 537f64d..dddff7b 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -284,6 +284,15 @@ services: - host: homarr.${TRAEFIK_DOMAIN} httpAuth: true internalPort: 7575 + - name: homepage + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: homepage.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 3000 # Gluetun is the VPN client service. - name: gluetun enabled: false diff --git a/services/homepage.yaml b/services/homepage.yaml new file mode 100644 index 0000000..c1ad4f0 --- /dev/null +++ b/services/homepage.yaml @@ -0,0 +1,18 @@ +services: + homepage: + image: ghcr.io/gethomepage/homepage + container_name: homepage + restart: always + volumes: + - confighomepage:/app/config + - /var/run/docker.sock:/var/run/docker.sock + environment: + - PGID=${PGID} + - PUID=${PUID} + - TZ=${TZ} + +volumes: + confighomepage: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/homepage \ No newline at end of file From 835070dbf20c8e308286778b2c9f8098e0533380 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Wed, 6 Mar 2024 13:40:10 +0100 Subject: [PATCH 30/43] Add filebrowser --- README.md | 1 + config.sample.yaml | 9 +++++++++ services/filebrowser.yaml | 24 ++++++++++++++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 services/filebrowser.yaml diff --git a/README.md b/README.md index bff264d..9373a2e 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Tdarr | tdarr.yourdomain.com | [haveagitgat/tdarr](https://hub.docker.com/r/haveagitgat/tdarr) | *latest* | Re-encode files | | NextCloud | nextcloud.yourdomain.com | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud) | *latest* | Files management | | NextCloud-db (MariaDB) | *not reachable* | [mariadb](https://hub.docker.com/r/_/mariadb) | *10* | DB for Nextcloud | +| Filebrowser | files.yourdomain.com | [filebrowser/filebrowser](https://hub.docker.com/r/filebrowser/filebrowser) | *s6* | Files explorer | | Paperless-ngx | paperless.yourdomain.com | [paperless-ngx/paperless-ngx](ghcr.io/paperless-ngx/paperless-ngx) | *latest* | Documents management and archiving (**BETA**) | | Portainer | portainer.yourdomain.com | [portainer/portainer](https://hub.docker.com/r/portainer/portainer) | *latest* | Container management| | Netdata | netdata.yourdomain.com | [netdata/netdata](https://hub.docker.com/r/netdata/netdata) | *latest* | Server monitoring | diff --git a/config.sample.yaml b/config.sample.yaml index dddff7b..a085220 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -220,6 +220,15 @@ services: httpAuth: false internalPort: 443 internalScheme: https + - name: filebrowser + enabled: false + vpn: false + traefik: + enabled: true + rules: + - host: files.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 80 - name: paperless enabled: false vpn: false diff --git a/services/filebrowser.yaml b/services/filebrowser.yaml new file mode 100644 index 0000000..9f4f4de --- /dev/null +++ b/services/filebrowser.yaml @@ -0,0 +1,24 @@ +services: + homepage: + image: filebrowser/filebrowser:s6 + container_name: filebrowser + restart: always + volumes: + - configfilebrowser:/config + - dbfilebrowser:/database + - torrents:/srv + environment: + - PGID=${PGID} + - PUID=${PUID} + - TZ=${TZ} + +volumes: + configfilebrowser: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/filebrowser/config + dbfilebrowser: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/filebrowser/db + From a8d99b68b0a23992b67a9d25d61c9713555a946d Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Wed, 6 Mar 2024 13:48:14 +0100 Subject: [PATCH 31/43] Fix Filebrowser (settiongs.json must be adapted) --- config.sample.yaml | 2 +- services/filebrowser.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/config.sample.yaml b/config.sample.yaml index a085220..1f4ff0c 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -228,7 +228,7 @@ services: rules: - host: files.${TRAEFIK_DOMAIN} httpAuth: true - internalPort: 80 + internalPort: 8234 - name: paperless enabled: false vpn: false diff --git a/services/filebrowser.yaml b/services/filebrowser.yaml index 9f4f4de..b64efe4 100644 --- a/services/filebrowser.yaml +++ b/services/filebrowser.yaml @@ -11,6 +11,11 @@ services: - PGID=${PGID} - PUID=${PUID} - TZ=${TZ} + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8234/health"] + interval: 30s + timeout: 20s + retries: 3 volumes: configfilebrowser: From db8455e1a367c7e0c402f220e51d498dd9e809e6 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Tue, 26 Mar 2024 11:54:41 +0100 Subject: [PATCH 32/43] Fixes on kavita (use LS image + adapt) --- README.md | 2 +- services/kavita.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 9373a2e..97a2317 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Calibre | calibre-admin.yourdomain.com | [linuxserver/calibre](https://hub.docker.com/r/linuxserver/calibre) | *latest* | eBook management | | Calibre-web | calibre.yourdomain.com | [linuxserver/calibre-web](https://hub.docker.com/r/linuxserver/calibre-web) | *nightly* | Book management UI | | Komga | komga.yourdomain.com | [gotson/komga](https://hub.docker.com/r/gotson/komga) | *latest* | Comic Book Manager | -| Kavita | Kavita.yourdomain.com | [gotson/komga](https://hub.docker.com/r/gotson/komga) | *latest* | Comic Book Manager | +| Kavita | Kavita.yourdomain.com | [linuxserver/kavita](https://docs.linuxserver.io/images/docker-kavita/) | *latest* | Comic Book Manager | | Ombi | ombi.yourdomain.com | [linuxserver/ombi](https://hub.docker.com/r/linuxserver/ombi) | *latest* | Plex content requests | | Overseerr | overseerr.yourdomain.com | [linuxserver/overseerr](https://hub.docker.com/r/linuxserver/overseerr) | *latest* | Plex content requests | | Jackett | jackett.yourdomain.com | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett) | *latest* | Tracker indexer | diff --git a/services/kavita.yaml b/services/kavita.yaml index 8b12b9e..f00cbc5 100755 --- a/services/kavita.yaml +++ b/services/kavita.yaml @@ -1,16 +1,16 @@ services: kavita: - image: kizaing/kavita:latest + image: lscr.io/linuxserver/kavita:latest container_name: kavita restart: always volumes: - - configkavita:/kavita/config + - configkavita:/config - torrents:/torrents - /etc/localtime:/etc/localtime:ro environment: - TZ=${TZ} - # Wait for https://github.com/Kareadita/Kavita/issues/301 to be resolved - #user: "${PUID}:${PGID}" + - PGID=${PGID} + - PUID=${PUID} volumes: configkavita: From 1972fe2c4e0f00033a64ef14041d7073decb0e72 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Mon, 13 May 2024 10:37:29 +0200 Subject: [PATCH 33/43] Fix #55 --- README.md | 2 +- docker-compose.yaml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 97a2317..8d5309b 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ Check the [Configuration Guide](doc/configuration.md). ### Dependencies - [Docker](https://github.com/docker/docker) >= 20.10 -- [Docker Compose](https://github.com/docker/compose) >= 2.2 *(2.16+ recommended)* +- [Docker Compose](https://github.com/docker/compose) >= 2.27.0 - [local-persist Docker plugin](https://github.com/MatchbookLab/local-persist): installed directly on host (not in container). This is a volume plugin that extends the default local driver’s functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to always persist, even if the volume is removed via `docker volume rm`. Use *systemd* install for Ubuntu. - [jq](https://stedolan.github.io/jq/download/) >= 1.5 - [yq](https://github.com/mikefarah/yq/releases) >= 4 diff --git a/docker-compose.yaml b/docker-compose.yaml index 97e8dcb..a68542c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,5 +1,3 @@ -version: "3.8" - ############################################################################# ## Services are now located in separate files, in the services directory. ## ############################################################################# From 81e7b6242d4bf96141eb9a31340007fed05186de Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Mon, 27 May 2024 23:45:58 +0200 Subject: [PATCH 34/43] Add mylar service --- README.md | 1 + config.sample.yaml | 9 +++++++++ services/mylar.yaml | 18 ++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 services/mylar.yaml diff --git a/README.md b/README.md index 8d5309b..250ffa7 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U | Jackett | jackett.yourdomain.com | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett) | *latest* | Tracker indexer | | Prowlarr | prowlarr.yourdomain.com | [linuxserver/prowlarr](https://hub.docker.com/r/linuxserver/prowlarr) | *develop* | Tracker indexer | | JDownloader | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest* | Direct downloader | +| Mylar3 | mylar.yourdomain.com | [linuxserver/mylar3](https://lscr.io/linuxserver/mylar3)| *latest* | Comics manager | | Tautulli (plexPy) | tautulli.yourdomain.com | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli) | *latest* | Plex stats and admin | | ntfy | ntfy.yourdomain.com | [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy) | *latest* | Notifications manager | | Tdarr | tdarr.yourdomain.com | [haveagitgat/tdarr](https://hub.docker.com/r/haveagitgat/tdarr) | *latest* | Re-encode files | diff --git a/config.sample.yaml b/config.sample.yaml index 1f4ff0c..4d336a5 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -156,6 +156,15 @@ services: - host: kavita.${TRAEFIK_DOMAIN} httpAuth: false internalPort: 5000 + - name: mylar + enabled: true + vpn: false + traefik: + enabled: true + rules: + - host: mylar.${TRAEFIK_DOMAIN} + httpAuth: true + internalPort: 8090 - name: ombi enabled: false vpn: false diff --git a/services/mylar.yaml b/services/mylar.yaml new file mode 100644 index 0000000..1d84f72 --- /dev/null +++ b/services/mylar.yaml @@ -0,0 +1,18 @@ +services: + mylar: + image: lscr.io/linuxserver/mylar3:latest + container_name: mylar3 + restart: always + environment: + - PGID=${PGID} + - PUID=${PUID} + - TZ=${TZ} + volumes: + - configmylar:/config + - torrents:/torrents + +volumes: + configmylar: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/mylar \ No newline at end of file From ba9b3074e219f53a0332368ca4b2b9d64a0f60ba Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Mon, 27 May 2024 23:50:45 +0200 Subject: [PATCH 35/43] Fix mylar config --- services/mylar.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/services/mylar.yaml b/services/mylar.yaml index 1d84f72..c11f824 100644 --- a/services/mylar.yaml +++ b/services/mylar.yaml @@ -9,10 +9,15 @@ services: - TZ=${TZ} volumes: - configmylar:/config - - torrents:/torrents + - comics:/comics + - downloads:/downloads volumes: configmylar: driver: local-persist driver_opts: - mountpoint: $HOST_CONFIG_PATH/mylar \ No newline at end of file + mountpoint: $HOST_CONFIG_PATH/mylar + comics: + driver: local-persist + driver_opts: + mountpoint: $HOST_MEDIA_PATH/BD \ No newline at end of file From c76f1abae8c3c6ab9e605b09bb0a6e9337dc9197 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Tue, 28 May 2024 00:10:31 +0200 Subject: [PATCH 36/43] Fix komga port --- config.sample.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.sample.yaml b/config.sample.yaml index 4d336a5..0df0523 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -146,7 +146,7 @@ services: rules: - host: komga.${TRAEFIK_DOMAIN} httpAuth: false - internalPort: 8080 + internalPort: 25600 - name: kavita enabled: false vpn: false From 4734307d491a49e6872fa63fbfe5d2c233fd5b3c Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Wed, 13 Nov 2024 21:59:16 +0100 Subject: [PATCH 37/43] Support for media on distant server via NFS share --- .env.sample | 9 +++++ .gitignore | 4 ++- doc/configuration.md | 11 ++++++ ...compose.yaml => docker-compose.sample.yaml | 4 +++ init.sh | 3 ++ run-seedbox.sh | 5 +++ samples/docker-compose.sample.nfs.yaml | 36 +++++++++++++++++++ services/mylar.yaml | 6 +--- services/paperless.yaml | 4 --- 9 files changed, 72 insertions(+), 10 deletions(-) rename docker-compose.yaml => docker-compose.sample.yaml (85%) create mode 100644 samples/docker-compose.sample.nfs.yaml diff --git a/.env.sample b/.env.sample index 147defd..b854096 100644 --- a/.env.sample +++ b/.env.sample @@ -26,6 +26,15 @@ HOST_CONFIG_PATH="/data/config" HOST_MEDIA_PATH="/data/torrents" # Will be located in $HOST_MEDIA_PATH DOWNLOAD_SUBFOLDER="deluge" +DOCUMENTS_SUBFOLDER="documents" + +### NFS FOR MEDIA (only required if custom docker-compose file from sample/ directory is used) +# Volume share - beware of the starting ":" +NFS_MEDIA_VOLUME=":/volume1/homes/youruser/media" +# NFS Server IP +NFS_IP="192.168.0.XXX" + +# PGID and PUID of the disk permissions PGID=1000 PUID=1000 diff --git a/.gitignore b/.gitignore index 8dadb37..fb985f6 100644 --- a/.gitignore +++ b/.gitignore @@ -17,4 +17,6 @@ services/generated/*.yaml authelia/* .env.custom -*.env \ No newline at end of file +*.env + +docker-compose.yaml \ No newline at end of file diff --git a/doc/configuration.md b/doc/configuration.md index 278f515..55a66df 100644 --- a/doc/configuration.md +++ b/doc/configuration.md @@ -13,6 +13,7 @@ * [Default mode - Wireguard custom](#default-mode---wireguard-custom) * [Your own mode (VPN provider supported by gluetun)](#your-own-mode-vpn-provider-supported-by-gluetun) * [How is VPN handled?](#how-is-vpn-handled) +* [Media on NFS server](#media-on-nfs-server) * [Make the services communicate with each other](#make-the-services-communicate-with-each-other) * [How does the configuration work?](#how-does-the-configuration-work) * [Apps configuration](#apps-configuration) @@ -257,6 +258,16 @@ Behind the scenes, the ``run-seedbox.sh`` script will mainly add 2 overrides whe * Adds a file in [services/generated/](../services/generated/) which adds a ``network_mode: gluetun`` for your service. * Specify in Traefik rule that the backend host is gluetun instead of the service directly. +## Media on NFS Server + +If your media is not on the same machine as your containers, do the following: + +* Configure a NFS share on the network. +* Use the ``docker-compose.sample.nfs.yaml`` from the ``samples`` directory by copying it at the project root level and name it ``docker-compose.yaml``. +* Specify in ``.env`` the following variables: + * ``NFS_IP``: the IP of your NFS server + * ``NFS_MEDIA_VOLUME``: the volume of the share (it must start with ":/"). + ## Make the services communicate with each other With docker-compose, all services are in the same Docker network (it is called ``traefik-network`` and is defined [here](../docker-compose.yaml)). Docker provides DNS resolution in the same network based on the name of the services, which act as hostnames. diff --git a/docker-compose.yaml b/docker-compose.sample.yaml similarity index 85% rename from docker-compose.yaml rename to docker-compose.sample.yaml index a68542c..357be7e 100644 --- a/docker-compose.yaml +++ b/docker-compose.sample.yaml @@ -21,3 +21,7 @@ volumes: driver: local-persist driver_opts: mountpoint: $HOST_MEDIA_PATH/$DOWNLOAD_SUBFOLDER + documents: + driver: local-persist + driver_opts: + mountpoint: $HOST_MEDIA_PATH/$DOCUMENTS_SUBFOLDER diff --git a/init.sh b/init.sh index 061c564..69ec83d 100755 --- a/init.sh +++ b/init.sh @@ -6,5 +6,8 @@ if [[ ! -f .env ]]; then cp .env.sample .env echo "[$0] Please edit .env file" fi +if [[ ! -f docker-compose.yaml ]]; then + cp docker-compose.sample.yaml docker-compose.yaml +fi echo "[$0] Done." exit 0 \ No newline at end of file diff --git a/run-seedbox.sh b/run-seedbox.sh index afbf465..0ace2d0 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -46,6 +46,11 @@ if [[ ! -f .env ]]; then exit 1 fi +if [[ ! -f docker-compose.yaml ]]; then + echo "[$0] ERROR. \"docker-compose.yaml\" file not found. Please copy \"docker-compose.sample.yaml\" and edit its valuesif you need customization. Then, re-run this script." + exit 1 +fi + # Create/update http_auth file according to values in .env file source .env echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth diff --git a/samples/docker-compose.sample.nfs.yaml b/samples/docker-compose.sample.nfs.yaml new file mode 100644 index 0000000..da8540d --- /dev/null +++ b/samples/docker-compose.sample.nfs.yaml @@ -0,0 +1,36 @@ +############################################################################# +## Services are now located in separate files, in the services directory. ## +############################################################################# + +# Common network used by all services +networks: + default: + name: "traefik-network" + +# Common volumes used by at least 2 services +volumes: + config: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH + torrents: + driver_opts: + type: nfs + # Add NFS_IP to your .env with the corresponding value + o: addr=$NFS_IP,nolock,soft,nfsvers=4 + # Add NFS_MEDIA_VOLUME to your .env with the corresponding value + device: $NFS_MEDIA_VOLUME + downloads: + driver_opts: + type: nfs + # Add NFS_IP to your .env with the corresponding value + o: addr=$NFS_IP,nolock,soft,nfsvers=4 + # Add NFS_MEDIA_VOLUME to your .env with the corresponding value + device: $NFS_MEDIA_VOLUME/$DOWNLOAD_SUBFOLDER + documents: + driver_opts: + type: nfs + # Add NFS_IP to your .env with the corresponding value + o: addr=$NFS_IP,nolock,soft,nfsvers=4 + # Add NFS_MEDIA_VOLUME to your .env with the corresponding value + device: $NFS_MEDIA_VOLUME/$DOCUMENTS_SUBFOLDER diff --git a/services/mylar.yaml b/services/mylar.yaml index c11f824..84b0803 100644 --- a/services/mylar.yaml +++ b/services/mylar.yaml @@ -9,7 +9,7 @@ services: - TZ=${TZ} volumes: - configmylar:/config - - comics:/comics + - torrents:/comics - downloads:/downloads volumes: @@ -17,7 +17,3 @@ volumes: driver: local-persist driver_opts: mountpoint: $HOST_CONFIG_PATH/mylar - comics: - driver: local-persist - driver_opts: - mountpoint: $HOST_MEDIA_PATH/BD \ No newline at end of file diff --git a/services/paperless.yaml b/services/paperless.yaml index ebe8ec0..aacb2c3 100644 --- a/services/paperless.yaml +++ b/services/paperless.yaml @@ -57,10 +57,6 @@ volumes: driver: local-persist driver_opts: mountpoint: $HOST_CONFIG_PATH/paperless - documents: - driver: local-persist - driver_opts: - mountpoint: $HOST_MEDIA_PATH/documents configpaperlessexport: driver: local-persist driver_opts: From c0b6709616f145a41fed6055cd80f4c1cb9ac26b Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sun, 24 Nov 2024 15:47:13 +0100 Subject: [PATCH 38/43] Cleanup + add sample paperless variables --- .env.custom.sample | 13 +++++++++++++ .gitignore | 1 + update-nextcloud.sh => tools/update-nextcloud.sh | 0 3 files changed, 14 insertions(+) rename update-nextcloud.sh => tools/update-nextcloud.sh (100%) diff --git a/.env.custom.sample b/.env.custom.sample index 69b6f27..8725a1c 100644 --- a/.env.custom.sample +++ b/.env.custom.sample @@ -28,3 +28,16 @@ ################################################################# # DELUGE_CUSTOM_ENVIRONMENT_VARIABLE=exemple_value + +################################################################# +############# PAPERLESS CUSTOM ENVIRONMENT VARIABLES ############ +################################################################# + +PAPERLESS_PAPERLESS_SECRET_KEY=mykey +# list of language codes here: https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster +PAPERLESS_PAPERLESS_OCR_LANGUAGE=eng,fra +PAPERLESS_PAPERLESS_ADMIN_USER=admin +PAPERLESS_PAPERLESS_ADMIN_MAIL=yourmail@domain.com +PAPERLESS_PAPERLESS_ADMIN_PASSWORD=clear_password_changeme1234 +# Prevent errors when importing PDF files with digital signatures +PAPERLESS_PAPERLESS_OCR_USER_ARGS="{\"invalidate_digital_signatures\": true}" \ No newline at end of file diff --git a/.gitignore b/.gitignore index fb985f6..b1225fc 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ services.conf traefik/custom/dynamic*.yaml traefik/custom/custom-*.yaml samples/custom*/*.yaml +samples/custom*/*.yaml.disabled config.yaml services/custom/*.yaml diff --git a/update-nextcloud.sh b/tools/update-nextcloud.sh similarity index 100% rename from update-nextcloud.sh rename to tools/update-nextcloud.sh From 1e08c07edb337207f55eb3c9b4c3767436540729 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sun, 24 Nov 2024 15:50:21 +0100 Subject: [PATCH 39/43] Fix explicit bindings on paperless --- services/paperless.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/services/paperless.yaml b/services/paperless.yaml index aacb2c3..2030735 100644 --- a/services/paperless.yaml +++ b/services/paperless.yaml @@ -21,11 +21,6 @@ services: USERMAP_GID: ${PGID} PAPERLESS_TIME_ZONE: ${TZ} PAPERLESS_URL: https://paperless.${TRAEFIK_DOMAIN} - PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} - PAPERLESS_OCR_LANGUAGE: ${PAPERLESS_OCR_LANGUAGE} - PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USER} - PAPERLESS_ADMIN_MAIL: ${PAPERLESS_ADMIN_MAIL} - PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD} redis: image: docker.io/library/redis:7 From a9cce9c8e03f5a661da36a37f2d78a11f6c2c20f Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sun, 24 Nov 2024 16:18:42 +0100 Subject: [PATCH 40/43] Tidy up and move files around to get a less messy experience --- doc/UPGRADE_V2.md | 4 +++- run-seedbox.sh | 4 ++-- .../config-updater/config-updater.sh | 14 +++++++------- {config => tools/config-updater}/ports | 0 {config => tools}/tools.sh | 0 traefik/traefik.yaml | 6 +----- 6 files changed, 13 insertions(+), 15 deletions(-) rename config-updater.sh => tools/config-updater/config-updater.sh (89%) rename {config => tools/config-updater}/ports (100%) rename {config => tools}/tools.sh (100%) diff --git a/doc/UPGRADE_V2.md b/doc/UPGRADE_V2.md index 916b86d..9f72f86 100644 --- a/doc/UPGRADE_V2.md +++ b/doc/UPGRADE_V2.md @@ -7,7 +7,7 @@ Since there are some breaking changes and a configuration structure migration, a ## What's new? * **Configuration change to new YAML format** - * Run ``config-updater.sh`` to migrate your old services.conf to the new config.yaml format. + * Run ``cd tools/config-updater && ./config-updater.sh`` to migrate your old services.conf to the new config.yaml format. * ⚠️ ``jq`` (v1.5+) and ``yq`` (v4+) are now requirements * Easier feature switches * If a service is missing, it won't be enabled by default like before. The config is now more declarative. @@ -60,9 +60,11 @@ And also: ## How to migrate ```sh +cd tools/config-updater ./config-updater.sh # Check the content of your .env file (in comparison with .env.sample which brings new variables) # Also, check your generated config.yaml and read the config documentation (in doc/configuration.md) +cd ../.. ./run-seedbox.sh ``` diff --git a/run-seedbox.sh b/run-seedbox.sh index 0ace2d0..c5da393 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -3,7 +3,7 @@ set -e # Load common functions -source config/tools.sh +source tools/tools.sh # Check that required tools are installed check_utilities @@ -27,7 +27,7 @@ for i in "$@"; do done cleanup_on_exit() { - rm -f rules.props *-vpn.props config.json + rm -f rules.props *-vpn.props *-envfile.props config.json } trap cleanup_on_exit EXIT diff --git a/config-updater.sh b/tools/config-updater/config-updater.sh similarity index 89% rename from config-updater.sh rename to tools/config-updater/config-updater.sh index f150423..e37ccf8 100755 --- a/config-updater.sh +++ b/tools/config-updater/config-updater.sh @@ -12,20 +12,20 @@ cleanup_on_exit() { trap cleanup_on_exit EXIT # Load common functions -source config/tools.sh +source ../tools.sh # Check that required tools are installed check_utilities -if [[ ! -f services.conf ]]; then - echo "[$0] ERROR. Could nof find services.conf. Exiting." +if [[ ! -f ../../services.conf ]]; then + echo "[$0] ERROR. Could not find services.conf. Exiting." exit 1 fi jq -n '{"services": []}' > config.json # First, add Traefik as it was not explicitely set by default in old config file (services.conf) -if ! grep -q "traefik" services.conf; then +if ! grep -q "traefik" ../../services.conf; then jq -r '.services[.services| length] |= . + { "name": "traefik", @@ -45,7 +45,7 @@ if ! grep -q "traefik" services.conf; then mv tmp.json config.json fi -cat services.conf | while read line || [[ -n $line ]]; do +cat ../../services.conf | while read line || [[ -n $line ]]; do key=$(echo $line | sed -r "s/^(.*):.*$/\1/") enabled="true" if grep -q "disable" <<< $line; then @@ -89,7 +89,7 @@ cat services.conf | while read line || [[ -n $line ]]; do [[ $key == "nextcloud" ]] && internalScheme="https" # Define service default port from bundled config file - internalPort=$(cat config/ports | { grep $key || true; } | sed -r "s/^${key}: (.*)$/\1/") + internalPort=$(cat ports | { grep $key || true; } | sed -r "s/^${key}: (.*)$/\1/") rules=$(jq -n '[ { "host": "'"$key"'.'$(echo '${TRAEFIK_DOMAIN}')'", @@ -117,4 +117,4 @@ cat services.conf | while read line || [[ -n $line ]]; do done # Transform json into yaml, easier to manipulate for the user -cat config.json | yq e -P - > config.yaml \ No newline at end of file +cat config.json | yq e -P - > ../../config.yaml diff --git a/config/ports b/tools/config-updater/ports similarity index 100% rename from config/ports rename to tools/config-updater/ports diff --git a/config/tools.sh b/tools/tools.sh similarity index 100% rename from config/tools.sh rename to tools/tools.sh diff --git a/traefik/traefik.yaml b/traefik/traefik.yaml index fd94988..46ddb93 100644 --- a/traefik/traefik.yaml +++ b/traefik/traefik.yaml @@ -1,12 +1,10 @@ api: dashboard: true - # Set Access logs timezone # accessLog: # fields: # names: # StartUTC: drop - providers: docker: endpoint: "unix:///var/run/docker.sock" @@ -15,7 +13,6 @@ providers: file: directory: /etc/traefik/custom watch: true - entryPoints: insecure: address: ":80" @@ -31,11 +28,9 @@ entryPoints: certResolver: le middlewares: - security-headers@file - # Allow self-signed certificates for https backends (nextcloud for example) serversTransport: insecureSkipVerify: true - certificatesResolvers: le: acme: @@ -43,3 +38,4 @@ certificatesResolvers: httpChallenge: # used during the challenge entryPoint: insecure + From 0d81955541ae77ea4255ad53783781ed2383f342 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sun, 24 Nov 2024 17:12:08 +0100 Subject: [PATCH 41/43] Add documentation for custom env file + add local-persist install script (with a fix from official version) --- README.md | 4 +- doc/configuration.md | 32 ++++++++- init.sh | 16 +++++ run-seedbox.sh | 2 +- tools/local-persist.sh | 159 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 208 insertions(+), 5 deletions(-) create mode 100755 tools/local-persist.sh diff --git a/README.md b/README.md index 250ffa7..e3fbdda 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ Check the [Configuration Guide](doc/configuration.md). - [Docker](https://github.com/docker/docker) >= 20.10 - [Docker Compose](https://github.com/docker/compose) >= 2.27.0 -- [local-persist Docker plugin](https://github.com/MatchbookLab/local-persist): installed directly on host (not in container). This is a volume plugin that extends the default local driver’s functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to always persist, even if the volume is removed via `docker volume rm`. Use *systemd* install for Ubuntu. +- [local-persist Docker plugin](https://github.com/MatchbookLab/local-persist): installed directly on host (not in container). This is a volume plugin that extends the default local driver’s functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to always persist, even if the volume is removed via `docker volume rm`. Use *systemd* install for Ubuntu. **Since v2.2 the install script is bundled in seedbox's init script.** - [jq](https://stedolan.github.io/jq/download/) >= 1.5 - [yq](https://github.com/mikefarah/yq/releases) >= 4 @@ -99,7 +99,7 @@ sudo su -c "mkdir /data && mkdir /data/config && mkdir /data/torrents" ./init.sh ``` -Edit the `.env` file and change the variables as desired. +Edit the ``.env`` and ``.env.custom`` files and change the variables as desired. The variables are all self-explanatory. ### Review the configuration diff --git a/doc/configuration.md b/doc/configuration.md index 55a66df..427d624 100644 --- a/doc/configuration.md +++ b/doc/configuration.md @@ -133,11 +133,39 @@ Some general rules: Also, do not forget to edit your ``.env`` file, which is where all the data which will be sent to containers (passwords, tokens, uid for disk permission...) lives. +> ⚠️ Since v2.2 release, environment variable live in two places: ``.env`` for common/global variables, common for the whole stack, and ``.env.custom`` where variables are specific for services **and prefixed with the service name**. Read below for forther explanations. + +### Global variables + +All variables releated to the stack itself live in the ``.env`` file. They concern: + +* Traefik configuration (domain name, ACME mail, http-auth credentials...) +* Disk UUID/GUID +* Timezone +* Paths on your system/network and directories to organize your data and map docker volumes + +### Services variables + +This is a new feature in v2.2. For variables specific for a service, they are located in two places: + +* directly in the docker-compose service file (for example the one for [ntfy](../services/ntfy.yaml)) under the ``environment:`` section. Mostly, they are generic here and do not contain sensitive information or customization. +* in the [.env.custom](../.env.custom.sample) file, where variables **must be prefixed with the service name in uppercase and a "_"**, they will be injected on the corresponding service. + +*Example*: let's say you have a service called ``WONDERFULAPP``, and want it to use the environment variable ``MYKEY`` with the value ``ImAwesome``. +Simply add the following line in ``.env.custom``: + +```yaml +#[...] +# Add this line to add the variable "MYKEY" with value "ImAwesome" to the service "WONDERFULAPP". +WONDERFULAPP_MYKEY: "ImAwesome" +#[...] +``` + ## Add your own service Let's say you want to add a container nginx without interfering or creating conflicts in this git repository. That's possible. -Start by creating a file named nginx.yaml in the [services/custom/](services/custom/) directory: +Start by creating a file named nginx.yaml in the [services/custom/](../services/custom/) directory: ```yaml services: @@ -270,7 +298,7 @@ If your media is not on the same machine as your containers, do the following: ## Make the services communicate with each other -With docker-compose, all services are in the same Docker network (it is called ``traefik-network`` and is defined [here](../docker-compose.yaml)). Docker provides DNS resolution in the same network based on the name of the services, which act as hostnames. +With docker-compose, all services are in the same Docker network (it is called ``traefik-network`` and is defined [here](../docker-compose.sample.yaml)). Docker provides DNS resolution in the same network based on the name of the services, which act as hostnames. So, for example, in order to setup Deluge in Sonarr, just add ``http://deluge:8112`` in the Download Clients settings section in Sonarr. diff --git a/init.sh b/init.sh index 69ec83d..52473ef 100755 --- a/init.sh +++ b/init.sh @@ -1,13 +1,29 @@ #!/bin/bash echo "[$0] Initializing..." + +# Create docker network docker network create traefik-network 2>&1 || true + +echo "Installing local-persist docker driver... (will prompt for password for sudo access)" +sudo tools/local-persist.sh + +# Copy env file if [[ ! -f .env ]]; then cp .env.sample .env echo "[$0] Please edit .env file" fi + +# Copy custom env file +if [[ ! -f .env.custom ]]; then + cp .env.custom.sample .env.custom + echo "[$0] Please edit .env.custom file if you want more customization (see documentation)." +fi + +# Copy sample docker compose file if [[ ! -f docker-compose.yaml ]]; then cp docker-compose.sample.yaml docker-compose.yaml fi + echo "[$0] Done." exit 0 \ No newline at end of file diff --git a/run-seedbox.sh b/run-seedbox.sh index c5da393..ecc9d7c 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -47,7 +47,7 @@ if [[ ! -f .env ]]; then fi if [[ ! -f docker-compose.yaml ]]; then - echo "[$0] ERROR. \"docker-compose.yaml\" file not found. Please copy \"docker-compose.sample.yaml\" and edit its valuesif you need customization. Then, re-run this script." + echo "[$0] ERROR. \"docker-compose.yaml\" file not found. Please copy \"docker-compose.sample.yaml\" and edit its values if you need customization. Then, re-run this script." exit 1 fi diff --git a/tools/local-persist.sh b/tools/local-persist.sh new file mode 100755 index 0000000..3b53faf --- /dev/null +++ b/tools/local-persist.sh @@ -0,0 +1,159 @@ +#!/usr/bin/env bash + +set -e + +VERSION="v1.3.0" + +gitDir=$(realpath `dirname $BASH_SOURCE`/..) +echo $gitDir + +# uname -s, uname -m +# Deb 32: Linux i686 +# Ubuntu 64: Linux x86_64 +# FreeBSD: FreeBSD amd64 + +if [[ "$UID" != 0 ]]; then + echo NOTE: sudo needed to set up and run start service + exit 1 +fi + + +if [[ `git -C "${gitDir}" rev-parse --is-inside-work-tree 2> /dev/null` == "true" ]]; then + thisGit=`git -C "${gitDir}" config --get remote.origin.url` + thisGit=${thisGit::-4} + GITHUB_BINARY_BASE="${thisGit}/releases/download" + GITHUB_RAW_BASE="${thisGit/github.com/raw.githubusercontent.com}/releases/download" +fi + +if [[ $thisGit == "" ]]; then + GITHUB_URL_PARTS="MatchbookLab/local-persist" + GITHUB_BINARY_BASE="https://github.com/${GITHUB_URL_PARTS}/releases/download" + GITHUB_RAW_BASE="https://raw.githubusercontent.com/${GITHUB_URL_PARTS}/" + GITHUB_URL_PARTS= +fi + + +function setenv { + OS=$(uname -s | tr "[:upper:]" "[:lower:]") + ARCH=$(uname -m) + + SUPPORTED=false + if [[ $OS == "linux" ]]; then + case $ARCH in + "x86_64") + ARCH="amd64" + SUPPORTED=true + ;; + "aarch64") + ARCH="arm64" + SUPPORTED=true + ;; + "i686") + # ARCH="386" + SUPPORTED=false + ;; + # untested + arm*) + # ARCH="arm" + SUPPORTED=false + ;; + esac + elif [[ $OS == 'freebsd' ]]; then + ARCH=$(uname -m) + SUPPORTED=false + fi + + if [[ $SUPPORTED == false ]]; then + echo $OS $ARCH is not supported + exit 2 + fi +} + +function install-binary { + echo Stopping docker-volume-local-persist service if running + echo '' + if [[ $* == *--upstart* ]]; then + (sudo service docker-volume-local-persist stop || true) + else + (sudo systemctl stop docker-volume-local-persist || true) + fi + + BINARY_URL="${GITHUB_BINARY_BASE}/${VERSION}/local-persist-${OS}-${ARCH}" + BINARY_DEST="/usr/bin/docker-volume-local-persist" + + echo Downloading binary: + echo " From: $BINARY_URL" + echo " To: $BINARY_DEST" + + curl -fLsS "$BINARY_URL" > $BINARY_DEST + chmod +x $BINARY_DEST + + echo Binary download + echo '' +} + +# Systemd (default) +function setup-systemd { + SYSTEMD_CONFIG_URL="${GITHUB_RAW_BASE}/${VERSION}/init/systemd.service" + SYSTEMD_CONFIG_DEST="/etc/systemd/system/docker-volume-local-persist.service" + + echo Downloading Systemd service conf: + echo " From: $SYSTEMD_CONFIG_URL" + echo " To: $SYSTEMD_CONFIG_DEST" + + sudo curl -fLsS "$SYSTEMD_CONFIG_URL" > $SYSTEMD_CONFIG_DEST + + echo Systemd conf downloaded + echo '' +} + +function start-systemd { + echo Starting docker-volume-local-persist service... + + sudo systemctl daemon-reload + sudo systemctl enable docker-volume-local-persist + sudo systemctl start docker-volume-local-persist + sudo systemctl status --full --no-pager docker-volume-local-persist + + echo '' + echo Done! If you see this message, that should mean everything is installed and is running. +} + +# Upstart +function setup-upstart { + UPSTART_CONFIG_URL="${GITHUB_RAW_BASE}/${VERSION}/init/upstart.conf" + UPSTART_CONFIG_DEST="/etc/init/docker-volume-local-persist.conf" + + echo Downloading binary: + echo " From: $UPSTART_CONFIG_URL" + echo " To: $UPSTART_CONFIG_DEST" + + sudo curl -fLsS "$UPSTART_CONFIG_URL" > $UPSTART_CONFIG_DEST + + echo Upstart conf downloaded + echo '' +} + +function start-upstart { + echo Reloading Upstart config and starting docker-volume-local-persist service... + + sudo initctl reload-configuration + sudo service docker-volume-local-persist start + sudo service docker-volume-local-persist status + + echo '' + echo Done! If you see this message, that should mean everything is installed and is running. +} + + +setenv + +if [[ $* == *--upstart* ]]; then + install-binary --upstart + setup-upstart + start-upstart +else + install-binary + setup-systemd + start-systemd +fi From 67be0779565f950559722b4bd36d57b73d267ad5 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sun, 24 Nov 2024 23:51:54 +0100 Subject: [PATCH 42/43] Documentation + refactoring and edit sample files --- .env.custom.sample | 37 ++- .env.sample | 54 +--- .gitignore | 2 + CHANGELOG.md | 284 +++++++++++++++++++ README.md | 2 +- VERSION | 1 + config.sample.yaml | 6 + doc/configuration.md | 13 +- doc/traefik.md | 18 ++ doc/{traefik_v2.md => traefik_v2_upgrade.md} | 0 run-seedbox.sh | 51 +++- services/gluetun.yaml | 9 - services/mariadb.yaml | 23 ++ services/nextcloud.yaml | 23 +- tools/init-setup-nextcloud.sh | 2 +- 15 files changed, 445 insertions(+), 80 deletions(-) create mode 100644 CHANGELOG.md create mode 100644 VERSION create mode 100644 doc/traefik.md rename doc/{traefik_v2.md => traefik_v2_upgrade.md} (100%) create mode 100644 services/mariadb.yaml diff --git a/.env.custom.sample b/.env.custom.sample index 8725a1c..32db60b 100644 --- a/.env.custom.sample +++ b/.env.custom.sample @@ -27,7 +27,25 @@ ###################### OTHER APPS VARIABLES ##################### ################################################################# -# DELUGE_CUSTOM_ENVIRONMENT_VARIABLE=exemple_value +# Calibre admin password +CALIBRE_CALIBRE_PASSWORD=changeme + +# Flood Password for Deluge RPC daemon +FLOOD_FLOOD_PASSWORD=changeme + +# Please ensure you encrypt your password first using this command: +# docker run -it --rm --entrypoint htpasswd ubuntu/apache2 -nbB admin your_password | cut -d ":" -f 2 | sed -e s/\\$/\\$\\$/g +PORTAINER_PORTAINER_ADMIN_PASSWORD=changeme + +# Nextcloud +NEXTCLOUD_NEXTCLOUD_ADMIN_USER=admin # you can change it +NEXTCLOUD_NEXTCLOUD_ADMIN_PASSWORD=changeme + +# Nextcloud DB (mariadb) +MARIADB_MYSQL_ROOT_PASSWORD=changeme +MARIADB_MYSQL_DATABASE=nextcloud +MARIADB_MYSQL_USER=nextcloud +MARIADB_MYSQL_PASSWORD=changeme ################################################################# ############# PAPERLESS CUSTOM ENVIRONMENT VARIABLES ############ @@ -40,4 +58,19 @@ PAPERLESS_PAPERLESS_ADMIN_USER=admin PAPERLESS_PAPERLESS_ADMIN_MAIL=yourmail@domain.com PAPERLESS_PAPERLESS_ADMIN_PASSWORD=clear_password_changeme1234 # Prevent errors when importing PDF files with digital signatures -PAPERLESS_PAPERLESS_OCR_USER_ARGS="{\"invalidate_digital_signatures\": true}" \ No newline at end of file +PAPERLESS_PAPERLESS_OCR_USER_ARGS="{\"invalidate_digital_signatures\": true}" + +################################################################# +############## GLUETUN CUSTOM ENVIRONMENT VARIABLES ############# +################################################################# + +# Wireguard custom endpoint +GLUETUN_VPN_SERVICE_PROVIDER=custom +GLUETUN_VPN_TYPE=wireguard + +GLUETUN_VPN_ENDPOINT_IP=changeme # Wireguard endpoint +GLUETUN_VPN_ENDPOINT_PORT=51820 +GLUETUN_WIREGUARD_PUBLIC_KEY=changeme +GLUETUN_WIREGUARD_PRIVATE_KEY=changeme +GLUETUN_WIREGUARD_PRESHARED_KEY=changeme # optional +GLUETUN_WIREGUARD_ADDRESSES=changeme # Wireguard LAN address \ No newline at end of file diff --git a/.env.sample b/.env.sample index b854096..894ea34 100644 --- a/.env.sample +++ b/.env.sample @@ -7,11 +7,6 @@ DOCKER_COMPOSE_BINARY="docker compose" # or "docker-compose" TRAEFIK_DOMAIN=mydomain.com ACME_MAIL=my-email@my-provider.com -# Custom resolver for Traefik / ACME (override existing httpChallenge) -# You also have to use .env.custom by copying .env.custom.sample and uncomment / edit appropriate variables first -# See list here: https://go-acme.github.io/lego/dns/#dns-providers -# TRAEFIK_CUSTOM_ACME_RESOLVER="changeme" # example "cloudflare" or "ovh" - # General settings TZ="Europe/Paris" @@ -22,9 +17,11 @@ HTTP_USER=myuser HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes! # Host paths + containers permissions mapping +# Default = "/data/config" HOST_CONFIG_PATH="/data/config" +# Default = "/data/torrents" HOST_MEDIA_PATH="/data/torrents" -# Will be located in $HOST_MEDIA_PATH +# Default = "deluge". Will be located in $HOST_CONFIG_PATH DOWNLOAD_SUBFOLDER="deluge" DOCUMENTS_SUBFOLDER="documents" @@ -34,43 +31,18 @@ NFS_MEDIA_VOLUME=":/volume1/homes/youruser/media" # NFS Server IP NFS_IP="192.168.0.XXX" -# PGID and PUID of the disk permissions -PGID=1000 +# Filesystem permissions +# PUID and PGID of the disk permissions PUID=1000 +PGID=1000 -# Database (for Nextcloud) -MYSQL_ROOT_PASSWORD=changeme -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud -MYSQL_PASSWORD=changeme - -# Nextcloud -NEXTCLOUD_ADMIN_USER=admin # you can change it -NEXTCLOUD_ADMIN_PASSWORD=changeme +################################################################################# +################# Various seedbox's autoconfiguration variables ################# +################################################################################# -# Portainer -# Please ensure you encrypt your password first using this command: -# docker run -it --rm --entrypoint htpasswd ubuntu/apache2 -nbB admin your_password | cut -d ":" -f 2 | sed -e s/\\$/\\$\\$/g -PORTAINER_ADMIN_PASSWORD=changeme +# Custom resolver for Traefik / ACME (override existing httpChallenge) +# You also have to use .env-custom by copying .env-custom.sample and uncomment / edit appropriate variables first +# See list here: https://go-acme.github.io/lego/dns/#dns-providers +# TRAEFIK_CUSTOM_ACME_RESOLVER="changeme" # example "cloudflare" or "ovh" -# Flood username declared in deluge RPC daemon -FLOOD_PASSWORD=changeme # Flood Password for Deluge RPC daemon FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false - -CALIBRE_PASSWORD=mycalibrepassword - -# Paperless -PAPERLESS_SECRET_KEY=changeme -# list of language codes here: https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster -PAPERLESS_OCR_LANGUAGE=eng -PAPERLESS_ADMIN_USER=changeme -PAPERLESS_ADMIN_MAIL=changeme -PAPERLESS_ADMIN_PASSWORD=changeme - -# Wireguard custom endpoint -WIREGUARD_ENDPOINT=changeme # Wireguard endpoint -WIREGUARD_PORT=51820 -WIREGUARD_PUBLIC_KEY=changeme -WIREGUARD_PRIVATE_KEY=changeme -WIREGUARD_ADDRESS=changeme # Wireguard LAN address -WIREGUARD_PRESHARED_KEY=changeme # optional \ No newline at end of file diff --git a/.gitignore b/.gitignore index b1225fc..778524d 100644 --- a/.gitignore +++ b/.gitignore @@ -19,5 +19,7 @@ services/generated/*.yaml authelia/* .env.custom *.env +env/* +env docker-compose.yaml \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..1b9fe49 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,284 @@ +# v2.2 (The Flame 🔥) + +## What's new? + +### New services 💫 + +* ``qBittorrent``: [Torrends downloader](https://github.com/qbittorrent/qBittorrent) + * Use of ``hotio`` build ([documentation here](https://hotio.dev/containers/qbittorrent/)) with VueTorrent and native VPN support (for those who want to avoid gluetun configuration) + * Use of qBittorrent is recommended over Deluge as the project is more active and its alternative UI setup is easier (no separate container). +* ``Filebrowser``: [Lightweight filebrowser](https://github.com/filebrowser/filebrowser) +* ``Homarr``: [Dashboard](https://github.com/ajnart/homarr) +* ``Homepage``: [Dashboard](https://github.com/gethomepage/homepage) (fix #54) +* ``Mylar``: [Comic Book downloader](https://github.com/mylar3/mylar3) +* ``ntfy``: [Push notifications for your services](https://github.com/binwiederhier/ntfy) +* ``Paperless-ngx``: [Documents management](https://github.com/paperless-ngx/paperless-ngx) + +### New features ✨ + +* Set app-specific environment variables in a dedicated files to load them only for the targeted application. + See [the documentation](doc/configuration.md#environment-variables) for more details on how it works. + **Now every app customization is possible**. +* Support Traefik Custom ACME resolver (Cloudflare, OVH, you-name-it...) + See the [corresponding documentation](doc/traefik.md) to use it. +* Support remote NFS storage for media. Just replace your ``docker-compose.yaml`` by the one in the [samples](samples/docker-compose.sample.nfs.yaml) directory (keep the same ``docker-compose.yaml`` filename). See the [configuration guide section](doc/configuration.md#media-on-nfs-server) to configure properly. + +## Bugfixes and improvements ⚙️ + +* **Gluetun (vpn)** + * Use ghcr.io image + * Add ``/dev/net/tun`` mount to container + * Use non-depracated environment variables +* **Kavita (ebook library management)** + * Use LinuxServer image and adapt accordingly. Update should be seamless. +* **Overseerr** + * Use public dns to workaround network issues +* **Plex** + * Remove useless port bindings as ``network_mode`` is ``host`` for Plex. +* Cleanup old files, refactoring +* Add ``local-persist driver`` installation in init script. It contains a fix which is not (yes) published on the Github official repository. +* Fix ``komga`` default port in config.yaml sample file. +* Docker compose supported version is now at least ``2.27.0``. +* Fix #43: fix warning for jq and output format. +* Refactor ``run-seedbox.sh`` script (use of functions, move code around, tiny fixes...) +* Due to newly added app-specific environment variables, gluetun VPN config and install mode has been refined. Please see the [documentation](doc/configuration.md#vpn) for specific details. + +## ⚠️ Config changes ⚠️ + +### Nextcloud and DB + +MariaDB is now a separate service, and nextcloud is still dependant on it. +In order to enable ``mariadb`` service, either refer to ``config.sample.yaml`` or add the following to your ``config.yaml`` file: + +```yaml +# [...] + - name: mariadb + enabled: true + vpn: false + traefik: + enabled: false + rules: [] +# [...] +``` + +### Variables + +Due to the refactoring of the app-specific variables (by using ``.env.custom`` file), some old variables present in ``.env`` must be moved to ``.env.custom`` and prefixed with the service name. + +> The ``run-seedbox.sh`` script will detect obsolete configuration in .env and will notify yo and stop to prevent config errors. + +If the following variables are present (not commented not absent) in your ``.env`` file, copy it in the new ``.env.custom`` file (either copy the value by using the placeholder already in place in the new file or overriding completely the file). + +| Variable in **.env** | Variable in **.env.custom** | +|---|---| +| Variables starting by ``MYSQL_`` | Add prefix ``MARIADB_`` | +| Variables starting by ``NEXTCLOUD_``| Add **another** ``NEXTCLOUD_`` prefix | +| Variables starting by ``PAPERLESS_`` | Add **another** ``PAPERLESS_`` prefix | +| Variables starting by ``PORTAINER_``| Add **another** ``PORTAINER_`` prefix | +| Variable named ``FLOOD_PASSWORD`` | ``FLOOD_FLOOD_PASSWORD`` | +| Variable named ``CALIBRE_PASSWORD`` | ``CALIBRE_CALIBRE_PASSWORD`` | +| Variable named ``WIREGUARD_ENDPOINT`` | ``GLUETUN_VPN_ENDPOINT_IP`` | +| Variable named ``WIREGUARD_PORT`` | ``GLUETUN_VPN_ENDPOINT_PORT`` | +| Variable named ``WIREGUARD_PUBLIC_KEY`` | ``GLUETUN_WIREGUARD_PUBLIC_KEY`` | +| Variable named ``WIREGUARD_PRIVATE_KEY`` | ``GLUETUN_WIREGUARD_PRIVATE_KEY`` | +| Variable named ``WIREGUARD_PRESHARED_KEY`` | ``GLUETUN_WIREGUARD_PRESHARED_KEY`` | +| Variable named ``WIREGUARD_ADDRESS`` | ``GLUETUN_WIREGUARD_ADDRESSES`` (**plural!**) | + +# v2.1 (The Pearl ⚪) + +## What's new? +- Plex is now in host network mode. You can safely ignore warnings when Plex image is updated. With host mode, you'll be able to distinct local vs remote connections to Plex in Tautulli (and in Plex dashboard) if your server is at home. +- New services available: [Calibre](https://github.com/linuxserver/docker-calibre) + [Calibre-web](https://github.com/linuxserver/docker-calibre-web) added. They are disabled by default. + +## Fixes + +- Fix typo in gluetun PGID variable +- Documentation wording edits (thanks again @tromcho) +- Fix #24: now you can add .torrent files in deluge again +- Fix #37: Portainer port + explanation for password generation in .env.sample file +- Fix #32: Now you can specify which ``docker compose`` binary to use. Useful when using ``docker-compose`` binary, even for v2. Defaults to "docker-compose" for retro-compatibility purposes. Please check [.env.sample](.env.sample). +- Fix #20: New documentation in [doc/apps/deluge-flood.md](doc/apps/deluge-flood.md) to explain how deluge must be configured for Flood to work. +- Remove Traefik pilot token, as the feature has been removed from Traefik itself. + +# v2.0 (The Swan 🦢) + +**Seedbox version 2 is here!** 🔥 + +Since there are some breaking changes and a configuration structure migration, a major version was mandatory. + +## What's new? + +* **Configuration change to new YAML format** + * Run ``config-updater.sh`` to migrate your old services.conf to the new config.yaml format. + * ⚠️ ``jq`` (v1.5+) and ``yq`` (v4+) are now requirements + * Easier feature switches + * If a service is missing, it won't be enabled by default like before. The config is now more declarative. + * Traefik routing rules are now dynamically generated in a file in Traefik config directory, so no more Docker labels. They became hard to maintain due to all possibilities caused by VPN support or custom files for example. + * New config syntax documented in the [Configuration Guide](doc/configuration.md#configuration-structure-and-parameters). +* **VPN support** + * With ``gluetun`` service, you can now place any service behind a VPN. + * Default gluetun configuration is Wireguard "custom" mode, but see below... + * More details in the [VPN section of the Configuration Guide](doc/configuration.md#vpn). +* **Support custom services and docker-compose yaml files** + * Place a docker-compose yaml file in ``services/custom/`` directory, add a service in your config.yaml specifying a ``customFile``, and you are set. + * Support Plex hardware transcoding using a custom-file, already available in the ``services`` directory (just specify a ``customFile`` on plex service - see [config.sample.yaml](config.sample.yaml)). + * More details in the [Configuration Guide](doc/configuration.md#add-your-own-service). +* **Support arbitrary Traefik rules** + * Place a Traefik YAML in ``samples/custom-traefik/`` directory, it will be copied in the Traefik configuration folder. + * Ideal to forward traffic to other services which do not belong to this seedbox. + * More details in [this section of the Configuration Guide](doc/configuration.md#integration-with-other-services-custom-traefik-config) +* **Disable certificates for some domains** + * Using the flag ``httpOnly: true`` on a service, access any service in unsecure mode, delegating certificates management on a higher level (reverse proxy, firewall...). More details in the [Configuration Guide](doc/configuration.md#disable-https-completely). +* **Multiple hosts for any services** + * The new config structure allows for more customization, for example you can now have many routes on the same service. Let's say, a local unsecured route + a secured one for remote access. Or anything you want. +* **More customization** + * Such as http authentication which is no more hardcoded but configurable for each service. + * Configurable paths on host for persistent data +* **New services** + * ``Gluetun``: [VPN client (see above)](https://github.com/qdm12/gluetun) + * ``Heimdall``: [Dashboard](https://github.com/linuxserver/Heimdall) + * ``Readarr``: [Ebook and comic monitor](https://github.com/Readarr/Readarr) + * ``Komga``: [Comic Book Manager](https://github.com/gotson/komga) + * ``Kavita``: [Comic / Book Manager](https://github.com/Kareadita/Kavita) + * ``Syncthing``: [P2P files synchronization](https://github.com/linuxserver/docker-syncthing) +* ⚠️ Docker compose v2.2+ is now required + +And also: + +* ``update-all.sh`` is now called ``run-seedbox.sh`` but its purpose is the same. +* More checks in ``run-seedbox.sh``. For example, throws an error if Flood is enabled but not Deluge, or if VPN is enabled on a service but the VPN client is not. +* You can now specify where your data lives on your host through new environments variables (see [.env.sample](.env.sample)). + * This change is backward-compatible as the ``run-seedbox.sh`` script will default to the old "/data/torrents" and "/data/config" paths if these variables are not set. +* ``networks:`` section is now aligned with the new docker compose syntax +* ⚠️ Nextcloud-db has moved. It is now in ``/data/config`` (or somewhere else if you set the new variables for host paths) (see below how to mitigate the errors). [See the dedicated section below](#nextcloud-db-has-moved). +* Disable Traefik access logs +* New flag ``--debug`` for ``run-seedbox.sh`` to see what is happening during configuration parsing. +* Releases are named after LOST mythology. I exhausted all the characters of Person of Interest, so that's time for a change. Only geeks will get it, I know. + +## Some reading about configuration + +📖 Do not forget to read the [Configuration Guide](doc/configuration.md). + +## How to migrate + +```sh +./config-updater.sh +# Check the content of your .env file (in comparison with .env.sample which brings new variables) +# Also, check your generated config.yaml and read the config documentation (in doc/configuration.md) +./run-seedbox.sh +``` + +When everything runs smoothly, you can delete your old configuration file which is now useless: + +```sh +rm -f services.conf +``` + +> ⚠️ Also, please make sure you have read the next section about Nextcloud Database location. + +## Nextcloud-db has moved + +Since commit e4ede925a8ce09b177206f30487a889da9e10334, nextcloud-db directory (mapped on /var/lib/mysql) has moved from +``/data/nextcloud-db`` to ``$HOST_CONFIG_PATH/nextcloud-db`` (*/data/config/nextcloud-db by default*). + +To ensure a smooth transition, you will have to move the directory nextcloud-db into the correct new location, then run some commands to fix the schema: + +```sh +mv /data/nextcloud-db/ /data/config/ +./run-seedbox.sh +source .env +docker exec -it nextcloud-db mysql_upgrade -u root -p${MYSQL_ROOT_PASSWORD} +docker restart nextcloud nextcloud-db +``` + +Ensure everything runs nicely by looking at nextcloud-db and nextcloud logs, and by accessing your Nextcloud web UI. + +# v1.5 (Carl Elias) + +## Changes + +- **Prowlarr is set to develop branch** + +## Fixes and improvements + +- Fix docker-compose timeout variable +- JDownloader now always restarts (align behavior with all services) +- Tiny improvements on Nextcloud + - Fix startup command + - New script *update-nextcloud.sh* to update to latest sources and perform Nextcloud upgrades + +# v1.4 (Jocelyn Carter) + +## New + +- **Add Ombi** (disabled by default) +- **Add Overseer** +- **Add Prowlarr** (alternative to Jackett with *arr softwares indexers auto-sync) (*still in alpha*) +- **Add Flood UI** for Deluge (connects directly to Deluge daemon). It is still experimental. Beware of new environment variables in **.env.sample**, used to set password for Deluge RPC connection and (optional) auto-creation of the Deluge "flood" daemon user. +A ``sudo chown -R ${PUID}:${PGUID} /data/config/flood`` should be done if permissions are not correctly set when starting flood (see its logs). +- services.conf file is now per-user, so in this repository there is only the sample file now. Existing services.conf files will be retained, so there should be no impact for users. A warning is now displayed if there is a new service in services.conf.sample to alert users about a configuration "drift" between their file and the "upstream" one. + +## Improvements + +- Add ``--no-pull`` flag to ``update-all.sh`` script, which skips the pull step. Useful when configuring/debugging/recreating containers. +- Netdata tag is now "**stable**", and Docker socket is mounted as read-only. + +# v1.3 (Samantha Groves) + +## New + +- Sonarr and Lidarr are now on tag *develop* +- Tdarr is now v2 only, all configuration has moved and no procedure to migrate v1 config exist. + +## Improvements + +- Fix Nextcloud init script +- Fix typos + +# v1.2 (Lionel Fusco) + +## New + +- Use ghcr.io as registry when possible to limit DockerHub rate limits +- Add FlareSolverr to bypass Cloudflare protection with some Jackett indexers +- Possibility to disable each service separately. See README.md + +## Improvements + +- Netdata: enable new metrics by mapping more host volumes +- Split docker-compose.yml into separate YAML files. Now easier to use, hack and maintain. +- Explicit tag on Tdarr, as v2 is out and migration is not done yet. + +## Warning + +- Docker-compose 1.28+ is now required. +- After upgrading, all containers will be recreated. No data will be lost. It is due to the new file structure. + +# v1.1 (Sameen Shaw) + +Maintenance release with the following changes: + +- Added [Tdarr](https://github.com/HaveAGitGat/Tdarr) service +- Nextcloud now uses Linuxserver.io image, and has its own database (MariaDB). +- Radarr updated to V3 (channel is now develop) +- Traefik rules and labels a bit simplified (entrypoint declaration is now global for example) + +# v1.0 (Harold Finch) + +After Traefik 2 update, here's the first milestone. + +Initial changelog: +- Traefik v2 with configuration through environment only (config files work out-of-the-box) +- Automatic Let's Encrypt certificates creation and renewal. Launch it and forget it! +- Persistent storage (by using ``local-persist`` docker plugin) + - For media/downloads + - For configuration files (easier to backup) +- Shared HTTP authentication for services which have no build-in login enabled by default +- Traefik console enabled and secured by default +- Global HTTP to HTTPS redirection +- Permissions mapping by the use of GID/UID environment variables in containers +- Easy to install: see README.md +- Easy to update + - ``git pull`` + - ``./update-all.sh`` +- All is hackable diff --git a/README.md b/README.md index e3fbdda..b154e59 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ Version 2 is released, please make sure you read [this V2 Migration Guide](doc/U ## 🌐 Traefik -The front-end reverse proxy (Traefik - **check [this guide](doc/traefik_v2.md) if you still have the seedbox with Traefik v1**) routes based on the lowest level subdomain (e.g. `deluge.example.com` would route to deluge). Since this is how the router works, it is recommended for you to get a top level domain. If you do not have one, you can edit your domains locally by changing your hosts file or use a browser plugin that changes the host header. +The front-end reverse proxy (Traefik - **check [this guide](doc/traefik_v2_upgrade.md) if you still have the seedbox with Traefik v1**) routes based on the lowest level subdomain (e.g. `deluge.example.com` would route to deluge). Since this is how the router works, it is recommended for you to get a top level domain. If you do not have one, you can edit your domains locally by changing your hosts file or use a browser plugin that changes the host header. Traefik takes care of valid Let's Encrypt certificates and auto-renewal. diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..6161878 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +2.2 \ No newline at end of file diff --git a/config.sample.yaml b/config.sample.yaml index 0df0523..7b1f219 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -219,6 +219,12 @@ services: - host: tdarr.${TRAEFIK_DOMAIN} httpAuth: true internalPort: 8265 + - name: mariadb + enabled: false + vpn: false + traefik: + enabled: false + rules: [] - name: nextcloud enabled: true vpn: false diff --git a/doc/configuration.md b/doc/configuration.md index 427d624..75de564 100644 --- a/doc/configuration.md +++ b/doc/configuration.md @@ -263,14 +263,23 @@ By default, the file used is [gluetun.yaml](../services/gluetun.yaml), which is ### Default mode - Wireguard custom -* Edit the ``.env`` file and replace the Wireguard variables with your own (take them in ``.env.sample``). -* Enable ``gluetun`` service. +* Edit the ``.env.custom`` file and replace the Gluetun/Wireguard variables with your own (take them in ``.env.custom.sample``). +* Enable ``gluetun`` service in ``config.yaml``. * Enable vpn (``vpn: true``) on any service. * Run ``./run-seedbox.sh``. * The service now uses Wireguard. If gluetun is down or if the VPN link is broken, your service won't have any access to Internet. ### Your own mode (VPN provider supported by gluetun) +> Old way of doing "your own mode" is deprecated (since v2.2) now that custom environment variables are available for all the services. + +#### Proper way (since v2.2) + +* Just edit the ``.env.custom`` file and adapt ``GLUETUN_VPN_SERVICE_PROVIDER``, ``GLUETUN_VPN_TYPE`` and all required variables based on your provider/configuration. **Do not forget to prefix all variables coming from Gluetun documentation with ``GLUETUN_``**. +* All possible environment variables for Gluetun are documented [here](https://github.com/qdm12/gluetun-wiki/tree/main/setup/providers). + +#### Legacy mode (**deprecated**) + * Create a ``gluetun-custom.yaml`` in the [services/custom/](../services/custom/) directory. You can duplicate [this one](../services/gluetun.yaml) to avoid starting from scratch. * Adapt it to your needs (variables, mode...) according to your provider. * Add all variables you may need (used in your custom yaml file) in your ``.env`` file (replacing the wireguard ones). diff --git a/doc/traefik.md b/doc/traefik.md new file mode 100644 index 0000000..70b8342 --- /dev/null +++ b/doc/traefik.md @@ -0,0 +1,18 @@ +# Traefik configuration + +## Table of content + +* [Use custom ACME provider](#use-custom-acme-provider) + +## Use custom ACME provider + +In order to use something else than the default HTTP challenge, you can set the variable ``TRAEFIK_CUSTOM_ACME_RESOLVER`` to the provider you want to use ([list of provider codes is here](https://doc.traefik.io/traefik/https/acme/#providers)) (e.g. ``cloudflare``) in your ``.env``. + +Then, configure the required environment variables (listed in the above referenced list) in ``.env.custom`` file. +For example, with Cloudflare you should *at least* set both ``CF_API_EMAIL`` and ``CF_API_KEY``. + +Then, the usual: + +```sh +./run-seedbox.sh +``` diff --git a/doc/traefik_v2.md b/doc/traefik_v2_upgrade.md similarity index 100% rename from doc/traefik_v2.md rename to doc/traefik_v2_upgrade.md diff --git a/run-seedbox.sh b/run-seedbox.sh index ecc9d7c..1b0f718 100755 --- a/run-seedbox.sh +++ b/run-seedbox.sh @@ -46,15 +46,56 @@ if [[ ! -f .env ]]; then exit 1 fi +if [[ ! -f .env.custom ]]; then + echo "[$0] ERROR. \".env.custom\" file not found. Please copy \".env.custom.sample\" and edit its values. Be aware that since v2.2 update, some variables from .env must be moved to .env.custom. When done, re-run this script." + exit 1 +fi + if [[ ! -f docker-compose.yaml ]]; then echo "[$0] ERROR. \"docker-compose.yaml\" file not found. Please copy \"docker-compose.sample.yaml\" and edit its values if you need customization. Then, re-run this script." exit 1 fi +# Check if there are obsolete config still in .env but should be moved to .env.custom +if [[ $(grep "^MYSQL_.*" .env | wc -l) != 0 || $(grep "^WIREGUARD_.*" .env | wc -l) != 0 || $(grep "^NEXTCLOUD_.*" .env | wc -l) != 0 || $(grep "^PORTAINER_.*" .env | wc -l) != 0 || $(grep "^FLOOD_PASSWORD.*" .env | wc -l) != 0 || $(grep "^CALIBRE_PASSWORD.*" .env | wc -l) != 0 || $(grep "^PAPERLESS_.*" .env | wc -l) != 0 ]]; then + echo "/!\ Some obsolete config has been detected in your .env." + echo "It should be moved in .env.custom as they apply to specific app (this is new since v2.2 update - see documentation)." + echo "" + echo "Please refer to the .env.custom file to see which variables should be ported to the new file." + echo "Exiting now as bad configuration for your services may break your config." + echo "" + echo "Run this script again when variables has been moved to the correct file." + read -r -p "Do you want more explanation (Y/n) ? " help_wanted + if [[ "$help_wanted" =~ ^([yY][eE][sS]|[yY])$ ]] + then + echo "These are the variables you must move to .env.custom:" + echo "" + echo " Variables starting by \"MYSQL_\" (if there are some) ==> Add prefix MARIADB_ in .env.custom" + echo " Variables starting by \"NEXTCLOUD_\" (if there are some) ==> Add another NEXTCLOUD_ prefix in .env.custom" + echo " Variables starting by \"PAPERLESS_\" (if there are some) => Add another PAPERLESS_ prefix in .env.custom" + echo " Variables starting by \"PORTAINER_\" (if there are some) ==> Add another PORTAINER_ prefix in .env.custom" + echo " Variable named \"FLOOD_PASSWORD\" (if existing) ==> Add another FLOOD_ prefix in .env.custom" + echo " Variable named \"CALIBRE_PASSWORD\" (if existing) ==> Add another CALIBRE_ prefix in .env.custom" + echo " Variable named \"WIREGUARD_ENDPOINT\" (if existing) ==> Replace by GLUETUN_VPN_ENDPOINT_IP in .env.custom" + echo " Variable named \"WIREGUARD_PORT\" (if existing) ==> Replace by GLUETUN_VPN_ENDPOINT_PORT in .env.custom" + echo " Variable named \"WIREGUARD_PUBLIC_KEY\" (if existing) ==> Replace by GLUETUN_WIREGUARD_PUBLIC_KEY in .env.custom" + echo " Variable named \"WIREGUARD_PRIVATE_KEY\" (if existing) ==> Replace by GLUETUN_WIREGUARD_PRIVATE_KEY in .env.custom" + echo " Variable named \"WIREGUARD_PRESHARED_KEY\" (if existing) ==> Replace by GLUETUN_WIREGUARD_PRESHARED_KEY in .env.custom" + echo " Variable named \"WIREGUARD_ADDRESS\" (if existing) ==> Replace by GLUETUN_WIREGUARD_ADDRESSES (**plural!**) in .env.custom" + else + echo "Ok bye." + fi + exit 1 +fi + # Create/update http_auth file according to values in .env file source .env echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth +if [[ ! -d env ]]; then + mkdir -p env +fi + # Sanitize and extract variable (without prefixes) from .env.custom file # Input => $1 = app name (exemple traefik) # Output => app_name.env written with correct variables (exemple: traefik.env) @@ -64,7 +105,7 @@ extract_custom_env_file() { # 2 => Remove all empty lines # 3 => Remove all lines *NOT* starting by [uppercase_app_name + "_"] (exemple TRAEFIK_) # 4 => Remove the pattern [uppercase_app_name + "_"] - sed '/^#/d' .env.custom | sed '/^$/d' | sed -n "/^${1^^}_/p" | sed "s/^${1^^}_//g" > $1.env + sed '/^#/d' .env.custom | sed '/^$/d' | sed -n "/^${1^^}_/p" | sed "s/^${1^^}_//g" > env/$1.env } ## Traefik Certificate Resolver tweaks @@ -181,6 +222,12 @@ if is_service_enabled calibre-web && ! is_service_enabled calibre; then exit 1 fi +# Check that if nextcloud is enabled, mariadb should also be enabled +if is_service_enabled nextcloud && ! is_service_enabled mariadb; then + echo "[$0] ERROR. Nextcloud is enabled but MariaDB is not. Please either enable MariaDB or disable Nextcloud as Nextcloud depends on MariaDB." + exit 1 +fi + # Apply other arbitrary custom Traefik config files rm -f $f traefik/custom/custom-* for f in `find samples/custom-traefik -maxdepth 1 -mindepth 1 -type f | grep -E "\.yml$|\.yaml$" | sort`; do @@ -249,7 +296,7 @@ for json in $(yq eval -o json config.yaml | jq -c ".services[]"); do if [[ -f .env.custom ]]; then if grep -q "^${name^^}_.*" .env.custom; then extract_custom_env_file ${name} - echo "services.${name}.env_file.0: ./${name}.env" > ${name}-envfile.props + echo "services.${name}.env_file.0: ./env/${name}.env" > ${name}-envfile.props yq -p=props ${name}-envfile.props -o yaml > services/generated/${name}-envfile.yaml rm -f ${name}-envfile.props # Append config/${name}-envfile.yaml to global list of files which will be passed to docker commands diff --git a/services/gluetun.yaml b/services/gluetun.yaml index 1fcc468..dfb73b7 100755 --- a/services/gluetun.yaml +++ b/services/gluetun.yaml @@ -11,15 +11,6 @@ services: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} - - VPN_SERVICE_PROVIDER=custom - - VPN_TYPE=wireguard - # For Wireguard - - VPN_ENDPOINT_IP=${WIREGUARD_ENDPOINT} - - VPN_ENDPOINT_PORT=${WIREGUARD_PORT} - - WIREGUARD_PUBLIC_KEY=${WIREGUARD_PUBLIC_KEY} - - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY} - - WIREGUARD_PRESHARED_KEY=${WIREGUARD_PRESHARED_KEY} - - WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESS} volumes: configgluetun: diff --git a/services/mariadb.yaml b/services/mariadb.yaml new file mode 100644 index 0000000..c5daa9e --- /dev/null +++ b/services/mariadb.yaml @@ -0,0 +1,23 @@ +services: + mariadb: + image: mariadb:10 + container_name: mariadb + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed + user: ${PUID}:${PGID} + restart: always + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - TZ=${TZ} + volumes: + - nextclouddb:/var/lib/mysql + labels: + - "traefik.enable=false" + +volumes: + nextclouddb: + driver: local-persist + driver_opts: + mountpoint: $HOST_CONFIG_PATH/nextcloud-db \ No newline at end of file diff --git a/services/nextcloud.yaml b/services/nextcloud.yaml index f45253f..e0c64f5 100755 --- a/services/nextcloud.yaml +++ b/services/nextcloud.yaml @@ -1,25 +1,8 @@ services: - nextcloud-db: - image: mariadb:10 - container_name: nextcloud-db - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed - user: ${PUID}:${PGID} - restart: always - environment: - - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - - MYSQL_DATABASE=${MYSQL_DATABASE} - - MYSQL_USER=${MYSQL_USER} - - MYSQL_PASSWORD=${MYSQL_PASSWORD} - - TZ=${TZ} - volumes: - - nextclouddb:/var/lib/mysql - labels: - - "traefik.enable=false" - # See tools/init-setup-nextcloud.sh for first install nextcloud: depends_on: - - nextcloud-db + - mariadb image: linuxserver/nextcloud container_name: nextcloud restart: always @@ -34,10 +17,6 @@ services: - config:/seedbox-config volumes: - nextclouddb: - driver: local-persist - driver_opts: - mountpoint: $HOST_CONFIG_PATH/nextcloud-db confignextcloud: driver: local-persist driver_opts: diff --git a/tools/init-setup-nextcloud.sh b/tools/init-setup-nextcloud.sh index 66c4b50..6ee9951 100755 --- a/tools/init-setup-nextcloud.sh +++ b/tools/init-setup-nextcloud.sh @@ -8,7 +8,7 @@ docker exec -it -u abc -w /config/www/nextcloud \ nextcloud bash -c " \ php occ maintenance:install \ --database \"mysql\" \ - --database-host \"nextcloud-db\" \ + --database-host \"mariadb\" \ --database-name \"${MYSQL_DATABASE}\" \ --database-user \"${MYSQL_USER}\" \ --database-pass \"${MYSQL_PASSWORD}\" \ From 77027b09b36008c8594df1f7c286cd0357167091 Mon Sep 17 00:00:00 2001 From: Jean Froment Date: Sun, 24 Nov 2024 23:55:11 +0100 Subject: [PATCH 43/43] Add entries to the changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b9fe49..e63133e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -42,6 +42,8 @@ * Fix #43: fix warning for jq and output format. * Refactor ``run-seedbox.sh`` script (use of functions, move code around, tiny fixes...) * Due to newly added app-specific environment variables, gluetun VPN config and install mode has been refined. Please see the [documentation](doc/configuration.md#vpn) for specific details. +* Add the changelog in ``CHANGELOG.md``. +* Add the current version in ``VERSION``. May be useful later for automatic upgrades between versions. ## ⚠️ Config changes ⚠️