segregation+tool

.gitignore

@@ -0,0 +1,2 @@
+*.tar
+*.tar.gz

docker-compose.base.yml

@@ -43,29 +43,28 @@ services:
     networks:
       proxy:
 
-  smpxmc:
+  wireguard:
-    image: itzg/minecraft-server
+    image: lscr.io/linuxserver/wireguard:latest
-    container_name: smpxmc
+    container_name: wireguard
-    mem_limit: 32G
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
     environment:
-      EULA: "TRUE"
+      - PUID=1000
-      #ENABLE_RCON: "true"
+      - PGID=1000
-      #RCON_PASSWORD: "password"
+      - TZ=Europe/Amsterdam
-      #RCON_PORT: 28016
+      - SERVERURL=neo.faulty.nl
-      ENABLE_QUERY: "true" # exposes information about players etc.
+      - SERVERPORT=51820
-      SERVER_NAME: "FMS"
+      - PEERS=1
-      SPIGET_RESOURCES: "390,28140,34315,6245"
+      - PEERDNS=auto
-      MODS: "https://github.com/EssentialsX/Essentials/releases/download/2.19.7/EssentialsX-2.19.7.jar,https://mediafilez.forgecdn.net/files/3922/624/worldedit-bukkit-7.2.12.jar,https://github.com/NEZNAMY/TAB/releases/download/3.1.5/TAB.v3.1.5.jar,https://mediafilez.forgecdn.net/files/3677/516/worldguard-bukkit-7.0.7-dist.jar,https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsXChat-2.20.0-dev+18-4414eea.jar,https://mediafilez.forgecdn.net/files/3668/748/GriefPrevention.jar"
+      - INTERNAL_SUBNET=10.13.13.0
-      MODRINTH_DOWNLOAD_OPTIONAL_DEPENDENCIES: "true"
+      - ALLOWEDIPS=0.0.0.0/0
-      VANILLATWEAKS_SHARECODE: "yoptLT"
+      - LOG_CONFS=true
-      MOTD: "smexypexyminnekwaftserfer"
-      INIT_MEMORY: "4G"
-      MAX_MEMORY: "30G"
-      TYPE: "PAPER"
-      VERSION: "1.19.2"
-    restart: always  
-    ports:
-      - "25565:25565"
-     #- "28016:28016" # Rcon
     volumes:
-      - /srv/smpxmc/data:/data
+      - /srv/wireguard/config:/config
+      - /lib/modules:/lib/modules
+    ports:
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped

docker-compose.devops.yml

@@ -0,0 +1,24 @@
+version: '2.2'
+
+services:
+  gitea:
+    privileged: true
+    image: gitea/gitea:latest
+    environment:
+      - USER_UID=1000
+      - USER_GID=1002
+      - LETSENCRYPT_EMAIL=webmaster@faulty.nl
+      - LETSENCRYPT_HOST=git.faulty.nl
+      - VIRTUAL_HOST=git.faulty.nl
+      - VIRTUAL_PORT=3000
+    restart: always
+    networks:
+      - proxy
+    volumes:
+      - /srv/gitea/data:/data/git
+      - /srv/gitea/config:/data/gitea
+      - /srv/gitea/other/ssh:/data/ssh
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "22:22"

docker-compose.games.yml

@@ -0,0 +1,26 @@
+version: '2.2'
+
+services:
+  smpxmc:
+    image: itzg/minecraft-server
+    container_name: smpxmc
+    mem_limit: 32G
+    environment:
+      EULA: "TRUE"
+      ENABLE_QUERY: "true"
+      SERVER_NAME: "smexypexyminnekwaftserfer"
+      SPIGET_RESOURCES: "390,28140,34315,6245"
+      MODS: "https://github.com/EssentialsX/Essentials/releases/download/2.19.7/EssentialsX-2.19.7.jar,https://mediafilez.forgecdn.net/files/3922/624/worldedit-bukkit-7.2.12.jar,https://github.com/NEZNAMY/TAB/releases/download/3.1.5/TAB.v3.1.5.jar,https://mediafilez.forgecdn.net/files/3677/516/worldguard-bukkit-7.0.7-dist.jar,https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsXChat-2.20.0-dev+18-4414eea.jar,https://mediafilez.forgecdn.net/files/3668/748/GriefPrevention.jar"
+      MODRINTH_DOWNLOAD_OPTIONAL_DEPENDENCIES: "true"
+      VANILLATWEAKS_SHARECODE: "yoptLT"
+      MOTD: "smexypexyminnekwaftserfer"
+      INIT_MEMORY: "4G"
+      MAX_MEMORY: "32G"
+      TYPE: "PAPER"
+      VERSION: "1.19.2"
+    restart: always  
+    ports:
+      - "25565:25565"
+     #- "28016:28016" # Rcon
+    volumes:
+      - /srv/smpxmc/data:/data

docker-compose.media.yml

@@ -0,0 +1,128 @@
+version: '2.2'
+
+services: 
+  qbit:
+    image: dyonr/qbittorrentvpn
+    sysctls:
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv4.conf.all.src_valid_mark=1
+    cap_add:
+      - NET_ADMIN
+        #- SYS_MODULE
+    environment:
+      - LETSENCRYPT_HOST=q.famslof.nl
+      - VIRTUAL_HOST=q.famslof.nl
+      - VIRTUAL_PORT=8080
+      - LAN_NETWORK=192.168.0.0/24
+      - VPN_ENABLED=yes
+      - VPN_TYPE=wireguard
+      - INSTALL_PYTHON3=yes
+    volumes:
+      - /srv/qbit/config:/config
+      - /library/downloads:/downloads
+      - /library:/library
+    restart: unless-stopped
+    networks:
+      - proxy
+
+  radarr:
+    image: lscr.io/linuxserver/radarr:latest
+    container_name: radarr
+    environment:
+      - LETSENCRYPT_HOST=doubles.famslof.nl
+      - VIRTUAL_HOST=doubles.famslof.nl
+      - VIRTUAL_PORT=7878
+      - VIRTUAL_PATH=/radarr
+      - VIRTUAL_DEST=/
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    volumes:
+      - /srv/radarr/config:/config
+      - /library/movies:/movies #optional
+      - /library/downloads:/downloads #optional
+    restart: unless-stopped
+    networks:
+      - proxy
+    
+  sonarr:
+    image: lscr.io/linuxserver/sonarr:latest
+    container_name: sonarr
+    environment:
+      - LETSENCRYPT_HOST=doubles/.famslof.nl
+      - VIRTUAL_HOST=doubles.famslof.nl
+      - VIRTUAL_PORT=8989
+      - VIRTUAL_PATH=/sonarr
+      - VIRTUAL_DEST=/
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    volumes:
+      - /srv/sonarr/config:/config
+      - /library/shows:/tv #optional
+      - /library/downloads:/downloads #optional
+    restart: unless-stopped
+    networks:
+      - proxy
+
+  lidarr:
+    image: lscr.io/linuxserver/lidarr:latest
+    container_name: lidarr
+    environment:
+      - LETSENCRYPT_HOST=doubles.famslof.nl
+      - VIRTUAL_HOST=doubles.famslof.nl
+      - VIRTUAL_PORT=8686
+      - VIRTUAL_PATH=/lidarr
+      - VIRTUAL_DEST=/
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    volumes:
+      - /srv/lidarr/config:/config
+      - /library/music:/music #optional
+      - /library/downloads:/downloads #optional
+    restart: unless-stopped
+    networks:
+      - proxy
+
+  jackett:
+    image: lscr.io/linuxserver/jackett:latest
+    container_name: jackett
+    environment:
+      - LETSENCRYPT_HOST=doubles.famslof.nl
+      - VIRTUAL_HOST=doubles.famslof.nl
+      - VIRTUAL_PORT=9117
+      - VIRTUAL_HOST=/jackett
+      - VIRTUAL_DEST=/
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    links:
+      - flaresolverr
+    volumes:
+      - /srv/jackett/config:/config
+      - /library/downloads:/downloads
+    restart: unless-stopped
+    networks:
+      - proxy
+
+  flaresolverr:
+    image: ghcr.io/flaresolverr/flaresolverr:latest
+    container_name: flaresolverr
+
+  jellyfin:
+    image: lscr.io/linuxserver/jellyfin:latest
+    container_name: jellyfin
+    environment:
+      - LETSENCRYPT_HOST=fin.famslof.nl
+      - VIRTUAL_HOST=fin.famslof.nl
+      - VIRTUAL_PORT=8096
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    volumes:
+      - /srv/jellyfin/config:/config
+      - /library:/data
+    restart: unless-stopped
+    networks:
+      - proxy

man

@@ -0,0 +1,82 @@
+#!/bin/sh
+
+PROJECT_NAME=${PROJECT_NAME:-neo}
+BLACKLIST=""
+
+alias dc="docker-compose -p $PROJECT_NAME"
+# alias dc="echo docker-compose -p $PROJECT_NAME"
+
+fatal() {
+    echo "FATAL: $@"
+    exit 1
+}
+
+only() {
+    FILE="docker-compose.$1.yml"; shift
+    default() {
+        dc -f $FILE $@
+    }
+    handleFallthrough $@
+}
+
+default() {
+    file_opts=""
+    for f in docker-compose.*.yml; do
+        # echo $BLACKLIST | grep -q $f && continue
+        echo $BLACKLIST | grep -q $(echo $f | cut -d. -f2) && continue
+        file_opts="$file_opts -f $f"
+    done
+    dc $file_opts $@
+}
+
+handleFallthrough() {
+    cmd=${1:-}; shift
+    case $cmd in
+        only) only $@ ;;
+        delete-project-files|dpf)
+            [ -n "$1" ] || fatal "no directory specified"
+            [ -d /srv/$1 ] || fatal "directory doesn't exist"
+            ls /srv/$1
+            printf "Are you sure? (yes/no) [no]: "
+            read answer
+            [ "$answer" = "yes" ] && sudo rm -rf /srv/$1 || fatal "cancelled"
+        ;;
+
+        -b)
+            BLACKLIST="$BLACKLIST $1"; shift
+            handleFallthrough $@
+        ;; 
+
+        setup-all) 
+            sh utils/setup.sh
+        ;;
+
+        make:*)
+            WHAT=`echo $cmd | cut -c6-`
+            case $WHAT in
+                dc|docker-compose)
+                    [ -n "$1" ] || fatal "no name specified"
+                    FILE="docker-compose.$1.yml"
+                    [ -f $FILE ] && fatal "file exists"
+                    echo -e "version: '2.2'\n" > $FILE
+                    echo -e "services: \n" >> $FILE
+                ;;
+                backup)
+                    [ -n "$1" ] || fatal "no name specified"
+                    FILE="$1.tar.gz"
+                    [ -f $FILE ] && fatal "file exists"
+                    tar cvf $FILE /srv .
+                ;;
+                *) fatal "not supported" ;;
+            esac
+        ;;
+
+        # preference
+        logs) default logs --tail=20 -f $@ ;;
+        up) default up -d $@ ;;
+
+        default|*|'') default $cmd $@ ;;
+    esac
+}
+
+handleFallthrough $@

utils/setup.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+fatal() {
+    echo "FATAL: $@"
+    exit 1
+}
+
+echo "# installing docker"
+sudo apt update || fatal "something went wrong"
+sudo apt install docker* || fatal "something went wrong"
+
+echo "# check groups"
+groups | grep docker || sudo usermod $USER -aG docker
+fatal "please relog to enter docker group"
+
+echo "# network"
+docker network create proxy