efelon/shell_sequencer
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Add steps to install danted proxy and disable apt daily activity

Browse Source 
Various other enhancements
This commit is contained in:
Martin Winkler
2021-03-28 23:43:02 +02:00
parent 04abf6c6b7
commit b46c4b6302
1 changed files with 121 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
seqs/downloader.sh
View File

@@ -13,7 +13,8 @@ SCRIPT_NAME=${SCRIPT_NAME%%.*}
CONFIG_FILE_NAME="${SCRIPT_NAME}.cfg" CONFIG_FILE_NAME="${SCRIPT_NAME}.cfg"
CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example" CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
#step_config() { step_config() {
checkVpn
#echo "Called once before executing steps." #echo "Called once before executing steps."
## e.g. to source a config file manually: ## e.g. to source a config file manually:
#. "$CONFIG_FILE" #. "$CONFIG_FILE"
@@ -27,9 +28,9 @@ CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
# # End if no configuration file exists # # End if no configuration file exists
# [ $DRY -eq 0 ] && return -1 # [ $DRY -eq 0 ] && return -1
#fi #fi
#[ $QUIET -ne 0 ] && APTOPT="-y" [ $QUIET -ne 0 ] && APTOPT="-y"
#return 0 return 0
#} }
step_1_info() { echo "Install mono"; } step_1_info() { echo "Install mono"; }
step_1_alias() { ALIAS="install"; } step_1_alias() { ALIAS="install"; }
@@ -51,7 +52,7 @@ step_2() {
exe dpkg -i /tmp/repo-mediaarea_all.deb exe dpkg -i /tmp/repo-mediaarea_all.deb
exe apt-get update exe apt update
exe apt install mediainfo exe apt install mediainfo
} }
@@ -65,7 +66,7 @@ step_4_info() { echo "Install sonarr"
} }
step_4() { step_4() {
exe apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 2009837CBFFD68F45BC180471F4F90DE2A9B4BF8 exe apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 2009837CBFFD68F45BC180471F4F90DE2A9B4BF8
exep "echo \"deb https://apt.sonarr.tv/debian buster main\" | sudo tee /etc/apt/sources.list.d/sonarr.list" exep "echo \"deb https://apt.sonarr.tv/debian buster main\" | tee /etc/apt/sources.list.d/sonarr.list"
exe apt update exe apt update
exe apt install sonarr exe apt install sonarr
# Start of sonar must be managed by VPN service # Start of sonar must be managed by VPN service
@@ -79,6 +80,7 @@ step_5_info() {
} }
step_5() { step_5() {
# nightly https://radarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=arm64 # nightly https://radarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=arm64
# develop https://radarr.servarr.com/v1/update/develop/updatefile?os=linux&runtime=netcore&arch=arm64
exe curl -sL "https://radarr.servarr.com/v1/update/master/updatefile?os=linux&runtime=netcore&arch=arm64" \ exe curl -sL "https://radarr.servarr.com/v1/update/master/updatefile?os=linux&runtime=netcore&arch=arm64" \
-o /tmp/Radarr.tgz -o /tmp/Radarr.tgz
@@ -100,7 +102,7 @@ radarrServiceLoc="/etc/systemd/system/radarr.service"
radarrService="[Unit] radarrService="[Unit]
Description=Radarr Daemon Description=Radarr Daemon
After=syslog.target network.target After=syslog.target network.target
Requires=nzbget.service Wants=transmission.service jackett.service nzbget.service
StartLimitIntervalSec=0 StartLimitIntervalSec=0
[Service] [Service]
@@ -143,7 +145,6 @@ jackettServiceLoc="/etc/systemd/system/jackett.service"
jackettService="[Unit] jackettService="[Unit]
Description=Jackett Daemon Description=Jackett Daemon
After=syslog.target network.target After=syslog.target network.target
Requires=transmission.service
StartLimitIntervalSec=0 StartLimitIntervalSec=0
[Service] [Service]
@@ -191,7 +192,6 @@ nzbServiceLoc="/etc/systemd/system/nzbget.service"
nzbService="[Unit] nzbService="[Unit]
Description=NZBGet Daemon Description=NZBGet Daemon
After=syslog.target network.target After=syslog.target network.target
#Requires=mnt-disk.mount
StartLimitIntervalSec=0 StartLimitIntervalSec=0
[Service] [Service]
@@ -217,17 +217,124 @@ PrivateDevices=true
ProtectHome=true ProtectHome=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target sonarr.service radarr.service
Alias=nzbget.service Alias=nzbget.service
RequiredBy=sonarr.service radarr.service" #RequiredBy=sonarr.service radarr.service"
step_11_info() { echo "Create ufw rules for default ports"; } step_11_info() { echo "Create ufw rules for default ports"; }
step_11_alias() { ALIAS="ufw"; } step_11_alias() { ALIAS="ufw"; }
step_11() { step_11() {
exe ufw allow in on eth0 to any port 6789 proto tcp comment "NZBGet" exe ufw allow in on eth0 to any port 6789 proto tcp comment "NZBGet"
exe ufw allow in on eth0 to any port 8989 proto tcp comment "sonarr" exe ufw allow in on eth0 to any port 9117 proto tcp comment "Jackett. Rules for Sonarr und Radarr in /etc/ufw/rules.before"
exe ufw allow in on eth0 to any port 7878 proto tcp comment "radarr"
exe ufw allow in on eth0 to any port 9117 proto tcp comment "jackett" outColor red
echo
echo "[W] Add the following lines before \"# drop INVALID packets\""
echo " [/etc/ufw/before.rules]"
echo
outColor green
echo "# Allow all packages to sonarr and radarr"
echo "# ufw thinks that nzb360 sends messages after socket is closed"
echo "-A ufw-before-input -i eth0 -p tcp --dport 7878 -j ACCEPT"
echo "-A ufw-before-input -i eth0 -p tcp --dport 8989 -j ACCEPT"
echo "-A ufw-before-output -o eth0 -p tcp --sport 7878 -j ACCEPT"
echo "-A ufw-before-output -o eth0 -p tcp --sport 8989 -j ACCEPT"
echo
}
step_12_info() {
echo "Build and install unrar-nonfree"
echoinfo "Please provide a deb-src sources entry first"
echoinfo "[/etc/apt/sources.list]"
}
step_12() {
local buildPath="/tmp/unrarbuild"
cat /etc/apt/sources.list | grep -E "^deb-src" >>/dev/null 2>&1
endReturn -o $? "No deb-src entry found in /etc/apt/sources.list"
exe mkdir -p "$buildPath"
exe cd "$buildPath"
exe apt build-dep unrar-nonfree $APTOPT
exe apt source -b unrar-nonfree $APTOPT
endReturn -o $? "unrar-nonfree build failed ($buildPath left untouched)"
exe dpkg -i unrar*.deb
endReturn -o $? "unrar-nonfree install failed ($buildPath left untouched)"
exe rm -rf "$buildPath"
}
step_13_info() { echo "Install danted socks proxy"; }
step_13_alias() { ALIAS="danted"; }
step_13() {
systemctl status danted.service >>/dev/null 2>&1
if [ $? -eq 0 ]; then
echoseq " [I] Danted already installed"
return 0
fi
exe apt update
exe apt install dante-server $APTOPT
exe systemctl stop danted.service
exe systemctl disable danted.service
}
step_14_info() { echo "Danted installation notes"; }
step_14() {
cat <<DANTED_EOF
[I] Debian fix systemd startup
systemctl edit --full danted.service
# Change /lib64 to -/lib64
ReadOnlyDirectories=/bin /etc /lib -/lib64 /sbin /usr /var
[I] Basic danted settings
* Restrict to local network
* Separate logfile
[/etc/danted.conf]
logoutput: stderr /var/log/dante.log
internal: eth0 port = 1080
external: tun0
socksmethod: none
clientmethod: none
client pass {
from: 192.168.0.0/24 port 1-65535 to: 0.0.0.0/0
log: error
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error
}
socks block {
from: 0.0.0.0/0 to: 127.0.0.0/4
log: error
}
socks pass {
from: 192.168.23.0/24 to: 0.0.0.0/0
protocol: tcp udp
log: error
}
socks block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
DANTED_EOF
}
step_15_info() { echo "Disable apt-daily activities"; }
step_15_alias() { ALIAS="aptdaily"; }
step_15() {
exe /usr/bin/systemctl stop apt-daily-upgrade.timer
exe /usr/bin/systemctl stop apt-daily.timer
exe /usr/bin/systemctl disable apt-daily-upgrade.timer
exe /usr/bin/systemctl disable apt-daily.timer
exe /usr/bin/systemctl mask apt-daily.service
exe /usr/bin/systemctl daemon-reload
}
checkVpn() {
ip -br a | grep tun >>/dev/null 2>&1
[ $? -eq 0 ] && echoseq " [W] A VPN connection is possibly active. Consider deactivating it befor any apt operation."
} }
VERSION_SEQREV=12 VERSION_SEQREV=12