Compare commits
24 commits
83c4b18dbe
...
35ae6515aa
Author | SHA1 | Date | |
---|---|---|---|
35ae6515aa | |||
e9e8e41bfa | |||
07da3f3464 | |||
5013afea27 | |||
abccaf8cd8 | |||
e719ff9e3c | |||
ae255f897f | |||
e25fb820d3 | |||
5928b940f8 | |||
21604a0edf | |||
84fc26a1a5 | |||
474f9b8c91 | |||
0a68921220 | |||
e4cb8cce5f | |||
b361dd4933 | |||
c9e1ecac9d | |||
e4a41b6903 | |||
4f11e64205 | |||
a335b5aaef | |||
f981ac4d0b | |||
546da1a0e9 | |||
f8668fe33b | |||
5b7698636a | |||
47417878d8 |
18 changed files with 217 additions and 150 deletions
|
@ -31,10 +31,12 @@ in
|
||||||
jellyfin.enable = mkEnableOption "Jellyfin media server";
|
jellyfin.enable = mkEnableOption "Jellyfin media server";
|
||||||
minecraft.enable = mkEnableOption "Minecraft server";
|
minecraft.enable = mkEnableOption "Minecraft server";
|
||||||
nextcloud.enable = mkEnableOption "Nextcloud server";
|
nextcloud.enable = mkEnableOption "Nextcloud server";
|
||||||
|
ryot.enable = mkEnableOption "ryot server";
|
||||||
teamspeak.enable = mkEnableOption "TeamSpeak server";
|
teamspeak.enable = mkEnableOption "TeamSpeak server";
|
||||||
terraria.enable = mkEnableOption "Terraria server";
|
terraria.enable = mkEnableOption "Terraria server";
|
||||||
trackmania.enable = mkEnableOption "TrackMania server";
|
trackmania.enable = mkEnableOption "TrackMania server";
|
||||||
vaultwarden.enable = mkEnableOption "Vaultwarden server";
|
vaultwarden.enable = mkEnableOption "Vaultwarden server";
|
||||||
|
wekan.enable = mkEnableOption "Wekan server";
|
||||||
woodpecker.enable = mkEnableOption "Woodpecker CI server";
|
woodpecker.enable = mkEnableOption "Woodpecker CI server";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -62,10 +62,12 @@ in {
|
||||||
jellyfin.enable = true;
|
jellyfin.enable = true;
|
||||||
minecraft.enable = true;
|
minecraft.enable = true;
|
||||||
nextcloud.enable = true;
|
nextcloud.enable = true;
|
||||||
|
ryot.enable = true;
|
||||||
teamspeak.enable = true;
|
teamspeak.enable = true;
|
||||||
terraria.enable = true;
|
terraria.enable = true;
|
||||||
trackmania.enable = true;
|
trackmania.enable = true;
|
||||||
vaultwarden.enable = true;
|
vaultwarden.enable = true;
|
||||||
|
wekan.enable = true;
|
||||||
woodpecker.enable = true;
|
woodpecker.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,6 +5,7 @@ begin
|
||||||
function installValhallaDeps -V dir
|
function installValhallaDeps -V dir
|
||||||
source "$dir/../lib/software.fish"
|
source "$dir/../lib/software.fish"
|
||||||
and pacinst fish git jq nix sudo tmux
|
and pacinst fish git jq nix sudo tmux
|
||||||
|
sudo systemctl enable --now nix-daemon
|
||||||
end
|
end
|
||||||
|
|
||||||
function getDeploymentScript -V dir
|
function getDeploymentScript -V dir
|
||||||
|
@ -16,7 +17,6 @@ begin
|
||||||
waitNetwork
|
waitNetwork
|
||||||
or exit
|
or exit
|
||||||
|
|
||||||
sudo systemctl enable --now nix-daemon
|
|
||||||
and source "$dir/../lib/software.fish"
|
and source "$dir/../lib/software.fish"
|
||||||
and source "$dir/../Software/base-devel/main.fish"
|
and source "$dir/../Software/base-devel/main.fish"
|
||||||
and source "$dir/../Software/pacman/main.fish"
|
and source "$dir/../Software/pacman/main.fish"
|
||||||
|
|
|
@ -16,19 +16,21 @@ function backupAction -V dir
|
||||||
|
|
||||||
if [ -z "$VALHALLA_BACKUP_DIR" ]
|
if [ -z "$VALHALLA_BACKUP_DIR" ]
|
||||||
if fish "$dir/../../../lib/modules/partition/confirm.fish" "Do you wish to store the backup on an SSH server?" n
|
if fish "$dir/../../../lib/modules/partition/confirm.fish" "Do you wish to store the backup on an SSH server?" n
|
||||||
|
set -l keyVar VALHALLA_BACKUP_SERVER_KEY
|
||||||
|
set -l keyPath ~root/.config/port-valhalla/valhalla
|
||||||
read -xP "Please specify the host name of the SSH server: " VALHALLA_BACKUP_SERVER
|
read -xP "Please specify the host name of the SSH server: " VALHALLA_BACKUP_SERVER
|
||||||
read -xP "Please specify the port of the SSH server (default 22): " VALHALLA_BACKUP_SERVER_PORT
|
read -xP "Please specify the port of the SSH server (default 22): " VALHALLA_BACKUP_SERVER_PORT
|
||||||
read -xP "Please specify the name of the user to log in to the SSH server: " VALHALLA_BACKUP_SERVER_USER
|
read -xP "Please specify the name of the user to log in to the SSH server: " VALHALLA_BACKUP_SERVER_USER
|
||||||
read -xP "Please specify the path to the key file for logging in to the SSH server: " VALHALLA_BACKUP_SERVER_KEY
|
|
||||||
|
if [ -z "$$keyVar" ]
|
||||||
|
set -gx "$keyVar" "$keyPath"
|
||||||
|
ssh-keygen -f "$$keyVar" -N ""
|
||||||
|
end
|
||||||
|
|
||||||
if [ -z "$VALHALLA_BACKUP_SERVER_PORT" ]
|
if [ -z "$VALHALLA_BACKUP_SERVER_PORT" ]
|
||||||
set -x VALHALLA_BACKUP_SERVER_PORT 22
|
set -x VALHALLA_BACKUP_SERVER_PORT 22
|
||||||
end
|
end
|
||||||
|
|
||||||
if [ -n "$VALHALLA_BACKUP_SERVER_USER" ]
|
|
||||||
set -x VALHALLA_BACKUP_SERVER "$VALHALLA_BACKUP_SERVER_USER@$VALHALLA_BACKUP_SERVER"
|
|
||||||
end
|
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "$(tput setaf 3)==== WARNING ====$(tput sgr0)"
|
echo "$(tput setaf 3)==== WARNING ====$(tput sgr0)"
|
||||||
echo "For a seamless experience, please make sure that you are able to establish an unattended ssh connection using key authentication."
|
echo "For a seamless experience, please make sure that you are able to establish an unattended ssh connection using key authentication."
|
||||||
|
|
|
@ -32,7 +32,7 @@ services:
|
||||||
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||||
MARIADB_AUTO_UPGRADE: "yes"
|
MARIADB_AUTO_UPGRADE: "yes"
|
||||||
volumes:
|
volumes:
|
||||||
- ./database:/var/lib/mysql
|
- ./data/db:/var/lib/mysql
|
||||||
command:
|
command:
|
||||||
- --character-set-server=utf8mb4
|
- --character-set-server=utf8mb4
|
||||||
- --collation-server=utf8mb4_unicode_ci
|
- --collation-server=utf8mb4_unicode_ci
|
||||||
|
|
|
@ -70,8 +70,8 @@ begin
|
||||||
yq "$envKey.USER_GID = $gid" |
|
yq "$envKey.USER_GID = $gid" |
|
||||||
sudo tee "$config" >/dev/null
|
sudo tee "$config" >/dev/null
|
||||||
|
|
||||||
mkdir -p "$dir"
|
sudo mkdir -p "$dir"
|
||||||
and chown -R $uid:$gid "$dir"
|
and sudo chown -R $uid:$gid "$dir"
|
||||||
rm "$file"
|
rm "$file"
|
||||||
|
|
||||||
set port (yq (getSSHPortKey) "$overrides" | extractPort)
|
set port (yq (getSSHPortKey) "$overrides" | extractPort)
|
||||||
|
|
|
@ -5,9 +5,9 @@ services:
|
||||||
user: 1337:1337
|
user: 1337:1337
|
||||||
hostname: Jellyfin
|
hostname: Jellyfin
|
||||||
volumes:
|
volumes:
|
||||||
- ./config/jellyfin:/config
|
- ./data/config/jellyfin:/config
|
||||||
- cache:/cache
|
- cache:/cache
|
||||||
- ./media:/media
|
- ./data/media:/media
|
||||||
radarr:
|
radarr:
|
||||||
image: linuxserver/radarr
|
image: linuxserver/radarr
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
@ -16,9 +16,9 @@ services:
|
||||||
PGID: 1337
|
PGID: 1337
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
- ./config/radarr:/config
|
- ./data/config/radarr:/config
|
||||||
- ./media/movies:/movies
|
- ./data/media/movies:/movies
|
||||||
- ./downloads:/downloads
|
- ./data/downloads:/downloads
|
||||||
sonarr:
|
sonarr:
|
||||||
image: linuxserver/sonarr
|
image: linuxserver/sonarr
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
@ -27,9 +27,9 @@ services:
|
||||||
PGID: 1337
|
PGID: 1337
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
- ./config/sonarr:/config
|
- ./data/config/sonarr:/config
|
||||||
- ./media/series:/tv
|
- ./data/media/series:/tv
|
||||||
- ./downloads:/downloads
|
- ./data/downloads:/downloads
|
||||||
lidarr:
|
lidarr:
|
||||||
image: linuxserver/lidarr
|
image: linuxserver/lidarr
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
@ -38,9 +38,9 @@ services:
|
||||||
PGID: 1337
|
PGID: 1337
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
- ./config/lidarr:/config
|
- ./data/config/lidarr:/config
|
||||||
- ./media/music:/music
|
- ./data/media/music:/music
|
||||||
- ./downloads:/downloads
|
- ./data/downloads:/downloads
|
||||||
prowlarr:
|
prowlarr:
|
||||||
image: linuxserver/prowlarr
|
image: linuxserver/prowlarr
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
@ -49,7 +49,7 @@ services:
|
||||||
PGID: 1337
|
PGID: 1337
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
- ./config/prowlarr:/config
|
- ./data/config/prowlarr:/config
|
||||||
flaresolverr:
|
flaresolverr:
|
||||||
image: flaresolverr/flaresolverr
|
image: flaresolverr/flaresolverr
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
@ -58,7 +58,11 @@ services:
|
||||||
LOG_HTML: "false"
|
LOG_HTML: "false"
|
||||||
CAPTCHA_SOLVER: none
|
CAPTCHA_SOLVER: none
|
||||||
privoxy:
|
privoxy:
|
||||||
image: walt3rl/proton-privoxy
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile_inline: |
|
||||||
|
FROM walt3rl/proton-privoxy
|
||||||
|
RUN apk --update add ip6tables
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
@ -75,9 +79,9 @@ services:
|
||||||
--allowedpath /downloads
|
--allowedpath /downloads
|
||||||
--rtsocket /rtorrent/.local/share/rtorrent/rtorrent.sock
|
--rtsocket /rtorrent/.local/share/rtorrent/rtorrent.sock
|
||||||
volumes:
|
volumes:
|
||||||
- ./config/flood:/flood
|
- ./data/config/flood:/flood
|
||||||
- ./downloads:/downloads
|
- ./data/downloads:/downloads
|
||||||
- ./config/rtorrent:/rtorrent
|
- rtorrent:/rtorrent
|
||||||
rtorrent:
|
rtorrent:
|
||||||
build:
|
build:
|
||||||
dockerfile: ./rtorrent.Dockerfile
|
dockerfile: ./rtorrent.Dockerfile
|
||||||
|
@ -96,8 +100,8 @@ services:
|
||||||
-o 'method.set=group.seeding.ratio.command, "d.cloase = ; d.erase = "'
|
-o 'method.set=group.seeding.ratio.command, "d.cloase = ; d.erase = "'
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
- ./config/rtorrent:/config
|
- rtorrent:/config
|
||||||
- ./downloads:/downloads
|
- ./data/downloads:/downloads
|
||||||
- ./data/proton:/proton
|
- ./data/proton:/proton
|
||||||
devices:
|
devices:
|
||||||
- /dev/net/tun
|
- /dev/net/tun
|
||||||
|
@ -135,3 +139,4 @@ services:
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
cache: {}
|
cache: {}
|
||||||
|
rtorrent: {}
|
||||||
|
|
|
@ -66,7 +66,7 @@ begin
|
||||||
URL="https://$(getServiceDomain "$domain" "")/" yq "$(getServiceKey "$service").environment.JELLYFIN_PublishedServerUrl = env(URL)" "$file" |
|
URL="https://$(getServiceDomain "$domain" "")/" yq "$(getServiceKey "$service").environment.JELLYFIN_PublishedServerUrl = env(URL)" "$file" |
|
||||||
sudo tee "$overrides" >/dev/null
|
sudo tee "$overrides" >/dev/null
|
||||||
|
|
||||||
for dir in "$root"/{downloads,config/{,jellyfin,flood,rtorrent,radarr,sonarr,lidarr,prowlarr},media/{,movies,series,music}}
|
for dir in "$root"/data/{downloads,config/{,jellyfin,flood,radarr,sonarr,lidarr,prowlarr},media/{,movies,series,music}}
|
||||||
sudo mkdir -p "$dir"
|
sudo mkdir -p "$dir"
|
||||||
and chown -R $uid:$gid "$dir"
|
and chown -R $uid:$gid "$dir"
|
||||||
end
|
end
|
||||||
|
@ -91,9 +91,9 @@ begin
|
||||||
printf "%s\0" \
|
printf "%s\0" \
|
||||||
"$_flag_name" / (
|
"$_flag_name" / (
|
||||||
for app in $servarr
|
for app in $servarr
|
||||||
printf "%s\n" "$app" "/$app"
|
printf "%s\n" "$app" "/$app" ""
|
||||||
end) \
|
end) \
|
||||||
flood "~ ^/flood.*"
|
flood "/flood/"
|
||||||
end
|
end
|
||||||
|
|
||||||
function getServiceLocationConfig -a domain s location -V service -V flood
|
function getServiceLocationConfig -a domain s location -V service -V flood
|
||||||
|
|
|
@ -1,25 +1,36 @@
|
||||||
from argparse import ArgumentParser
|
from argparse import ArgumentParser
|
||||||
from os import environ
|
from os import chmod, environ
|
||||||
from os.path import dirname
|
from os.path import dirname
|
||||||
|
from random import choice
|
||||||
from re import M
|
from re import M
|
||||||
import shlex
|
import shlex
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
from protonvpn_cli.cli import FeatureEnum, protonvpn
|
from protonvpn_cli import connection
|
||||||
|
from protonvpn_cli.constants import PASSFILE
|
||||||
|
from protonvpn_cli.utils import check_init, get_fastest_server, get_servers, set_config_value, pull_server_data
|
||||||
|
|
||||||
|
|
||||||
def run_proton(args):
|
def run_proton(args):
|
||||||
exit(
|
exit(
|
||||||
subprocess.run(
|
subprocess.run(
|
||||||
["pipenv", "run", "proton"],
|
["proton"],
|
||||||
cwd="/app",
|
cwd="/app",
|
||||||
env=dict(
|
env=dict(
|
||||||
environ,
|
environ,
|
||||||
PIPENV_VENV_IN_PROJECT=f"{1}",
|
|
||||||
PVPN_CMD_ARGS=" ".join(args))).returncode)
|
PVPN_CMD_ARGS=" ".join(args))).returncode)
|
||||||
|
|
||||||
|
environ["PVPN_USERNAME"] = environ["PVPN_USERNAME"] + (environ["PVPN_TAGS"] or "")
|
||||||
|
|
||||||
protonvpn.ensure_connectivity()
|
with open(PASSFILE, "w") as f:
|
||||||
|
f.write("{0}\n{1}".format(environ["PVPN_USERNAME"], environ["PVPN_PASSWORD"]))
|
||||||
|
chmod(PASSFILE, 0o600)
|
||||||
|
|
||||||
|
check_init()
|
||||||
|
set_config_value("USER", "username", environ["PVPN_USERNAME"])
|
||||||
|
set_config_value("USER", "tier", environ["PVPN_TIER"])
|
||||||
|
set_config_value("USER", "default_protocol", environ["PVPN_PROTOCOL"])
|
||||||
|
set_config_value("USER", "initialized", 1)
|
||||||
|
|
||||||
args = sys.argv[1:]
|
args = sys.argv[1:]
|
||||||
|
|
||||||
|
@ -29,7 +40,7 @@ if not args:
|
||||||
|
|
||||||
parser = ArgumentParser(exit_on_error=False)
|
parser = ArgumentParser(exit_on_error=False)
|
||||||
subParsers = parser.add_subparsers(dest="command")
|
subParsers = parser.add_subparsers(dest="command")
|
||||||
initParser = subParsers.add_parser("init", alias=["i"])
|
initParser = subParsers.add_parser("init", aliases=["i"])
|
||||||
connectParser = subParsers.add_parser("connect", aliases=["c"])
|
connectParser = subParsers.add_parser("connect", aliases=["c"])
|
||||||
|
|
||||||
for aliases in [
|
for aliases in [
|
||||||
|
@ -50,56 +61,40 @@ try:
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
if parsedArgs is not None and parsedArgs.command == "init":
|
if parsedArgs is not None and (
|
||||||
userName = input("Enter your Proton VPN username or email: ")
|
|
||||||
subprocess.run(["protonvpn-cli", "login", userName])
|
|
||||||
else:
|
|
||||||
session = protonvpn.get_session()
|
|
||||||
try:
|
|
||||||
session.ensure_valid()
|
|
||||||
except:
|
|
||||||
raise Exception(
|
|
||||||
"Your current session is invalid. Please initialize the session using the `init` subcommand.")
|
|
||||||
|
|
||||||
environ["PVPN_USERNAME"] = session.vpn_username + \
|
|
||||||
(environ.get("PVPN_TAGS") or "")
|
|
||||||
environ["PVPN_PASSWORD"] = session.vpn_password
|
|
||||||
environ["PVPN_TIER"] = f"{session.vpn_tier}"
|
|
||||||
|
|
||||||
if parsedArgs is not None and (
|
|
||||||
len(
|
len(
|
||||||
list(
|
list(
|
||||||
filter(
|
filter(
|
||||||
lambda item: item[1] not in [False, None],
|
lambda item: item[1] not in [False, None],
|
||||||
vars(parsedArgs).items()))) > 1):
|
vars(parsedArgs).items()))) > 1):
|
||||||
country = protonvpn.get_country()
|
|
||||||
|
|
||||||
def match(server):
|
def match(server):
|
||||||
features = list()
|
features = list()
|
||||||
|
|
||||||
if parsedArgs.streaming:
|
if parsedArgs.streaming:
|
||||||
features.append(FeatureEnum.STREAMING)
|
pass
|
||||||
if parsedArgs.sc:
|
if parsedArgs.sc:
|
||||||
features.append(FeatureEnum.SECURE_CORE)
|
pass
|
||||||
if parsedArgs.p2p:
|
if parsedArgs.p2p:
|
||||||
features.append(FeatureEnum.P2P)
|
pass
|
||||||
if parsedArgs.tor:
|
if parsedArgs.tor:
|
||||||
features.append(FeatureEnum.TOR)
|
pass
|
||||||
|
|
||||||
return (parsedArgs.cc is None or server.exit_country.lower() == parsedArgs.cc.lower()) and (
|
return (parsedArgs.cc is None or server.exit_country.lower() == parsedArgs.cc.lower()) and (
|
||||||
all(feature in server.features for feature in features))
|
all(feature in server.features for feature in features))
|
||||||
|
|
||||||
servers = session.servers.filter(match)
|
pull_server_data(force=True)
|
||||||
|
servers = list(filter(lambda server: match(server), get_servers()))
|
||||||
|
|
||||||
if len(servers) > 0:
|
if len(servers) > 0:
|
||||||
if parsedArgs.fastest or not parsedArgs.random:
|
if parsedArgs.fastest or not parsedArgs.random:
|
||||||
server = servers.get_fastest_server()
|
server = get_fastest_server(servers)
|
||||||
else:
|
else:
|
||||||
server = servers.get_random_server()
|
server = choice(servers)
|
||||||
|
|
||||||
run_proton(["connect", server.name])
|
run_proton(["connect", server["Name"]])
|
||||||
else:
|
else:
|
||||||
raise Exception(
|
raise Exception(
|
||||||
f"Unable to find a server matching the specified criteria {args[1:]}!")
|
f"Unable to find a server matching the specified criteria {args[1:]}!")
|
||||||
else:
|
else:
|
||||||
run_proton(args)
|
run_proton(args)
|
||||||
|
|
|
@ -5,8 +5,13 @@ FROM debian
|
||||||
ARG PVPN_CLI_VER=2.2.12
|
ARG PVPN_CLI_VER=2.2.12
|
||||||
ARG USERNAME=proton
|
ARG USERNAME=proton
|
||||||
|
|
||||||
ENV PVPN_TAGS="+pmp" \
|
ENV PVPN_USERNAME= \
|
||||||
|
PVPN_USERNAME_FILE= \
|
||||||
|
PVPN_PASSWORD= \
|
||||||
|
PVPN_PASSWORD_FILE= \
|
||||||
|
PVPN_TIER=2 \
|
||||||
PVPN_PROTOCOL=udp \
|
PVPN_PROTOCOL=udp \
|
||||||
|
PVPN_TAGS="+pmp" \
|
||||||
PVPN_CMD_ARGS="connect --p2p --random" \
|
PVPN_CMD_ARGS="connect --p2p --random" \
|
||||||
PVPN_DEBUG= \
|
PVPN_DEBUG= \
|
||||||
HOST_NETWORK= \
|
HOST_NETWORK= \
|
||||||
|
@ -20,9 +25,28 @@ ENV PVPN_TAGS="+pmp" \
|
||||||
|
|
||||||
WORKDIR /root
|
WORKDIR /root
|
||||||
COPY --from=rtorrent / /
|
COPY --from=rtorrent / /
|
||||||
|
|
||||||
|
RUN apt-get update -y \
|
||||||
|
&& apt-get upgrade -y \
|
||||||
|
&& apt-get install -y \
|
||||||
|
git \
|
||||||
|
iproute2 \
|
||||||
|
iptables \
|
||||||
|
natpmpc \
|
||||||
|
openvpn \
|
||||||
|
pipenv \
|
||||||
|
procps \
|
||||||
|
python3 \
|
||||||
|
python3-pip \
|
||||||
|
python3-setuptools \
|
||||||
|
sudo \
|
||||||
|
&& rm -rf /var/lib/apt/lists
|
||||||
|
|
||||||
|
RUN pip3 install --break-system-packages git+https://github.com/Rafficer/linux-cli-community.git@v$PVPN_CLI_VER#egg=protonvpn-cli
|
||||||
|
|
||||||
RUN mkdir /app
|
RUN mkdir /app
|
||||||
COPY --from=proton /root/.pvpn-cli /root/.pvpn-cli
|
|
||||||
COPY --from=proton /app/proton-privoxy/run /app/proton
|
COPY --from=proton /app/proton-privoxy/run /app/proton
|
||||||
|
COPY --from=proton /root/.pvpn-cli/pvpn-cli.cfg.clean /root/.pvpn-cli/pvpn-cli.cfg
|
||||||
|
|
||||||
RUN \
|
RUN \
|
||||||
sed -i \
|
sed -i \
|
||||||
|
@ -32,43 +56,7 @@ RUN \
|
||||||
&& install -t /usr/local/bin /app/proton \
|
&& install -t /usr/local/bin /app/proton \
|
||||||
&& rm /app/proton
|
&& rm /app/proton
|
||||||
|
|
||||||
RUN apt-get update -y \
|
|
||||||
&& apt-get upgrade -y \
|
|
||||||
&& apt-get install -y \
|
|
||||||
curl \
|
|
||||||
gnupg \
|
|
||||||
&& curl https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.3-3_all.deb -o proton.deb \
|
|
||||||
&& dpkg --install proton.deb \
|
|
||||||
&& apt-get remove -y \
|
|
||||||
curl \
|
|
||||||
&& apt-get update -y \
|
|
||||||
&& apt-get install -y protonvpn-cli \
|
|
||||||
&& rm -rf /var/lib/apt/lists
|
|
||||||
|
|
||||||
RUN apt-get update -y \
|
|
||||||
&& apt-get upgrade -y \
|
|
||||||
&& apt-get install -y \
|
|
||||||
git \
|
|
||||||
iproute2 \
|
|
||||||
iptables \
|
|
||||||
natpmpc \
|
|
||||||
pipenv \
|
|
||||||
python3-setuptools \
|
|
||||||
sudo \
|
|
||||||
&& rm -rf /var/lib/apt/lists
|
|
||||||
|
|
||||||
RUN \
|
|
||||||
cd /app \
|
|
||||||
&& PIPENV_VENV_IN_PROJECT=1 pipenv install git+https://github.com/Rafficer/linux-cli-community.git@v$PVPN_CLI_VER#egg=protonvpn-cli
|
|
||||||
|
|
||||||
RUN printf "%s\n" \
|
RUN printf "%s\n" \
|
||||||
"#!/usr/bin/env -S dbus-run-session -- bash" \
|
|
||||||
"mkdir -p /proton/{keyrings,protonvpn}" \
|
|
||||||
"mkdir -p ~/.local/share" \
|
|
||||||
"mkdir -p ~/.config" \
|
|
||||||
"ln -Ts /proton/keyrings ~/.local/share/keyrings >/dev/null 2>&1" \
|
|
||||||
"ln -Ts /proton/protonvpn ~/.config/protonvpn >/dev/null 2>&1" \
|
|
||||||
"eval \"\$(echo -n 'root' | gnome-keyring-daemon --unlock)\"" \
|
|
||||||
"python3 /app/pvpn-cli.py \"\$@\"" > ./pvpn-cli \
|
"python3 /app/pvpn-cli.py \"\$@\"" > ./pvpn-cli \
|
||||||
&& install -Dm 755 ./pvpn-cli /usr/local/bin \
|
&& install -Dm 755 ./pvpn-cli /usr/local/bin \
|
||||||
&& rm ./pvpn-cli
|
&& rm ./pvpn-cli
|
||||||
|
@ -77,7 +65,20 @@ RUN printf "%s\n" \
|
||||||
"#!/bin/bash" \
|
"#!/bin/bash" \
|
||||||
"groupadd --gid \$PGID ${USERNAME} > /dev/null" \
|
"groupadd --gid \$PGID ${USERNAME} > /dev/null" \
|
||||||
"useradd --create-home --home-dir \$PHOME ${USERNAME} --uid \$PUID -g ${USERNAME} 2>/dev/null" \
|
"useradd --create-home --home-dir \$PHOME ${USERNAME} --uid \$PUID -g ${USERNAME} 2>/dev/null" \
|
||||||
|
"chown ${USERNAME} \$PHOME" \
|
||||||
'[ ! -z "$1" ] && [ "$1" = "init" ] && export PVPN_CMD_ARGS="$@"' \
|
'[ ! -z "$1" ] && [ "$1" = "init" ] && export PVPN_CMD_ARGS="$@"' \
|
||||||
|
'if [ -z "$PVPN_USERNAME" ] && [ -z "$PVPN_USERNAME_FILE" ]; then' \
|
||||||
|
" echo 'Error: Either env var \$PVPN_USERNAME or \$PVPN_USERNAME_FILE is required.'" \
|
||||||
|
"exit 1" \
|
||||||
|
"fi" \
|
||||||
|
"" \
|
||||||
|
'if [ -z "$PVPN_PASSWORD" ] && [ -z "$PVPN_PASSWORD_FILE" ]; then' \
|
||||||
|
"echo 'Error: Either env var \$PVPN_PASSWORD or \$PVPN_PASSWORD_FILE is required.'" \
|
||||||
|
"exit 1" \
|
||||||
|
"fi" \
|
||||||
|
"" \
|
||||||
|
'[ -f "$PVPN_USERNAME_FILE" ] && PVPN_USERNAME=$(cat "$PVPN_USERNAME_FILE")' \
|
||||||
|
'[ -f "$PVPN_PASSWORD_FILE" ] && PVPN_PASSWORD=$(cat "$PVPN_PASSWORD_FILE")' \
|
||||||
"pvpn-cli || exit" \
|
"pvpn-cli || exit" \
|
||||||
'ip link show proton0 > /dev/null 2>&1 || exit' \
|
'ip link show proton0 > /dev/null 2>&1 || exit' \
|
||||||
'fallback="$(expr ${NATPMP_TIMEOUT} \* 3 / 4)"' \
|
'fallback="$(expr ${NATPMP_TIMEOUT} \* 3 / 4)"' \
|
||||||
|
@ -93,7 +94,7 @@ RUN printf "%s\n" \
|
||||||
" while true" \
|
" while true" \
|
||||||
" do" \
|
" do" \
|
||||||
' echo "Refreshing NAT-PMP port forwarding…"' \
|
' echo "Refreshing NAT-PMP port forwarding…"' \
|
||||||
' natpmp -a 0 0 udp "$NATPMP_TIMEOUT"' \
|
' natpmpc -a 0 0 udp "$NATPMP_TIMEOUT"' \
|
||||||
' natpmpc -a 0 0 tcp "$NATPMP_TIMEOUT"' \
|
' natpmpc -a 0 0 tcp "$NATPMP_TIMEOUT"' \
|
||||||
' echo "NAT-PMP port forwarding has been refreshed!"' \
|
' echo "NAT-PMP port forwarding has been refreshed!"' \
|
||||||
' sleep "$NATPMP_INTERVAL"' \
|
' sleep "$NATPMP_INTERVAL"' \
|
||||||
|
@ -101,7 +102,7 @@ RUN printf "%s\n" \
|
||||||
"} &" \
|
"} &" \
|
||||||
"set -m" \
|
"set -m" \
|
||||||
'[ ${MAX_UPTIME:-0} -gt 0 ] && {' \
|
'[ ${MAX_UPTIME:-0} -gt 0 ] && {' \
|
||||||
' soudo -iu '"${USERNAME}"' rtorrent -o network.port_range.set=$port-$port,system.daemon.set=true $@ &' \
|
' sudo -iu '"${USERNAME}"' rtorrent -o network.port_range.set=$port-$port,system.daemon.set=true $@ &' \
|
||||||
' pid=$!' \
|
' pid=$!' \
|
||||||
' sleep "$MAX_UPTIME"' \
|
' sleep "$MAX_UPTIME"' \
|
||||||
' pkill -9 $pid' \
|
' pkill -9 $pid' \
|
||||||
|
|
|
@ -10,7 +10,6 @@ begin
|
||||||
|
|
||||||
set -l services \
|
set -l services \
|
||||||
$server \
|
$server \
|
||||||
$turn turn "" \
|
|
||||||
$office $officeDomain
|
$office $officeDomain
|
||||||
|
|
||||||
source "$dir/../service.fish"
|
source "$dir/../service.fish"
|
||||||
|
@ -94,10 +93,40 @@ begin
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
function getServiceLocations -V services -a index
|
function getServiceLocations -V services -V office -a index
|
||||||
set -l i (math (math (math $index - 1) / 2 "*" 3) + 1)
|
set -l i (math (math (math $index - 1) / 2 "*" 3) + 1)
|
||||||
set -l name $services[$i]
|
set -l name $services[$i]
|
||||||
printf "%s\0" "$name" /
|
|
||||||
|
if [ "$name" != "$office" ]
|
||||||
|
printf "%s\0" "$name" / ""
|
||||||
|
else
|
||||||
|
printf "%s\0" \
|
||||||
|
"$name" "^~ /browser" "static files" \
|
||||||
|
"$name" "^~ /hosting/discovery" "WOPI discovery URL" \
|
||||||
|
"$name" "^~ /hosting/capabilities" "Capabilities" \
|
||||||
|
"$name" "~ ^/cool/(.*)/ws\$" "main websocket" \
|
||||||
|
"$name" "~ ^/(c|l)ool" "download, presentation and image upload" \
|
||||||
|
"$name" "^~ /cool/adminws" "Admin Console websocket"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
function getServiceLocationConfig -a domain s location -V office -V flood
|
||||||
|
if [ "$s" = "$office" ]
|
||||||
|
set -l argv $argv[4..]
|
||||||
|
getServiceDefaultProxy $domain $s "$location" --scheme https $argv
|
||||||
|
else
|
||||||
|
getServiceDefaultProxy $argv --path "$location"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
function getExtraLocationSettings -a domain s location -V service
|
||||||
|
if string match --regex '^(~ \^|\^~ )/cool/(.*)ws\$?$' "$location" >/dev/null
|
||||||
|
printf "%s\n" \
|
||||||
|
'# Websocket' \
|
||||||
|
"proxy_http_version 1.1;" \
|
||||||
|
'proxy_set_header Upgrade $http_upgrade;' \
|
||||||
|
'proxy_set_header Connection "upgrade";'
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
function getExtraBackupPatterns
|
function getExtraBackupPatterns
|
||||||
|
|
|
@ -8,4 +8,4 @@ services:
|
||||||
image: postgres
|
image: postgres
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./database:/var/lib/postgresql/data
|
- ./data/db:/var/lib/postgresql/data
|
||||||
|
|
|
@ -68,24 +68,31 @@ begin
|
||||||
echo "$domain"
|
echo "$domain"
|
||||||
end
|
end
|
||||||
|
|
||||||
function getExtraServerConfig -a subdomain domain
|
function getExtraServerConfig -a domain
|
||||||
end
|
end
|
||||||
|
|
||||||
function getServiceLocationConfig -a domain service location
|
function getServiceLocationConfig -a domain service location
|
||||||
getServiceDefaultProxy $domain $service $location "" $argv
|
getServiceDefaultProxy $domain $service $location $argv
|
||||||
end
|
end
|
||||||
|
|
||||||
function getServiceDefaultProxy -a domain service location
|
function getServiceDefaultProxy -a domain service location
|
||||||
argparse -i "comment=" "path=" "url=" -- $argv
|
argparse -i "comment=" "path=" "scheme=" "url=" -- $argv
|
||||||
|
set -l scheme
|
||||||
set -l url
|
set -l url
|
||||||
set -l config (getServiceOverrides $argv)
|
set -l config (getServiceOverrides $argv)
|
||||||
set -l portKey (getServicePortKey "$service")
|
set -l portKey (getServicePortKey "$service")
|
||||||
set -l port (yq "$portKey" "$config" | extractPort)
|
set -l port (yq "$portKey" "$config" | extractPort)
|
||||||
|
|
||||||
|
if [ -n "$_flag_scheme" ]
|
||||||
|
set scheme "$_flag_scheme"
|
||||||
|
else
|
||||||
|
set scheme http
|
||||||
|
end
|
||||||
|
|
||||||
if [ -n "$_flag_url" ]
|
if [ -n "$_flag_url" ]
|
||||||
set url "$_flag_url"
|
set url "$_flag_url"
|
||||||
else
|
else
|
||||||
set url "http://127.0.0.1:$port"
|
set url "$scheme://127.0.0.1:$port"
|
||||||
|
|
||||||
if [ -n "$_flag_path" ]
|
if [ -n "$_flag_path" ]
|
||||||
set url "$url$_flag_path"
|
set url "$url$_flag_path"
|
||||||
|
@ -93,10 +100,10 @@ begin
|
||||||
end
|
end
|
||||||
|
|
||||||
printf "%s\n" \
|
printf "%s\n" \
|
||||||
"location $location {" \
|
|
||||||
(if [ -n "$_flag_comment" ]
|
(if [ -n "$_flag_comment" ]
|
||||||
echo "# $_flag_comment"
|
echo "# $_flag_comment"
|
||||||
end) \
|
end) \
|
||||||
|
"location $location {" \
|
||||||
"proxy_pass $url;" \
|
"proxy_pass $url;" \
|
||||||
'proxy_set_header Host $host;' \
|
'proxy_set_header Host $host;' \
|
||||||
'proxy_set_header X-Real-IP $remote_addr;' \
|
'proxy_set_header X-Real-IP $remote_addr;' \
|
||||||
|
@ -127,7 +134,7 @@ begin
|
||||||
for i in (seq 1 2 (count $servers))
|
for i in (seq 1 2 (count $servers))
|
||||||
set -l locations (getServiceLocations $i $argv | string split0)
|
set -l locations (getServiceLocations $i $argv | string split0)
|
||||||
|
|
||||||
for j in (seq 1 2 (count $locations))
|
for j in (seq 1 3 (count $locations))
|
||||||
set -l file (mktemp)
|
set -l file (mktemp)
|
||||||
set -l port (getRandomPort)
|
set -l port (getRandomPort)
|
||||||
set -l service $locations[$j]
|
set -l service $locations[$j]
|
||||||
|
@ -158,11 +165,17 @@ begin
|
||||||
"server {" \
|
"server {" \
|
||||||
"listen 80;" \
|
"listen 80;" \
|
||||||
"server_name $domain;" \
|
"server_name $domain;" \
|
||||||
(getExtraServerConfig $subdomain $domain $argv)
|
(getExtraServerConfig $domain $argv)
|
||||||
|
|
||||||
for j in (seq 1 2 (count $locations))
|
for j in (seq 1 3 (count $locations))
|
||||||
set -l service $locations[$j]
|
set -l service $locations[$j]
|
||||||
set -l location $locations[(math $j + 1)]
|
set -l location $locations[(math $j + 1)]
|
||||||
|
set -l comment $locations[(math $j + 2)]
|
||||||
|
|
||||||
|
if [ -n "$comment" ]
|
||||||
|
set -a argv --comment "$comment"
|
||||||
|
end
|
||||||
|
|
||||||
getServiceLocationConfig $domain $service $location $argv
|
getServiceLocationConfig $domain $service $location $argv
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -4,5 +4,7 @@ services:
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
tty: true
|
tty: true
|
||||||
stdin_open: true
|
stdin_open: true
|
||||||
|
ports:
|
||||||
|
- 7777:7777
|
||||||
volumes:
|
volumes:
|
||||||
- ./data:/root/.local/share/Terraria/Worlds
|
- ./data:/root/.local/share/Terraria/Worlds
|
||||||
|
|
|
@ -4,7 +4,6 @@ services:
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
user: 1337:1337
|
|
||||||
environment:
|
environment:
|
||||||
WRITABLE_PATH: /data
|
WRITABLE_PATH: /data
|
||||||
MONGO_URL: mongodb://db:27017/wekan
|
MONGO_URL: mongodb://db:27017/wekan
|
||||||
|
|
|
@ -18,12 +18,28 @@ begin
|
||||||
installDockerService $argv
|
installDockerService $argv
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function configureSW -V dir
|
||||||
|
configureDockerService $argv
|
||||||
|
end
|
||||||
|
|
||||||
function getServiceServers -V domain
|
function getServiceServers -V domain
|
||||||
printf "%s\0" $domain
|
printf "%s\0" $domain
|
||||||
end
|
end
|
||||||
|
|
||||||
function getServiceLocations -V service
|
function getServiceLocations -V service
|
||||||
printf "%s\0" "$service" /
|
printf "%s\0" \
|
||||||
|
"$service" / "static files" \
|
||||||
|
"$service" "~ ^/sockjs/.*/websocket\$" "Websocket"
|
||||||
|
end
|
||||||
|
|
||||||
|
function getExtraLocationSettings -a domain s location -V service
|
||||||
|
if [ "$location" != "/" ]
|
||||||
|
printf "%s\n" \
|
||||||
|
'# Websocket' \
|
||||||
|
"proxy_http_version 1.1;" \
|
||||||
|
'proxy_set_header Upgrade $http_upgrade;' \
|
||||||
|
'proxy_set_header Connection "upgrade";'
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
runInstaller --force $argv
|
runInstaller --force $argv
|
||||||
|
|
|
@ -23,9 +23,10 @@ end
|
||||||
|
|
||||||
function restoreFiles
|
function restoreFiles
|
||||||
if [ -n "$VALHALLA_BACKUP_DIR" ]
|
if [ -n "$VALHALLA_BACKUP_DIR" ]
|
||||||
argparse -i "user=" "base-directory=" -- $argv
|
set -l path (getArchivePath $argv)
|
||||||
set -l tarArgs
|
set -l tarArgs
|
||||||
set -l sudoArgs
|
set -l sudoArgs
|
||||||
|
argparse -i "user=" "base-directory=" -- $argv
|
||||||
|
|
||||||
if [ -n "$_flag_base_directory" ]
|
if [ -n "$_flag_base_directory" ]
|
||||||
set -a tarArgs -C "$_flag_base_directory"
|
set -a tarArgs -C "$_flag_base_directory"
|
||||||
|
@ -37,8 +38,8 @@ function restoreFiles
|
||||||
set -a sudoArgs -u "$_flag_user"
|
set -a sudoArgs -u "$_flag_user"
|
||||||
end
|
end
|
||||||
|
|
||||||
fetchArchive $argv | begin
|
if runRestorationCommand test -f "$path"
|
||||||
sudo $sudoArgs tar $tarArgs -xvz
|
runRestorationCommand cat "$path" | sudo $sudoArgs tar $tarArgs -xvz
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -47,22 +48,22 @@ function createArchive -a path
|
||||||
runRestorationCommand sh -c "tee $(string escape -- "$path") >/dev/null"
|
runRestorationCommand sh -c "tee $(string escape -- "$path") >/dev/null"
|
||||||
end
|
end
|
||||||
|
|
||||||
function fetchArchive
|
|
||||||
set -l path (getArchivePath $argv)
|
|
||||||
runRestorationCommand cat "$path"
|
|
||||||
end
|
|
||||||
|
|
||||||
function runRestorationCommand
|
function runRestorationCommand
|
||||||
if [ -z "$VALHALLA_BACKUP_SERVER" ]
|
if [ -z "$VALHALLA_BACKUP_SERVER" ]
|
||||||
$argv
|
$argv
|
||||||
else
|
else
|
||||||
set -l args
|
set -l args
|
||||||
|
set -l host "$VALHALLA_BACKUP_SERVER"
|
||||||
|
|
||||||
|
if [ -n "$VALHALLA_BACKUP_SERVER_USER" ]
|
||||||
|
set host "$VALHALLA_BACKUP_SERVER_USER@$host"
|
||||||
|
end
|
||||||
|
|
||||||
if [ -n "$VALHALLA_BACKUP_SERVER_PORT" ]
|
if [ -n "$VALHALLA_BACKUP_SERVER_PORT" ]
|
||||||
set -a args -p $VALHALLA_BACKUP_SERVER_PORT
|
set -a args -p $VALHALLA_BACKUP_SERVER_PORT
|
||||||
end
|
end
|
||||||
|
|
||||||
sudo ssh -i $(string escape -- "$VALHALLA_BACKUP_SERVER_KEY") $args "$VALHALLA_BACKUP_SERVER" (string escape -- $argv)
|
sudo ssh -i $(string escape -- "$VALHALLA_BACKUP_SERVER_KEY") $args "$host" (string escape -- $argv)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -70,7 +71,7 @@ function getArchivePath
|
||||||
argparse -i "u/user=" "n/name=" -- $argv
|
argparse -i "u/user=" "n/name=" -- $argv
|
||||||
set -l path "$VALHALLA_BACKUP_DIR"
|
set -l path "$VALHALLA_BACKUP_DIR"
|
||||||
|
|
||||||
if [ -b "$_flag_user" ]
|
if [ -n "$_flag_user" ]
|
||||||
set -a path Users "$_flag_user"
|
set -a path Users "$_flag_user"
|
||||||
else
|
else
|
||||||
set -a path System
|
set -a path System
|
||||||
|
|
|
@ -18,7 +18,7 @@ begin
|
||||||
"lxc.mount.entry = $(realpath "$dir/../..") $valhallaRoot none bind 0 0" \
|
"lxc.mount.entry = $(realpath "$dir/../..") $valhallaRoot none bind 0 0" \
|
||||||
"" \
|
"" \
|
||||||
"# VPN" \
|
"# VPN" \
|
||||||
"lxc.cgroup.devices.allow = c 10:200 rwm" \
|
"lxc.cgroup2.devices.allow = c 10:200 rwm" \
|
||||||
"lxc.mount.entry = /dev/net dev/net none bind,create=dir 0 0"
|
"lxc.mount.entry = /dev/net dev/net none bind,create=dir 0 0"
|
||||||
end | sudo tee -a "$containerDir/config" >/dev/null
|
end | sudo tee -a "$containerDir/config" >/dev/null
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue