Add steps to install danted proxy and disable apt daily activity
Various other enhancements
This commit is contained in:
@@ -13,7 +13,8 @@ SCRIPT_NAME=${SCRIPT_NAME%%.*}
|
||||
CONFIG_FILE_NAME="${SCRIPT_NAME}.cfg"
|
||||
CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
|
||||
|
||||
#step_config() {
|
||||
step_config() {
|
||||
checkVpn
|
||||
#echo "Called once before executing steps."
|
||||
## e.g. to source a config file manually:
|
||||
#. "$CONFIG_FILE"
|
||||
@@ -27,9 +28,9 @@ CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
|
||||
# # End if no configuration file exists
|
||||
# [ $DRY -eq 0 ] && return -1
|
||||
#fi
|
||||
#[ $QUIET -ne 0 ] && APTOPT="-y"
|
||||
#return 0
|
||||
#}
|
||||
[ $QUIET -ne 0 ] && APTOPT="-y"
|
||||
return 0
|
||||
}
|
||||
|
||||
step_1_info() { echo "Install mono"; }
|
||||
step_1_alias() { ALIAS="install"; }
|
||||
@@ -51,7 +52,7 @@ step_2() {
|
||||
|
||||
exe dpkg -i /tmp/repo-mediaarea_all.deb
|
||||
|
||||
exe apt-get update
|
||||
exe apt update
|
||||
exe apt install mediainfo
|
||||
}
|
||||
|
||||
@@ -65,7 +66,7 @@ step_4_info() { echo "Install sonarr"
|
||||
}
|
||||
step_4() {
|
||||
exe apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 2009837CBFFD68F45BC180471F4F90DE2A9B4BF8
|
||||
exep "echo \"deb https://apt.sonarr.tv/debian buster main\" | sudo tee /etc/apt/sources.list.d/sonarr.list"
|
||||
exep "echo \"deb https://apt.sonarr.tv/debian buster main\" | tee /etc/apt/sources.list.d/sonarr.list"
|
||||
exe apt update
|
||||
exe apt install sonarr
|
||||
# Start of sonar must be managed by VPN service
|
||||
@@ -79,6 +80,7 @@ step_5_info() {
|
||||
}
|
||||
step_5() {
|
||||
# nightly https://radarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=arm64
|
||||
# develop https://radarr.servarr.com/v1/update/develop/updatefile?os=linux&runtime=netcore&arch=arm64
|
||||
exe curl -sL "https://radarr.servarr.com/v1/update/master/updatefile?os=linux&runtime=netcore&arch=arm64" \
|
||||
-o /tmp/Radarr.tgz
|
||||
|
||||
@@ -100,7 +102,7 @@ radarrServiceLoc="/etc/systemd/system/radarr.service"
|
||||
radarrService="[Unit]
|
||||
Description=Radarr Daemon
|
||||
After=syslog.target network.target
|
||||
Requires=nzbget.service
|
||||
Wants=transmission.service jackett.service nzbget.service
|
||||
StartLimitIntervalSec=0
|
||||
|
||||
[Service]
|
||||
@@ -143,7 +145,6 @@ jackettServiceLoc="/etc/systemd/system/jackett.service"
|
||||
jackettService="[Unit]
|
||||
Description=Jackett Daemon
|
||||
After=syslog.target network.target
|
||||
Requires=transmission.service
|
||||
StartLimitIntervalSec=0
|
||||
|
||||
[Service]
|
||||
@@ -191,7 +192,6 @@ nzbServiceLoc="/etc/systemd/system/nzbget.service"
|
||||
nzbService="[Unit]
|
||||
Description=NZBGet Daemon
|
||||
After=syslog.target network.target
|
||||
#Requires=mnt-disk.mount
|
||||
StartLimitIntervalSec=0
|
||||
|
||||
[Service]
|
||||
@@ -217,17 +217,124 @@ PrivateDevices=true
|
||||
ProtectHome=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
WantedBy=multi-user.target sonarr.service radarr.service
|
||||
Alias=nzbget.service
|
||||
RequiredBy=sonarr.service radarr.service"
|
||||
#RequiredBy=sonarr.service radarr.service"
|
||||
|
||||
step_11_info() { echo "Create ufw rules for default ports"; }
|
||||
step_11_alias() { ALIAS="ufw"; }
|
||||
step_11() {
|
||||
exe ufw allow in on eth0 to any port 6789 proto tcp comment "NZBGet"
|
||||
exe ufw allow in on eth0 to any port 8989 proto tcp comment "sonarr"
|
||||
exe ufw allow in on eth0 to any port 7878 proto tcp comment "radarr"
|
||||
exe ufw allow in on eth0 to any port 9117 proto tcp comment "jackett"
|
||||
exe ufw allow in on eth0 to any port 9117 proto tcp comment "Jackett. Rules for Sonarr und Radarr in /etc/ufw/rules.before"
|
||||
|
||||
outColor red
|
||||
echo
|
||||
echo "[W] Add the following lines before \"# drop INVALID packets\""
|
||||
echo " [/etc/ufw/before.rules]"
|
||||
echo
|
||||
outColor green
|
||||
echo "# Allow all packages to sonarr and radarr"
|
||||
echo "# ufw thinks that nzb360 sends messages after socket is closed"
|
||||
echo "-A ufw-before-input -i eth0 -p tcp --dport 7878 -j ACCEPT"
|
||||
echo "-A ufw-before-input -i eth0 -p tcp --dport 8989 -j ACCEPT"
|
||||
echo "-A ufw-before-output -o eth0 -p tcp --sport 7878 -j ACCEPT"
|
||||
echo "-A ufw-before-output -o eth0 -p tcp --sport 8989 -j ACCEPT"
|
||||
echo
|
||||
}
|
||||
|
||||
step_12_info() {
|
||||
echo "Build and install unrar-nonfree"
|
||||
echoinfo "Please provide a deb-src sources entry first"
|
||||
echoinfo "[/etc/apt/sources.list]"
|
||||
}
|
||||
step_12() {
|
||||
local buildPath="/tmp/unrarbuild"
|
||||
|
||||
cat /etc/apt/sources.list | grep -E "^deb-src" >>/dev/null 2>&1
|
||||
endReturn -o $? "No deb-src entry found in /etc/apt/sources.list"
|
||||
|
||||
exe mkdir -p "$buildPath"
|
||||
exe cd "$buildPath"
|
||||
exe apt build-dep unrar-nonfree $APTOPT
|
||||
exe apt source -b unrar-nonfree $APTOPT
|
||||
endReturn -o $? "unrar-nonfree build failed ($buildPath left untouched)"
|
||||
exe dpkg -i unrar*.deb
|
||||
endReturn -o $? "unrar-nonfree install failed ($buildPath left untouched)"
|
||||
|
||||
exe rm -rf "$buildPath"
|
||||
}
|
||||
|
||||
step_13_info() { echo "Install danted socks proxy"; }
|
||||
step_13_alias() { ALIAS="danted"; }
|
||||
step_13() {
|
||||
systemctl status danted.service >>/dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
echoseq " [I] Danted already installed"
|
||||
return 0
|
||||
fi
|
||||
exe apt update
|
||||
exe apt install dante-server $APTOPT
|
||||
exe systemctl stop danted.service
|
||||
exe systemctl disable danted.service
|
||||
}
|
||||
|
||||
step_14_info() { echo "Danted installation notes"; }
|
||||
step_14() {
|
||||
cat <<DANTED_EOF
|
||||
[I] Debian fix systemd startup
|
||||
systemctl edit --full danted.service
|
||||
|
||||
# Change /lib64 to -/lib64
|
||||
ReadOnlyDirectories=/bin /etc /lib -/lib64 /sbin /usr /var
|
||||
|
||||
[I] Basic danted settings
|
||||
* Restrict to local network
|
||||
* Separate logfile
|
||||
[/etc/danted.conf]
|
||||
logoutput: stderr /var/log/dante.log
|
||||
internal: eth0 port = 1080
|
||||
external: tun0
|
||||
socksmethod: none
|
||||
clientmethod: none
|
||||
client pass {
|
||||
from: 192.168.0.0/24 port 1-65535 to: 0.0.0.0/0
|
||||
log: error
|
||||
}
|
||||
client block {
|
||||
from: 0.0.0.0/0 to: 0.0.0.0/0
|
||||
log: error
|
||||
}
|
||||
socks block {
|
||||
from: 0.0.0.0/0 to: 127.0.0.0/4
|
||||
log: error
|
||||
}
|
||||
socks pass {
|
||||
from: 192.168.23.0/24 to: 0.0.0.0/0
|
||||
protocol: tcp udp
|
||||
log: error
|
||||
}
|
||||
socks block {
|
||||
from: 0.0.0.0/0 to: 0.0.0.0/0
|
||||
log: connect error
|
||||
}
|
||||
|
||||
DANTED_EOF
|
||||
}
|
||||
|
||||
step_15_info() { echo "Disable apt-daily activities"; }
|
||||
step_15_alias() { ALIAS="aptdaily"; }
|
||||
step_15() {
|
||||
exe /usr/bin/systemctl stop apt-daily-upgrade.timer
|
||||
exe /usr/bin/systemctl stop apt-daily.timer
|
||||
exe /usr/bin/systemctl disable apt-daily-upgrade.timer
|
||||
exe /usr/bin/systemctl disable apt-daily.timer
|
||||
exe /usr/bin/systemctl mask apt-daily.service
|
||||
exe /usr/bin/systemctl daemon-reload
|
||||
}
|
||||
|
||||
checkVpn() {
|
||||
ip -br a | grep tun >>/dev/null 2>&1
|
||||
[ $? -eq 0 ] && echoseq " [W] A VPN connection is possibly active. Consider deactivating it befor any apt operation."
|
||||
}
|
||||
|
||||
VERSION_SEQREV=12
|
||||
|
||||
Reference in New Issue
Block a user