Add VPN support (modularizable) + refactoring + variables changes

Author: jfroment

.env.sample

@@ -10,7 +10,11 @@ TZ="Europe/Paris"
 HTTP_USER=myuser
 HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes!
 
-# Containers permissions mapping
+# Host paths + containers permissions mapping
+HOST_CONFIG_PATH="/data/config"
+HOST_MEDIA_PATH="/data/torrents"
+# Will be located in $HOST_MEDIA_PATH
+DOWNLOAD_SUBFOLDER="deluge"
 PGID=1000
 PUID=1000
 
@@ -29,4 +33,11 @@ PORTAINER_ADMIN_PASSWORD=h4ckMePleAse
 
 # Flood username declared in  deluge rpc daemon
 FLOOD_PASSWORD=myfloodpassword
-FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false
+FLOOD_AUTOCREATE_USER_IN_DELUGE_DAEMON=false
+
+# Wireguard custom endpoint
+WIREGUARD_ENDPOINT=<ENDPOINT>
+WIREGUARD_PORT=51820
+WIREGUARD_PUBLIC_KEY=<WIREGUARD_PUBLIC_KEY>
+WIREGUARD_PRIVATE_KEY=<WIREGUARD_PRIVATE_KEY>
+WIREGUARD_ADDRESS=<WIREGUARD_LAN_ADDRESS>

.gitignore

@@ -6,3 +6,4 @@
 **/traefik/http_auth
 backup/
 services.conf
+traefik/custom/dynamic*.yaml

README.md

@@ -9,6 +9,7 @@ seedbox and personal media server.
 -----------------------|----------------------------|------------------------------------------------------------------------|-------------------------|---------------------|
 | Plex                 | plex.yourdomain.com        | [linuxserver/plex](https://hub.docker.com/r/linuxserver/plex)          | *latest*                | Media Streaming     |
 | Deluge               | deluge.yourdomain.com      | [linuxserver/deluge](https://hub.docker.com/r/linuxserver/deluge)      | *latest*                | Torrents downloader |
+| Deluge (VPN)               | deluge.yourdomain.com      | [linuxserver/deluge](https://hub.docker.com/r/linuxserver/deluge)      | *latest*                | Torrents downloader (behind VPN) |
 | Flood               | flood.yourdomain.com      | [jesec/flood](https://hub.docker.com/r/jesec/flood)      | *latest*      | Web client for Deluge (experimental) |
 | Sonarr               | sonarr.yourdomain.com      | [linuxserver/sonarr](https://hub.docker.com/r/linuxserver/sonarr)      | *develop*               | TV Shows monitor    |
 | Radarr               | radarr.yourdomain.com      | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr)      | *develop*                | Movies monitor      |
@@ -22,13 +23,15 @@ seedbox and personal media server.
 | Jackett              | jackett.yourdomain.com     | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett)    | *latest*                | Tracker indexer     |
 | Prowlarr              | prowlarr.yourdomain.com     | [linuxserver/prowlarr](https://hub.docker.com/r/linuxserver/prowlarr)    | *develop*                | Tracker indexer |
 | JDownloader          | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest*                | Direct downloader   |
+| JDownloader (VPN)         | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest*                | Direct downloader  (behind VPN)  |
 | Tautulli (plexPy)    | tautulli.yourdomain.com    | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli)  | *latest*                | Plex stats and admin|
 | Tdarr            | tdarr.yourdomain.com   | [haveagitgat/tdarr](https://hub.docker.com/r/haveagitgat/tdarr)  | *latest*                | Re-encode files |
 | NextCloud            | nextcloud.yourdomain.com   | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud)  | *latest*                | Files management    |
 | NextCloud-db (MariaDB) | not reachable   | [mariadb](https://hub.docker.com/r/_/mariadb)  | *10*                | DB for Nextcloud    |
 | Portainer            | portainer.yourdomain.com   | [portainer/portainer](https://hub.docker.com/r/portainer/portainer)    | *latest*                | Container management|
 | Netdata              | netdata.yourdomain.com     | [netdata/netdata](https://hub.docker.com/r/netdata/netdata)            | *latest*                | Server monitoring   |
 | Duplicati            | duplicati.yourdomain.com   | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest*                | Backups             |
+| Gluetun            | -   | [qmcgaw/gluetun](https://hub.docker.com/r/qmcgaw/gluetun)| *latest*                | VPN client (still WIP...)             |
 
 The front-end reverse proxy (Traefik - **check the next section if you have already the seedbox with Traefik v1**) routes based on the lowest level subdomain
  (e.g. `deluge.example.com` would route to deluge). Since this is how the router
@@ -77,6 +80,7 @@ sudo rm -rf /opt/traefik /tmp/migration
 ## Configuration
 
 Before running, please create the volumes which will be statically mapped to the ones on the host:
+For example:
 
 ```sh
 sudo su -c "mkdir /data && mkdir /data/config && mkdir /data/torrents"
@@ -106,7 +110,7 @@ this.
 ## PlexPass
 
 Just set the `VERSION` environment variable to `latest` on the Plex service (enabled by default).
-See https://hub.docker.com/r/linuxserver/plex.
+See [this link](https://hub.docker.com/r/linuxserver/plex).
 
 ## Where is my data?
 

docker-compose.yaml

@@ -6,21 +6,20 @@ version: "3.8"
 
 # Common network used by all services
 networks: 
-  default: 
-    external:
-      name: "traefik-network"
+  default:
+    name: "traefik-network"
 
 # Common volumes used by at least 2 services
 volumes:
   config:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config
+      mountpoint: $HOST_CONFIG_PATH
   torrents:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/torrents
+      mountpoint: $HOST_MEDIA_PATH
   downloads:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/torrents/deluge
+      mountpoint: $HOST_MEDIA_PATH/$DOWNLOAD_SUBFOLDER

samples/traefik-deluge-vpn.yaml

@@ -0,0 +1,12 @@
+http:
+  routers:
+    deluge:
+      rule: 'Host(`deluge.{{ env "TRAEFIK_DOMAIN" }}`)'
+      middlewares: 
+        - common-auth@file
+      service: deluge
+  services:
+    deluge:
+      loadBalancer:
+        servers:
+          - url: "http://gluetun:8112"

samples/traefik-jdownloader-vpn.yaml

@@ -0,0 +1,12 @@
+http:
+  routers:
+    jdownloader:
+      rule: 'Host(`jdownloader.{{ env "TRAEFIK_DOMAIN" }}`)'
+      middlewares: 
+        - common-auth@file
+      service: deluge
+  services:
+    jdownloader:
+      loadBalancer:
+        servers:
+          - url: "http://gluetun:5800"

services.conf.sample

@@ -1,6 +1,8 @@
 deluge: enable
+deluge-vpn: disable
 flood: enable
 plex: enable
+plex-hardware-transcoding: disable
 flaresolverr: enable
 jackett: enable
 prowlarr: enable
@@ -19,4 +21,5 @@ tdarr: enable
 nextcloud: enable
 portainer: enable
 netdata: enable
-duplicati: enable
+duplicati: enable
+gluetun: disable

services/bazarr.yaml

@@ -19,4 +19,4 @@ volumes:
   configbazarr:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/bazarr
+      mountpoint: $HOST_CONFIG_PATH/bazarr

services/deluge-vpn.yaml

@@ -0,0 +1,21 @@
+services:
+  deluge:
+    image: ghcr.io/linuxserver/deluge
+    container_name: deluge
+    restart: always
+    network_mode: "service:gluetun"
+    volumes:
+      - torrents:/torrents
+      - configdeluge:/config
+      - downloads:/downloads
+    environment:
+      - PGID=${PGID}
+      - PUID=${PUID}
+      - TZ=${TZ}
+    # Traefik labels are in Gluetun YAML as deluge must be accessed via Gluetun
+
+volumes:
+  configdeluge: 
+    driver: local-persist
+    driver_opts:
+      mountpoint: $HOST_CONFIG_PATH/deluge

services/deluge.yaml

@@ -20,4 +20,4 @@ volumes:
   configdeluge: 
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/deluge
+      mountpoint: $HOST_CONFIG_PATH/deluge

services/duplicati.yaml

@@ -10,22 +10,18 @@ services:
     volumes:
       - configduplicati:/config
       - backups:/backups
-      - alldata:/source
+      - config:/source
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.duplicati.rule=Host(`duplicati.${TRAEFIK_DOMAIN}`)"
       - "traefik.http.routers.duplicati.middlewares=common-auth@file"
 
 volumes:
-  alldata:
-    driver: local-persist
-    driver_opts:
-      mountpoint: /data
   configduplicati:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/duplicati
+      mountpoint: $HOST_CONFIG_PATH/duplicati
   backups:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/backups
+      mountpoint: $HOST_CONFIG_PATH/backups

services/flaresolverr.yaml

@@ -8,7 +8,7 @@ services:
     user: ${PUID}:${PGID}
     command:
       - --auth=none
-      - --dehost=deluge
+      - --dehost=${DELUGE_HOST}
       - --deport=58846
       - --deuser=flood
       - --depass=${FLOOD_PASSWORD}
@@ -29,4 +29,4 @@ volumes:
   configflood: 
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/flood
+      mountpoint: $HOST_CONFIG_PATH/flood

services/flood.yaml

@@ -0,0 +1,34 @@
+services:
+  gluetun:
+    image: qmcgaw/gluetun
+    container_name: gluetun
+    restart: always
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - PUID=${PUID}
+      - PGIDq=${PGID}
+      - TZ=${TZ}
+      - VPNSP=custom
+      - VPN_TYPE=wireguard
+      # For Wireguard
+      - VPN_ENDPOINT_IP=${WIREGUARD_ENDPOINT}
+      - VPN_ENDPOINT_PORT=${WIREGUARD_PORT}
+      - WIREGUARD_PUBLIC_KEY=${WIREGUARD_PUBLIC_KEY}
+      - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
+      - WIREGUARD_ADDRESS=${WIREGUARD_ADDRESS}
+    #labels:
+      # Control Panel
+      # - "traefik.enable=true"
+      # - "traefik.http.routers.gluetun.rule=Host(`gluetun.${TRAEFIK_DOMAIN}`)"
+      # - "traefik.http.routers.gluetun.middlewares=common-auth@file"
+      # - "traefik.http.routers.gluetun.service=gluetun"
+      # - "traefik.http.services.gluetun.loadbalancer.server.port=8000"
+      # Traefik rules for VPN-enabled services (which have ot be accessed through gluetun) are defined in the samples/ directory
+      # and are applied automatically in the update-all.sh script.
+
+volumes:
+  configgluetun:
+    driver: local-persist
+    driver_opts:
+      mountpoint: $HOST_CONFIG_PATH/gluetun

services/gluetun.yaml

@@ -0,0 +1,20 @@
+services:
+  jdownloader:
+    image: jlesage/jdownloader-2
+    container_name: jdownloader
+    restart: always
+    network_mode: "service:gluetun"
+    volumes:
+      - configjdownloader:/config
+      - downloads:/output
+    environment:
+      - USER_ID=${PUID}
+      - GROUP_ID=${PGID}
+      - TZ=${TZ}
+    # Traefik routing rules are defined in the samples/ directory and applied automatically when this service is enabled
+
+volumes:
+  configjdownloader:
+    driver: local-persist
+    driver_opts:
+      mountpoint: $HOST_CONFIG_PATH/jdownloader

services/jackett.yaml

@@ -20,4 +20,4 @@ volumes:
   configjdownloader:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/jdownloader
+      mountpoint: $HOST_CONFIG_PATH/jdownloader

services/jdownloader-vpn.yaml

@@ -19,4 +19,4 @@ volumes:
   configkavita: 
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/kavita
+      mountpoint: $HOST_CONFIG_PATH/kavita

services/jdownloader.yaml

@@ -18,4 +18,4 @@ volumes:
   configkomga: 
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/komga
+      mountpoint: $HOST_CONFIG_PATH/komga

services/kavita.yaml

@@ -19,4 +19,4 @@ volumes:
   configlidarr:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/lidarr
+      mountpoint: $HOST_CONFIG_PATH/lidarr

services/komga.yaml

@@ -41,12 +41,12 @@ volumes:
   nextclouddb:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/nextcloud-db
+      mountpoint: $HOST_CONFIG_PATH/nextcloud-db
   confignextcloud:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/nextcloud
+      mountpoint: $HOST_CONFIG_PATH/nextcloud
   nextclouddata:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/nextcloud-data
+      mountpoint: $HOST_CONFIG_PATH/nextcloud-data

services/lidarr.yaml

@@ -19,4 +19,4 @@ volumes:
   configombi:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/ombi
+      mountpoint: $HOST_CONFIG_PATH/ombi

services/netdata.yaml

@@ -17,4 +17,4 @@ volumes:
   configoverseerr:
     driver: local-persist
     driver_opts:
-      mountpoint: /data/config/overseerr
+      mountpoint: $HOST_CONFIG_PATH/overseerr

services/nextcloud.yaml

@@ -0,0 +1,31 @@
+services:
+  plex:
+    image: ghcr.io/linuxserver/plex
+    container_name: plex
+    restart: always
+    ports:
+      - "32400:32400"
+      - "32400:32400/udp"
+      - "32469:32469"
+      - "32469:32469/udp"
+    devices:
+      - /dev/dri:/dev/dri # for hardware transcoding
+    volumes:
+      - configplex:/config
+      - torrents:/torrents
+      - /dev/shm:/transcode
+    environment:
+      - PGID=${PGID}
+      - PUID=${PUID}
+      - TZ=${TZ}
+      - VERSION=latest
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.plex-seedbox.loadbalancer.server.port=32400"
+      - "traefik.http.routers.plex.rule=Host(`plex.${TRAEFIK_DOMAIN}`)"
+
+volumes:
+  configplex:
+    driver: local-persist
+    driver_opts:
+      mountpoint: $HOST_CONFIG_PATH/Plex