From 182023b312c3aab08006f4d403e5630036d0d6a1 Mon Sep 17 00:00:00 2001 From: zulumann Date: Thu, 10 Apr 2025 11:30:22 +0200 Subject: [PATCH] 2025.04.10_11:30 --- Docker/freshrss/docker-compose.yml | 2 +- Docker/gotify/docker-compose.yml | 16 + Docker/netbootxyz/docker-compose.yml | 25 + Docker/uptimekuma/docker-compose.yaml | 13 + Docker/yacht/docker-compose.yaml | 18 + LXC-Debian/PVE01_LXC_Debian_Apt-Cache.sh | 63 +++ LXC-Debian/PVE01_LXC_Debian_Fileserver01.sh | 501 ++++++++++++++++++++ LXC-Debian/PVE01_LXC_Debian_Freshrss.sh | 240 ++++++++++ LXC-Debian/PVE01_LXC_Debian_Gitea.sh | 102 ++++ LXC-Debian/PVE01_LXC_Debian_Jellyfin.sh | 70 +++ LXC-Debian/PVE01_LXC_Debian_MariaDB.sh | 109 +++++ LXC-Debian/PVE01_LXC_Debian_PBS.sh | 43 ++ LXC-Debian/PVE01_LXC_Debian_Seedbox.sh | 200 ++++++++ LXC-Debian/PVE01_LXC_Debian_Syncthing.sh | 106 +++++ LXC-Debian/PVE01_LXC_Debian_jDownloader.sh | 71 +++ 15 files changed, 1578 insertions(+), 1 deletion(-) create mode 100644 Docker/gotify/docker-compose.yml create mode 100644 Docker/netbootxyz/docker-compose.yml create mode 100644 Docker/uptimekuma/docker-compose.yaml create mode 100644 Docker/yacht/docker-compose.yaml create mode 100644 LXC-Debian/PVE01_LXC_Debian_Apt-Cache.sh create mode 100644 LXC-Debian/PVE01_LXC_Debian_Fileserver01.sh create mode 100644 LXC-Debian/PVE01_LXC_Debian_Freshrss.sh create mode 100644 LXC-Debian/PVE01_LXC_Debian_Gitea.sh create mode 100644 LXC-Debian/PVE01_LXC_Debian_Jellyfin.sh create mode 100644 LXC-Debian/PVE01_LXC_Debian_MariaDB.sh create mode 100644 LXC-Debian/PVE01_LXC_Debian_PBS.sh create mode 100644 LXC-Debian/PVE01_LXC_Debian_Seedbox.sh create mode 100644 LXC-Debian/PVE01_LXC_Debian_Syncthing.sh create mode 100644 LXC-Debian/PVE01_LXC_Debian_jDownloader.sh diff --git a/Docker/freshrss/docker-compose.yml b/Docker/freshrss/docker-compose.yml index 8d46b6a..56f0ab2 100644 --- a/Docker/freshrss/docker-compose.yml +++ b/Docker/freshrss/docker-compose.yml @@ -10,7 +10,7 @@ services: - PGID=1000 - TZ=Europe/Berlin volumes: - - /path/to/data:/config + - ./data:/config ports: - 80:80 labels: diff --git a/Docker/gotify/docker-compose.yml b/Docker/gotify/docker-compose.yml new file mode 100644 index 0000000..9314250 --- /dev/null +++ b/Docker/gotify/docker-compose.yml @@ -0,0 +1,16 @@ +version: '3.8' +services: + gotify: + image: gotify/server:latest + container_name: gotify + environment: + - GOTIFY_DEFAULTUSER_PASS=custom + - TZ=Europe/Berlin + #- GOTIFY_REGISTRATION=false + volumes: + - "./gotify_data:/app/data" + ports: + - 8083:8080 + restart: unless-stopped + labels: + - "com.centurylinklabs.watchtower.enable=true" diff --git a/Docker/netbootxyz/docker-compose.yml b/Docker/netbootxyz/docker-compose.yml new file mode 100644 index 0000000..6e3a345 --- /dev/null +++ b/Docker/netbootxyz/docker-compose.yml @@ -0,0 +1,25 @@ +--- +version: '3.8' +services: + netbootxyz: + image: lscr.io/linuxserver/netbootxyz:latest + container_name: netbootxyz + restart: unless-stopped + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - MENU_VERSION=1.9.9 #optional + - PORT_RANGE=30000:30010 #optional + - SUBFOLDER=/ #optional + - NGINX_PORT=80 #optional + - WEB_APP_PORT=3000 #optional + volumes: + - ./netbootxyz/config:/config + - ./netbootxyz/assets:/assets #optional + ports: + - 3000:3000 + - 69:69/udp + - 8080:80 #optional + labels: + - com.centurylinklabs.watchtower.enable=true diff --git a/Docker/uptimekuma/docker-compose.yaml b/Docker/uptimekuma/docker-compose.yaml new file mode 100644 index 0000000..fa9fa38 --- /dev/null +++ b/Docker/uptimekuma/docker-compose.yaml @@ -0,0 +1,13 @@ +--- +version: '3.8' +services: + uptimekuma: + image: louislam/uptime-kuma:latest + container_name: uptime-kuma + restart: always + volumes: + - ./kuma-data:/app/data + ports: + - 3001:3001 + labels: + - "com.centurylinklabs.watchtower.enable=true" diff --git a/Docker/yacht/docker-compose.yaml b/Docker/yacht/docker-compose.yaml new file mode 100644 index 0000000..cd6ac0c --- /dev/null +++ b/Docker/yacht/docker-compose.yaml @@ -0,0 +1,18 @@ +# username admin@yacht.local password pass +--- +version: '3.8' +services: + yacht: + container_name: yacht + image: selfhostedpro/yacht:latest + volumes: + - ./yacht:/config + - /var/run/docker.sock:/var/run/docker.sock + ports: + - 8000:8000 + restart: unless-stopped + labels: + - "com.centurylinklabs.watchtower.enable=true" + +volumes: + yacht: diff --git a/LXC-Debian/PVE01_LXC_Debian_Apt-Cache.sh b/LXC-Debian/PVE01_LXC_Debian_Apt-Cache.sh new file mode 100644 index 0000000..385c942 --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_Apt-Cache.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: aptcache.dmz.lan +# +# IP: 192.168.50.10/24 +# +# URL: http://192.168.50.10:3142/acng-report.html +# +# OS: Debain 12 +# +# Container ID: 100 +# +# Node: PVE01 +# +################################################################################ +# +# root pass: master_user@apt-cacher#01 +# admin pass: admin_user@apt-cacer#01 +# +################################################################################ + +apt install -y \ + avahi-daemon \ + apt-cacher-ng \ + apt-listchanges \ + apt-transport-https + +# mkdir /var/cache/apt-cacher-ng/_import +# chown -R apt-cacher-ng /var/cache/apt-cacher-ng/_import + +echo "PassThroughPattern: ^(.*):443$" >> /etc/apt-cacher-ng/acng.conf + + +echo -e '\033[33m------Setup Apt-Sources and Upgrade System------\033[33m' +echo -e "\033[0m" +sleep 2 +mv /etc/apt/sources.list /etc/apt/sources.list.default +cat > /etc/apt/sources.list <<"EOF" +#deb http://127.0.0.1:3142/ftp.de.debian.org/debian/ stable main contrib non-free non-free-firmware +#deb http://127.0.0.1:3142/ftp.de.debian.org/debian/ stable-updates main contrib non-free non-free-firmware +#deb http://127.0.0.1:3142/security.debian.org/ stable/updates main contrib non-free non-free-firmware + +deb http://127.0.0.1:3142/deb.debian.org/debian bookworm main contrib non-free non-free-firmware +deb http://127.0.0.1:3142/deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware +deb http://127.0.0.1:3142/deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware +deb http://127.0.0.1:3142/ftp.debian.org/debian bookworm-backports main contrib non-free non-free-firmware +EOF + + +apt autoremove && apt autoclean && apt clean diff --git a/LXC-Debian/PVE01_LXC_Debian_Fileserver01.sh b/LXC-Debian/PVE01_LXC_Debian_Fileserver01.sh new file mode 100644 index 0000000..cf5f158 --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_Fileserver01.sh @@ -0,0 +1,501 @@ +#!/bin/bash +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: fileserver01.home.lan +# +# IP: 192.168.10.58/24 +# +# OS: Debain 12 +# +# Container ID: 119 +# +# Node: PVE01 +# +################################################################################ +# +# root pass: master_user@apt-cacher#01 +# +################################################################################ +# +# echo 'mp0: /storage01/fileserver,mp=/mnt/storage01' >> /etc/pve/nodes/pve01/lxc/119.conf +# echo 'mp1: /storage02/fileserver,mp=/mnt/storage02' >> /etc/pve/nodes/pve01/lxc/119.conf +# +################################################################################ + +echo -e '\033[33m------Samba-Server------\033[33m' +echo -e "\033[0m" +sleep 2 +apt install -y avahi-daemon avahi-utils + +cat > /etc/avahi/services/smb.service <<"EOF" + + + + %h - SMB/CIFS + + _smb._tcp + 445 + + +EOF + + +apt install -y samba samba-common smbclient cifs-utils wsdd + +mv /etc/samba/smb.conf /etc/samba/smb.conf.default +cat > /etc/samba/smb.conf <<"EOF" +#======================= Global Settings ======================= +[global] +workgroup = WORKGROUP +server role = standalone server +server string = Samba-Server auf %h (Samba %v) +# server smb encrypt = desired +server min protocol = SMB2 +server max protocol = SMB3_11 +client min protocol = SMB2 +client max protocol = SMB3_11 +netbios name = fileserver01 +#disable netbios = yes +#server string = no +unix extensions = yes +unix charset = UTF8 +dos charset = cp866 +wide links = no +follow symlinks = no + +####### Authentication ####### +obey pam restrictions = yes +unix password sync = yes +passwd program = /usr/bin/passwd %u +passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . +pam password change = yes +map to guest = bad user +guest account = nobody +invalid users = root +security = user + +### Tuning ### +socket options = TCP_NODELAY IPTOS_LOWDELAY +use sendfile = yes +getwd cache = yes +stat cache = yes +min receivefile size = 16384 +write raw = Yes +read raw = Yes +max xmit = 32768 +deadtime = 15 +keepalive = 150 +sync always = no +large readwrite = yes +strict sync = no +strict allocate = Yes +strict locking = auto +server multi channel support = yes +aio write size = 16384 +aio read size = 16384 +idmap cache time = 604 + +#### Networking #### +interfaces = 127.0.0.0/8 eth0 +bind interfaces only = yes +hosts allow = 127.0.0.0/8 192.168.10.0/24 192.168.20.0/24 192.168.70.0/24 192.168.200.0/24 +hosts deny = all + +### Browsing election options ### +wins support = no +name resolve order = host bcast lmhosts +multicast dns register = no +dns forwarder = 192.168.10.1 +dns proxy = yes + +#### Debugging/Accounting #### +log level = 1 +log file = /var/log/samba/log.%m +max log size = 1000 +logging = file +panic action = /usr/share/samba/panic-action %d + +### Printer ### +load printers = no +printing = bsd +printcap name = /dev/null +disable spoolss = yes + +include = /etc/samba/shares.conf +EOF + +cat > /etc/samba/shares.conf <<"EOF" +[Homes] +path = /mnt/storage01/homes/%S +comment = Home Directories +browseable = yes +read only = no +create mask = 0775 +directory mask = 0775 + +root preexec = /usr/local/sbin/mktrash %S +vfs object = recycle +recycle:repository = /home/%S/.Trash +recycle:directory_mode = 0750 +recycle:keeptree = Yes +recycle:touch = Yes +recycle:maxsize = 1000000 +recycle:versions = Yes +recycle:noversions = *.ini | *.dat +recycle:exclude = *.TMP | *.tmp | ~$*.doc 3 +recycle:exclude_dir = tmp | temp | cache + + +[Appz] +path = /mnt/storage01/appz +comment = Programme,Games,ISO +valid users = @smbadmin,@sambashare +read only = no +browseable = yes +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +public = no +read list = @sambashare +write list = @smbadmin + +[Backup] +path = /mnt/storage01/backup +comment = Backup +valid users = @smbadmin,@sambashare +read only = no +browseable = yes +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +public = no +write list = @smbadmin,@sambashare + +[Dateien] +path = /mnt/storage01/files +comment = Bilder,eBooks,usw +valid users = @smbadmin,@sambashare +read only = no +browseable = yes +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +public = no +read list = @sambashare +write list = @smbadmin + +[Downloads] +path = /mnt/storage01/downloads +comment = Downloads +valid users = @smbadmin,@kodi +read only = no +browseable = yes +create mask = 0777 +force create mode = 0777 +directory mask = 0777 +force directory mode = 0777 +public = no +write list = @smbadmin +read list = @kodi + +[Multimedia] +path = /mnt/storage02/multimedia +comment = Filme,Musik,Videos +read only = no +browseable = yes +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +guest ok = yes +public = yes +valid users = @smbadmin,@sambashare +read list = @sambashare +write list = @smbadmin + +[Share] +path = /mnt/storage01/share +comment = Datenaustausch +read only = no +browseable = yes +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +guest ok = no +public = no +valid users = @smbadmin,@sambashare +read list = @smbadmin,@sambashare +write list = @smbadmin,@sambashare + +[Public] +path = /mnt/storage01/public +comment = Datenaustausch +read only = no +browseable = yes +guest ok = yes +public = yes +create mask = 0777 +force create mode = 0777 +directory mask = 0777 +force directory mode = 0777 + +[ISOs] +#path = /mnt/storage01/iso/template/iso +path = /mnt/storage01/iso +comment = ISOs +read only = no +browseable = yes +create mask = 0777 +force create mode = 0777 +directory mask = 0777 +force directory mode = 0777 +guest ok = yes +public = yes +write list = @smbadmin,@sambashare + +[Syncthing] +path = /mnt/storage01/syncthing +comment = Syncthing +valid users = @smbadmin +read only = yes +browseable = yes +public = no +create mask = 0777 +force create mode = 0777 +directory mask = 0777 +force directory mode = 0777 +read list = @smbadmin +#write list = @smbadmin + +[XXX] +path = /mnt/storage02/xxx +comment = xxx +valid users = @smbadmin +read only = no +browseable = yes +public = no +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +#read list = +write list = @smbadmin + +[wsus] +path = /mnt/storage01/wsus +comment = Windows Updates +writable = yes +browseable = yes +guest ok = yes +create mask = 0777 +force create mode = 0777 +directory mask = 0777 +force directory mode = 0777 +public = yes + +[Win-Install] +path = /mnt/storage01/winsetup +comment = Windows Install +writable = yes +browseable = yes +guest ok = yes +create mask = 0777 +force create mode = 0777 +directory mask = 0777 +force directory mode = 0777 +public = no +write list = @smbadmin + +[Yandex-Disk] +path = /mnt/storage01/yandex-disk +comment = Yandex-Disk +valid users = @smbadmin +read only = no +browseable = yes +create mask = 0664 +force create mode = 0664 +directory mask = 0775 +force directory mode = 0775 +public = no +write list = @smbadmin +EOF + +echo -e '\033[33m------Setup User and Group------\033[33m' +echo -e "\033[0m" +sleep 2 +groupadd --system smbadmin +groupadd --system sambashare + +echo -e '\033[33m------ADDUSER ULRIKE------\033[33m' +echo -e "\033[0m" +sleep 2 +useradd --system --no-create-home --group sambashare -s /bin/false ulrike && smbpasswd -a ulrike && smbpasswd -e ulrike + +echo -e '\033[33m------ADDUSER KODI------\033[33m' +echo -e "\033[0m" +sleep 2 +useradd --system --no-create-home --group sambashare -s /bin/false kodi && smbpasswd -a kodi && smbpasswd -e kodi + +echo -e '\033[33m------ADDUSER Media------\033[33m' +echo -e "\033[0m" +sleep 2 +useradd --system --no-create-home --group sambashare -s /bin/false media && smbpasswd -a media && smbpasswd -e media + + +echo -e '\033[33m------ADDUSER ZULUMANN------\033[33m' +echo -e "\033[0m" +sleep 2 +useradd --system --no-create-home --group smbadmin -s /bin/false zulumann && smbpasswd -a zulumann && smbpasswd -e zulumann + +echo -e '\033[33m------ADDUSER nobody------\033[33m' +echo -e "\033[0m" +sleep 2 +#smbpasswd -an nobody + +systemctl restart smbd.service +systemctl restart nmbd.service +systemctl restart avahi-daemon + + + +echo -e '\033[33m------Install Rsync-Server------\033[33m' +echo -e "\033[0m" +sleep 2 +apt install -y xinetd rsync + +# RSYNC_ENABLE +sed -i 's/RSYNC_ENABLE=false/RSYNC_ENABLE=true/g' /etc/default/rsync + +cat > /etc/rsyncd.conf <<"EOF" +#global (globale einstellung) +pid file = /var/run/rsyncd.pid +lock file = /var/run/rsync.lock +log file = /var/log/rsync.log +port = 873 +timeout = 300 +max connections = 10 +# ignore nonreadable = yes +# dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 + +#profil aka module (einstellung pro modul) + +[Backup] +path = /mnt/storage01/Backup +comment = Backup +hosts allow = 192.168.10.0/24 +hosts deny = * +use chroot = yes +list = true +uid = root +gid = root +# uid = nobody +# gid = nogroup +read only = false +# incoming chmod = 0777 +# outgoing chmod = 0777 + +[Files] +path = /mnt/storage01/files +comment = Dateien,Bilder.eBooks +use chroot = yes +list = true +uid = root +gid = root +read only = false +incoming chmod = 0777 +outgoing chmod = 0777 + +[Filme] +path = /mnt/storage02/multimedia/Filme +comment = neue Filme +hosts allow = 192.168.10.0/24 +hosts deny = * +use chroot = yes +list = true +uid = root +gid = root +read only = false + +[Musik] +path = /mnt/storage02/multimedia/Musik +comment = Musik +hosts allow = 192.168.10.0/24 +hosts deny = * +use chroot = yes +list = true +uid = root +gid = root +read only = false + +[Zulumann] +path = /mnt/storage01/homes/zulumann +comment = Home Zulumann +hosts allow = 192.168.10.0/24 +hosts deny = * +use chroot = yes +list = true +uid = root +gid = root +read only = false +EOF + +cat > /etc/xinetd.d/rsync <<"EOF" +# default: off +# description: The rsync server is a good addition to an ftp server, as it \ +# allows crc checksumming etc. +service rsync +{ +disable = no +flags = IPv6 +socket_type = stream +port = 873 +wait = no +user = root +server = /usr/bin/rsync +server_args = --daemon +log_on_failure += USERID +} +EOF + +cat > /etc/rsyncd.secrets <<"EOF" +kodi:kodi@htpc#01 +EOF + +chmod 600 /etc/rsyncd.secrets + +systemctl restart xinetd +systemctl restart rsync + + +# Testing the Rysnc Directories: +# ============================== +# To test your connection to the rsync daemon and find which paths are available to you, +# simply connect from your client to the rsync host using the following method. +# rsync -rdt rsync://192.168.10.58/ +# +# This command will show which directories are open to you. If you do not know the file +# name you can repeat the process (adding onto the file path) until you find the intended file(s). +# +# rsync -rdt rsync://IPADDR/DirectoryName +# +# And once you find the file, you can complete the command and pull it in. +# +# rsync -rdt rsync://IPADDR:RsyncPort/DirectoryName/File /DestinationDirectory/ + +apt autoremove && apt autoclean && apt clean diff --git a/LXC-Debian/PVE01_LXC_Debian_Freshrss.sh b/LXC-Debian/PVE01_LXC_Debian_Freshrss.sh new file mode 100644 index 0000000..cab64bc --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_Freshrss.sh @@ -0,0 +1,240 @@ +#!/bin/sh +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: freshrss.dmz.lan +# +# IP: 192.168.50.30/24 +# +# OS: Debian 12 +# +# URL: http://192.168.50.30/i/ +# +# URL: https://freshrss.vmnetz.lan64.de +# +# Container ID: 118 +# +# Node: PVE01 +# +################################################################################ +# +# root pass: master_user#01@vmnets.de +# +# Admin pass: admin_user#01@vmnets.de +# +################################################################################ +# +# systemctl [start | stop | reload | restart | status] nginx +# +# systemctl [start | stop | reload | restart | status] php8.2-fpm +# +################################################################################ +apt install -y \ + git \ + nginx \ + php8.2 \ + php8.2-fpm \ + php8.2-curl \ + php8.2-gmp \ + php8.2-xml \ + php8.2-mbstring \ + php8.2-zip \ + php8.2-sqlite3 + +mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default + +cat > /etc/nginx/nginx.conf <<"EOF" +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; + multi_accept on; +} + +http { + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; + + server_names_hash_bucket_size 64; + server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + client_body_timeout 12; + client_header_timeout 12; + keepalive_timeout 15; + send_timeout 10; + + client_body_buffer_size 10K; + client_header_buffer_size 1k; + client_max_body_size 8m; + large_client_header_buffers 4 4k; + + # Logging Settings + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + # Gzip Settings + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + + # Virtual Host Configs + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} +EOF + +## Backup and then tweak PHP for optimization and security reasons: +cp /etc/php/8.2/fpm/pool.d/www.conf /etc/php/8.2/fpm/pool.d/www.conf.bak +cp /etc/php/8.2/cli/php.ini /etc/php/8.2/cli/php.ini.bak +cp /etc/php/8.2/fpm/php.ini /etc/php/8.2/fpm/php.ini.bak +cp /etc/php/8.2/fpm/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf.bak + + +## Update PHP CLI configuration +sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/8.2/cli/php.ini +sed -i "s/display_errors = .*/display_errors = On/" /etc/php/8.2/cli/php.ini +sed -i "s/memory_limit = .*/memory_limit = 256M/" /etc/php/8.2/cli/php.ini +sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/8.2/cli/php.ini + +## Configure sessions directory permissions +chmod 733 /var/lib/php/sessions +chmod +t /var/lib/php/sessions + +## Tweak PHP-FPM settings +# Please note: We are suppressing PHP error output here by setting these options to production values +sed -i "s/error_reporting = .*/error_reporting = E_ALL \& ~E_NOTICE \& ~E_STRICT \& ~E_DEPRECATED/" /etc/php/8.2/fpm/php.ini +sed -i "s/display_errors = .*/display_errors = Off/" /etc/php/8.2/fpm/php.ini +sed -i "s/memory_limit = .*/memory_limit = 256M/" /etc/php/8.2/fpm/php.ini +sed -i "s/upload_max_filesize = .*/upload_max_filesize = 256M/" /etc/php/8.2/fpm/php.ini +sed -i "s/post_max_size = .*/post_max_size = 256M/" /etc/php/8.2/fpm/php.ini +sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/8.2/fpm/php.ini + +sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/8.2/fpm/php.ini +sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/8.2/fpm/php.ini +sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/8.2/fpm/php.ini +sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/8.2/fpm/php.ini +sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/8.2/fpm/php.ini +sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/8.2/fpm/php.ini +sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/8.2/fpm/php.ini +sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/8.2/fpm/php.ini + + +## Tune PHP-FPM pool settings +sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/8.2/fpm/pool.d/www.conf + +sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/pm\.max_children.*/pm.max_children = 70/" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/pm\.start_servers.*/pm.start_servers = 20/" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/pm\.min_spare_servers.*/pm.min_spare_servers = 20/" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/pm\.max_spare_servers.*/pm.max_spare_servers = 35/" /etc/php/8.2/fpm/pool.d/www.conf +sed -i "s/;pm\.max_requests.*/pm.max_requests = 500/" /etc/php/8.2/fpm/pool.d/www.conf + +## How to fix the NGINX error “Failed to read PID from file” +#mkdir /etc/systemd/system/nginx.service.d +#printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf + + +unlink /etc/nginx/sites-enabled/default +rm /etc/nginx/sites-available/default + + +cat > /etc/nginx/sites-available/freshrss <<"EOF" +server { + listen 80; + + server_name _; + + # the folder p of your FreshRSS installation + root /srv/FreshRSS/p/; + + index index.php index.html index.htm; + + # nginx log files + access_log /var/log/nginx/rss.access.log; + error_log /var/log/nginx/rss.error.log; + + # php files handling + # this regex is mandatory because of the API + location ~ ^.+?\.php(/.*)?$ { + fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + # By default, the variable PATH_INFO is not set under PHP-FPM + # But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var! + # NOTE: the separate $path_info variable is required. For more details, see: + # https://trac.nginx.org/nginx/ticket/321 + set $path_info $fastcgi_path_info; + fastcgi_param PATH_INFO $path_info; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + location / { + try_files $uri $uri/ index.php; + } + + # assets, media + location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { + expires 365d; + access_log off; + } + + # svg, fonts + location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { + #add_header Access-Control-Allow-Origin "*"; + expires 365d; + access_log off; + } + +} +EOF + +ln -s /etc/nginx/sites-available/freshrss /etc/nginx/sites-enabled/ + +# FreshRSS Installation: +mkdir -p /srv/FreshRSS + +# curl -o /tmp/freshrss.tar.gz -L https://github.com/FreshRSS/FreshRSS/archive/master.tar.gz +# tar xf /tmp/freshrss.tar.gz -C /srv/FreshRSS --strip-components=1 + +git clone https://github.com/FreshRSS/FreshRSS.git /srv/FreshRSS +chown -R www-data:www-data /srv/FreshRSS + +# Setup the cron job to refresh feeds: +echo "*/15 * * * * root /usr/bin/php /srv/FreshRSS/app/actualize_script.php > /tmp/FreshRSS.log 2>&1" >> /etc/crontab + + +systemctl restart nginx && systemctl restart php8.2-fpm + +apt autoremove && apt autoclean && apt clean diff --git a/LXC-Debian/PVE01_LXC_Debian_Gitea.sh b/LXC-Debian/PVE01_LXC_Debian_Gitea.sh new file mode 100644 index 0000000..16ddd46 --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_Gitea.sh @@ -0,0 +1,102 @@ +#!/bin/sh +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: git.dmz.lan +# +# IP: 192.168.50.17/24 +# +# URL: http://192.168.50.17:3000 +# +# OS: Debain 12 +# +# Container ID: 115 +# +# Node: PVE01 +# +################################################################################ +# +# root pass: master_user@vm-net#01 +# +################################################################################ +# +# systemctl [start | stop | reload | restart | status] gitea.service +# +# +################################################################################ +# +apt install -y git sqlite3 + + +#Get the correct download link for the latest version +#wget https://dl.gitea.com/gitea/1.20.4/gitea-1.20.4-linux-amd64 +wget https://dl.gitea.com/gitea/1.21.0/gitea-1.21.0-linux-amd64 + +#Move the binary to bin +mv gitea* /usr/local/bin/gitea + +#Make executable +chmod +x /usr/local/bin/gitea + +#Ensure it works +# /usr/local/bin/gitea --version + +#Create the user/group for gitea to operate as +adduser --system --group --disabled-password --home /etc/gitea gitea + +#Config directory was created by adduser +#Create directory structure (mountpoint should be /var/lib/gitea) +mkdir -p /var/lib/gitea/custom +mkdir -p /var/lib/gitea/data +mkdir -p /var/lib/gitea/indexers +mkdir -p /var/lib/gitea/log +mkdir -p /var/lib/gitea/public + +chown -R gitea:gitea /var/lib/gitea/ +chmod -R 750 /var/lib/gitea/ + + +cat > /etc/systemd/system/gitea.service <<"EOF" +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target + +[Service] +# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that +# LimitNOFILE=524288:524288 +RestartSec=2s +Type=notify +User=gitea +Group=gitea +#The mount point we added to the container +WorkingDirectory=/var/lib/gitea +#Create directory in /run +RuntimeDirectory=gitea +ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini +Restart=always +Environment=USER=gitea HOME=/var/lib/gitea/data GITEA_WORK_DIR=/var/lib/gitea +WatchdogSec=30s +#Capabilities to bind to low-numbered ports +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload && systemctl enable --now gitea && systemctl start gitea + + +apt autoremove && apt autoclean && apt clean diff --git a/LXC-Debian/PVE01_LXC_Debian_Jellyfin.sh b/LXC-Debian/PVE01_LXC_Debian_Jellyfin.sh new file mode 100644 index 0000000..3ee1764 --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_Jellyfin.sh @@ -0,0 +1,70 @@ +#!/bin/sh +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: jellyfin.iot.lan +# +# IP: 192.168.60.20/24 +# +# OS: Debain 12 +# +# Url: http://192.168.60.20:8096 +# +# Url: https://jellyfin.vmnetz.lan64.de/ +# +# Container ID: 117 +# +# Node: PVE01 +# +################################################################################ +# +# root pass: master_user#01@vm-net +# +# Admin pass: master_user@jellyfin#01 +# +# +################################################################################ +# +# systemctl [start | stop | reload | restart | status] jellyfin +# +################################################################################ +# echo 'mp0: /storage02/fileserver/multimedia,mp=/srv/multimedia' >> /etc/pve/nodes/pve01/lxc/117.conf +# echo 'mp1: /storage01/fileserver/downloads/jdownloader,mp=/srv/downloads' >> /etc/pve/nodes/pve01/lxc/117.conf +################################################################################ +# 8096/tcp is used by default for HTTP traffic. This is admin configurable. +# 8920/tcp is used by default for HTTPS traffic. This is admin configurable. +# 1900/udp is used for service autodiscovery. This is not admin configurable as it would break client autodiscover. +################################################################################# +# +# Reset Initial Setup: +# If you made an error during the initial setup, you could revert with the following steps: +# +# nano /etc/jellyfin/system.xml +# Change the following, which is located on line 4: +# +# true +# To this: +# +# false +################################################################################# +apt install -y gnupg2 apt-transport-https +#apt install -y faac libfaac-dev + +wget -O - https://repo.jellyfin.org/debian/jellyfin_team.gpg.key | apt-key add - +echo "deb [arch=$( dpkg --print-architecture )] https://repo.jellyfin.org/debian $( lsb_release -c -s ) main" | tee /etc/apt/sources.list.d/jellyfin.list +apt update && apt install -y jellyfin + +systemctl enable jellyfin && systemctl start jellyfin + +apt autoremove && apt autoclean && apt clean diff --git a/LXC-Debian/PVE01_LXC_Debian_MariaDB.sh b/LXC-Debian/PVE01_LXC_Debian_MariaDB.sh new file mode 100644 index 0000000..f4d7f37 --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_MariaDB.sh @@ -0,0 +1,109 @@ +#!/bin/sh +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: mariadb.dmz.lan +# +# IP: 192.168.50.19/24 +# +# OS: Debain 12 +# +# Container ID: 120 +# +# Node: PVE01 +# +################################################################################ +# +# +# +################################################################################ + +apt install -y mariadb-server + +systemctl stop mysql +mkdir -p /var/log/mysql +chown -R mysql:mysql /var/log/mysql +mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak + + +cat > /etc/mysql/my.cnf <<"EOF" +[client] +default-character-set = utf8mb4 +port = 3306 +socket = /var/run/mysqld/mysqld.sock +[mysqld_safe] +log_error=/var/log/mysql/mysql_error.log +nice = 0 +socket = /var/run/mysqld/mysqld.sock +[mysqld] +# performance_schema=ON +basedir = /usr +bind-address = 0.0.0.0 +binlog_format = ROW +character-set-server = utf8mb4 +collation-server = utf8mb4_general_ci +datadir = /var/lib/mysql +default_storage_engine = InnoDB +expire_logs_days = 2 +general_log_file = /var/log/mysql/mysql.log +innodb_buffer_pool_size = 2G +innodb_log_buffer_size = 32M +innodb_log_file_size = 512M +innodb_read_only_compressed=OFF +join_buffer_size = 2M +key_buffer_size = 512M +lc_messages_dir = /usr/share/mysql +lc_messages = en_US +log_bin = /var/log/mysql/mariadb-bin +log_bin_index = /var/log/mysql/mariadb-bin.index +log_error = /var/log/mysql/mysql_error.log +log_slow_verbosity = query_plan +log_warnings = 2 +long_query_time = 1 +max_connections = 100 +max_heap_table_size = 64M +myisam_sort_buffer_size = 512M +port = 3306 +pid-file = /var/run/mysqld/mysqld.pid +query_cache_limit = 0 +query_cache_size = 0 +read_buffer_size = 2M +read_rnd_buffer_size = 2M +skip-name-resolve +socket = /var/run/mysqld/mysqld.sock +sort_buffer_size = 2M +table_open_cache = 400 +table_definition_cache = 800 +tmp_table_size = 32M +tmpdir = /tmp +transaction_isolation = READ-COMMITTED +user = mysql +wait_timeout = 600 +[mysqldump] +max_allowed_packet = 16M +quick +quote-names +[isamchk] +key_buffer = 16M +EOF + +systemctl restart mysql.service + +echo -e '\033[33m------Secure MariaDB installation-----\033[33m' +echo -e "\033[0m" +# master_user@mariaDB#01 + +mysql_secure_installation + +apt autoremove && apt autoclean && apt clean \ No newline at end of file diff --git a/LXC-Debian/PVE01_LXC_Debian_PBS.sh b/LXC-Debian/PVE01_LXC_Debian_PBS.sh new file mode 100644 index 0000000..2006579 --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_PBS.sh @@ -0,0 +1,43 @@ +#!/bin/sh +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: pbs01.home.lan +# +# IP: 192.168.10.55/24 +# +# OS: Debian 12 +# +# URL: https://192.168.10.55:8007 +# +# URL: https://pbs01.vmnetz.lan64.de:8007/ +# +# Container ID:108 +# +# Node: PVE01 +# +################################################################################ + +wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg + +# Add pbs-no-subscription repository +echo "deb http://download.proxmox.com/debian/pbs bookworm pbs-no-subscription" >> /etc/apt/sources.list + + +# Install Proxmox Backup Server on Debian: +# ======================================== + +apt update && apt install -y proxmox-backup-server + +apt autoremove && apt autoclean && apt clean diff --git a/LXC-Debian/PVE01_LXC_Debian_Seedbox.sh b/LXC-Debian/PVE01_LXC_Debian_Seedbox.sh new file mode 100644 index 0000000..152ace0 --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_Seedbox.sh @@ -0,0 +1,200 @@ +#!/bin/sh +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: seedbox.vpn.lan +# +# IP: 192.168.20.10/24 +# +# OS: Debian 12 +# +# URL DanteProxy: http://192.168.20.10:1080 +# +# URL qBittorrent: http://192.168.20.10:8080 +# +# URL Jackett: http://192.168.20.10:9117 +# +# Container ID: 109 +# +# Node: PVE01 +# +################################################################################ +# +# qbittorrent Username is admin. Default password is “adminadmin” +# Config: /home/qbittorrent-nox/.config/qBittorrent/qBittorrent.conf +# +# root pass: master_user#01@vmnets.de +# +################################################################################ +# +# +# echo 'mp0: /storage01/fileserver/downloads/torrent,mp=/srv/downloads' >> /etc/pve/nodes/pve01/lxc/109.conf +# +################################################################################ +# +# systemctl [start | stop | reload | restart | status] danted +# +# systemctl [start | stop | reload | restart | status] qbittorrent-nox +# +# systemctl [start | stop | reload | restart | status] jackett +# +################################################################################ +while : +do +clear +echo "" +echo "\033[1m I N S T A L L Seedbox" +echo " -----------------------------" +echo "\033[0m" +echo "01.Install Dante SOCKS5 proxy" +echo "02.Install qBittorrent" +echo "03.Install Jackett" +echo "" +echo " x. Exit" +echo "" +echo -n " Please enter option [01 - 04]" +read opt +case $opt in +################################################################################## +01) echo "************ Install Dante Proxy **********************"; +################################################################################## +apt install -y dante-server + +mv /etc/danted.conf /etc/danted.conf.default + +cat > /etc/danted.conf <<"EOF" +#logoutput: /var/log/socks.log + +internal: eth0 port = 1080 +external: eth0 + +socksmethod: username none +user.privileged: root +user.notprivileged: nobody + +client pass { + from: 192.168.10.0/24 port 1-65535 to: 0.0.0.0/0 +} + +client pass { + from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 +} + +client block { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: connect disconnect error +} + + +socks pass { + from: 192.168.10.0/24 to: 0.0.0.0/0 + protocol: tcp udp +} + +socks pass { + from: 127.0.0.0/8 to: 0.0.0.0/0 + protocol: tcp udp +} + +socks block { + from: 0.0.0.0/0 to: 127.0.0.0/8 + log: connect disconnect error +} + +socks block { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: connect disconnect error +} +EOF + +service danted restart + + +cat > /root/myip.sh <<"EOF" +#!/bin/sh +# +curl ipinfo.io +EOF + +chmod +x /root/myip.sh + + +apt autoremove && apt autoclean && apt clean +;; + +################################################################################## +02) echo "************ Install qBittorrent ****************"; +################################################################################## +# +# http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz +# +# /srv/downloads/torrent/tmp +# /srv/downloads/torrent/torrents +# /srv/downloads/torrent/qbittorrent +# +################################################################################## + +apt install -y qbittorrent-nox + +adduser --system --group qbittorrent-nox + +cat > /etc/systemd/system/qbittorrent-nox.service <<"EOF" +[Unit] +Description=qBittorrent Command Line Client +After=network.target + +[Service] +#Do not change to "simple" +Type=forking +User=qbittorrent-nox +Group=qbittorrent-nox +UMask=000 +ExecStart=/usr/bin/qbittorrent-nox -d --webui-port=8080 +Restart=on-failure + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload && systemctl enable qbittorrent-nox && systemctl start qbittorrent-nox +#systemctl status qbittorrent-nox + +apt autoremove && apt autoclean && apt clean +;; + +################################################################################## +03) echo "************ Install Jackett *****************"; +################################################################################## +#https://github.com/Jackett/Jackett/releases + +apt install -y liblttng-ust0 libunwind8 libuuid1 libcurl4 libkrb5-3 zlib1g libssl1.1 + +useradd -m jackett + +cd /opt && wget https://github.com/Jackett/Jackett/releases/download/v0.20.314/Jackett.Binaries.LinuxAMDx64.tar.gz + +tar zxvf Jackett.Binaries.LinuxAMDx64.tar.gz && rm Jackett.Binaries.LinuxAMDx64.tar.gz + +chown -R jackett:jackett /opt/Jackett + +/opt/Jackett/./install_service_systemd.sh +;; + + +x) echo ""; +exit 1;; +*) echo " Press [enter] key to continue. . ."; +read enterKey;; +esac +done diff --git a/LXC-Debian/PVE01_LXC_Debian_Syncthing.sh b/LXC-Debian/PVE01_LXC_Debian_Syncthing.sh new file mode 100644 index 0000000..506ed22 --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_Syncthing.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: syncthing.dmz.lan +# +# IP: 192.168.50.14/24 +# +# Url: https://192.168.50.14:8384 +# +# Url: https://syncthing.vmnetz.lan64.de/ +# +# OS: Debain 12 +# +# Container ID: 105 +# +# Node: PVE01 +# +################################################################################ +# +# +# +################################################################################ +# +# echo 'mp0: /storage01/fileserver/syncthing,mp=/srv/syncthing' >> /etc/pve/nodes/pve01/lxc/105.conf +# +################################################################################ +apt install -y gnupg + +curl -s -o /usr/share/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg +echo "deb [signed-by=/usr/share/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | tee /etc/apt/sources.list.d/syncthing.list + +# Bevorzugung von Syncthing-Paketen ("Pinning") +printf "Package: *\nPin: origin apt.syncthing.net\nPin-Priority: 990\n" | tee /etc/apt/preferences.d/syncthing + + +echo -e '\033[33m------ADDUSER Syncthing------\033[33m' +echo -e "\033[0m" +adduser --disabled-login syncthing + +# Make synthing home directory accessable for all other users: +chmod 2770 /home/syncthing/ + +su -l syncthing -c 'echo "umask 007" >> /home/syncthing/.profile' +su -l syncthing -c 'echo "umask 007" >> /home/syncthing/https://syncthing.vmnetz.lan64.de/.bash_profile' + + +echo -e '\033[33m------Update and install Syncthing------\033[33m' +echo -e "\033[0m" +apt update && apt install -y syncthing + +mv /lib/systemd/system/syncthing@.service /lib/systemd/system/syncthing@.service.default + +cat > /lib/systemd/system/syncthing@.service <<"EOF" +[Unit] +Description=Syncthing - Open Source Continuous File Synchronization for %I +Documentation=man:syncthing(1) +After=network.target +StartLimitIntervalSec=60 +StartLimitBurst=4 + +[Service] +User=%i +#ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 +ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0 -home="/home/syncthing/.config/syncthing" -gui-address="192.168.50.14:8384" +Restart=on-failure +RestartSec=1 +SuccessExitStatus=3 4 +RestartForceExitStatus=3 4 + +# Hardening +ProtectSystem=full +PrivateTmp=true +SystemCallArchitectures=native +MemoryDenyWriteExecute=true +NoNewPrivileges=true + +# Elevated permissions to sync ownership (disabled by default), +# see https://docs.syncthing.net/advanced/folder-sync-ownership +#AmbientCapabilities=CAP_CHOWN CAP_FOWNER + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload && systemctl enable syncthing@syncthing.service + +#systemctl status syncthing@syncthing.service + +cp /home/syncthing/.config/syncthing/config.xml /home/syncthing/.config/syncthing/config.default + +systemctl start syncthing@syncthing.service + + +apt autoremove && apt autoclean && apt clean \ No newline at end of file diff --git a/LXC-Debian/PVE01_LXC_Debian_jDownloader.sh b/LXC-Debian/PVE01_LXC_Debian_jDownloader.sh new file mode 100644 index 0000000..0d03ee7 --- /dev/null +++ b/LXC-Debian/PVE01_LXC_Debian_jDownloader.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# +# Check if user is root +# +if [ $(id -u) != "0" ]; then + echo "Error: You must be root to run this script, please use the root user to install the software." + exit 1 +fi + +if [ ! -f /etc/debian_version ]; then + echo "Unsupported Linux Distribution. Prepared for Debian" + exit 1 +fi +################################################################################ +# +# Hostname: jdownloader.home.lan +# +# IP: 192.168.10.57/24 +# +# OS: Debian 12 +# +# Container ID: 116 +# +# Node: pve01 +# +################################################################################ +# +# root pass: master_user#01@vmnets.de +# +################################################################################ +# +# echo 'mp0: /srv/fileserver_data/downloads/jdownloader,mp=/opt/jdownloader/Downloads' >> /etc/pve/nodes/pve01/lxc/116.conf +# +################################################################################ +# +apt install -y \ + openjdk-17-jdk-headless \ + unzip \ + unrar + +groupadd --system jdownloader +#adduser jdownloader --system --group jdownloader--home /opt/jdownloader --shell=/bin/false +adduser jdownloader --system --home /opt/jdownloader --shell=/bin/false +usermod -a -G jdownloader jdownloader + +mkdir -p /opt/jdownloader/downloads +chown -R jdownloader:jdownloader /opt/jdownloader + + +cat << 'EOF' > /etc/systemd/system/jdownloader.service +[Unit] +Description=JDownloader +After=network.target + +[Service] +#ExecStart=/usr/bin/java -Djava.awt.headless=true -Xmx512m -jar /opt/jdownloader/JDownloader.jar +ExecStart=/usr/bin/java -Djava.awt.headless=true -jar /opt/jdownloader/JDownloader.jar +Type=simple +User=jdownloader +Group=jdownloader +RemainAfterExit=yes +UMask=000 + +[Install] +WantedBy=multi-user.target +EOF + +systemctl enable --now jdownloader + + +apt autoremove && apt autoclean && apt clean