WiP

restic-server/Makefile

@@ -0,0 +1,22 @@
+##
+## Makefile for Restic REST Server quadlet
+##
+
+DEPENDENCIES = traefik
+
+# Restic REST Server quadlet is mapped to the 10022 user (restic) and 10000 group (itix-svc)
+PROJECT_UID = 10022
+PROJECT_GID = 10000
+
+TOP_LEVEL_DIR := ..
+include $(TOP_LEVEL_DIR)/Makefile.common
+
+SYSTEMD_MAIN_UNIT_NAMES += restic-server.service
+
+TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*))
+
+install-examples: $(TARGET_TRAEFIK_FILES)
+
+$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/%
+	install -m 0644 -o 10001 -g 10000 $< $@
+

restic-server/other/traefik/restic.yaml

@@ -0,0 +1,23 @@
+http:
+  middlewares:
+    ip_from_internal_network:
+      IPAllowList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.0.0/16"
+  routers:
+    restic:
+      rule: "Host(`restic`)"
+      entryPoints:
+      - http
+      #- https
+      middlewares:
+      - ip_from_internal_network
+      service: restic
+      #tls:
+      #  certResolver: le
+  services:
+    restic:
+      loadBalancer:
+        servers:
+        - url: "http://localhost:8080"

restic-server/overlay.bu

@@ -0,0 +1,9 @@
+variant: fcos
+version: 1.4.0
+passwd:
+  users:
+  - name: restic
+    uid: 10022
+    gecos: Restic
+    home_dir: /var/lib/quadlets/restic
+    primary_group: itix-svc

restic-server/restic-server.container

@@ -0,0 +1,31 @@
+[Unit]
+Description=Restic REST Server
+After=local-fs.target network-online.target
+Wants=network-online.target
+RequiresMountsFor=/var/lib/virtiofs/data /var
+
+[Container]
+ContainerName=restic
+
+# Image
+Image=docker.io/restic/rest-server:latest
+AutoUpdate=registry
+
+# Security
+User=10022
+Group=10000
+
+# Storage
+Volume=/var/lib/virtiofs/data/restic-server:/data:z
+Volume=/var/lib/quadlets/restic-server/log:/var/log/restic:z
+
+# Network
+AddCapability=CAP_NET_BIND_SERVICE
+Network=host
+
+# Configuration
+Environment=OPTIONS="--append-only --listen 127.0.0.1:8080 --log /var/log/restic/rest-server.log --private-repos --prometheus --prometheus-no-auth"
+
+[Install]
+# Start by default on boot
+WantedBy=multi-user.target

restic-server/tmpfiles.d/restic-server.conf

@@ -0,0 +1,2 @@
+d$ /var/lib/virtiofs/data/restic-server 0700 10022 10000 -
+d$ /var/lib/quadlets/restic-server/log 0755 10022 10000 -

seedbox/Makefile

@@ -0,0 +1,24 @@
+##
+## Makefile for Seedbox quadlet
+##
+
+DEPENDENCIES = traefik
+
+# Seedbox quadlet is mapped to the 10017 user (seedbox) and 10000 group (itix-svc)
+PROJECT_UID = 10017
+PROJECT_GID = 10000
+
+TOP_LEVEL_DIR := ..
+include $(TOP_LEVEL_DIR)/Makefile.common
+
+TARGET_TRAEFIK_FILES = $(patsubst other/traefik/%, $(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%, $(wildcard other/traefik/*))
+TARGET_SAMBA_FILES = $(patsubst other/samba/%, $(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%, $(wildcard other/samba/*))
+
+install-examples: $(TARGET_TRAEFIK_FILES) $(TARGET_SAMBA_FILES)
+
+$(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d/%: other/samba/%
+	install -m 0644 -o root -g root $< $@
+
+$(TARGET_CHROOT)/etc/quadlets/traefik/conf.d/%: other/traefik/%
+	install -m 0644 -o 10001 -g 10000 $< $@
+

seedbox/flaresolverr.container

@@ -0,0 +1,27 @@
+[Unit]
+Description=Proxy server to bypass Cloudflare protection
+Documentation=https://github.com/FlareSolverr/FlareSolverr/
+Wants=network-online.target
+After=network-online.target
+
+[Container]
+ContainerName=flaresolverr
+
+# Image
+Image=ghcr.io/flaresolverr/flaresolverr:latest
+AutoUpdate=registry
+
+# Security
+# <by default it runs as "flaresolverr">
+
+# Storage
+# <no storage>
+
+# Network
+Network=host
+
+# Configuration
+Environment=LOG_LEVEL=debug TZ=Europe/Paris HOST=127.0.0.1 PROMETHEUS_ENABLED=true PROMETHEUS_PORT=8192 LANG=fr_FR
+
+[Install]
+WantedBy=seedbox.target

seedbox/jellyfin.container

@@ -0,0 +1,34 @@
+[Unit]
+Description= The Free Software Media System
+Documentation=https://docs.linuxserver.io/images/docker-jellyfin/
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/lib/virtiofs/data
+ConditionPathIsMountPoint=/var/lib/virtiofs/data
+
+[Container]
+ContainerName=jellyfin
+
+# Image
+Image=lscr.io/linuxserver/jellyfin:latest
+AutoUpdate=registry
+
+# Security
+User=10017
+Group=10000
+
+# Storage
+Volume=/var/lib/virtiofs/data/jellyfin/config:/config:z
+Volume=/var/lib/virtiofs/data/storage/media:/data:z
+
+# Network
+AddCapability=CAP_NET_BIND_SERVICE
+Network=host
+
+# Configuration
+Environment=PUID=10017 PGID=10000 JELLYFIN_DATA_DIR=/config/data JELLYFIN_CONFIG_DIR=/config JELLYFIN_LOG_DIR=/config/log JELLYFIN_CACHE_DIR=/config/cache JELLYFIN_WEB_DIR=/usr/share/jellyfin/web TZ=Etc/UTC
+Entrypoint=/usr/bin/jellyfin
+Exec=--ffmpeg=/usr/lib/jellyfin-ffmpeg/ffmpeg
+
+[Install]
+WantedBy=seedbox.target

seedbox/lidarr.container

@@ -0,0 +1,35 @@
+[Unit]
+Description=Smart PVR for newsgroup and bittorrent users.
+Documentation=https://docs.linuxserver.io/images/docker-lidarr/
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/lib/virtiofs/data
+ConditionPathIsMountPoint=/var/lib/virtiofs/data
+
+[Container]
+ContainerName=lidarr
+
+# Image
+Image=lscr.io/linuxserver/lidarr:latest
+AutoUpdate=registry
+
+# Security
+User=10017
+Group=10000
+
+# Storage
+Volume=/var/lib/virtiofs/data/lidarr/config:/config:z
+Volume=/var/lib/virtiofs/data/storage:/data:z
+
+# Network
+AddCapability=CAP_NET_BIND_SERVICE
+Network=host
+
+# Configuration
+Environment=PUID=10017 PGID=10000 TZ=Etc/UTC HOME=/config TMPDIR=/config/tmp
+Entrypoint=/app/lidarr/bin/Lidarr
+Exec=-nobrowser -data=/config
+WorkingDir=/app/lidarr/bin
+
+[Install]
+WantedBy=seedbox.target

seedbox/other/samba/10-shares.conf

@@ -0,0 +1,28 @@
+server string = Seedbox
+
+[media]
+path = /data/storage/media
+comment = Media
+valid users = @itix
+write list = @itix
+group = itix
+directory mask = 0775
+create mask = 0664
+
+[downloads]
+path = /data/storage/downloads
+comment = Downloads
+valid users = @itix
+write list = @itix
+group = itix
+directory mask = 0775
+create mask = 0664
+
+[import]
+path = /data/storage/import
+comment = Imports
+valid users = @itix
+write list = @itix
+group = itix
+directory mask = 0775
+create mask = 0664

seedbox/other/traefik/jellyfin.yaml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    jellyfin:
+      rule: "Host(`jellyfin`)"
+      entryPoints:
+      #- https
+      - http
+      middlewares:
+      service: "jellyfin"
+      #tls:
+      #  certResolver: le
+  services:
+    jellyfin:
+      loadBalancer:
+        servers:
+        - url: "http://127.0.0.1:8096"

seedbox/other/traefik/lidarr.yaml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    lidarr:
+      rule: "Host(`lidarr`)"
+      entryPoints:
+      #- https
+      - http
+      middlewares:
+      service: "lidarr"
+      #tls:
+      #  certResolver: le
+  services:
+    lidarr:
+      loadBalancer:
+        servers:
+        - url: "http://127.0.0.1:8686"

seedbox/other/traefik/prowlarr.yaml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    prowlarr:
+      rule: "Host(`prowlarr`)"
+      entryPoints:
+      #- https
+      - http
+      middlewares:
+      service: "prowlarr"
+      #tls:
+      #  certResolver: le
+  services:
+    prowlarr:
+      loadBalancer:
+        servers:
+        - url: "http://127.0.0.1:9696"

seedbox/other/traefik/qbittorrent.yaml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    qbittorrent-webui:
+      rule: "Host(`qbittorrent`)"
+      entryPoints:
+      #- https
+      - http
+      middlewares:
+      service: "qbittorrent-webui"
+      #tls:
+      #  certResolver: le
+  services:
+    qbittorrent-webui:
+      loadBalancer:
+        servers:
+        - url: "http://127.0.0.1:8080"

seedbox/other/traefik/radarr.yaml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    radarr:
+      rule: "Host(`radarr`)"
+      entryPoints:
+      #- https
+      - http
+      middlewares:
+      service: "radarr"
+      #tls:
+      #  certResolver: le
+  services:
+    radarr:
+      loadBalancer:
+        servers:
+        - url: "http://127.0.0.1:7878"

seedbox/other/traefik/sonarr.yaml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    sonarr:
+      rule: "Host(`sonarr`)"
+      entryPoints:
+      #- https
+      - http
+      middlewares:
+      service: "sonarr"
+      #tls:
+      #  certResolver: le
+  services:
+    sonarr:
+      loadBalancer:
+        servers:
+        - url: "http://127.0.0.1:8989"

seedbox/overlay.bu

@@ -0,0 +1,9 @@
+variant: fcos
+version: 1.4.0
+passwd:
+  users:
+  - name: seedbox
+    uid: 10017
+    gecos: seedbox
+    home_dir: /var/lib/quadlets/seedbox
+    primary_group: itix-svc

seedbox/prowlarr.container

@@ -0,0 +1,35 @@
+[Unit]
+Description=Prowlarr is an indexer manager/proxy built on the popular *arr .net/reactjs base stack to integrate with your various PVR apps.
+Documentation=https://docs.linuxserver.io/images/docker-prowlarr/
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/lib/virtiofs/data
+ConditionPathIsMountPoint=/var/lib/virtiofs/data
+
+[Container]
+ContainerName=prowlarr
+
+# Image
+Image=lscr.io/linuxserver/prowlarr:latest
+AutoUpdate=registry
+
+# Security
+User=10017
+Group=10000
+
+# Storage
+Volume=/var/lib/virtiofs/data/prowlarr/config:/config:z
+Volume=/var/lib/virtiofs/data/storage:/data:z
+
+# Network
+AddCapability=CAP_NET_BIND_SERVICE
+Network=host
+
+# Configuration
+Environment=PUID=10017 PGID=10000 TZ=Etc/UTC HOME=/config TMPDIR=/config/tmp
+Entrypoint=/app/prowlarr/bin/Prowlarr
+Exec=-nobrowser -data=/config
+WorkingDir=/app/prowlarr/bin
+
+[Install]
+WantedBy=seedbox.target

seedbox/qbittorrent.container

@@ -0,0 +1,36 @@
+[Unit]
+Description=qBittorrent client
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/lib/virtiofs/data
+ConditionPathIsMountPoint=/var/lib/virtiofs/data
+
+[Container]
+ContainerName=qbittorrent
+
+# Image
+Image=lscr.io/linuxserver/qbittorrent:latest
+AutoUpdate=registry
+
+# Security
+User=10017
+Group=10000
+
+# Storage
+Volume=/var/lib/virtiofs/data/qbittorrent/config:/config:z
+Volume=/var/lib/virtiofs/data/storage:/data:z
+
+# This volume is required for torrents migrated from the old seedbox
+Volume=/var/lib/virtiofs/data/storage/downloads:/downloads:z
+
+# Network
+AddCapability=CAP_NET_BIND_SERVICE
+Network=host
+
+# Configuration
+Environment=PUID=10017 PGID=10000 TZ=Etc/UTC WEBUI_PORT=8080
+Entrypoint=/usr/bin/qbittorrent-nox
+Exec=--webui-port=8080
+
+[Install]
+WantedBy=seedbox.target

seedbox/radarr.container

@@ -0,0 +1,35 @@
+[Unit]
+Description=Radarr is a movie collection manager for Usenet and BitTorrent users.
+Documentation=https://docs.linuxserver.io/images/docker-radarr/
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/lib/virtiofs/data
+ConditionPathIsMountPoint=/var/lib/virtiofs/data
+
+[Container]
+ContainerName=radarr
+
+# Image
+Image=lscr.io/linuxserver/radarr:latest
+AutoUpdate=registry
+
+# Security
+User=10017
+Group=10000
+
+# Storage
+Volume=/var/lib/virtiofs/data/radarr/config:/config:z
+Volume=/var/lib/virtiofs/data/storage:/data:z
+
+# Network
+AddCapability=CAP_NET_BIND_SERVICE
+Network=host
+
+# Configuration
+Environment=PUID=10017 PGID=10000 TZ=Etc/UTC HOME=/config TMPDIR=/config/tmp
+Entrypoint=/app/radarr/bin/Radarr
+Exec=-nobrowser -data=/config
+WorkingDir=/app/radarr/bin
+
+[Install]
+WantedBy=seedbox.target

seedbox/seedbox.target

@@ -0,0 +1,11 @@
+[Unit]
+Description=Seedbox Service Target
+Documentation=man:systemd.target(5)
+Requires=radarr.service sonarr.service lidarr.service prowlarr.service qbittorrent.service jellyfin.service flaresolverr.service
+After=radarr.service sonarr.service lidarr.service prowlarr.service qbittorrent.service jellyfin.service flaresolverr.service
+
+# Allow isolation - can stop/start this target independently
+AllowIsolate=yes
+
+[Install]
+WantedBy=multi-user.target

seedbox/sonarr.container

@@ -0,0 +1,36 @@
+[Unit]
+Description=Smart PVR for newsgroup and bittorrent users.
+Documentation=https://docs.linuxserver.io/images/docker-sonarr/
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/var/lib/virtiofs/data
+ConditionPathIsMountPoint=/var/lib/virtiofs/data
+
+[Container]
+ContainerName=sonarr
+
+# Image
+Image=lscr.io/linuxserver/sonarr:latest
+AutoUpdate=registry
+
+# Security
+User=10017
+Group=10000
+
+# Storage
+Volume=/var/lib/virtiofs/data/sonarr/config:/config:z
+Volume=/var/lib/virtiofs/data/storage:/data:z
+
+# Network
+AddCapability=CAP_NET_BIND_SERVICE
+Network=host
+
+# Configuration
+Environment=PUID=10017 PGID=10000 TZ=Etc/UTC HOME=/config TMPDIR=/config/tmp
+
+Entrypoint=/app/sonarr/bin/Sonarr
+Exec=-nobrowser -data=/config
+WorkingDir=/app/sonarr/bin
+
+[Install]
+WantedBy=seedbox.target

seedbox/sysctl.d/seedbox.conf

@@ -0,0 +1 @@
+fs.inotify.max_user_instances=8192

seedbox/tmpfiles.d/seedbox.conf

@@ -0,0 +1,22 @@
+d$ /var/lib/virtiofs/data/storage 0755 0 0 -
+d$ /var/lib/virtiofs/data/storage/media 0775 10017 10000 -
+d$ /var/lib/virtiofs/data/storage/media/movies 0775 10017 10000 -
+d$ /var/lib/virtiofs/data/storage/media/series 0775 10017 10000 -
+d$ /var/lib/virtiofs/data/storage/media/music 0775 10017 10000 -
+d$ /var/lib/virtiofs/data/storage/downloads 0775 10017 10000 -
+d$ /var/lib/virtiofs/data/storage/torrents 0775 10017 10000 -
+d$ /var/lib/virtiofs/data/storage/import 0775 10017 10000 -
+d$ /var/lib/virtiofs/data/radarr 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/radarr/config 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/radarr/config/tmp 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/radarr/config/xdg 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/sonarr 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/sonarr/config 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/sonarr/config/tmp 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/sonarr/config/xdg 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/prowlarr 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/prowlarr/config 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/prowlarr/config/tmp 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/prowlarr/config/xdg 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/jellyfin 0700 10017 10000 -
+d$ /var/lib/virtiofs/data/jellyfin/config 0700 10017 10000 -

vsftpd/vsftpd-build.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Rebuild the vsftpd container image
+PartOf=vsftpd.target
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+
+[Install]
+WantedBy=vsftpd.target