From f2a61f85da00e4565288a1734a6436b45769c564 Mon Sep 17 00:00:00 2001 From: redbeardymcgee Date: Fri, 8 Nov 2024 18:58:06 -0600 Subject: [PATCH] reorganize completely --- .gitignore | 1 + README.md | 411 +++++------------------------- quadlets/README.md | 3 + quadlets/gluetun.container | 36 +++ quadlets/pointspend.container | 28 ++ quadlets/port-forward.container | 29 +++ quadlets/protonvpn.network | 13 + quadlets/qbittorrent.container | 27 ++ quadlets/seedboxapi.container | 28 ++ quadlets/weechat.container | 24 ++ stacks/mam/README.md | 33 +++ stacks/mam/gluetun.container | 36 +++ stacks/mam/pointspend.container | 28 ++ stacks/mam/port-forward.container | 29 +++ stacks/mam/protonvpn.network | 13 + stacks/mam/qbittorrent.container | 27 ++ stacks/mam/seedboxapi.container | 28 ++ 17 files changed, 445 insertions(+), 349 deletions(-) create mode 100644 .gitignore create mode 100644 quadlets/README.md create mode 100644 quadlets/gluetun.container create mode 100644 quadlets/pointspend.container create mode 100644 quadlets/port-forward.container create mode 100644 quadlets/protonvpn.network create mode 100644 quadlets/qbittorrent.container create mode 100644 quadlets/seedboxapi.container create mode 100644 quadlets/weechat.container create mode 100644 stacks/mam/README.md create mode 100644 stacks/mam/gluetun.container create mode 100644 stacks/mam/pointspend.container create mode 100644 stacks/mam/port-forward.container create mode 100644 stacks/mam/protonvpn.network create mode 100644 stacks/mam/qbittorrent.container create mode 100644 stacks/mam/seedboxapi.container diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..873d0d5 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.zk diff --git a/README.md b/README.md index ab08470..ae09785 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # podbox -![Connectable!](./resource/image/connectable-status.png) +![Connectable status](./resource/image/connectable-status.png) ## Installation @@ -25,6 +25,60 @@ them and decide for yourself. - `dnf install elrepo-release` - [RPM Fusion](https://wiki.almalinux.org/documentation/epel-and-rpmfusion.html) +## Disks + +### Partitions + +Repeat the following steps for all disks that you want to join together into +one single logical volume. + +```bash +# Find /dev/sdX paths for disks +# WARNING: Make sure you confirm the disk is correct +lsblk -f +# Clear the partition table +dd if=/dev/zero of=/dev/sdX bs=512 count=1 conv=notrunc +# Create LVM partition +parted --fix --align optimal --script /dev/sdX \ + mklabel gpt \ + mkpart primary ext4 1MiB -2048s \ + set 1 lvm on +``` + +### LVM + +```bash +# Create physical volume +pvcreate /dev/sdX1 +# Create volume group for disks +vgcreate library /dev/sdX1 +# Add more disks to volume group +vgextend library /dev/sdY1 +# Create logical volume across all disks in volume group +lvcreate -l100%FREE -n books library +# Add filesystem to logical volume +mke2fs -t ext4 /dev/library/books +# Check it +e2fsck -f /dev/library/books +``` + +### /etc/systemd/system/volumes-books.mount + +```ini +[Mount] +What=/dev/library/books +Where=/volumes/books +Type=ext4 + +[Install] +WantedBy=default.target +``` + +```bash +mkdir -p /volumes/books +chown -R $ctuser:$ctuser /volumes +``` + ## SSH SSH is optional, but highly encouraged. Cockpit gives you a terminal too, but @@ -63,6 +117,8 @@ printf '%s\n' \ > systemctl disable --now firewalld > ``` +> [!TODO] Should be able to set up good firewall with only 80/443 open. + Enable the socket-activated cockpit service and allow it through the firewall. ```bash @@ -148,7 +204,8 @@ useradd --create-home \ --groups systemd-journal \ --uid 2000 \ $ctuser -usermod --lock $ctuser # Lock user from password login +# Lock user from password login +usermod --lock $ctuser # Add container sub-ids usermod --add-subuids 200000-299999 --add-subgids 200000-299999 $ctuser # Start $ctuser session at boot without login @@ -177,358 +234,14 @@ systemctl --user enable --now podman-auto-update exit ``` -### ~/.config/containers/systemd/protonvpn.network - -This is a small internal network for this stack of containers to share. - -```ini -[Unit] -Description=ProtonVPN -After=network-online.target - -[Install] -WantedBy=default.target - -[Network] -NetworkName=protonvpn -Subnet=172.25.0.0/28 -Gateway=172.25.0.1 -DNS=1.1.1.1 -``` - -### ~/.config/containers/systemd/gluetun.container - -This is our VPN container. This example uses ProtonVPN. - -> [!WARNING] I disabled SELinux to not deal with this for every other issue. +> [!WARNING] I disabled SELinux to not deal with this for every container. > /etc/selinux/config -> `SELINUX=disabled` +> [!TODO] Set up the correct policies permanently instead of disabling SELinux + Temporarily set SELinux policy to allow containers to use devices. ```bash setsebool -P container_use_devices 1 ``` -> [!TIP] Get protonvpn user/pass -> [OpenVpnIKEv2](https://account.proton.me/u/0/vpn/OpenVpnIKEv2) - -```ini -[Unit] -Description=gluetun VPN -After=protonvpn-network.service -PartOf=protonvpn-network.service - -[Service] -Restart=on-failure -TimeoutStartSec=900 - -[Install] -WantedBy=default.target - -[Container] -Image=docker.io/qmcgaw/gluetun:$gluetun_version -ContainerName=gluetun -HostName=gluetun -AutoUpdate=registry -AddCapability=NET_ADMIN -AddDevice=/dev/net/tun:/dev/net/tun - -Network=protonvpn - -Volume=/volumes/gluetun/auth/config.toml:/gluetun/auth/config.toml - -Environment=TZ=$timezone -Environment=UPDATER_PERIOD=24h -Environment=UPDATER_VPN_SERVICE_PROVIDERS=protonvpn -Environment=VPN_SERVICE_PROVIDER=protonvpn -# The trailing `+pmp` is for port forwarding -Environment=OPENVPN_USER=${openvpn_user}+pmp -Environment=OPENVPN_PASSWORD=$openvpn_password -Environment=OPENVPN_CIPHERS=aes-256-gcm -Environment=SERVER_COUNTRIES=$countries -Environment=VPN_PORT_FORWARDING=on -Environment=FIREWALL_DEBUG=on -``` - -### /volumes/gluetun/auth/config.toml - -This allows us to query the `gluetun` API for the forwarded port without -needing an API user and password. - -> [!WARNING] Do not expose the API to the internet. - -```toml -[[roles]] -name = "qbittorrent" -routes = ["GET /v1/openvpn/portforwarded"] -auth = "none" -``` - -### ~/.config/containers/systemd/qbittorrent.container - -> [!NOTE] Check $qbt_version from tags on dockerhub. -> [qbittorrentofficial](https://docker.io/qbittorrentofficial/qbittorrent-nox) - -```ini -[Unit] -Description=qbittorrent client -After=gluetun.service -BindsTo=gluetun.service - -[Service] -Restart=on-failure -TimeoutStartSec=900 - -[Install] -WantedBy=default.target - -[Container] -Image=docker.io/qbittorrentofficial/qbittorrent-nox:$qbt_version -ContainerName=qbittorrent -HostName=qbittorrent -AutoUpdate=registry - -Network=container:gluetun - -Volume=/volumes/qbittorrent/config:/config -Volume=/volumes/qbittorrent/downloads:/downloads - -Environment=QBT_LEGAL_NOTICE=confirm -Environment=QBT_VERSION=$qbt_version -Environment=TZ=$timezone -``` - -### ~/.config/containers/systemd/qbittorrent-port-forward.container - -This updates the `qbittorrent` configuration to match the forwarded port from -`gluetun`. - -> [!TIP] Check the ip address of most containers. -> `podman exec -it $container_name ip addr show` - -```ini -[Unit] -Description=Port forward updater for qbittorrent over gluetun -After=gluetun.service -After=qbittorrent.service -BindsTo=gluetun.service -BindsTo=qbittorrent.service - -[Service] -Restart=on-failure -TimeoutStartSec=900 - -[Install] -WantedBy=default.target - -[Container] -# TODO: Replace this with one that has tags -# Probably have to repack my own -Image=docker.io/mjmeli/qbittorrent-port-forward-gluetun-server:latest -ContainerName=qbittorrent-port-forward -HostName=qbittorrent-port-forward -AutoUpdate=registry - -Network=container:gluetun - -Environment=QBT_USERNAME=$qbt_user -Environment=QBT_PASSWORD=$qbt_password -Environment=QBT_ADDR=http://localhost:8080 -Environment=GTN_ADDR=http://localhost:8000 -``` - -### ~/.config/containers/systemd/seedboxapi.container - -This ensures that your torrent session stays in sync with your MAM session. - -> [!NOTE] Set your dynamic session with ASN lock now to view the $mam_id. - -```ini -[Unit] -Description=Update qbittorrent session IP for tracker -After=qbittorrent.service -After=gluetun.service -BindsTo=gluetun.service -BindsTo=qbittorrent.service - -[Service] -Restart=on-failure -TimeoutStartSec=900 - -[Install] -WantedBy=default.target - -[Container] -# TODO: Is `latest` safe for this container? -Image=docker.io/myanonamouse/seedboxapi:latest -ContainerName=seedboxapi -HostName=seedboxapi -AutoUpdate=registry - -Network=container:gluetun - -Volume=/volumes/seedboxapi/config:/config - -Environment=DEBUG=1 -Environment=mam_id=$mam_id -Environment=interval=1 -``` - -### ~/.config/containers/systemd/pointspend.container - -> [!TIP] Optional bonus points spender. -> Useful to maintain VIP and not hit max 99999. - -```ini -[Unit] -Description=Bonus points spender -After=qbittorrent.service -After=gluetun.service -BindsTo=gluetun.service -BindsTo=qbittorrent.service - -[Service] -Restart=on-failure -TimeoutStartSec=900 - -[Install] -WantedBy=default.target - -[Container] -# TODO: Is `latest` safe for this container? -Image=docker.io/myanonamouse/pointspend:latest -ContainerName=pointspend -HostName=pointspend -AutoUpdate=registry - -Network=container:gluetun - -Environment=MAMID=$mam_id -Environment=BUFFER=10000 -Environment=WEDGEHOURS=0 -Environment=VIP=1 -``` - -### ~/.config/containers/systemd/weechat.container - -Optional container to add an always on IRC client. - - -```ini -[Unit] -Description=IRC client -After=gluetun.service -BindsTo=gluetun.service - -[Service] -Restart=on-failure -TimeoutStartSec=900 - -[Install] -WantedBy=default.target - -[Container] -Image=docker.io/weechat/weechat:latest-alpine-slim -ContainerName=weechat -HostName=weechat -AutoUpdate=registry - -Network=container:gluetun - -Volume=/volumes/weechat/dot-config:/home/user/.config -Volume=/volumes/weechat/dot-cache:/home/user/.cache -Volume=/volumes/weechat/dot-local/share:/home/user/.local/share - -# FIXME: Better way to attach stdin and tty -PodmanArgs=-a stdin --tty=true -``` -#### Attach and connect - -```bash -podman attach weechat -/set irc.look.smart_filter on -/set irc.server_default.msg_part "" -/set irc.server_default.msg_quit "" -/set irc.ctcp.clientinfo "" -/set irc.ctcp.finger "" -/set irc.ctcp.source "" -/set irc.ctcp.time "" -/set irc.ctcp.userinfo "" -/set irc.ctcp.version "" -/set irc.ctcp.ping "" -/plugin unload xfer -/set weechat.plugin.autoload "*,!xfer" -/filter add irc_smart * irc_smart_filter * -/server add mam irc.myanonamouse.net/6697 -/set irc.server.mam.username $irc_username -/set irc.server_default.autojoin_dynamic on -/set irc.server.mam.autojoin "#anonamouse.net" -/set irc.server.mam.nicks "$irc_nick1,$irc_nick2" -/connect mam -``` - -### ~/.config/containers/systemd/caddy.container - -This is an optional container to add a reverse proxy (and more). - -> [!TODO] Needs to be filled out. -> Works as is but doesn't do anything with a default config. - -```ini -[Unit] -Description=Reverse proxy -After=protonvpn-network.service - -[Service] -Restart=on-failure - -[Install] -WantedBy=default.target - -[Container] -Image=docker.io/caddy:2 -ContainerName=caddy -HostName=caddy - -Network=protonvpn -PublishPort=80:80 -PublishPort=443:443 -PublishPort=443:443/udp - -Volume=/volumes/caddy/config:/config -Volume=/volumes/caddy/etc/caddy/Caddyfile:/etc/caddy/Caddyfile -Volume=/volumes/caddy/srv:/srv -Volume=/volumes/caddy/data:/data -``` - -### /volumes/caddy/etc/caddy/Caddyfile - -``` -# The Caddyfile is an easy way to configure your Caddy web server. -# -# Unless the file starts with a global options block, the first -# uncommented line is always the address of your site. -# -# To use your own domain name (with automatic HTTPS), first make -# sure your domain's A/AAAA DNS records are properly pointed to -# this machine's public IP, then replace ":80" below with your -# domain name. - -:80 { - # Set this path to your site's directory. - root * /usr/share/caddy - - # Enable the static file server. - file_server - - # Another common task is to set up a reverse proxy: - # reverse_proxy localhost:8080 - - # Or serve a PHP site through php-fpm: - # php_fastcgi localhost:9000 -} - -# Refer to the Caddy docs for more information: -# https://caddyserver.com/docs/caddyfile -``` - diff --git a/quadlets/README.md b/quadlets/README.md new file mode 100644 index 0000000..58c68ba --- /dev/null +++ b/quadlets/README.md @@ -0,0 +1,3 @@ +# Quadlets + +Quadlets go in `~/.config/containers/systemd`. diff --git a/quadlets/gluetun.container b/quadlets/gluetun.container new file mode 100644 index 0000000..0bac328 --- /dev/null +++ b/quadlets/gluetun.container @@ -0,0 +1,36 @@ +[Unit] +Description=gluetun VPN +After=protonvpn-network.service +PartOf=protonvpn-network.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +Image=docker.io/qmcgaw/gluetun:$gluetun_version +ContainerName=gluetun +HostName=gluetun +AutoUpdate=registry +AddCapability=NET_ADMIN +AddDevice=/dev/net/tun:/dev/net/tun + +Network=protonvpn + +Volume=/volumes/books/gluetun/auth/config.toml:/gluetun/auth/config.toml + +Environment=TZ=$timezone +Environment=UPDATER_PERIOD=24h +Environment=UPDATER_VPN_SERVICE_PROVIDERS=protonvpn +Environment=VPN_SERVICE_PROVIDER=protonvpn +# The trailing `+pmp` is for port forwarding +Environment=OPENVPN_USER=${openvpn_user}+pmp +Environment=OPENVPN_PASSWORD=$openvpn_password +Environment=OPENVPN_CIPHERS=aes-256-gcm +Environment=SERVER_COUNTRIES=$countries +Environment=VPN_PORT_FORWARDING=on +Environment=FIREWALL_DEBUG=on + diff --git a/quadlets/pointspend.container b/quadlets/pointspend.container new file mode 100644 index 0000000..95a5297 --- /dev/null +++ b/quadlets/pointspend.container @@ -0,0 +1,28 @@ +[Unit] +Description=Bonus points spender +After=qbittorrent.service +After=gluetun.service +BindsTo=gluetun.service +BindsTo=qbittorrent.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +# TODO: Is `latest` safe for this container? +Image=docker.io/myanonamouse/pointspend:latest +ContainerName=pointspend +HostName=pointspend +AutoUpdate=registry + +Network=container:gluetun + +Environment=MAMID=$mam_id +Environment=BUFFER=1000 +Environment=WEDGEHOURS=0 +Environment=VIP=1 + diff --git a/quadlets/port-forward.container b/quadlets/port-forward.container new file mode 100644 index 0000000..827984e --- /dev/null +++ b/quadlets/port-forward.container @@ -0,0 +1,29 @@ +[Unit] +Description=Port forward updater for qbittorrent over gluetun +After=gluetun.service +After=qbittorrent.service +BindsTo=gluetun.service +BindsTo=qbittorrent.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +# TODO: Replace this with one that has tags +# Probably have to repack my own +Image=docker.io/mjmeli/qbittorrent-port-forward-gluetun-server:latest +ContainerName=qbittorrent-port-forward +HostName=qbittorrent-port-forward +AutoUpdate=registry + +Network=container:gluetun + +Environment=QBT_USERNAME=$qbt_user +Environment=QBT_PASSWORD=$qbt_password +Environment=QBT_ADDR=http://localhost:8080 +Environment=GTN_ADDR=http://localhost:8000 + diff --git a/quadlets/protonvpn.network b/quadlets/protonvpn.network new file mode 100644 index 0000000..86093f5 --- /dev/null +++ b/quadlets/protonvpn.network @@ -0,0 +1,13 @@ +[Unit] +Description=ProtonVPN +After=network-online.target + +[Install] +WantedBy=default.target + +[Network] +NetworkName=protonvpn +Subnet=172.25.0.0/28 +Gateway=172.25.0.1 +DNS=1.1.1.1 + diff --git a/quadlets/qbittorrent.container b/quadlets/qbittorrent.container new file mode 100644 index 0000000..af1246e --- /dev/null +++ b/quadlets/qbittorrent.container @@ -0,0 +1,27 @@ +[Unit] +Description=qbittorrent client +After=gluetun.service +BindsTo=gluetun.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +Image=docker.io/qbittorrentofficial/qbittorrent-nox:$qbt_version +ContainerName=qbittorrent +HostName=qbittorrent +AutoUpdate=registry + +Network=container:gluetun + +Volume=/volumes/books/qbittorrent/config:/config +Volume=/volumes/books/qbittorrent/downloads:/downloads + +Environment=QBT_LEGAL_NOTICE=confirm +Environment=QBT_VERSION=$qbt_version +Environment=TZ=$timezone + diff --git a/quadlets/seedboxapi.container b/quadlets/seedboxapi.container new file mode 100644 index 0000000..9e3a9d7 --- /dev/null +++ b/quadlets/seedboxapi.container @@ -0,0 +1,28 @@ +[Unit] +Description=Update qbittorrent session IP for tracker +After=qbittorrent.service +After=gluetun.service +BindsTo=gluetun.service +BindsTo=qbittorrent.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +# TODO: Is `latest` safe for this container? +Image=docker.io/myanonamouse/seedboxapi:latest +ContainerName=seedboxapi +HostName=seedboxapi +AutoUpdate=registry + +Network=container:gluetun + +Volume=/volumes/books/seedboxapi/config:/config + +Environment=DEBUG=1 +Environment=mam_id=$mam_id +Environment=interval=1 diff --git a/quadlets/weechat.container b/quadlets/weechat.container new file mode 100644 index 0000000..ade88dd --- /dev/null +++ b/quadlets/weechat.container @@ -0,0 +1,24 @@ +[Unit] +Description=IRC client + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +Image=docker.io/weechat/weechat:latest-alpine-slim +ContainerName=weechat +HostName=weechat +AutoUpdate=registry + +# Persist the full home dir +# FIXME: weechat throws tons of permission errors. Could be related to me +# destroying and rebuilding the volumes and disks and $ctuser on my end +Volume=/volumes/books/weechat/home/user:/home/user + +# FIXME: Better way to attach stdin and tty +PodmanArgs=-a stdin --tty=true + diff --git a/stacks/mam/README.md b/stacks/mam/README.md new file mode 100644 index 0000000..6e7a021 --- /dev/null +++ b/stacks/mam/README.md @@ -0,0 +1,33 @@ +# MAM Stack + +> [!TIP] Get protonvpn user/pass +> [OpenVpnIKEv2](https://account.proton.me/u/0/vpn/OpenVpnIKEv2) + +## /etc/systemd/system/volumes-books.mount + +```ini +[Unit] +Description=Mount LVM for storage + +[Mount] +What=/dev/library/books +Where=/volumes/books +Type=ext4 + +[Install] +WantedBy=default.target +``` + +## /volumes/books/gluetun/auth/config.toml + +This allows us to query the `gluetun` API for the forwarded port without +needing an API user and password. + +> [!WARNING] Do not expose the API to the internet. + +```toml +[[roles]] +name = "qbittorrent" +routes = ["GET /v1/openvpn/portforwarded"] +auth = "none" +``` diff --git a/stacks/mam/gluetun.container b/stacks/mam/gluetun.container new file mode 100644 index 0000000..0bac328 --- /dev/null +++ b/stacks/mam/gluetun.container @@ -0,0 +1,36 @@ +[Unit] +Description=gluetun VPN +After=protonvpn-network.service +PartOf=protonvpn-network.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +Image=docker.io/qmcgaw/gluetun:$gluetun_version +ContainerName=gluetun +HostName=gluetun +AutoUpdate=registry +AddCapability=NET_ADMIN +AddDevice=/dev/net/tun:/dev/net/tun + +Network=protonvpn + +Volume=/volumes/books/gluetun/auth/config.toml:/gluetun/auth/config.toml + +Environment=TZ=$timezone +Environment=UPDATER_PERIOD=24h +Environment=UPDATER_VPN_SERVICE_PROVIDERS=protonvpn +Environment=VPN_SERVICE_PROVIDER=protonvpn +# The trailing `+pmp` is for port forwarding +Environment=OPENVPN_USER=${openvpn_user}+pmp +Environment=OPENVPN_PASSWORD=$openvpn_password +Environment=OPENVPN_CIPHERS=aes-256-gcm +Environment=SERVER_COUNTRIES=$countries +Environment=VPN_PORT_FORWARDING=on +Environment=FIREWALL_DEBUG=on + diff --git a/stacks/mam/pointspend.container b/stacks/mam/pointspend.container new file mode 100644 index 0000000..95a5297 --- /dev/null +++ b/stacks/mam/pointspend.container @@ -0,0 +1,28 @@ +[Unit] +Description=Bonus points spender +After=qbittorrent.service +After=gluetun.service +BindsTo=gluetun.service +BindsTo=qbittorrent.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +# TODO: Is `latest` safe for this container? +Image=docker.io/myanonamouse/pointspend:latest +ContainerName=pointspend +HostName=pointspend +AutoUpdate=registry + +Network=container:gluetun + +Environment=MAMID=$mam_id +Environment=BUFFER=1000 +Environment=WEDGEHOURS=0 +Environment=VIP=1 + diff --git a/stacks/mam/port-forward.container b/stacks/mam/port-forward.container new file mode 100644 index 0000000..827984e --- /dev/null +++ b/stacks/mam/port-forward.container @@ -0,0 +1,29 @@ +[Unit] +Description=Port forward updater for qbittorrent over gluetun +After=gluetun.service +After=qbittorrent.service +BindsTo=gluetun.service +BindsTo=qbittorrent.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +# TODO: Replace this with one that has tags +# Probably have to repack my own +Image=docker.io/mjmeli/qbittorrent-port-forward-gluetun-server:latest +ContainerName=qbittorrent-port-forward +HostName=qbittorrent-port-forward +AutoUpdate=registry + +Network=container:gluetun + +Environment=QBT_USERNAME=$qbt_user +Environment=QBT_PASSWORD=$qbt_password +Environment=QBT_ADDR=http://localhost:8080 +Environment=GTN_ADDR=http://localhost:8000 + diff --git a/stacks/mam/protonvpn.network b/stacks/mam/protonvpn.network new file mode 100644 index 0000000..86093f5 --- /dev/null +++ b/stacks/mam/protonvpn.network @@ -0,0 +1,13 @@ +[Unit] +Description=ProtonVPN +After=network-online.target + +[Install] +WantedBy=default.target + +[Network] +NetworkName=protonvpn +Subnet=172.25.0.0/28 +Gateway=172.25.0.1 +DNS=1.1.1.1 + diff --git a/stacks/mam/qbittorrent.container b/stacks/mam/qbittorrent.container new file mode 100644 index 0000000..af1246e --- /dev/null +++ b/stacks/mam/qbittorrent.container @@ -0,0 +1,27 @@ +[Unit] +Description=qbittorrent client +After=gluetun.service +BindsTo=gluetun.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +Image=docker.io/qbittorrentofficial/qbittorrent-nox:$qbt_version +ContainerName=qbittorrent +HostName=qbittorrent +AutoUpdate=registry + +Network=container:gluetun + +Volume=/volumes/books/qbittorrent/config:/config +Volume=/volumes/books/qbittorrent/downloads:/downloads + +Environment=QBT_LEGAL_NOTICE=confirm +Environment=QBT_VERSION=$qbt_version +Environment=TZ=$timezone + diff --git a/stacks/mam/seedboxapi.container b/stacks/mam/seedboxapi.container new file mode 100644 index 0000000..9e3a9d7 --- /dev/null +++ b/stacks/mam/seedboxapi.container @@ -0,0 +1,28 @@ +[Unit] +Description=Update qbittorrent session IP for tracker +After=qbittorrent.service +After=gluetun.service +BindsTo=gluetun.service +BindsTo=qbittorrent.service + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target + +[Container] +# TODO: Is `latest` safe for this container? +Image=docker.io/myanonamouse/seedboxapi:latest +ContainerName=seedboxapi +HostName=seedboxapi +AutoUpdate=registry + +Network=container:gluetun + +Volume=/volumes/books/seedboxapi/config:/config + +Environment=DEBUG=1 +Environment=mam_id=$mam_id +Environment=interval=1