Compare commits

...

24 commits

Author SHA1 Message Date
35ae6515aa Create new ssh key implicitly 2024-12-04 17:59:39 +01:00
e9e8e41bfa Add missing docker services 2024-12-04 17:02:54 +01:00
07da3f3464 Format files 2024-12-04 17:02:11 +01:00
5013afea27 Ignore inexistent backup archives 2024-12-04 17:02:01 +01:00
abccaf8cd8 Load backup user variable dynamically 2024-12-04 17:00:36 +01:00
e719ff9e3c Fix collabora service 2024-12-04 16:59:30 +01:00
ae255f897f Add default port for terraria 2024-12-04 16:59:01 +01:00
e25fb820d3 Fix websocket access for wekan 2024-12-04 16:58:51 +01:00
5928b940f8 Configure wekan service properly 2024-12-04 16:58:41 +01:00
21604a0edf Remove custom wekan user 2024-12-04 16:58:18 +01:00
84fc26a1a5 Fix overcomplicated location config 2024-12-04 16:57:58 +01:00
474f9b8c91 Remove unnecessary proxy config 2024-12-04 16:57:40 +01:00
0a68921220 Allow specifying comments for locations 2024-12-04 16:57:25 +01:00
e4cb8cce5f Allow custom schemes for location settings 2024-12-04 16:55:56 +01:00
b361dd4933 Insert comment before location block 2024-12-04 16:54:54 +01:00
c9e1ecac9d Store rtorrent session files in volume 2024-12-04 16:53:24 +01:00
e4a41b6903 Normalize docker volume paths 2024-12-04 16:52:32 +01:00
4f11e64205 Update rtorrent and privoxy to proton community cli 2024-12-04 16:50:29 +01:00
a335b5aaef Remove unnecessary parameter 2024-12-04 16:48:51 +01:00
f981ac4d0b Generate extra server config with full domain 2024-12-04 16:48:35 +01:00
546da1a0e9 Update script for new cgroup version 2024-12-04 16:47:11 +01:00
f8668fe33b Fix typos 2024-12-04 16:46:57 +01:00
5b7698636a Fix permission issues 2024-12-04 16:44:01 +01:00
47417878d8 Enable nix service immediately 2024-12-04 14:41:49 +01:00
18 changed files with 217 additions and 150 deletions

View file

@ -31,10 +31,12 @@ in
jellyfin.enable = mkEnableOption "Jellyfin media server"; jellyfin.enable = mkEnableOption "Jellyfin media server";
minecraft.enable = mkEnableOption "Minecraft server"; minecraft.enable = mkEnableOption "Minecraft server";
nextcloud.enable = mkEnableOption "Nextcloud server"; nextcloud.enable = mkEnableOption "Nextcloud server";
ryot.enable = mkEnableOption "ryot server";
teamspeak.enable = mkEnableOption "TeamSpeak server"; teamspeak.enable = mkEnableOption "TeamSpeak server";
terraria.enable = mkEnableOption "Terraria server"; terraria.enable = mkEnableOption "Terraria server";
trackmania.enable = mkEnableOption "TrackMania server"; trackmania.enable = mkEnableOption "TrackMania server";
vaultwarden.enable = mkEnableOption "Vaultwarden server"; vaultwarden.enable = mkEnableOption "Vaultwarden server";
wekan.enable = mkEnableOption "Wekan server";
woodpecker.enable = mkEnableOption "Woodpecker CI server"; woodpecker.enable = mkEnableOption "Woodpecker CI server";
}; };
}; };

View file

@ -62,10 +62,12 @@ in {
jellyfin.enable = true; jellyfin.enable = true;
minecraft.enable = true; minecraft.enable = true;
nextcloud.enable = true; nextcloud.enable = true;
ryot.enable = true;
teamspeak.enable = true; teamspeak.enable = true;
terraria.enable = true; terraria.enable = true;
trackmania.enable = true; trackmania.enable = true;
vaultwarden.enable = true; vaultwarden.enable = true;
wekan.enable = true;
woodpecker.enable = true; woodpecker.enable = true;
}; };
}; };

View file

@ -5,6 +5,7 @@ begin
function installValhallaDeps -V dir function installValhallaDeps -V dir
source "$dir/../lib/software.fish" source "$dir/../lib/software.fish"
and pacinst fish git jq nix sudo tmux and pacinst fish git jq nix sudo tmux
sudo systemctl enable --now nix-daemon
end end
function getDeploymentScript -V dir function getDeploymentScript -V dir
@ -16,7 +17,6 @@ begin
waitNetwork waitNetwork
or exit or exit
sudo systemctl enable --now nix-daemon
and source "$dir/../lib/software.fish" and source "$dir/../lib/software.fish"
and source "$dir/../Software/base-devel/main.fish" and source "$dir/../Software/base-devel/main.fish"
and source "$dir/../Software/pacman/main.fish" and source "$dir/../Software/pacman/main.fish"

View file

@ -16,19 +16,21 @@ function backupAction -V dir
if [ -z "$VALHALLA_BACKUP_DIR" ] if [ -z "$VALHALLA_BACKUP_DIR" ]
if fish "$dir/../../../lib/modules/partition/confirm.fish" "Do you wish to store the backup on an SSH server?" n if fish "$dir/../../../lib/modules/partition/confirm.fish" "Do you wish to store the backup on an SSH server?" n
set -l keyVar VALHALLA_BACKUP_SERVER_KEY
set -l keyPath ~root/.config/port-valhalla/valhalla
read -xP "Please specify the host name of the SSH server: " VALHALLA_BACKUP_SERVER read -xP "Please specify the host name of the SSH server: " VALHALLA_BACKUP_SERVER
read -xP "Please specify the port of the SSH server (default 22): " VALHALLA_BACKUP_SERVER_PORT read -xP "Please specify the port of the SSH server (default 22): " VALHALLA_BACKUP_SERVER_PORT
read -xP "Please specify the name of the user to log in to the SSH server: " VALHALLA_BACKUP_SERVER_USER read -xP "Please specify the name of the user to log in to the SSH server: " VALHALLA_BACKUP_SERVER_USER
read -xP "Please specify the path to the key file for logging in to the SSH server: " VALHALLA_BACKUP_SERVER_KEY
if [ -z "$$keyVar" ]
set -gx "$keyVar" "$keyPath"
ssh-keygen -f "$$keyVar" -N ""
end
if [ -z "$VALHALLA_BACKUP_SERVER_PORT" ] if [ -z "$VALHALLA_BACKUP_SERVER_PORT" ]
set -x VALHALLA_BACKUP_SERVER_PORT 22 set -x VALHALLA_BACKUP_SERVER_PORT 22
end end
if [ -n "$VALHALLA_BACKUP_SERVER_USER" ]
set -x VALHALLA_BACKUP_SERVER "$VALHALLA_BACKUP_SERVER_USER@$VALHALLA_BACKUP_SERVER"
end
echo echo
echo "$(tput setaf 3)==== WARNING ====$(tput sgr0)" echo "$(tput setaf 3)==== WARNING ====$(tput sgr0)"
echo "For a seamless experience, please make sure that you are able to establish an unattended ssh connection using key authentication." echo "For a seamless experience, please make sure that you are able to establish an unattended ssh connection using key authentication."

View file

@ -32,7 +32,7 @@ services:
MARIADB_RANDOM_ROOT_PASSWORD: "yes" MARIADB_RANDOM_ROOT_PASSWORD: "yes"
MARIADB_AUTO_UPGRADE: "yes" MARIADB_AUTO_UPGRADE: "yes"
volumes: volumes:
- ./database:/var/lib/mysql - ./data/db:/var/lib/mysql
command: command:
- --character-set-server=utf8mb4 - --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci - --collation-server=utf8mb4_unicode_ci

View file

@ -70,8 +70,8 @@ begin
yq "$envKey.USER_GID = $gid" | yq "$envKey.USER_GID = $gid" |
sudo tee "$config" >/dev/null sudo tee "$config" >/dev/null
mkdir -p "$dir" sudo mkdir -p "$dir"
and chown -R $uid:$gid "$dir" and sudo chown -R $uid:$gid "$dir"
rm "$file" rm "$file"
set port (yq (getSSHPortKey) "$overrides" | extractPort) set port (yq (getSSHPortKey) "$overrides" | extractPort)

View file

@ -5,9 +5,9 @@ services:
user: 1337:1337 user: 1337:1337
hostname: Jellyfin hostname: Jellyfin
volumes: volumes:
- ./config/jellyfin:/config - ./data/config/jellyfin:/config
- cache:/cache - cache:/cache
- ./media:/media - ./data/media:/media
radarr: radarr:
image: linuxserver/radarr image: linuxserver/radarr
restart: unless-stopped restart: unless-stopped
@ -16,9 +16,9 @@ services:
PGID: 1337 PGID: 1337
volumes: volumes:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- ./config/radarr:/config - ./data/config/radarr:/config
- ./media/movies:/movies - ./data/media/movies:/movies
- ./downloads:/downloads - ./data/downloads:/downloads
sonarr: sonarr:
image: linuxserver/sonarr image: linuxserver/sonarr
restart: unless-stopped restart: unless-stopped
@ -27,9 +27,9 @@ services:
PGID: 1337 PGID: 1337
volumes: volumes:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- ./config/sonarr:/config - ./data/config/sonarr:/config
- ./media/series:/tv - ./data/media/series:/tv
- ./downloads:/downloads - ./data/downloads:/downloads
lidarr: lidarr:
image: linuxserver/lidarr image: linuxserver/lidarr
restart: unless-stopped restart: unless-stopped
@ -38,9 +38,9 @@ services:
PGID: 1337 PGID: 1337
volumes: volumes:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- ./config/lidarr:/config - ./data/config/lidarr:/config
- ./media/music:/music - ./data/media/music:/music
- ./downloads:/downloads - ./data/downloads:/downloads
prowlarr: prowlarr:
image: linuxserver/prowlarr image: linuxserver/prowlarr
restart: unless-stopped restart: unless-stopped
@ -49,7 +49,7 @@ services:
PGID: 1337 PGID: 1337
volumes: volumes:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- ./config/prowlarr:/config - ./data/config/prowlarr:/config
flaresolverr: flaresolverr:
image: flaresolverr/flaresolverr image: flaresolverr/flaresolverr
restart: unless-stopped restart: unless-stopped
@ -58,7 +58,11 @@ services:
LOG_HTML: "false" LOG_HTML: "false"
CAPTCHA_SOLVER: none CAPTCHA_SOLVER: none
privoxy: privoxy:
image: walt3rl/proton-privoxy build:
context: .
dockerfile_inline: |
FROM walt3rl/proton-privoxy
RUN apk --update add ip6tables
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
@ -75,9 +79,9 @@ services:
--allowedpath /downloads --allowedpath /downloads
--rtsocket /rtorrent/.local/share/rtorrent/rtorrent.sock --rtsocket /rtorrent/.local/share/rtorrent/rtorrent.sock
volumes: volumes:
- ./config/flood:/flood - ./data/config/flood:/flood
- ./downloads:/downloads - ./data/downloads:/downloads
- ./config/rtorrent:/rtorrent - rtorrent:/rtorrent
rtorrent: rtorrent:
build: build:
dockerfile: ./rtorrent.Dockerfile dockerfile: ./rtorrent.Dockerfile
@ -96,8 +100,8 @@ services:
-o 'method.set=group.seeding.ratio.command, "d.cloase = ; d.erase = "' -o 'method.set=group.seeding.ratio.command, "d.cloase = ; d.erase = "'
volumes: volumes:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- ./config/rtorrent:/config - rtorrent:/config
- ./downloads:/downloads - ./data/downloads:/downloads
- ./data/proton:/proton - ./data/proton:/proton
devices: devices:
- /dev/net/tun - /dev/net/tun
@ -135,3 +139,4 @@ services:
volumes: volumes:
cache: {} cache: {}
rtorrent: {}

View file

@ -66,7 +66,7 @@ begin
URL="https://$(getServiceDomain "$domain" "")/" yq "$(getServiceKey "$service").environment.JELLYFIN_PublishedServerUrl = env(URL)" "$file" | URL="https://$(getServiceDomain "$domain" "")/" yq "$(getServiceKey "$service").environment.JELLYFIN_PublishedServerUrl = env(URL)" "$file" |
sudo tee "$overrides" >/dev/null sudo tee "$overrides" >/dev/null
for dir in "$root"/{downloads,config/{,jellyfin,flood,rtorrent,radarr,sonarr,lidarr,prowlarr},media/{,movies,series,music}} for dir in "$root"/data/{downloads,config/{,jellyfin,flood,radarr,sonarr,lidarr,prowlarr},media/{,movies,series,music}}
sudo mkdir -p "$dir" sudo mkdir -p "$dir"
and chown -R $uid:$gid "$dir" and chown -R $uid:$gid "$dir"
end end
@ -91,9 +91,9 @@ begin
printf "%s\0" \ printf "%s\0" \
"$_flag_name" / ( "$_flag_name" / (
for app in $servarr for app in $servarr
printf "%s\n" "$app" "/$app" printf "%s\n" "$app" "/$app" ""
end) \ end) \
flood "~ ^/flood.*" flood "/flood/"
end end
function getServiceLocationConfig -a domain s location -V service -V flood function getServiceLocationConfig -a domain s location -V service -V flood

View file

@ -1,25 +1,36 @@
from argparse import ArgumentParser from argparse import ArgumentParser
from os import environ from os import chmod, environ
from os.path import dirname from os.path import dirname
from random import choice
from re import M from re import M
import shlex import shlex
import subprocess import subprocess
import sys import sys
from protonvpn_cli.cli import FeatureEnum, protonvpn from protonvpn_cli import connection
from protonvpn_cli.constants import PASSFILE
from protonvpn_cli.utils import check_init, get_fastest_server, get_servers, set_config_value, pull_server_data
def run_proton(args): def run_proton(args):
exit( exit(
subprocess.run( subprocess.run(
["pipenv", "run", "proton"], ["proton"],
cwd="/app", cwd="/app",
env=dict( env=dict(
environ, environ,
PIPENV_VENV_IN_PROJECT=f"{1}",
PVPN_CMD_ARGS=" ".join(args))).returncode) PVPN_CMD_ARGS=" ".join(args))).returncode)
environ["PVPN_USERNAME"] = environ["PVPN_USERNAME"] + (environ["PVPN_TAGS"] or "")
protonvpn.ensure_connectivity() with open(PASSFILE, "w") as f:
f.write("{0}\n{1}".format(environ["PVPN_USERNAME"], environ["PVPN_PASSWORD"]))
chmod(PASSFILE, 0o600)
check_init()
set_config_value("USER", "username", environ["PVPN_USERNAME"])
set_config_value("USER", "tier", environ["PVPN_TIER"])
set_config_value("USER", "default_protocol", environ["PVPN_PROTOCOL"])
set_config_value("USER", "initialized", 1)
args = sys.argv[1:] args = sys.argv[1:]
@ -29,7 +40,7 @@ if not args:
parser = ArgumentParser(exit_on_error=False) parser = ArgumentParser(exit_on_error=False)
subParsers = parser.add_subparsers(dest="command") subParsers = parser.add_subparsers(dest="command")
initParser = subParsers.add_parser("init", alias=["i"]) initParser = subParsers.add_parser("init", aliases=["i"])
connectParser = subParsers.add_parser("connect", aliases=["c"]) connectParser = subParsers.add_parser("connect", aliases=["c"])
for aliases in [ for aliases in [
@ -50,56 +61,40 @@ try:
except: except:
pass pass
if parsedArgs is not None and parsedArgs.command == "init": if parsedArgs is not None and (
userName = input("Enter your Proton VPN username or email: ")
subprocess.run(["protonvpn-cli", "login", userName])
else:
session = protonvpn.get_session()
try:
session.ensure_valid()
except:
raise Exception(
"Your current session is invalid. Please initialize the session using the `init` subcommand.")
environ["PVPN_USERNAME"] = session.vpn_username + \
(environ.get("PVPN_TAGS") or "")
environ["PVPN_PASSWORD"] = session.vpn_password
environ["PVPN_TIER"] = f"{session.vpn_tier}"
if parsedArgs is not None and (
len( len(
list( list(
filter( filter(
lambda item: item[1] not in [False, None], lambda item: item[1] not in [False, None],
vars(parsedArgs).items()))) > 1): vars(parsedArgs).items()))) > 1):
country = protonvpn.get_country()
def match(server): def match(server):
features = list() features = list()
if parsedArgs.streaming: if parsedArgs.streaming:
features.append(FeatureEnum.STREAMING) pass
if parsedArgs.sc: if parsedArgs.sc:
features.append(FeatureEnum.SECURE_CORE) pass
if parsedArgs.p2p: if parsedArgs.p2p:
features.append(FeatureEnum.P2P) pass
if parsedArgs.tor: if parsedArgs.tor:
features.append(FeatureEnum.TOR) pass
return (parsedArgs.cc is None or server.exit_country.lower() == parsedArgs.cc.lower()) and ( return (parsedArgs.cc is None or server.exit_country.lower() == parsedArgs.cc.lower()) and (
all(feature in server.features for feature in features)) all(feature in server.features for feature in features))
servers = session.servers.filter(match) pull_server_data(force=True)
servers = list(filter(lambda server: match(server), get_servers()))
if len(servers) > 0: if len(servers) > 0:
if parsedArgs.fastest or not parsedArgs.random: if parsedArgs.fastest or not parsedArgs.random:
server = servers.get_fastest_server() server = get_fastest_server(servers)
else: else:
server = servers.get_random_server() server = choice(servers)
run_proton(["connect", server.name]) run_proton(["connect", server["Name"]])
else: else:
raise Exception( raise Exception(
f"Unable to find a server matching the specified criteria {args[1:]}!") f"Unable to find a server matching the specified criteria {args[1:]}!")
else: else:
run_proton(args) run_proton(args)

View file

@ -5,8 +5,13 @@ FROM debian
ARG PVPN_CLI_VER=2.2.12 ARG PVPN_CLI_VER=2.2.12
ARG USERNAME=proton ARG USERNAME=proton
ENV PVPN_TAGS="+pmp" \ ENV PVPN_USERNAME= \
PVPN_USERNAME_FILE= \
PVPN_PASSWORD= \
PVPN_PASSWORD_FILE= \
PVPN_TIER=2 \
PVPN_PROTOCOL=udp \ PVPN_PROTOCOL=udp \
PVPN_TAGS="+pmp" \
PVPN_CMD_ARGS="connect --p2p --random" \ PVPN_CMD_ARGS="connect --p2p --random" \
PVPN_DEBUG= \ PVPN_DEBUG= \
HOST_NETWORK= \ HOST_NETWORK= \
@ -20,9 +25,28 @@ ENV PVPN_TAGS="+pmp" \
WORKDIR /root WORKDIR /root
COPY --from=rtorrent / / COPY --from=rtorrent / /
RUN apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y \
git \
iproute2 \
iptables \
natpmpc \
openvpn \
pipenv \
procps \
python3 \
python3-pip \
python3-setuptools \
sudo \
&& rm -rf /var/lib/apt/lists
RUN pip3 install --break-system-packages git+https://github.com/Rafficer/linux-cli-community.git@v$PVPN_CLI_VER#egg=protonvpn-cli
RUN mkdir /app RUN mkdir /app
COPY --from=proton /root/.pvpn-cli /root/.pvpn-cli
COPY --from=proton /app/proton-privoxy/run /app/proton COPY --from=proton /app/proton-privoxy/run /app/proton
COPY --from=proton /root/.pvpn-cli/pvpn-cli.cfg.clean /root/.pvpn-cli/pvpn-cli.cfg
RUN \ RUN \
sed -i \ sed -i \
@ -32,43 +56,7 @@ RUN \
&& install -t /usr/local/bin /app/proton \ && install -t /usr/local/bin /app/proton \
&& rm /app/proton && rm /app/proton
RUN apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y \
curl \
gnupg \
&& curl https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.3-3_all.deb -o proton.deb \
&& dpkg --install proton.deb \
&& apt-get remove -y \
curl \
&& apt-get update -y \
&& apt-get install -y protonvpn-cli \
&& rm -rf /var/lib/apt/lists
RUN apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y \
git \
iproute2 \
iptables \
natpmpc \
pipenv \
python3-setuptools \
sudo \
&& rm -rf /var/lib/apt/lists
RUN \
cd /app \
&& PIPENV_VENV_IN_PROJECT=1 pipenv install git+https://github.com/Rafficer/linux-cli-community.git@v$PVPN_CLI_VER#egg=protonvpn-cli
RUN printf "%s\n" \ RUN printf "%s\n" \
"#!/usr/bin/env -S dbus-run-session -- bash" \
"mkdir -p /proton/{keyrings,protonvpn}" \
"mkdir -p ~/.local/share" \
"mkdir -p ~/.config" \
"ln -Ts /proton/keyrings ~/.local/share/keyrings >/dev/null 2>&1" \
"ln -Ts /proton/protonvpn ~/.config/protonvpn >/dev/null 2>&1" \
"eval \"\$(echo -n 'root' | gnome-keyring-daemon --unlock)\"" \
"python3 /app/pvpn-cli.py \"\$@\"" > ./pvpn-cli \ "python3 /app/pvpn-cli.py \"\$@\"" > ./pvpn-cli \
&& install -Dm 755 ./pvpn-cli /usr/local/bin \ && install -Dm 755 ./pvpn-cli /usr/local/bin \
&& rm ./pvpn-cli && rm ./pvpn-cli
@ -77,7 +65,20 @@ RUN printf "%s\n" \
"#!/bin/bash" \ "#!/bin/bash" \
"groupadd --gid \$PGID ${USERNAME} > /dev/null" \ "groupadd --gid \$PGID ${USERNAME} > /dev/null" \
"useradd --create-home --home-dir \$PHOME ${USERNAME} --uid \$PUID -g ${USERNAME} 2>/dev/null" \ "useradd --create-home --home-dir \$PHOME ${USERNAME} --uid \$PUID -g ${USERNAME} 2>/dev/null" \
"chown ${USERNAME} \$PHOME" \
'[ ! -z "$1" ] && [ "$1" = "init" ] && export PVPN_CMD_ARGS="$@"' \ '[ ! -z "$1" ] && [ "$1" = "init" ] && export PVPN_CMD_ARGS="$@"' \
'if [ -z "$PVPN_USERNAME" ] && [ -z "$PVPN_USERNAME_FILE" ]; then' \
" echo 'Error: Either env var \$PVPN_USERNAME or \$PVPN_USERNAME_FILE is required.'" \
"exit 1" \
"fi" \
"" \
'if [ -z "$PVPN_PASSWORD" ] && [ -z "$PVPN_PASSWORD_FILE" ]; then' \
"echo 'Error: Either env var \$PVPN_PASSWORD or \$PVPN_PASSWORD_FILE is required.'" \
"exit 1" \
"fi" \
"" \
'[ -f "$PVPN_USERNAME_FILE" ] && PVPN_USERNAME=$(cat "$PVPN_USERNAME_FILE")' \
'[ -f "$PVPN_PASSWORD_FILE" ] && PVPN_PASSWORD=$(cat "$PVPN_PASSWORD_FILE")' \
"pvpn-cli || exit" \ "pvpn-cli || exit" \
'ip link show proton0 > /dev/null 2>&1 || exit' \ 'ip link show proton0 > /dev/null 2>&1 || exit' \
'fallback="$(expr ${NATPMP_TIMEOUT} \* 3 / 4)"' \ 'fallback="$(expr ${NATPMP_TIMEOUT} \* 3 / 4)"' \
@ -93,7 +94,7 @@ RUN printf "%s\n" \
" while true" \ " while true" \
" do" \ " do" \
' echo "Refreshing NAT-PMP port forwarding…"' \ ' echo "Refreshing NAT-PMP port forwarding…"' \
' natpmp -a 0 0 udp "$NATPMP_TIMEOUT"' \ ' natpmpc -a 0 0 udp "$NATPMP_TIMEOUT"' \
' natpmpc -a 0 0 tcp "$NATPMP_TIMEOUT"' \ ' natpmpc -a 0 0 tcp "$NATPMP_TIMEOUT"' \
' echo "NAT-PMP port forwarding has been refreshed!"' \ ' echo "NAT-PMP port forwarding has been refreshed!"' \
' sleep "$NATPMP_INTERVAL"' \ ' sleep "$NATPMP_INTERVAL"' \
@ -101,7 +102,7 @@ RUN printf "%s\n" \
"} &" \ "} &" \
"set -m" \ "set -m" \
'[ ${MAX_UPTIME:-0} -gt 0 ] && {' \ '[ ${MAX_UPTIME:-0} -gt 0 ] && {' \
' soudo -iu '"${USERNAME}"' rtorrent -o network.port_range.set=$port-$port,system.daemon.set=true $@ &' \ ' sudo -iu '"${USERNAME}"' rtorrent -o network.port_range.set=$port-$port,system.daemon.set=true $@ &' \
' pid=$!' \ ' pid=$!' \
' sleep "$MAX_UPTIME"' \ ' sleep "$MAX_UPTIME"' \
' pkill -9 $pid' \ ' pkill -9 $pid' \

View file

@ -10,7 +10,6 @@ begin
set -l services \ set -l services \
$server \ $server \
$turn turn "" \
$office $officeDomain $office $officeDomain
source "$dir/../service.fish" source "$dir/../service.fish"
@ -94,10 +93,40 @@ begin
end end
end end
function getServiceLocations -V services -a index function getServiceLocations -V services -V office -a index
set -l i (math (math (math $index - 1) / 2 "*" 3) + 1) set -l i (math (math (math $index - 1) / 2 "*" 3) + 1)
set -l name $services[$i] set -l name $services[$i]
printf "%s\0" "$name" /
if [ "$name" != "$office" ]
printf "%s\0" "$name" / ""
else
printf "%s\0" \
"$name" "^~ /browser" "static files" \
"$name" "^~ /hosting/discovery" "WOPI discovery URL" \
"$name" "^~ /hosting/capabilities" "Capabilities" \
"$name" "~ ^/cool/(.*)/ws\$" "main websocket" \
"$name" "~ ^/(c|l)ool" "download, presentation and image upload" \
"$name" "^~ /cool/adminws" "Admin Console websocket"
end
end
function getServiceLocationConfig -a domain s location -V office -V flood
if [ "$s" = "$office" ]
set -l argv $argv[4..]
getServiceDefaultProxy $domain $s "$location" --scheme https $argv
else
getServiceDefaultProxy $argv --path "$location"
end
end
function getExtraLocationSettings -a domain s location -V service
if string match --regex '^(~ \^|\^~ )/cool/(.*)ws\$?$' "$location" >/dev/null
printf "%s\n" \
'# Websocket' \
"proxy_http_version 1.1;" \
'proxy_set_header Upgrade $http_upgrade;' \
'proxy_set_header Connection "upgrade";'
end
end end
function getExtraBackupPatterns function getExtraBackupPatterns

View file

@ -8,4 +8,4 @@ services:
image: postgres image: postgres
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ./database:/var/lib/postgresql/data - ./data/db:/var/lib/postgresql/data

View file

@ -68,24 +68,31 @@ begin
echo "$domain" echo "$domain"
end end
function getExtraServerConfig -a subdomain domain function getExtraServerConfig -a domain
end end
function getServiceLocationConfig -a domain service location function getServiceLocationConfig -a domain service location
getServiceDefaultProxy $domain $service $location "" $argv getServiceDefaultProxy $domain $service $location $argv
end end
function getServiceDefaultProxy -a domain service location function getServiceDefaultProxy -a domain service location
argparse -i "comment=" "path=" "url=" -- $argv argparse -i "comment=" "path=" "scheme=" "url=" -- $argv
set -l scheme
set -l url set -l url
set -l config (getServiceOverrides $argv) set -l config (getServiceOverrides $argv)
set -l portKey (getServicePortKey "$service") set -l portKey (getServicePortKey "$service")
set -l port (yq "$portKey" "$config" | extractPort) set -l port (yq "$portKey" "$config" | extractPort)
if [ -n "$_flag_scheme" ]
set scheme "$_flag_scheme"
else
set scheme http
end
if [ -n "$_flag_url" ] if [ -n "$_flag_url" ]
set url "$_flag_url" set url "$_flag_url"
else else
set url "http://127.0.0.1:$port" set url "$scheme://127.0.0.1:$port"
if [ -n "$_flag_path" ] if [ -n "$_flag_path" ]
set url "$url$_flag_path" set url "$url$_flag_path"
@ -93,10 +100,10 @@ begin
end end
printf "%s\n" \ printf "%s\n" \
"location $location {" \
(if [ -n "$_flag_comment" ] (if [ -n "$_flag_comment" ]
echo "# $_flag_comment" echo "# $_flag_comment"
end) \ end) \
"location $location {" \
"proxy_pass $url;" \ "proxy_pass $url;" \
'proxy_set_header Host $host;' \ 'proxy_set_header Host $host;' \
'proxy_set_header X-Real-IP $remote_addr;' \ 'proxy_set_header X-Real-IP $remote_addr;' \
@ -127,7 +134,7 @@ begin
for i in (seq 1 2 (count $servers)) for i in (seq 1 2 (count $servers))
set -l locations (getServiceLocations $i $argv | string split0) set -l locations (getServiceLocations $i $argv | string split0)
for j in (seq 1 2 (count $locations)) for j in (seq 1 3 (count $locations))
set -l file (mktemp) set -l file (mktemp)
set -l port (getRandomPort) set -l port (getRandomPort)
set -l service $locations[$j] set -l service $locations[$j]
@ -158,11 +165,17 @@ begin
"server {" \ "server {" \
"listen 80;" \ "listen 80;" \
"server_name $domain;" \ "server_name $domain;" \
(getExtraServerConfig $subdomain $domain $argv) (getExtraServerConfig $domain $argv)
for j in (seq 1 2 (count $locations)) for j in (seq 1 3 (count $locations))
set -l service $locations[$j] set -l service $locations[$j]
set -l location $locations[(math $j + 1)] set -l location $locations[(math $j + 1)]
set -l comment $locations[(math $j + 2)]
if [ -n "$comment" ]
set -a argv --comment "$comment"
end
getServiceLocationConfig $domain $service $location $argv getServiceLocationConfig $domain $service $location $argv
end end

View file

@ -4,5 +4,7 @@ services:
restart: unless-stopped restart: unless-stopped
tty: true tty: true
stdin_open: true stdin_open: true
ports:
- 7777:7777
volumes: volumes:
- ./data:/root/.local/share/Terraria/Worlds - ./data:/root/.local/share/Terraria/Worlds

View file

@ -4,7 +4,6 @@ services:
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- db - db
user: 1337:1337
environment: environment:
WRITABLE_PATH: /data WRITABLE_PATH: /data
MONGO_URL: mongodb://db:27017/wekan MONGO_URL: mongodb://db:27017/wekan

View file

@ -18,12 +18,28 @@ begin
installDockerService $argv installDockerService $argv
end end
function configureSW -V dir
configureDockerService $argv
end
function getServiceServers -V domain function getServiceServers -V domain
printf "%s\0" $domain printf "%s\0" $domain
end end
function getServiceLocations -V service function getServiceLocations -V service
printf "%s\0" "$service" / printf "%s\0" \
"$service" / "static files" \
"$service" "~ ^/sockjs/.*/websocket\$" "Websocket"
end
function getExtraLocationSettings -a domain s location -V service
if [ "$location" != "/" ]
printf "%s\n" \
'# Websocket' \
"proxy_http_version 1.1;" \
'proxy_set_header Upgrade $http_upgrade;' \
'proxy_set_header Connection "upgrade";'
end
end end
runInstaller --force $argv runInstaller --force $argv

View file

@ -23,9 +23,10 @@ end
function restoreFiles function restoreFiles
if [ -n "$VALHALLA_BACKUP_DIR" ] if [ -n "$VALHALLA_BACKUP_DIR" ]
argparse -i "user=" "base-directory=" -- $argv set -l path (getArchivePath $argv)
set -l tarArgs set -l tarArgs
set -l sudoArgs set -l sudoArgs
argparse -i "user=" "base-directory=" -- $argv
if [ -n "$_flag_base_directory" ] if [ -n "$_flag_base_directory" ]
set -a tarArgs -C "$_flag_base_directory" set -a tarArgs -C "$_flag_base_directory"
@ -37,8 +38,8 @@ function restoreFiles
set -a sudoArgs -u "$_flag_user" set -a sudoArgs -u "$_flag_user"
end end
fetchArchive $argv | begin if runRestorationCommand test -f "$path"
sudo $sudoArgs tar $tarArgs -xvz runRestorationCommand cat "$path" | sudo $sudoArgs tar $tarArgs -xvz
end end
end end
end end
@ -47,22 +48,22 @@ function createArchive -a path
runRestorationCommand sh -c "tee $(string escape -- "$path") >/dev/null" runRestorationCommand sh -c "tee $(string escape -- "$path") >/dev/null"
end end
function fetchArchive
set -l path (getArchivePath $argv)
runRestorationCommand cat "$path"
end
function runRestorationCommand function runRestorationCommand
if [ -z "$VALHALLA_BACKUP_SERVER" ] if [ -z "$VALHALLA_BACKUP_SERVER" ]
$argv $argv
else else
set -l args set -l args
set -l host "$VALHALLA_BACKUP_SERVER"
if [ -n "$VALHALLA_BACKUP_SERVER_USER" ]
set host "$VALHALLA_BACKUP_SERVER_USER@$host"
end
if [ -n "$VALHALLA_BACKUP_SERVER_PORT" ] if [ -n "$VALHALLA_BACKUP_SERVER_PORT" ]
set -a args -p $VALHALLA_BACKUP_SERVER_PORT set -a args -p $VALHALLA_BACKUP_SERVER_PORT
end end
sudo ssh -i $(string escape -- "$VALHALLA_BACKUP_SERVER_KEY") $args "$VALHALLA_BACKUP_SERVER" (string escape -- $argv) sudo ssh -i $(string escape -- "$VALHALLA_BACKUP_SERVER_KEY") $args "$host" (string escape -- $argv)
end end
end end
@ -70,7 +71,7 @@ function getArchivePath
argparse -i "u/user=" "n/name=" -- $argv argparse -i "u/user=" "n/name=" -- $argv
set -l path "$VALHALLA_BACKUP_DIR" set -l path "$VALHALLA_BACKUP_DIR"
if [ -b "$_flag_user" ] if [ -n "$_flag_user" ]
set -a path Users "$_flag_user" set -a path Users "$_flag_user"
else else
set -a path System set -a path System

View file

@ -18,7 +18,7 @@ begin
"lxc.mount.entry = $(realpath "$dir/../..") $valhallaRoot none bind 0 0" \ "lxc.mount.entry = $(realpath "$dir/../..") $valhallaRoot none bind 0 0" \
"" \ "" \
"# VPN" \ "# VPN" \
"lxc.cgroup.devices.allow = c 10:200 rwm" \ "lxc.cgroup2.devices.allow = c 10:200 rwm" \
"lxc.mount.entry = /dev/net dev/net none bind,create=dir 0 0" "lxc.mount.entry = /dev/net dev/net none bind,create=dir 0 0"
end | sudo tee -a "$containerDir/config" >/dev/null end | sudo tee -a "$containerDir/config" >/dev/null