Add VPN support (modularizable) + refactoring + variables changes

2022-02-14 00:24:04 +01:00 · 2022-02-14 00:24:04 +01:00 · e4ede925a8
parent ef286306c4
commit e4ede925a8
35 changed files with 235 additions and 45 deletions
--- a/.env.sample
+++ b/.env.sample
@ -10,7 +10,11 @@ TZ="Europe/Paris"
 HTTP_USER=myuser
 HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes!
-# Containers permissions mapping
+# Host paths + containers permissions mapping
 HOST_CONFIG_PATH="/data/config"
 HOST_MEDIA_PATH="/data/torrents"
 # Will be located in $HOST_MEDIA_PATH
 DOWNLOAD_SUBFOLDER="deluge"
 PGID=1000
 PUID=1000
@ -30,3 +34,10 @@ PORTAINER_ADMIN_PASSWORD=h4ckMePleAse
 # Flood username declared in  deluge rpc daemon
 FLOOD_PASSWORD=myfloodpassword
 FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false
 # Wireguard custom endpoint
 WIREGUARD_ENDPOINT=<ENDPOINT>
 WIREGUARD_PORT=51820
 WIREGUARD_PUBLIC_KEY=<WIREGUARD_PUBLIC_KEY>
 WIREGUARD_PRIVATE_KEY=<WIREGUARD_PRIVATE_KEY>
 WIREGUARD_ADDRESS=<WIREGUARD_LAN_ADDRESS>
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,4 @@
 **/traefik/http_auth
 backup/
 services.conf
 traefik/custom/dynamic*.yaml
--- a/README.md
+++ b/README.md
@ -9,6 +9,7 @@ seedbox and personal media server.
 -----------------------|----------------------------|------------------------------------------------------------------------|-------------------------|---------------------|
 | Plex                 | plex.yourdomain.com        | [linuxserver/plex](https://hub.docker.com/r/linuxserver/plex)          | *latest*                | Media Streaming     |
 | Deluge               | deluge.yourdomain.com      | [linuxserver/deluge](https://hub.docker.com/r/linuxserver/deluge)      | *latest*                | Torrents downloader |
 | Deluge (VPN)               | deluge.yourdomain.com      | [linuxserver/deluge](https://hub.docker.com/r/linuxserver/deluge)      | *latest*                | Torrents downloader (behind VPN) |
 | Flood               | flood.yourdomain.com      | [jesec/flood](https://hub.docker.com/r/jesec/flood)      | *latest*      | Web client for Deluge (experimental) |
 | Sonarr               | sonarr.yourdomain.com      | [linuxserver/sonarr](https://hub.docker.com/r/linuxserver/sonarr)      | *develop*               | TV Shows monitor    |
 | Radarr               | radarr.yourdomain.com      | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr)      | *develop*                | Movies monitor      |
@ -22,6 +23,7 @@ seedbox and personal media server.
 | Jackett              | jackett.yourdomain.com     | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett)    | *latest*                | Tracker indexer     |
 | Prowlarr              | prowlarr.yourdomain.com     | [linuxserver/prowlarr](https://hub.docker.com/r/linuxserver/prowlarr)    | *develop*                | Tracker indexer |
 | JDownloader          | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest*                | Direct downloader   |
 | JDownloader (VPN)         | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest*                | Direct downloader  (behind VPN)  |
 | Tautulli (plexPy)    | tautulli.yourdomain.com    | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli)  | *latest*                | Plex stats and admin|
 | Tdarr            | tdarr.yourdomain.com   | [haveagitgat/tdarr](https://hub.docker.com/r/haveagitgat/tdarr)  | *latest*                | Re-encode files |
 | NextCloud            | nextcloud.yourdomain.com   | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud)  | *latest*                | Files management    |
@ -29,6 +31,7 @@ seedbox and personal media server.
 | Portainer            | portainer.yourdomain.com   | [portainer/portainer](https://hub.docker.com/r/portainer/portainer)    | *latest*                | Container management|
 | Netdata              | netdata.yourdomain.com     | [netdata/netdata](https://hub.docker.com/r/netdata/netdata)            | *latest*                | Server monitoring   |
 | Duplicati            | duplicati.yourdomain.com   | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest*                | Backups             |
 | Gluetun            | -   | [qmcgaw/gluetun](https://hub.docker.com/r/qmcgaw/gluetun)| *latest*                | VPN client (still WIP...)             |
 The front-end reverse proxy (Traefik - **check the next section if you have already the seedbox with Traefik v1**) routes based on the lowest level subdomain
 (e.g. `deluge.example.com` would route to deluge). Since this is how the router
@ -77,6 +80,7 @@ sudo rm -rf /opt/traefik /tmp/migration
 ## Configuration
 Before running, please create the volumes which will be statically mapped to the ones on the host:
 For example:
 ```sh
 sudo su -c "mkdir /data && mkdir /data/config && mkdir /data/torrents"
@ -106,7 +110,7 @@ this.
 ## PlexPass
 Just set the `VERSION` environment variable to `latest` on the Plex service (enabled by default).
-See https://hub.docker.com/r/linuxserver/plex.
+See [this link](https://hub.docker.com/r/linuxserver/plex).
 ## Where is my data?
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -7,7 +7,6 @@ version: "3.8"
 # Common network used by all services
 networks: 
  default:
    external:
    name: "traefik-network"
 # Common volumes used by at least 2 services
@ -15,12 +14,12 @@ volumes:
  config:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config
+      mountpoint: $HOST_CONFIG_PATH
  torrents:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/torrents
+      mountpoint: $HOST_MEDIA_PATH
  downloads:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/torrents/deluge
+      mountpoint: $HOST_MEDIA_PATH/$DOWNLOAD_SUBFOLDER
--- a/samples/traefik-deluge-vpn.yaml
+++ b/samples/traefik-deluge-vpn.yaml
@ -0,0 +1,12 @@
 http:
  routers:
    deluge:
      rule: 'Host(`deluge.{{ env "TRAEFIK_DOMAIN" }}`)'
      middlewares: 
        - common-auth@file
      service: deluge
  services:
    deluge:
      loadBalancer:
        servers:
          - url: "http://gluetun:8112"
--- a/samples/traefik-jdownloader-vpn.yaml
+++ b/samples/traefik-jdownloader-vpn.yaml
@ -0,0 +1,12 @@
 http:
  routers:
    jdownloader:
      rule: 'Host(`jdownloader.{{ env "TRAEFIK_DOMAIN" }}`)'
      middlewares: 
        - common-auth@file
      service: deluge
  services:
    jdownloader:
      loadBalancer:
        servers:
          - url: "http://gluetun:5800"
--- a/services.conf.sample
+++ b/services.conf.sample
@ -1,6 +1,8 @@
 deluge: enable
 deluge-vpn: disable
 flood: enable
 plex: enable
 plex-hardware-transcoding: disable
 flaresolverr: enable
 jackett: enable
 prowlarr: enable
@ -20,3 +22,4 @@ nextcloud: enable
 portainer: enable
 netdata: enable
 duplicati: enable
 gluetun: disable
--- a/services/bazarr.yaml
+++ b/services/bazarr.yaml
@ -19,4 +19,4 @@ volumes:
  configbazarr:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/bazarr
+      mountpoint: $HOST_CONFIG_PATH/bazarr
--- a/services/deluge-vpn.yaml
+++ b/services/deluge-vpn.yaml
@ -0,0 +1,21 @@
 services:
  deluge:
    image: ghcr.io/linuxserver/deluge
    container_name: deluge
    restart: always
    network_mode: "service:gluetun"
    volumes:
      - torrents:/torrents
      - configdeluge:/config
      - downloads:/downloads
    environment:
      - PGID=${PGID}
      - PUID=${PUID}
      - TZ=${TZ}
    # Traefik labels are in Gluetun YAML as deluge must be accessed via Gluetun
 volumes:
  configdeluge: 
    driver: local-persist
    driver_opts:
      mountpoint: $HOST_CONFIG_PATH/deluge
--- a/services/deluge.yaml
+++ b/services/deluge.yaml
@ -20,4 +20,4 @@ volumes:
  configdeluge: 
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/deluge
+      mountpoint: $HOST_CONFIG_PATH/deluge
--- a/services/duplicati.yaml
+++ b/services/duplicati.yaml
@ -10,22 +10,18 @@ services:
    volumes:
      - configduplicati:/config
      - backups:/backups
-      - alldata:/source
+      - config:/source
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.duplicati.rule=Host(`duplicati.${TRAEFIK_DOMAIN}`)"
      - "traefik.http.routers.duplicati.middlewares=common-auth@file"
 volumes:
  alldata:
    driver: local-persist
    driver_opts:
      mountpoint: /data
  configduplicati:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/duplicati
+      mountpoint: $HOST_CONFIG_PATH/duplicati
  backups:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/backups
+      mountpoint: $HOST_CONFIG_PATH/backups
--- a/services/flaresolverr.yaml
+++ b/services/flaresolverr.yaml
--- a/services/flood.yaml
+++ b/services/flood.yaml
@ -8,7 +8,7 @@ services:
    user: ${PUID}:${PGID}
    command:
      - --auth=none
-      - --dehost=deluge
+      - --dehost=${DELUGE_HOST}
      - --deport=58846
      - --deuser=flood
      - --depass=${FLOOD_PASSWORD}
@ -29,4 +29,4 @@ volumes:
  configflood: 
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/flood
+      mountpoint: $HOST_CONFIG_PATH/flood
--- a/services/gluetun.yaml
+++ b/services/gluetun.yaml
@ -0,0 +1,34 @@
 services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    restart: always
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=${PUID}
      - PGIDq=${PGID}
      - TZ=${TZ}
      - VPNSP=custom
      - VPN_TYPE=wireguard
      # For Wireguard
      - VPN_ENDPOINT_IP=${WIREGUARD_ENDPOINT}
      - VPN_ENDPOINT_PORT=${WIREGUARD_PORT}
      - WIREGUARD_PUBLIC_KEY=${WIREGUARD_PUBLIC_KEY}
      - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
      - WIREGUARD_ADDRESS=${WIREGUARD_ADDRESS}
    #labels:
      # Control Panel
      # - "traefik.enable=true"
      # - "traefik.http.routers.gluetun.rule=Host(`gluetun.${TRAEFIK_DOMAIN}`)"
      # - "traefik.http.routers.gluetun.middlewares=common-auth@file"
      # - "traefik.http.routers.gluetun.service=gluetun"
      # - "traefik.http.services.gluetun.loadbalancer.server.port=8000"
      # Traefik rules for VPN-enabled services (which have ot be accessed through gluetun) are defined in the samples/ directory
      # and are applied automatically in the update-all.sh script.
 volumes:
  configgluetun:
    driver: local-persist
    driver_opts:
      mountpoint: $HOST_CONFIG_PATH/gluetun
--- a/services/jackett.yaml
+++ b/services/jackett.yaml
--- a/services/jdownloader-vpn.yaml
+++ b/services/jdownloader-vpn.yaml
@ -0,0 +1,20 @@
 services:
  jdownloader:
    image: jlesage/jdownloader-2
    container_name: jdownloader
    restart: always
    network_mode: "service:gluetun"
    volumes:
      - configjdownloader:/config
      - downloads:/output
    environment:
      - USER_ID=${PUID}
      - GROUP_ID=${PGID}
      - TZ=${TZ}
    # Traefik routing rules are defined in the samples/ directory and applied automatically when this service is enabled
 volumes:
  configjdownloader:
    driver: local-persist
    driver_opts:
      mountpoint: $HOST_CONFIG_PATH/jdownloader
--- a/services/jdownloader.yaml
+++ b/services/jdownloader.yaml
@ -20,4 +20,4 @@ volumes:
  configjdownloader:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/jdownloader
+      mountpoint: $HOST_CONFIG_PATH/jdownloader
--- a/services/kavita.yaml
+++ b/services/kavita.yaml
@ -19,4 +19,4 @@ volumes:
  configkavita: 
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/kavita
+      mountpoint: $HOST_CONFIG_PATH/kavita
--- a/services/komga.yaml
+++ b/services/komga.yaml
@ -18,4 +18,4 @@ volumes:
  configkomga: 
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/komga
+      mountpoint: $HOST_CONFIG_PATH/komga
--- a/services/lidarr.yaml
+++ b/services/lidarr.yaml
@ -19,4 +19,4 @@ volumes:
  configlidarr:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/lidarr
+      mountpoint: $HOST_CONFIG_PATH/lidarr
--- a/services/netdata.yaml
+++ b/services/netdata.yaml
--- a/services/nextcloud.yaml
+++ b/services/nextcloud.yaml
@ -41,12 +41,12 @@ volumes:
  nextclouddb:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/nextcloud-db
+      mountpoint: $HOST_CONFIG_PATH/nextcloud-db
  confignextcloud:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/nextcloud
+      mountpoint: $HOST_CONFIG_PATH/nextcloud
  nextclouddata:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/nextcloud-data
+      mountpoint: $HOST_CONFIG_PATH/nextcloud-data
--- a/services/ombi.yaml
+++ b/services/ombi.yaml
@ -19,4 +19,4 @@ volumes:
  configombi:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/ombi
+      mountpoint: $HOST_CONFIG_PATH/ombi
--- a/services/overseerr.yaml
+++ b/services/overseerr.yaml
@ -17,4 +17,4 @@ volumes:
  configoverseerr:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/overseerr
+      mountpoint: $HOST_CONFIG_PATH/overseerr
--- a/services/plex-hardware-transcoding.yaml
+++ b/services/plex-hardware-transcoding.yaml
@ -0,0 +1,31 @@
 services:
  plex:
    image: ghcr.io/linuxserver/plex
    container_name: plex
    restart: always
    ports:
      - "32400:32400"
      - "32400:32400/udp"
      - "32469:32469"
      - "32469:32469/udp"
    devices:
      - /dev/dri:/dev/dri # for hardware transcoding
    volumes:
      - configplex:/config
      - torrents:/torrents
      - /dev/shm:/transcode
    environment:
      - PGID=${PGID}
      - PUID=${PUID}
      - TZ=${TZ}
      - VERSION=latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.plex-seedbox.loadbalancer.server.port=32400"
      - "traefik.http.routers.plex.rule=Host(`plex.${TRAEFIK_DOMAIN}`)"
 volumes:
  configplex:
    driver: local-persist
    driver_opts:
      mountpoint: $HOST_CONFIG_PATH/Plex
--- a/services/plex.yaml
+++ b/services/plex.yaml
@ -8,8 +8,6 @@ services:
      - "32400:32400/udp"
      - "32469:32469"
      - "32469:32469/udp"
      - "5353:5353/udp"
      - "1900:1900/udp"
    volumes:
      - configplex:/config
      - torrents:/torrents
@ -27,4 +25,4 @@ volumes:
  configplex:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/Plex
+      mountpoint: $HOST_CONFIG_PATH/Plex
--- a/services/portainer.yaml
+++ b/services/portainer.yaml
--- a/services/prowlarr.yaml
+++ b/services/prowlarr.yaml
@ -18,4 +18,4 @@ volumes:
  configprowlarr:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/prowlarr
+      mountpoint: $HOST_CONFIG_PATH/prowlarr
--- a/services/radarr.yaml
+++ b/services/radarr.yaml
@ -20,4 +20,4 @@ volumes:
  configradarr: 
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/radarr
+      mountpoint: $HOST_CONFIG_PATH/radarr
--- a/services/readarr.yaml
+++ b/services/readarr.yaml
@ -20,4 +20,4 @@ volumes:
  configreadarr: 
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/readarr
+      mountpoint: $HOST_CONFIG_PATH/readarr
--- a/services/sonarr.yaml
+++ b/services/sonarr.yaml
@ -20,4 +20,4 @@ volumes:
  configsonarr: 
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/sonarr
+      mountpoint: $HOST_CONFIG_PATH/sonarr
--- a/services/tautulli.yaml
+++ b/services/tautulli.yaml
@ -18,4 +18,4 @@ volumes:
  configtautulli:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/tautulli
+      mountpoint: $HOST_CONFIG_PATH/tautulli
--- a/services/tdarr.yaml
+++ b/services/tdarr.yaml
@ -45,12 +45,12 @@ volumes:
  configtdarrv2:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/tdarrv2/server
+      mountpoint: $HOST_CONFIG_PATH/tdarrv2/server
  settingstdarrv2:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/tdarrv2/configs
+      mountpoint: $HOST_CONFIG_PATH/tdarrv2/configs
  transcodes:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/tdarrv2/transcodes
+      mountpoint: $HOST_CONFIG_PATH/tdarrv2/transcodes
--- a/services/traefik.yaml
+++ b/services/traefik.yaml
@ -27,4 +27,4 @@ volumes:
  configtraefik:
    driver: local-persist
    driver_opts:
-      mountpoint: /data/config/traefik
+      mountpoint: $HOST_CONFIG_PATH/traefik
--- a/update-all.sh
+++ b/update-all.sh
@ -1,5 +1,7 @@
 #!/bin/bash
 set -e
 SKIP_PULL=0
 for i in "$@"; do
@ -21,6 +23,11 @@ echo "${HTTP_USER}:${HTTP_PASSWORD}" > traefik/http_auth
 # Docker-compose settings
 export COMPOSE_HTTP_TIMEOUT=240
 # Retro-compatibility
 [[ -z $HOST_CONFIG_PATH ]] && export HOST_CONFIG_PATH="/data/config"
 [[ -z $HOST_MEDIA_PATH ]] && export HOST_MEDIA_PATH="/data/torrents"
 [[ -z $DOWNLOAD_SUBFOLDER ]] && export DOWNLOAD_SUBFOLDER="deluge"
 if [[ ! -f services.conf ]]; then
  echo "[$0] No services.conf file found. Copying from sample file..."
  cp services.conf.sample services.conf
@ -31,9 +38,50 @@ NB_SERVICES_ACTIVE=$(cat services.conf | wc -l)
 NB_SERVICES_ORIG=$(cat services.conf.sample | wc -l)
 if [[ ${NB_SERVICES_ACTIVE} != ${NB_SERVICES_ORIG} ]]; then
  echo "[$0] Your services.conf file seems outdated. It appears there are new services available, or services that have been removed."
-  diff -yt services.conf services.conf.sample
+  diff -yt services.conf services.conf.sample || true
  echo ""
 fi
 # Check if *-vpn services are enabled. If so, check that gluetun is enabled.
 if [[ $(cat services.conf | { grep -E ".*vpn: enable" || true; } | wc -l) -ge 1 ]]; then
  if [[ $(cat services.conf | { grep "gluetun: enable" || true; } | wc -l) -eq 0 ]]; then
    echo "[$0] ERROR. A VPN-enabled service has been enabled BUT gluetun has not been enabled. Please check your services.conf file."
    echo "******* Exiting *******"
    exit 1
  fi
 fi
 # Check if there are no conflict in enabled services (for example, you cannot enable deluge AND deluge-vpn)
 for svc in deluge plex jdownloader; do
  if [[ $(cat services.conf | { grep -E "${svc}.*: enable" || true; } | wc -l) -gt 1 ]]; then
    echo "[$0] ERROR. You cannot enable multiple ${svc^} services simultaneously. Please edit this section in your services.conf file:"
    cat services.conf | { grep -E "${svc}.*: enable" || true; }
    echo "******* Exiting *******"
    exit 1
  fi
 done
 # Determine what host Flood should connect to
 # => If deluge-vpn is enabled => gluetun
 # => If deluge is enabled => deluge
 if [[ $(cat services.conf | { grep -E "flood\: enable" || true; } | wc -l) -eq 1 ]]; then
  if [[ $(cat services.conf | { grep -E "deluge\-vpn\: enable" || true; } | wc -l) -eq 1 ]]; then
    export DELUGE_HOST="gluetun"
  elif [[ $(cat services.conf | { grep -E "deluge\: enable" || true; } | wc -l) -eq 1 ]]; then
    export DELUGE_HOST="deluge"
  fi
 fi
 # Apply Traefik dynamic files in traefik conf directory if VPN are enabled for some services
 for svc in $(cat services.conf | grep "\-vpn: enable" | sed -E "s/(.*)\: enable/\1/g"); do
  if [[ -f samples/traefik-${svc}.yaml ]]; then
    echo "[$0] traefik-$svc.yaml file detected in samples/ directory. Applying into Traefik runtime config directory..."
    cp samples/traefik-${svc}.yaml traefik/custom/dynamic-${svc}.yaml
  else
    echo "[$0] No custom traefik file found in samples/directory for app $svc. Skipping..."
  fi
 done
 # Fetch all YAML files
 disabled_pattern=""
 while read -r line ; do
@ -46,8 +94,8 @@ ALL_SERVICES="-f docker-compose.yaml $SERVICES"
 # Specific instructions for Flood
 # User for Deluge daemon RPC has to be created in deluge auth config file
 if [[ ! -z ${FLOOD_PASSWORD} && ${FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON} == true ]]; then
-  if ! grep -q "flood" /data/config/deluge/auth; then
+  if ! grep -q "flood" $HOST_CONFIG_PATH/deluge/auth; then
-    echo "flood:${FLOOD_PASSWORD}:10" >> /data/config/deluge/auth
+    echo "flood:${FLOOD_PASSWORD}:10" >> $HOST_CONFIG_PATH/deluge/auth
  else
    echo "[$0] No need to add user/password for flood as it has already been created."
    echo "[$0] Consider setting FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON variable to false in .env file."