Merge pull request #29 from jfroment/dev

Release v2 - The Swan

Author: jfroment

.env.sample

@@ -1,3 +1,6 @@
+# Internal settings (they will not be passed to running services)
+CHECK_FOR_OUTDATED_CONFIG=true
+
 # General Traefik (reverse proxy) settings
 TRAEFIK_DOMAIN=mydomain.com
 ACME_MAIL=[email protected]
@@ -10,7 +13,11 @@ TZ="Europe/Paris"
 HTTP_USER=myuser
 HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes!
 
-# Containers permissions mapping
+# Host paths + containers permissions mapping
+HOST_CONFIG_PATH="/data/config"
+HOST_MEDIA_PATH="/data/torrents"
+# Will be located in $HOST_MEDIA_PATH
+DOWNLOAD_SUBFOLDER="deluge"
 PGID=1000
 PUID=1000
 
@@ -29,4 +36,11 @@ PORTAINER_ADMIN_PASSWORD=h4ckMePleAse
 
 # Flood username declared in  deluge rpc daemon
 FLOOD_PASSWORD=myfloodpassword
-FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false
+FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false
+
+# Wireguard custom endpoint
+WIREGUARD_ENDPOINT=<ENDPOINT>
+WIREGUARD_PORT=51820
+WIREGUARD_PUBLIC_KEY=<WIREGUARD_PUBLIC_KEY>
+WIREGUARD_PRIVATE_KEY=<WIREGUARD_PRIVATE_KEY>
+WIREGUARD_ADDRESS=<WIREGUARD_LAN_ADDRESS>

.gitignore

@@ -1,8 +1,16 @@
 .DS_Store
 
-/config
 **/tunnel-options.sh
 **/.env
 **/traefik/http_auth
 backup/
 services.conf
+
+traefik/custom/dynamic*.yaml
+traefik/custom/custom-*.yaml
+samples/custom*/*.yaml
+
+config.yaml
+services/custom/*.yaml
+services/custom/*.yml
+services/generated/*.yaml

README.md

@@ -1,9 +1,33 @@
-# Seedbox
-
-A collection of Dockerfiles and a docker-compose configuration to set up a
-seedbox and personal media server.
-
-## Included Applications
+<h1 align="center">Seedbox</h1>
+  <p align="center">
+    An extensive and hackable collection of containerized services to set up a seedbox and personal media server.
+  </p>
+<br>
+
+## ✨ Features
+
+* Easy to configure personal media server without needing too much technical skills
+* Compatible with multiple systems (Linux servers, desktops, Synology NAS...)
+* Automatic HTTPS ceritificates management and renewal
+  * Support for HTTP only too if required for your use-case
+* Everything is hackable
+  * Add your own services
+  * Disable the ones you do not want
+  * Customize or add your own routing rules to integrate with existing services
+  * Tweak any service to your need by using custom file parameter on any service
+* VPN support with multiple providers
+  * Hide the service(s) of your choice behind a VPN tunnel
+  * Non mandatory
+* Declarative configuration
+* Persistent data for your media
+* Install & update using the same script
+* Start with the [Configuration Guide](doc/configuration.md)
+
+## ⚠️ News
+
+Version 2 is released, please make sure you read [this V2 Migration Guide](doc/UPGRADE_V2.md) as there are breaking changes!
+
+## 📦 Included Applications
 
 | Application          | Web Interface              | Docker image                                                           | Version (image tag) | Notes               |
 -----------------------|----------------------------|------------------------------------------------------------------------|-------------------------|---------------------|
@@ -14,6 +38,9 @@ seedbox and personal media server.
 | Radarr               | radarr.yourdomain.com      | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr)      | *develop*                | Movies monitor      |
 | Bazarr               | bazarr.yourdomain.com      | [linuxserver/bazarr](https://hub.docker.com/r/linuxserver/bazarr)      | *latest*                | Subtitles monitor   |
 | Lidarr               | lidarr.yourdomain.com      | [linuxserver/lidarr](https://hub.docker.com/r/linuxserver/lidarr)      | *develop*               | Music monitor       |
+| Readarr               | readarr.yourdomain.com      | [linuxserver/readarr](https://hub.docker.com/r/linuxserver/readarr)      | *nightly*               | Ebook and comic monitor       |
+| Komga               | komga.yourdomain.com      | [gotson/komga](https://hub.docker.com/r/gotson/komga)      | *latest*               | Comic Book Manager       |
+| Kavita               | Kavita.yourdomain.com      | [gotson/komga](https://hub.docker.com/r/gotson/komga)      | *latest*               | Comic Book Manager       |
 | Ombi               | ombi.yourdomain.com      | [linuxserver/ombi](https://hub.docker.com/r/linuxserver/ombi)      | *latest*               | Plex content requests       |
 | Overseerr               | overseerr.yourdomain.com      | [linuxserver/overseerr](https://hub.docker.com/r/linuxserver/overseerr)      | *latest*               | Plex content requests       |
 | Jackett              | jackett.yourdomain.com     | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett)    | *latest*                | Tracker indexer     |
@@ -22,58 +49,41 @@ seedbox and personal media server.
 | Tautulli (plexPy)    | tautulli.yourdomain.com    | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli)  | *latest*                | Plex stats and admin|
 | Tdarr            | tdarr.yourdomain.com   | [haveagitgat/tdarr](https://hub.docker.com/r/haveagitgat/tdarr)  | *latest*                | Re-encode files |
 | NextCloud            | nextcloud.yourdomain.com   | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud)  | *latest*                | Files management    |
-| NextCloud-db (MariaDB) | not reachable   | [mariadb](https://hub.docker.com/r/_/mariadb)  | *10*                | DB for Nextcloud    |
+| NextCloud-db (MariaDB) | *not reachable*   | [mariadb](https://hub.docker.com/r/_/mariadb)  | *10*                | DB for Nextcloud    |
 | Portainer            | portainer.yourdomain.com   | [portainer/portainer](https://hub.docker.com/r/portainer/portainer)    | *latest*                | Container management|
 | Netdata              | netdata.yourdomain.com     | [netdata/netdata](https://hub.docker.com/r/netdata/netdata)            | *latest*                | Server monitoring   |
 | Duplicati            | duplicati.yourdomain.com   | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest*                | Backups             |
+| Heimdall            | yourdomain.com   | [linuxserver/heimdall](https://hub.docker.com/r/linuxserver/heimdall)| *latest*                | Main dashboard      |
+| Syncthing         | syncthing.yourdomain.com |  [linuxserver/syncthing](https://hub.docker.com/r/linuxserver/syncthing) | *latest* | P2P files sharing |
+| Traefik | traefik.yourdomain.com | [traefik](https://hub.docker.com/_/traefik) | *latest* | Traefik reverse proxy (access to admin dashboard) |
+| Gluetun            | -   | [qmcgaw/gluetun](https://hub.docker.com/r/qmcgaw/gluetun)| *latest*                | VPN client             |
+| *Any application you want!* | *whatever.yourdomain.com* | *Any image* | *Any tag* | *Any service - See the [Configuration Guide](doc/configuration.md)* |
 
-The front-end reverse proxy (Traefik - **check the next section if you have already the seedbox with Traefik v1**) routes based on the lowest level subdomain
- (e.g. `deluge.example.com` would route to deluge). Since this is how the router
-works, it is recommended for you to get a top level domain. If you do not have
-one, you can edit your domains locally by changing your hosts file or use a
-browser plugin that changes the host header.
-
-Traefik takes care of valid Let's Encrypt certificates and auto-renewal.
-
-Note: Plex is also available directly through the `32400` port without going
-through the reverse proxy.
+## 🌐 Traefik
 
-## September 2020 - Upgrade to Traefik v2 instructions
+The front-end reverse proxy (Traefik - **check [this guide](doc/traefik_v2.md) if you still have the seedbox with Traefik v1**)  routes based on the lowest level subdomain (e.g. `deluge.example.com` would route to deluge). Since this is how the router works, it is recommended for you to get a top level domain. If you do not have one, you can edit your domains locally by changing your hosts file or use a browser plugin that changes the host header.
 
-Before upgrading Traefik to version 2, please check the following:
+Traefik takes care of valid Let's Encrypt certificates and auto-renewal.
 
-- In this repo, Traefik v2 upgrade is as seamless as possible (same environment variables than before, out-of-the-box config file...).
-- **First, ``git pull`` to grab the latest code.**
-- The ``HTTP_PASSWORD`` variable now must be simple-quoted in the .env file. See the updated ``.env.sample`` file (which has also been reorganized)
-- Run ``init.sh`` in order to create required Docker objects (network name has changed).
-- You can update your acme.json to a Traefik v2-compliant one by doing the following (before launching Traefik v2):
+Note: Plex is also available directly through the `32400` port without going through the reverse proxy.
 
-```sh
-mkdir -p /tmp/migration
-cd /tmp/migration
-sudo cp /opt/traefik/acme.json .
-sudo chmod 775 /tmp/migration/acme.json
-# Do *NOT* forget the --resolver at the end! (le = Let's Encrypt resolver, see traefik/traefik.yml)
-docker run --rm -v ${PWD}:/data -w /data containous/traefik-migration-tool acme -i acme.json -o acme2.json --resolver le
-mkdir -p /data/config/traefik
-sudo cp acme2.json /data/config/traefik/acme.json
-sudo chmod 600 /data/config/traefik/acme.json
-# When you already have a backup!
-sudo rm -rf /opt/traefik /tmp/migration
-```
+You can also add your own Traefik rules to integrate with other services (deployed wihthin docker or somewhere else on your LAN, or even on the Internet).
+Check the [Configuration Guide](doc/configuration.md).
 
-- As from Traefik v2, as Http Authentication is now possible on the Traefik console, the latter is enabled at ``traefik.yourdomain.com``.
-- After all this, you can simply do: ``./update-all.sh``! Voilà!
+## ⚙️ Installation
 
-## Dependencies
+### Dependencies
 
 - [Docker](https://github.com/docker/docker) >= 20.10
-- [Docker Compose](https://github.com/docker/compose) >= 1.28.0
-- [local-persist Docker plugin](https://github.com/MatchbookLab/local-persist): installed directly on host (not in container). This is a volume plugin that extends the default local driver’s functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to always persist, even if the volume is removed via `docker volume rm`. Use *systemd* install for Ubuntu 16.04.
+- [Docker Compose](https://github.com/docker/compose) >= 2.2
+- [local-persist Docker plugin](https://github.com/MatchbookLab/local-persist): installed directly on host (not in container). This is a volume plugin that extends the default local driver’s functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to always persist, even if the volume is removed via `docker volume rm`. Use *systemd* install for Ubuntu.
+- [jq](https://stedolan.github.io/jq/download/) >= 1.5
+- [yq](https://github.com/mikefarah/yq/releases) >= 4
 
-## Configuration
+### Prepare your host
 
 Before running, please create the volumes which will be statically mapped to the ones on the host:
+For example:
 
 ```sh
 sudo su -c "mkdir /data && mkdir /data/config && mkdir /data/torrents"
@@ -83,29 +93,23 @@ sudo su -c "mkdir /data && mkdir /data/config && mkdir /data/torrents"
 Edit the `.env` file and change the variables as desired.
 The variables are all self-explanatory.
 
-**NEW**
-You can also disable a service if you do not need it by editing the ``services.conf`` file.
-Simply change the "*enable*" key with the "*disable*" one for the service you want to disable.
-If you remove a line in this file, it will be considered as "enabled" as all services are enabled by default.
+### Review the configuration
 
-## Running & updating
+The configuration lives in the ``config.yaml`` file.
 
-```sh
-./update-all.sh
-```
+All you need to know is located in the [Configuration Guide](doc/configuration.md).
 
-docker-compose should manage all the volumes and network setup for you. If it
-does not, verify that your docker and docker-compose version is updated.
+### Running & updating
 
-Make sure you install the dependencies and finish configuration before doing
-this.
+```sh
+./run-seedbox.sh
+```
 
-## PlexPass
+All services and synamic configuration will be automatically created without further action from your part.
 
-Just set the `VERSION` environment variable to `latest` on the Plex service (enabled by default).
-See https://hub.docker.com/r/linuxserver/plex.
+Make sure you install the dependencies and finish configuration before doing this.
 
-## Where is my data?
+### Where is my data?
 
 All data is saved in the docker volumes `seedbox_config` or
 `seedbox_torrents`.

config-updater.sh

@@ -0,0 +1,120 @@
+#!/bin/bash
+set -e
+################################################################################
+###                      ===  config-updater.sh  ===                         ###
+### Script which takes as input the old format config file (services.conf)   ###
+### and transforms it in the new format in yaml, using jq and yq             ###
+################################################################################
+
+cleanup_on_exit() {
+  rm -f tmp.json config.json
+}
+trap cleanup_on_exit EXIT
+
+# Load common functions
+source config/tools.sh
+
+# Check that required tools are installed
+check_utilities
+
+if [[ ! -f services.conf ]]; then
+  echo "[$0] ERROR. Could nof find services.conf. Exiting."
+  exit 1
+fi
+
+jq -n '{"services": []}' > config.json
+
+# First, add Traefik as it was not explicitely set by default in old config file (services.conf)
+if ! grep -q "traefik" services.conf; then
+  jq -r '.services[.services| length] |= . + 
+    {
+      "name": "traefik",
+      "enabled": true,
+      "traefik": {
+        "enabled": true,
+        "rules": [
+          {
+            "host": "traefik.'$(echo '${TRAEFIK_DOMAIN}')'",
+            "service": "api@internal",
+            "httpAuth": true,
+          }
+        ]
+      }
+    }' config.json > tmp.json
+  rm -f config.json
+  mv tmp.json config.json
+fi
+
+cat services.conf | while read line || [[ -n $line ]]; do
+  key=$(echo $line | sed -r "s/^(.*):.*$/\1/")
+  enabled="true"
+  if grep -q "disable" <<< $line; then
+    enabled="false"
+  fi
+
+  # Compatibility for services.conf already on dev (with temporary syntax -vpn)
+  if grep -q "\-vpn" <<< $line; then continue; fi
+
+  enableVpn="false"
+  # If this service is disabled AND another one in the file is enabled with VPN mode, keep that information
+  if grep -q "$key-vpn: enable" services.conf; then
+    if [[ enabled="false" ]]; then
+      #echo "[$0] $key => another service detected enabled with vpn..."
+      enableVpn="true"
+      enabled="true"
+    fi
+  fi
+
+  if grep -q "\-hardware-transcoding" <<< $line; then continue; fi
+
+  # Define if Traefik should be enabled on the service
+  case $key in
+    flaresolverr|gluetun)
+      enableTraefik="false"
+      rules=$(jq -n '[]')
+      ;;
+    *)
+      enableTraefik="true"
+      # If Traefik enabled => define if http auth Traefik middleware must be set by default
+      case $key in
+        kavita|komga|nextcloud|ombi|overseerr|plex|portainer|tautulli)
+          defaultHttpAuth="false"
+          ;;
+        *)
+          defaultHttpAuth="true"
+          ;;
+      esac
+      # Define scheme // For nextcloud, scheme must be https
+      internalScheme="http"
+      [[ $key == "nextcloud" ]] && internalScheme="https"
+      
+      # Define service default port from bundled config file
+      internalPort=$(cat config/ports | { grep $key || true; } | sed -r "s/^${key}: (.*)$/\1/")
+      rules=$(jq -n '[
+          {
+            "host": "'"$key"'.'$(echo '${TRAEFIK_DOMAIN}')'",
+            "httpAuth": '"${defaultHttpAuth}"',
+            "internalPort": '"${internalPort}"',
+            "internalScheme": "'"${internalScheme}"'"
+          }
+        ]')
+      ;;
+  esac
+
+  jq -r --argjson RULES "$rules" '.services[.services| length] |= . + 
+    {
+      "name": "'"$key"'",
+      "enabled": '"${enabled}"',
+      "vpn": '"${enableVpn}"',
+      "traefik": {
+        "enabled": '"${enableTraefik}"',
+        "rules": $RULES
+      }
+    }' config.json > tmp.json
+  rm -f config.json
+  mv tmp.json config.json
+
+done
+
+# Transform json into yaml, easier to manipulate for the user
+cat config.json | yq e -P - > config.yaml