commit 4d9ebc468489d34d63de85bc2b76a6836db34fc9 Author: Rich Date: Fri Jan 6 10:20:48 2023 +0000 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..908ab07 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +docker-compose.yml.backup +docker-compose.yml.backup.orig +.env \ No newline at end of file diff --git a/.swp b/.swp new file mode 100644 index 0000000..b41ba8d Binary files /dev/null and b/.swp differ diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..de288e1 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "python.formatting.provider": "black" +} \ No newline at end of file diff --git a/dante/Dockerfile b/dante/Dockerfile new file mode 100644 index 0000000..f069224 --- /dev/null +++ b/dante/Dockerfile @@ -0,0 +1,13 @@ +FROM ubuntu +MAINTAINER rmj014@gmail.com +RUN apt-get update && apt-get -y upgrade \ + && apt-get install -y iputils-ping curl net-tools iptables dante-server +RUN apt-get install -y vim + +ADD sockd.conf /etc/danted.conf + +RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +ADD run.sh /usr/local/sbin/run +RUN chmod 755 /usr/local/sbin/run +ENTRYPOINT /usr/local/sbin/run diff --git a/dante/Makefile b/dante/Makefile new file mode 100644 index 0000000..45fa4ec --- /dev/null +++ b/dante/Makefile @@ -0,0 +1,7 @@ +all: build + +build: + @docker build --tag=dante . + +no-cache: + @docker build --no-cache --tag=dante . diff --git a/dante/dante.sh b/dante/dante.sh new file mode 100755 index 0000000..1805673 --- /dev/null +++ b/dante/dante.sh @@ -0,0 +1,5 @@ +# INTERFACE is either tun0 for openvpn or nordlynx for the obvious + +docker kill dante +docker rm dante +docker run --privileged -d --name dante --restart unless-stopped -e INTERFACE='tun0' -v /etc/localtime:/etc/localtime:ro --net=container:vpn dante diff --git a/dante/run.sh b/dante/run.sh new file mode 100755 index 0000000..b2a79d3 --- /dev/null +++ b/dante/run.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +[[ -z ${INTERFACE} ]] && INTERFACE=nordlynx + +sed -i 's@nordlynx@'"${INTERFACE}"'@g' /etc/danted.conf + +service danted restart + +while [ 1 ] +do + ifconfig ${INTERFACE} + res=$? + if [ $res -eq 1 ] + then + sleep 5 + exit 0 + fi + sleep 10 +done diff --git a/dante/sockd.conf b/dante/sockd.conf new file mode 100644 index 0000000..b415a82 --- /dev/null +++ b/dante/sockd.conf @@ -0,0 +1,34 @@ +debug: 0 +logoutput: stderr +internal: 0.0.0.0 port = 1080 +external: eth0 +socksmethod: none +clientmethod: none +user.privileged: root +user.unprivileged: nobody + +client pass { + from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 + log: error +} + +socks pass { + from: 0.0.0.0/0 to: 0.0.0.0/0 + #socksmethod: username + log: error +} + +socks pass { + from: 0.0.0.0/0 + to: 0.0.0.0/0 + # udp.portrange: 40000-45000 + command: udpassociate + log: error connect disconnect +} + +socks pass { + from: 0.0.0.0/0 + to: 0.0.0.0/0 + command: bind connect udpassociate bindreply udpreply + log: error connect disconnect +} diff --git a/dante/sockd.conf.orig b/dante/sockd.conf.orig new file mode 100644 index 0000000..391b8ca --- /dev/null +++ b/dante/sockd.conf.orig @@ -0,0 +1,34 @@ +debug: 0 +logoutput: stderr +internal: 0.0.0.0 port = 1080 +external: nordlynx +socksmethod: none +clientmethod: none +user.privileged: root +user.unprivileged: nobody + +client pass { + from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 + log: error +} + +socks pass { + from: 0.0.0.0/0 to: 0.0.0.0/0 + #socksmethod: username + log: error +} + +socks pass { + from: 0.0.0.0/0 + to: 0.0.0.0/0 + # udp.portrange: 40000-45000 + command: udpassociate + log: error connect disconnect +} + +socks pass { + from: 0.0.0.0/0 + to: 0.0.0.0/0 + command: bind connect udpassociate bindreply udpreply + log: error connect disconnect +} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..0ff3fde --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,463 @@ +version: "3" +services: + vpn: + image: azinchen/nordvpn:latest + container_name: vpn + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun + environment: + - USER=${DUSER} + - "PASS=${DNORD_PASS}" + - COUNTRY=Canada + - GROUP=Standard VPN servers + - RANDOM_TOP=10 + - RECREATE_VPN_CRON="5 */3 * * *" -e RANDOM_TOP=10 + - CHECK_CONNECTION_CRON="*/5 * * * *" + - CHECK_CONNECTION_URL="https://www.google.com" + - NETWORK=192.168.0.0/24 + - DNS='8.8.8.8,8.8.4.4' + - "TZ=Europe/London" + - OPENVPN_OPTS=--mute-replay-warnings --pull-filter ignore "ping-restart" --ping-exit 180 + ports: + # for dante and qbittorrent + - 1080:1080 + - 8082:8082 + sysctls: + - net.ipv6.conf.all.disable_ipv6=1 # Recomended if using ipv4 only + - net.ipv4.conf.all.rp_filter=2 + restart: unless-stopped + + dante: + image: dante:latest + container_name: dante + privileged: true + restart: unless-stopped + environment: + - INTERFACE=tun0 + network_mode: "service:vpn" + depends_on: + - "vpn" + + swag: + image: lscr.io/linuxserver/swag + container_name: swag + cap_add: + - NET_ADMIN + environment: + - PUID=1000 + - PGID=100 + - URL=${DDOMAIN} + - SUBDOMAINS=${DHOSTS} + - VALIDATION=http + - EMAIL=${DUSER} + - ONLY_SUBDOMAINS=false + - "TZ=Europe/London" + - UMASK_SET=002 + ports: + - 80:80 + - 443:443 + - 9091:9091 + restart: unless-stopped + networks: + - swag + volumes: + - /srv/docker/swag/config:/config + + authelia: + image: authelia/authelia + container_name: authelia + environment: + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + volumes: + - /srv/docker/authelia/config:/config + + heimdall: + image: lscr.io/linuxserver/heimdall + container_name: heimdall + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 6465:80 + volumes: + - /srv/docker/heimdall:/config + + sabnzbd: + image: lscr.io/linuxserver/sabnzbd:latest + container_name: sabnzbd + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "UMASK_SET=002" + restart: unless-stopped + depends_on: + - dante + networks: + - swag + ports: + - 8080:8080 + volumes: + - /srv/docker/sabnzbd/config:/config + - /srv/docker/sabnzbd/scripts:/scripts + - /srv/DL:/downloads + - /srv/incomplete-nzb:/incomplete + + qbittorrent: + image: lscr.io/linuxserver/qbittorrent + container_name: qbittorrent + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "UMASK_SET=002" + - "WEBUI_PORT=8082" + restart: unless-stopped + depends_on: + - dante + network_mode: "service:vpn" + volumes: + - /srv/docker/qbittorrent/config:/config + - /srv/DL:/downloads + - /srv/incomplete:/incomplete + + jackett: + image: lscr.io/linuxserver/jackett + container_name: jackett + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "dante" + networks: + - swag + ports: + - 9117:9117 + volumes: + - /srv/docker/jackett:/config + + radarr: + image: lscr.io/linuxserver/radarr + container_name: radarr + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "jackett" + networks: + - swag + ports: + - 7878:7878 + volumes: + - /srv/docker/radarr/config:/config + - /media/qnap1/Movies:/movies + - /srv/DL:/downloads + + sonarr: + image: lscr.io/linuxserver/sonarr + container_name: sonarr + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "jackett" + networks: + - swag + ports: + - 8989:8989 + volumes: + - /srv/docker/sonarr/config:/config + - /media/qnap1/TV:/tv + - /srv/DL:/downloads + + lidarr: + image: lscr.io/linuxserver/lidarr + container_name: lidarr + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "jackett" + networks: + - swag + ports: + - 8686:8686 + volumes: + - /srv/docker/lidarr/config:/config + - /media/qnap2/Music/Artists:/music + - /srv/DL:/downloads + + tautulli: + image: tautulli/tautulli + container_name: tautulli + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 8181:8181 + volumes: + - /srv/docker/tautull:/config + + ombi: + image: lscr.io/linuxserver/ombi + container_name: ombi + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "BASE_URL=/ombi" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 3579:3579 + volumes: + - /srv/docker/ombi/config:/config + + guacamole: + image: abesnier/guacamole + container_name: guacamole + user: root + environment: + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 6565:8080 + volumes: + - /srv/docker/guacamole/config:/config + + pyload: + image: lscr.io/linuxserver/pyload + container_name: pyload + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "BASE_URL=/ombi" + restart: unless-stopped + ports: + - 8000:8000 + - 7227:7223 + volumes: + - /srv/docker/pyload/config:/config + - /srv/DL:/downloads + + redis: + image: sameersbn/redis:latest + container_name: redis + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + volumes: + - /srv/docker/redis:/data + - /etc/localtime:/etc/localtime:ro + + postgres: + image: sameersbn/postgresql:latest + container_name: postgres + environment: + - 'DB_NAME=gitlabhq_production' + - 'DB_USER=gitlab' + - 'DB_PASS=${DDB_PASS}' + - 'DB_EXTENSION=pg_trgm,btree_gist' + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + volumes: + - /srv/docker/postgres:/var/lib/postgresql + + mariadb: + image: lscr.io/linuxserver/mariadb + container_name: mariadb + environment: + - PUID=1000 + - PGID=1000 + - 'MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}' + - TZ=Europe/London + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 3306:3306 + volumes: + - /srv/docker/mariadb:/config + + gitlab: + image: sameersbn/gitlab:latest + container_name: gitlab + environment: + - "USERMAP_UID=1000" + - "USERMAP_GID=1000" + - 'GITLAB_PORT=443' + - 'GITLAB_SSH_PORT=10022' + - 'GITLAB_HTTPS=true' + - 'DB_NAME=gitlabhq_production' + - 'DB_HOST=postgres.swag' + - 'DB_USER=gitlab' + - 'DB_PASS=${DDB_PASS}' + - 'GITLAB_HOST=git.${DDOMAIN}' + - 'GITLAB_BACKUPS=daily' + - 'UNICORN_WORKERS=3' + - 'UNICORN_TIMEOUT=240' + - 'GITLAB_WEBHOOK_TIMEOUT=240' + - 'GITLAB_TIMEOUT=240' + - 'SMTP_OPENSSL_VERIFY_MODE=none' + - 'REDIS_HOST=redis.swag' + - GITLAB_SECRETS_DB_KEY_BASE=${DGITLAB_SECRETS_DB_KEY_BASE} + - GITLAB_SECRETS_SECRET_KEY_BASE=${DGITLAB_SECRETS_SECRET_KEY_BASE} + - GITLAB_SECRETS_OTP_KEY_BASE=${DGITLAB_SECRETS_OTP_KEY_BASE} + - SMTP_USER=${DSMTP_USER} + - SMTP_PASS=${DSMTP_PASS} + - IMAP_USER=${DSMTP_USER} + - IMAP_PASS=${DSMTP_PASS} + - GITLAB_INCOMING_EMAIL_ADDRESS=${DGITLAB_INCOMING_EMAIL_ADDRESS} + restart: unless-stopped + depends_on: + - "swag" + - "postgres" + - "redis" + networks: + - swag + ports: + - "10022:22" + - "10080:80" + volumes: + - /var/run/docker.sock:/run/docker.sock + - /usr/bin/docker:/bin/docker + - /srv/docker/gitlab/data:/home/git/data + - /etc/localtime:/etc/localtime:ro + + netdata: + image: netdata/netdata + container_name: netdata + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + environment: + - DOCKER_HOST=docker-proxy:2375 + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - "19999:19999" + volumes: + - /srv/docker/netdata/netdatalib:/var/lib/netdata + - /srv/docker/netdata/netdatacache:/var/cache/netdata + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /etc/os-release:/host/etc/os-release:ro + + vscode: + image: lscr.io/linuxserver/code-server + container_name: vscode + environment: + - PUID=1000 + - PGID=1000 + - "TZ=Europe/London" + - "PROXY_DOMAIN=code.${DDOMAIN}" + - "PASSWORD=${DDEFAULT_PASSWORD}" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - "8443:8443" + volumes: + - /srv/docker/vscode/config:/config + + cells: + image: lscr.io/linuxserver/pydio-cells + container_name: cells + environment: + - PUID=1000 + - PGID=1000 + - EXTERNALURL=cells.rmj014.com + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - "8089:8080" + volumes: + - /srv/docker/cells/config:/config + + wireguard: + image: lscr.io/linuxserver/wireguard:latest + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=1000 + - PGID=1000 + - "TZ=Europe/London" + - SERVERURL=rmj014.com + - SERVERPORT=51820 + - PEERS=10 + - PEERDNS=auto + - ALLOWEDIPS=0.0.0.0/0 + - LOG_CONFS=true + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 51820:51820/udp + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + volumes: + - /srv/docker/wireguard/config:/config + - /lib/modules:/lib/modules + +networks: + swag: + external: + name: swag diff --git a/docker-compose.yml.old_authelia b/docker-compose.yml.old_authelia new file mode 100644 index 0000000..c46d765 --- /dev/null +++ b/docker-compose.yml.old_authelia @@ -0,0 +1,435 @@ +version: "3" +services: + vpn: + image: ghcr.io/bubuntux/nordvpn + container_name: vpn + cap_add: + - NET_ADMIN + - SYS_MODULE + devices: + - "/dev/net/tun" + environment: + - USER=${DUSER} + - "PASS=${DNORD_PASS}" + - CONNECT=Canada + - TECHNOLOGY=OpenVPN + - PROTOCOL=UDP + - NETWORK=192.168.0.0/24 + - DNS='8.8.8.8,8.8.4.4' + - "TZ=Europe/London" + ports: + # for dante and qbittorrent + - 1080:1080 + - 8082:8082 + sysctls: + - net.ipv6.conf.all.disable_ipv6=1 # Recomended if using ipv4 only + - net.ipv4.conf.all.rp_filter=2 + restart: unless-stopped + + dante: + image: dante:latest + container_name: dante + privileged: true + restart: unless-stopped + environment: + - INTERFACE=tun0 + network_mode: "service:vpn" + depends_on: + - "vpn" + + swag: + image: lscr.io/linuxserver/swag + container_name: swag + cap_add: + - NET_ADMIN + environment: + - PUID=1000 + - PGID=100 + - URL=${DDOMAIN} + - SUBDOMAINS=${DHOSTS} + - VALIDATION=http + - EMAIL=${DUSER} + - ONLY_SUBDOMAINS=false + - "TZ=Europe/London" + - UMASK_SET=002 + ports: + - 80:80 + - 443:443 + - 9091:9091 + restart: unless-stopped + networks: + - swag + volumes: + - /srv/docker/swag/config:/config + + authelia: + image: authelia/authelia:4.32.2 + container_name: authelia + environment: + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + volumes: + - /srv/docker/authelia/config:/config + depends_on: + - "swag" + + heimdall: + image: lscr.io/linuxserver/heimdall + container_name: heimdall + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 6465:80 + volumes: + - /srv/docker/heimdall:/config + depends_on: + - "swag" + + sabnzbd: + image: lscr.io/linuxserver/sabnzbd + container_name: sabnzbd + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "UMASK_SET=002" + restart: unless-stopped + depends_on: + - dante + networks: + - swag + ports: + - 8080:8080 + volumes: + - /srv/docker/sabnzbd/config:/config + - /srv/docker/sabnzbd/scripts:/scripts + - /srv/DL:/downloads + - /srv/incomplete-nzb:/incomplete + + qbittorrent: + image: lscr.io/linuxserver/qbittorrent + container_name: qbittorrent + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "UMASK_SET=002" + - "WEBUI_PORT=8082" + restart: unless-stopped + depends_on: + - dante + network_mode: "service:vpn" + volumes: + - /srv/docker/qbittorrent/config:/config + - /srv/DL:/downloads + - /srv/incomplete:/incomplete + + jackett: + image: lscr.io/linuxserver/jackett + container_name: jackett + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "dante" + networks: + - swag + ports: + - 9117:9117 + volumes: + - /srv/docker/jackett:/config + + radarr: + image: lscr.io/linuxserver/radarr + container_name: radarr + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "jackett" + networks: + - swag + ports: + - 7878:7878 + volumes: + - /srv/docker/radarr/config:/config + - /media/qnap1/Movies:/movies + - /srv/DL:/downloads + + sonarr: + image: lscr.io/linuxserver/sonarr + container_name: sonarr + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "jackett" + networks: + - swag + ports: + - 8989:8989 + volumes: + - /srv/docker/sonarr/config:/config + - /media/qnap1/TV:/tv + - /srv/DL:/downloads + + lidarr: + image: lscr.io/linuxserver/lidarr + container_name: lidarr + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "jackett" + networks: + - swag + ports: + - 8686:8686 + volumes: + - /srv/docker/lidarr/config:/config + - /media/qnap2/Music/Artists:/music + - /srv/DL:/downloads + + tautulli: + image: tautulli/tautulli + container_name: tautulli + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 8181:8181 + volumes: + - /srv/docker/tautull:/config + + ombi: + image: lscr.io/linuxserver/ombi + container_name: ombi + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "BASE_URL=/ombi" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 3579:3579 + volumes: + - /srv/docker/ombi/config:/config + + guacamole: + image: abesnier/guacamole + container_name: guacamole + user: root + environment: + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 6565:8080 + volumes: + - /srv/docker/guacamole/config:/config + + pyload: + image: lscr.io/linuxserver/pyload + container_name: pyload + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "BASE_URL=/ombi" + restart: unless-stopped + ports: + - 8000:8000 + - 7227:7223 + volumes: + - /srv/docker/pyload/config:/config + - /srv/DL:/downloads + + redis: + image: sameersbn/redis:latest + container_name: redis + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + volumes: + - /srv/docker/redis:/data + - /etc/localtime:/etc/localtime:ro + + postgres: + image: sameersbn/postgresql:latest + container_name: postgres + environment: + - 'DB_NAME=gitlabhq_production' + - 'DB_USER=gitlab' + - 'DB_PASS=${DDB_PASS}' + - 'DB_EXTENSION=pg_trgm,btree_gist' + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + volumes: + - /srv/docker/postgres:/var/lib/postgresql + + mariadb: + image: lscr.io/linuxserver/mariadb + container_name: mariadb + environment: + - PUID=1000 + - PGID=1000 + - 'MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}' + - TZ=Europe/London + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 3306:3306 + volumes: + - /srv/docker/mariadb:/config + + gitlab: + image: sameersbn/gitlab:latest + container_name: gitlab + environment: + - "USERMAP_UID=1000" + - "USERMAP_GID=1000" + - 'GITLAB_PORT=443' + - 'GITLAB_SSH_PORT=10022' + - 'GITLAB_HTTPS=true' + - 'DB_NAME=gitlabhq_production' + - 'DB_HOST=postgres.swag' + - 'DB_USER=gitlab' + - 'DB_PASS=${DDB_PASS}' + - 'GITLAB_HOST=git.${DDOMAIN}' + - 'GITLAB_BACKUPS=daily' + - 'UNICORN_WORKERS=3' + - 'UNICORN_TIMEOUT=240' + - 'GITLAB_WEBHOOK_TIMEOUT=240' + - 'GITLAB_TIMEOUT=240' + - 'SMTP_OPENSSL_VERIFY_MODE=none' + - 'REDIS_HOST=redis.swag' + - GITLAB_SECRETS_DB_KEY_BASE=${DGITLAB_SECRETS_DB_KEY_BASE} + - GITLAB_SECRETS_SECRET_KEY_BASE=${DGITLAB_SECRETS_SECRET_KEY_BASE} + - GITLAB_SECRETS_OTP_KEY_BASE=${DGITLAB_SECRETS_OTP_KEY_BASE} + - SMTP_USER=${DSMTP_USER} + - SMTP_PASS=${DSMTP_PASS} + - IMAP_USER=${DSMTP_USER} + - IMAP_PASS=${DSMTP_PASS} + - GITLAB_INCOMING_EMAIL_ADDRESS=${DGITLAB_INCOMING_EMAIL_ADDRESS} + restart: unless-stopped + depends_on: + - "swag" + - "postgres" + - "redis" + networks: + - swag + ports: + - "10022:22" + - "10080:80" + volumes: + - /var/run/docker.sock:/run/docker.sock + - /usr/bin/docker:/bin/docker + - /srv/docker/gitlab/data:/home/git/data + - /etc/localtime:/etc/localtime:ro + + netdata: + image: netdata/netdata + container_name: netdata + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + environment: + - DOCKER_HOST=docker-proxy:2375 + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - "19999:19999" + volumes: + - /srv/docker/netdata/netdatalib:/var/lib/netdata + - /srv/docker/netdata/netdatacache:/var/cache/netdata + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /etc/os-release:/host/etc/os-release:ro + + vscode: + image: lscr.io/linuxserver/code-server + container_name: vscode + environment: + - PUID=1000 + - PGID=1000 + - "TZ=Europe/London" + - "PROXY_DOMAIN=code.${DDOMAIN}" + - "PASSWORD=${DDEFAULT_PASSWORD}" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - "8443:8443" + volumes: + - /srv/docker/vscode/config:/config + + cells: + image: lscr.io/linuxserver/pydio-cells + container_name: cells + environment: + - PUID=1000 + - PGID=1000 + - EXTERNALURL=cells.rmj014.com + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - "8089:8080" + volumes: + - /srv/docker/cells/config:/config + +networks: + swag: + external: + name: swag diff --git a/docker-compose.yml.old_vpn b/docker-compose.yml.old_vpn new file mode 100644 index 0000000..32aad8d --- /dev/null +++ b/docker-compose.yml.old_vpn @@ -0,0 +1,464 @@ +version: "3" +services: + vpn: + image: ghcr.io/bubuntux/nordvpn + container_name: vpn + cap_add: + - NET_ADMIN + - SYS_MODULE + devices: + - "/dev/net/tun" + environment: + - USER=${DUSER} + - "PASS=${DNORD_PASS}" + - CONNECT=Canada + - TECHNOLOGY=OpenVPN + - PROTOCOL=UDP + - NETWORK=192.168.0.0/24 + - DNS='8.8.8.8,8.8.4.4' + - "TZ=Europe/London" + ports: + # for dante and qbittorrent + - 1080:1080 + - 8082:8082 + sysctls: + - net.ipv6.conf.all.disable_ipv6=1 # Recomended if using ipv4 only + - net.ipv4.conf.all.rp_filter=2 + restart: unless-stopped + + dante: + image: dante:latest + container_name: dante + privileged: true + restart: unless-stopped + environment: + - INTERFACE=tun0 + network_mode: "service:vpn" + depends_on: + - "vpn" + + swag: + image: lscr.io/linuxserver/swag + container_name: swag + cap_add: + - NET_ADMIN + environment: + - PUID=1000 + - PGID=100 + - URL=${DDOMAIN} + - SUBDOMAINS=${DHOSTS} + - VALIDATION=http + - EMAIL=${DUSER} + - ONLY_SUBDOMAINS=false + - "TZ=Europe/London" + - UMASK_SET=002 + ports: + - 80:80 + - 443:443 + - 9091:9091 + restart: unless-stopped + networks: + - swag + volumes: + - /srv/docker/swag/config:/config + + authelia: + image: authelia/authelia + container_name: authelia + environment: + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + volumes: + - /srv/docker/authelia/config:/config + depends_on: + - "swag" + + heimdall: + image: lscr.io/linuxserver/heimdall + container_name: heimdall + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 6465:80 + volumes: + - /srv/docker/heimdall:/config + depends_on: + - "swag" + + sabnzbd: + image: lscr.io/linuxserver/sabnzbd:latest + container_name: sabnzbd + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "UMASK_SET=002" + restart: unless-stopped + depends_on: + - dante + networks: + - swag + ports: + - 8080:8080 + volumes: + - /srv/docker/sabnzbd/config:/config + - /srv/docker/sabnzbd/scripts:/scripts + - /srv/DL:/downloads + - /srv/incomplete-nzb:/incomplete + + qbittorrent: + image: lscr.io/linuxserver/qbittorrent + container_name: qbittorrent + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "UMASK_SET=002" + - "WEBUI_PORT=8082" + restart: unless-stopped + depends_on: + - dante + network_mode: "service:vpn" + volumes: + - /srv/docker/qbittorrent/config:/config + - /srv/DL:/downloads + - /srv/incomplete:/incomplete + + jackett: + image: lscr.io/linuxserver/jackett + container_name: jackett + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "dante" + networks: + - swag + ports: + - 9117:9117 + volumes: + - /srv/docker/jackett:/config + + radarr: + image: lscr.io/linuxserver/radarr + container_name: radarr + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "jackett" + networks: + - swag + ports: + - 7878:7878 + volumes: + - /srv/docker/radarr/config:/config + - /media/qnap1/Movies:/movies + - /srv/DL:/downloads + + sonarr: + image: lscr.io/linuxserver/sonarr + container_name: sonarr + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "jackett" + networks: + - swag + ports: + - 8989:8989 + volumes: + - /srv/docker/sonarr/config:/config + - /media/qnap1/TV:/tv + - /srv/DL:/downloads + + lidarr: + image: lscr.io/linuxserver/lidarr + container_name: lidarr + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "jackett" + networks: + - swag + ports: + - 8686:8686 + volumes: + - /srv/docker/lidarr/config:/config + - /media/qnap2/Music/Artists:/music + - /srv/DL:/downloads + + tautulli: + image: tautulli/tautulli + container_name: tautulli + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 8181:8181 + volumes: + - /srv/docker/tautull:/config + + ombi: + image: lscr.io/linuxserver/ombi + container_name: ombi + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "BASE_URL=/ombi" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 3579:3579 + volumes: + - /srv/docker/ombi/config:/config + + guacamole: + image: abesnier/guacamole + container_name: guacamole + user: root + environment: + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 6565:8080 + volumes: + - /srv/docker/guacamole/config:/config + + pyload: + image: lscr.io/linuxserver/pyload + container_name: pyload + environment: + - "PUID=1000" + - "PGID=100" + - "TZ=Europe/London" + - "BASE_URL=/ombi" + restart: unless-stopped + ports: + - 8000:8000 + - 7227:7223 + volumes: + - /srv/docker/pyload/config:/config + - /srv/DL:/downloads + + redis: + image: sameersbn/redis:latest + container_name: redis + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + volumes: + - /srv/docker/redis:/data + - /etc/localtime:/etc/localtime:ro + + postgres: + image: sameersbn/postgresql:latest + container_name: postgres + environment: + - 'DB_NAME=gitlabhq_production' + - 'DB_USER=gitlab' + - 'DB_PASS=${DDB_PASS}' + - 'DB_EXTENSION=pg_trgm,btree_gist' + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + volumes: + - /srv/docker/postgres:/var/lib/postgresql + + mariadb: + image: lscr.io/linuxserver/mariadb + container_name: mariadb + environment: + - PUID=1000 + - PGID=1000 + - 'MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}' + - TZ=Europe/London + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 3306:3306 + volumes: + - /srv/docker/mariadb:/config + + gitlab: + image: sameersbn/gitlab:latest + container_name: gitlab + environment: + - "USERMAP_UID=1000" + - "USERMAP_GID=1000" + - 'GITLAB_PORT=443' + - 'GITLAB_SSH_PORT=10022' + - 'GITLAB_HTTPS=true' + - 'DB_NAME=gitlabhq_production' + - 'DB_HOST=postgres.swag' + - 'DB_USER=gitlab' + - 'DB_PASS=${DDB_PASS}' + - 'GITLAB_HOST=git.${DDOMAIN}' + - 'GITLAB_BACKUPS=daily' + - 'UNICORN_WORKERS=3' + - 'UNICORN_TIMEOUT=240' + - 'GITLAB_WEBHOOK_TIMEOUT=240' + - 'GITLAB_TIMEOUT=240' + - 'SMTP_OPENSSL_VERIFY_MODE=none' + - 'REDIS_HOST=redis.swag' + - GITLAB_SECRETS_DB_KEY_BASE=${DGITLAB_SECRETS_DB_KEY_BASE} + - GITLAB_SECRETS_SECRET_KEY_BASE=${DGITLAB_SECRETS_SECRET_KEY_BASE} + - GITLAB_SECRETS_OTP_KEY_BASE=${DGITLAB_SECRETS_OTP_KEY_BASE} + - SMTP_USER=${DSMTP_USER} + - SMTP_PASS=${DSMTP_PASS} + - IMAP_USER=${DSMTP_USER} + - IMAP_PASS=${DSMTP_PASS} + - GITLAB_INCOMING_EMAIL_ADDRESS=${DGITLAB_INCOMING_EMAIL_ADDRESS} + restart: unless-stopped + depends_on: + - "swag" + - "postgres" + - "redis" + networks: + - swag + ports: + - "10022:22" + - "10080:80" + volumes: + - /var/run/docker.sock:/run/docker.sock + - /usr/bin/docker:/bin/docker + - /srv/docker/gitlab/data:/home/git/data + - /etc/localtime:/etc/localtime:ro + + netdata: + image: netdata/netdata + container_name: netdata + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + environment: + - DOCKER_HOST=docker-proxy:2375 + - "TZ=Europe/London" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - "19999:19999" + volumes: + - /srv/docker/netdata/netdatalib:/var/lib/netdata + - /srv/docker/netdata/netdatacache:/var/cache/netdata + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /etc/os-release:/host/etc/os-release:ro + + vscode: + image: lscr.io/linuxserver/code-server + container_name: vscode + environment: + - PUID=1000 + - PGID=1000 + - "TZ=Europe/London" + - "PROXY_DOMAIN=code.${DDOMAIN}" + - "PASSWORD=${DDEFAULT_PASSWORD}" + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - "8443:8443" + volumes: + - /srv/docker/vscode/config:/config + + cells: + image: lscr.io/linuxserver/pydio-cells + container_name: cells + environment: + - PUID=1000 + - PGID=1000 + - EXTERNALURL=cells.rmj014.com + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - "8089:8080" + volumes: + - /srv/docker/cells/config:/config + + wireguard: + image: lscr.io/linuxserver/wireguard:latest + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=1000 + - PGID=1000 + - "TZ=Europe/London" + - SERVERURL=rmj014.com + - SERVERPORT=51820 + - PEERS=10 + - PEERDNS=auto + - ALLOWEDIPS=0.0.0.0/0 + - LOG_CONFS=true + restart: unless-stopped + depends_on: + - "swag" + networks: + - swag + ports: + - 51820:51820/udp + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + volumes: + - /srv/docker/wireguard/config:/config + - /lib/modules:/lib/modules + +networks: + swag: + external: + name: swag diff --git a/env.txt b/env.txt new file mode 100644 index 0000000..5e04dc0 --- /dev/null +++ b/env.txt @@ -0,0 +1,15 @@ +DDEFAULT_PASSWORD= +DSMTP_PASS= +DNORD_PASS= +DDB_PASS= +DUSER= +DHOSTS= +DDOMAIN= +DGITLAB_SECRETS_DB_KEY_BASE= +DGITLAB_SECRETS_SECRET_KEY_BASE= +DGITLAB_SECRETS_OTP_KEY_BASE= +DSMTP_USER= +DSMTP_PASS= +DIMAP_USER= +DIMAP_PASS= +DGITLAB_INCOMING_EMAIL_ADDRESS= diff --git a/monitor.py b/monitor.py new file mode 100644 index 0000000..6788e8d --- /dev/null +++ b/monitor.py @@ -0,0 +1,43 @@ +import subprocess +import time +import ipaddress + + +def run_subprocess(cmd, check=True, delay=0): + cmd_split = cmd.split(" ") + output = subprocess.run( + cmd_split, stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=check + ).stdout.decode("utf-8") + if delay > 0: + time.sleep(delay) + return output + + +while True: + try: + myip = run_subprocess("curl ifconfig.co") + results1 = run_subprocess("docker exec -it vpn nordvpn status") + results2 = run_subprocess("docker exec -it dante curl ifconfig.co") + + NoIP = False + try: + ip = ipaddress.ip_address(myip.strip()) + ip = ipaddress.ip_address(results2.strip()) + except: + print("Socks error") + NoIP = False + + if NoIP or results1.find("Status: Connected") == -1: # Not Connected + print("Restarting") + run_subprocess("docker-compose restart vpn", delay=30) + run_subprocess("docker-compose restart dante", delay=10) + run_subprocess("docker-compose restart qbittorrent") + else: + pass + except: + print("Restarting") + run_subprocess("docker-compose restart vpn", delay=30) + run_subprocess("docker-compose restart dante", delay=10) + run_subprocess("docker-compose restart qbittorrent") + + time.sleep(10 * 60)