zulumann/HomeLAB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2025.04.10_11:30

Browse Source
This commit is contained in:
zulumann
2025-04-10 11:30:22 +02:00
parent bb6f3db13e
commit 182023b312
15 changed files with 1578 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Docker/freshrss/docker-compose.yml
View File

@ -10,7 +10,7 @@ services:
- PGID=1000 - PGID=1000
- TZ=Europe/Berlin - TZ=Europe/Berlin
volumes: volumes:
- /path/to/data:/config - ./data:/config
ports: ports:
- 80:80 - 80:80
labels: labels:

16
Docker/gotify/docker-compose.yml Normal file
View File

@ -0,0 +1,16 @@
version: '3.8'
services:
gotify:
image: gotify/server:latest
container_name: gotify
environment:
- GOTIFY_DEFAULTUSER_PASS=custom
- TZ=Europe/Berlin
#- GOTIFY_REGISTRATION=false
volumes:
- "./gotify_data:/app/data"
ports:
- 8083:8080
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"

25
Docker/netbootxyz/docker-compose.yml Normal file
View File

@ -0,0 +1,25 @@
---
version: '3.8'
services:
netbootxyz:
image: lscr.io/linuxserver/netbootxyz:latest
container_name: netbootxyz
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- MENU_VERSION=1.9.9 #optional
- PORT_RANGE=30000:30010 #optional
- SUBFOLDER=/ #optional
- NGINX_PORT=80 #optional
- WEB_APP_PORT=3000 #optional
volumes:
- ./netbootxyz/config:/config
- ./netbootxyz/assets:/assets #optional
ports:
- 3000:3000
- 69:69/udp
- 8080:80 #optional
labels:
- com.centurylinklabs.watchtower.enable=true

13
Docker/uptimekuma/docker-compose.yaml Normal file
View File

@ -0,0 +1,13 @@
---
version: '3.8'
services:
uptimekuma:
image: louislam/uptime-kuma:latest
container_name: uptime-kuma
restart: always
volumes:
- ./kuma-data:/app/data
ports:
- 3001:3001
labels:
- "com.centurylinklabs.watchtower.enable=true"

18
Docker/yacht/docker-compose.yaml Normal file
View File

@ -0,0 +1,18 @@
# username admin@yacht.local password pass
---
version: '3.8'
services:
yacht:
container_name: yacht
image: selfhostedpro/yacht:latest
volumes:
- ./yacht:/config
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 8000:8000
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
yacht:

63
LXC-Debian/PVE01_LXC_Debian_Apt-Cache.sh Normal file
View File

@ -0,0 +1,63 @@
#!/bin/bash
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: aptcache.dmz.lan
#
# IP: 192.168.50.10/24
#
# URL: http://192.168.50.10:3142/acng-report.html
#
# OS: Debain 12
#
# Container ID: 100
#
# Node: PVE01
#
################################################################################
#
# root pass: master_user@apt-cacher#01
# admin pass: admin_user@apt-cacer#01
#
################################################################################
apt install -y \
avahi-daemon \
apt-cacher-ng \
apt-listchanges \
apt-transport-https
# mkdir /var/cache/apt-cacher-ng/_import
# chown -R apt-cacher-ng /var/cache/apt-cacher-ng/_import
echo "PassThroughPattern: ^(.*):443$" >> /etc/apt-cacher-ng/acng.conf
echo -e '\033[33m------Setup Apt-Sources and Upgrade System------\033[33m'
echo -e "\033[0m"
sleep 2
mv /etc/apt/sources.list /etc/apt/sources.list.default
cat > /etc/apt/sources.list <<"EOF"
#deb http://127.0.0.1:3142/ftp.de.debian.org/debian/ stable main contrib non-free non-free-firmware
#deb http://127.0.0.1:3142/ftp.de.debian.org/debian/ stable-updates main contrib non-free non-free-firmware
#deb http://127.0.0.1:3142/security.debian.org/ stable/updates main contrib non-free non-free-firmware
deb http://127.0.0.1:3142/deb.debian.org/debian bookworm main contrib non-free non-free-firmware
deb http://127.0.0.1:3142/deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
deb http://127.0.0.1:3142/deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
deb http://127.0.0.1:3142/ftp.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
EOF
apt autoremove && apt autoclean && apt clean

501
LXC-Debian/PVE01_LXC_Debian_Fileserver01.sh Normal file
View File

@ -0,0 +1,501 @@
#!/bin/bash
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: fileserver01.home.lan
#
# IP: 192.168.10.58/24
#
# OS: Debain 12
#
# Container ID: 119
#
# Node: PVE01
#
################################################################################
#
# root pass: master_user@apt-cacher#01
#
################################################################################
#
# echo 'mp0: /storage01/fileserver,mp=/mnt/storage01' >> /etc/pve/nodes/pve01/lxc/119.conf
# echo 'mp1: /storage02/fileserver,mp=/mnt/storage02' >> /etc/pve/nodes/pve01/lxc/119.conf
#
################################################################################
echo -e '\033[33m------Samba-Server------\033[33m'
echo -e "\033[0m"
sleep 2
apt install -y avahi-daemon avahi-utils
cat > /etc/avahi/services/smb.service <<"EOF"
<?xml version="1.0" standalone="no"?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h - SMB/CIFS</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
EOF
apt install -y samba samba-common smbclient cifs-utils wsdd
mv /etc/samba/smb.conf /etc/samba/smb.conf.default
cat > /etc/samba/smb.conf <<"EOF"
#======================= Global Settings =======================
[global]
workgroup = WORKGROUP
server role = standalone server
server string = Samba-Server auf %h (Samba %v)
# server smb encrypt = desired
server min protocol = SMB2
server max protocol = SMB3_11
client min protocol = SMB2
client max protocol = SMB3_11
netbios name = fileserver01
#disable netbios = yes
#server string = no
unix extensions = yes
unix charset = UTF8
dos charset = cp866
wide links = no
follow symlinks = no
####### Authentication #######
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
guest account = nobody
invalid users = root
security = user
### Tuning ###
socket options = TCP_NODELAY IPTOS_LOWDELAY
use sendfile = yes
getwd cache = yes
stat cache = yes
min receivefile size = 16384
write raw = Yes
read raw = Yes
max xmit = 32768
deadtime = 15
keepalive = 150
sync always = no
large readwrite = yes
strict sync = no
strict allocate = Yes
strict locking = auto
server multi channel support = yes
aio write size = 16384
aio read size = 16384
idmap cache time = 604
#### Networking ####
interfaces = 127.0.0.0/8 eth0
bind interfaces only = yes
hosts allow = 127.0.0.0/8 192.168.10.0/24 192.168.20.0/24 192.168.70.0/24 192.168.200.0/24
hosts deny = all
### Browsing election options ###
wins support = no
name resolve order = host bcast lmhosts
multicast dns register = no
dns forwarder = 192.168.10.1
dns proxy = yes
#### Debugging/Accounting ####
log level = 1
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
### Printer ###
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
include = /etc/samba/shares.conf
EOF
cat > /etc/samba/shares.conf <<"EOF"
[Homes]
path = /mnt/storage01/homes/%S
comment = Home Directories
browseable = yes
read only = no
create mask = 0775
directory mask = 0775
root preexec = /usr/local/sbin/mktrash %S
vfs object = recycle
recycle:repository = /home/%S/.Trash
recycle:directory_mode = 0750
recycle:keeptree = Yes
recycle:touch = Yes
recycle:maxsize = 1000000
recycle:versions = Yes
recycle:noversions = *.ini | *.dat
recycle:exclude = *.TMP | *.tmp | ~$*.doc 3
recycle:exclude_dir = tmp | temp | cache
[Appz]
path = /mnt/storage01/appz
comment = Programme,Games,ISO
valid users = @smbadmin,@sambashare
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = no
read list = @sambashare
write list = @smbadmin
[Backup]
path = /mnt/storage01/backup
comment = Backup
valid users = @smbadmin,@sambashare
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = no
write list = @smbadmin,@sambashare
[Dateien]
path = /mnt/storage01/files
comment = Bilder,eBooks,usw
valid users = @smbadmin,@sambashare
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = no
read list = @sambashare
write list = @smbadmin
[Downloads]
path = /mnt/storage01/downloads
comment = Downloads
valid users = @smbadmin,@kodi
read only = no
browseable = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
public = no
write list = @smbadmin
read list = @kodi
[Multimedia]
path = /mnt/storage02/multimedia
comment = Filme,Musik,Videos
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
guest ok = yes
public = yes
valid users = @smbadmin,@sambashare
read list = @sambashare
write list = @smbadmin
[Share]
path = /mnt/storage01/share
comment = Datenaustausch
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
guest ok = no
public = no
valid users = @smbadmin,@sambashare
read list = @smbadmin,@sambashare
write list = @smbadmin,@sambashare
[Public]
path = /mnt/storage01/public
comment = Datenaustausch
read only = no
browseable = yes
guest ok = yes
public = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
[ISOs]
#path = /mnt/storage01/iso/template/iso
path = /mnt/storage01/iso
comment = ISOs
read only = no
browseable = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
guest ok = yes
public = yes
write list = @smbadmin,@sambashare
[Syncthing]
path = /mnt/storage01/syncthing
comment = Syncthing
valid users = @smbadmin
read only = yes
browseable = yes
public = no
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
read list = @smbadmin
#write list = @smbadmin
[XXX]
path = /mnt/storage02/xxx
comment = xxx
valid users = @smbadmin
read only = no
browseable = yes
public = no
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
#read list =
write list = @smbadmin
[wsus]
path = /mnt/storage01/wsus
comment = Windows Updates
writable = yes
browseable = yes
guest ok = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
public = yes
[Win-Install]
path = /mnt/storage01/winsetup
comment = Windows Install
writable = yes
browseable = yes
guest ok = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
public = no
write list = @smbadmin
[Yandex-Disk]
path = /mnt/storage01/yandex-disk
comment = Yandex-Disk
valid users = @smbadmin
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = no
write list = @smbadmin
EOF
echo -e '\033[33m------Setup User and Group------\033[33m'
echo -e "\033[0m"
sleep 2
groupadd --system smbadmin
groupadd --system sambashare
echo -e '\033[33m------ADDUSER ULRIKE------\033[33m'
echo -e "\033[0m"
sleep 2
useradd --system --no-create-home --group sambashare -s /bin/false ulrike && smbpasswd -a ulrike && smbpasswd -e ulrike
echo -e '\033[33m------ADDUSER KODI------\033[33m'
echo -e "\033[0m"
sleep 2
useradd --system --no-create-home --group sambashare -s /bin/false kodi && smbpasswd -a kodi && smbpasswd -e kodi
echo -e '\033[33m------ADDUSER Media------\033[33m'
echo -e "\033[0m"
sleep 2
useradd --system --no-create-home --group sambashare -s /bin/false media && smbpasswd -a media && smbpasswd -e media
echo -e '\033[33m------ADDUSER ZULUMANN------\033[33m'
echo -e "\033[0m"
sleep 2
useradd --system --no-create-home --group smbadmin -s /bin/false zulumann && smbpasswd -a zulumann && smbpasswd -e zulumann
echo -e '\033[33m------ADDUSER nobody------\033[33m'
echo -e "\033[0m"
sleep 2
#smbpasswd -an nobody
systemctl restart smbd.service
systemctl restart nmbd.service
systemctl restart avahi-daemon
echo -e '\033[33m------Install Rsync-Server------\033[33m'
echo -e "\033[0m"
sleep 2
apt install -y xinetd rsync
# RSYNC_ENABLE
sed -i 's/RSYNC_ENABLE=false/RSYNC_ENABLE=true/g' /etc/default/rsync
cat > /etc/rsyncd.conf <<"EOF"
#global (globale einstellung)
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsync.log
port = 873
timeout = 300
max connections = 10
# ignore nonreadable = yes
# dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
#profil aka module (einstellung pro modul)
[Backup]
path = /mnt/storage01/Backup
comment = Backup
hosts allow = 192.168.10.0/24
hosts deny = *
use chroot = yes
list = true
uid = root
gid = root
# uid = nobody
# gid = nogroup
read only = false
# incoming chmod = 0777
# outgoing chmod = 0777
[Files]
path = /mnt/storage01/files
comment = Dateien,Bilder.eBooks
use chroot = yes
list = true
uid = root
gid = root
read only = false
incoming chmod = 0777
outgoing chmod = 0777
[Filme]
path = /mnt/storage02/multimedia/Filme
comment = neue Filme
hosts allow = 192.168.10.0/24
hosts deny = *
use chroot = yes
list = true
uid = root
gid = root
read only = false
[Musik]
path = /mnt/storage02/multimedia/Musik
comment = Musik
hosts allow = 192.168.10.0/24
hosts deny = *
use chroot = yes
list = true
uid = root
gid = root
read only = false
[Zulumann]
path = /mnt/storage01/homes/zulumann
comment = Home Zulumann
hosts allow = 192.168.10.0/24
hosts deny = *
use chroot = yes
list = true
uid = root
gid = root
read only = false
EOF
cat > /etc/xinetd.d/rsync <<"EOF"
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
flags = IPv6
socket_type = stream
port = 873
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
EOF
cat > /etc/rsyncd.secrets <<"EOF"
kodi:kodi@htpc#01
EOF
chmod 600 /etc/rsyncd.secrets
systemctl restart xinetd
systemctl restart rsync
# Testing the Rysnc Directories:
# ==============================
# To test your connection to the rsync daemon and find which paths are available to you,
# simply connect from your client to the rsync host using the following method.
# rsync -rdt rsync://192.168.10.58/
#
# This command will show which directories are open to you. If you do not know the file
# name you can repeat the process (adding onto the file path) until you find the intended file(s).
#
# rsync -rdt rsync://IPADDR/DirectoryName
#
# And once you find the file, you can complete the command and pull it in.
#
# rsync -rdt rsync://IPADDR:RsyncPort/DirectoryName/File /DestinationDirectory/
apt autoremove && apt autoclean && apt clean

240
LXC-Debian/PVE01_LXC_Debian_Freshrss.sh Normal file
View File

@ -0,0 +1,240 @@
#!/bin/sh
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: freshrss.dmz.lan
#
# IP: 192.168.50.30/24
#
# OS: Debian 12
#
# URL: http://192.168.50.30/i/
#
# URL: https://freshrss.vmnetz.lan64.de
#
# Container ID: 118
#
# Node: PVE01
#
################################################################################
#
# root pass: master_user#01@vmnets.de
#
# Admin pass: admin_user#01@vmnets.de
#
################################################################################
#
# systemctl [start | stop | reload | restart | status] nginx
#
# systemctl [start | stop | reload | restart | status] php8.2-fpm
#
################################################################################
apt install -y \
git \
nginx \
php8.2 \
php8.2-fpm \
php8.2-curl \
php8.2-gmp \
php8.2-xml \
php8.2-mbstring \
php8.2-zip \
php8.2-sqlite3
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default
cat > /etc/nginx/nginx.conf <<"EOF"
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 4 4k;
# Logging Settings
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip Settings
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# Virtual Host Configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
EOF
## Backup and then tweak PHP for optimization and security reasons:
cp /etc/php/8.2/fpm/pool.d/www.conf /etc/php/8.2/fpm/pool.d/www.conf.bak
cp /etc/php/8.2/cli/php.ini /etc/php/8.2/cli/php.ini.bak
cp /etc/php/8.2/fpm/php.ini /etc/php/8.2/fpm/php.ini.bak
cp /etc/php/8.2/fpm/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf.bak
## Update PHP CLI configuration
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/8.2/cli/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/8.2/cli/php.ini
sed -i "s/memory_limit = .*/memory_limit = 256M/" /etc/php/8.2/cli/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/8.2/cli/php.ini
## Configure sessions directory permissions
chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions
## Tweak PHP-FPM settings
# Please note: We are suppressing PHP error output here by setting these options to production values
sed -i "s/error_reporting = .*/error_reporting = E_ALL \& ~E_NOTICE \& ~E_STRICT \& ~E_DEPRECATED/" /etc/php/8.2/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = Off/" /etc/php/8.2/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 256M/" /etc/php/8.2/fpm/php.ini
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 256M/" /etc/php/8.2/fpm/php.ini
sed -i "s/post_max_size = .*/post_max_size = 256M/" /etc/php/8.2/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/8.2/fpm/php.ini
sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/8.2/fpm/php.ini
## Tune PHP-FPM pool settings
sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/pm\.max_children.*/pm.max_children = 70/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/pm\.start_servers.*/pm.start_servers = 20/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/pm\.min_spare_servers.*/pm.min_spare_servers = 20/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/pm\.max_spare_servers.*/pm.max_spare_servers = 35/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;pm\.max_requests.*/pm.max_requests = 500/" /etc/php/8.2/fpm/pool.d/www.conf
## How to fix the NGINX error “Failed to read PID from file”
#mkdir /etc/systemd/system/nginx.service.d
#printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf
unlink /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
cat > /etc/nginx/sites-available/freshrss <<"EOF"
server {
listen 80;
server_name _;
# the folder p of your FreshRSS installation
root /srv/FreshRSS/p/;
index index.php index.html index.htm;
# nginx log files
access_log /var/log/nginx/rss.access.log;
error_log /var/log/nginx/rss.error.log;
# php files handling
# this regex is mandatory because of the API
location ~ ^.+?\.php(/.*)?$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
# By default, the variable PATH_INFO is not set under PHP-FPM
# But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
# NOTE: the separate $path_info variable is required. For more details, see:
# https://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
try_files $uri $uri/ index.php;
}
# assets, media
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
#add_header Access-Control-Allow-Origin "*";
expires 365d;
access_log off;
}
}
EOF
ln -s /etc/nginx/sites-available/freshrss /etc/nginx/sites-enabled/
# FreshRSS Installation:
mkdir -p /srv/FreshRSS
# curl -o /tmp/freshrss.tar.gz -L https://github.com/FreshRSS/FreshRSS/archive/master.tar.gz
# tar xf /tmp/freshrss.tar.gz -C /srv/FreshRSS --strip-components=1
git clone https://github.com/FreshRSS/FreshRSS.git /srv/FreshRSS
chown -R www-data:www-data /srv/FreshRSS
# Setup the cron job to refresh feeds:
echo "*/15 * * * * root /usr/bin/php /srv/FreshRSS/app/actualize_script.php > /tmp/FreshRSS.log 2>&1" >> /etc/crontab
systemctl restart nginx && systemctl restart php8.2-fpm
apt autoremove && apt autoclean && apt clean

102
LXC-Debian/PVE01_LXC_Debian_Gitea.sh Normal file
View File

@ -0,0 +1,102 @@
#!/bin/sh
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: git.dmz.lan
#
# IP: 192.168.50.17/24
#
# URL: http://192.168.50.17:3000
#
# OS: Debain 12
#
# Container ID: 115
#
# Node: PVE01
#
################################################################################
#
# root pass: master_user@vm-net#01
#
################################################################################
#
# systemctl [start | stop | reload | restart | status] gitea.service
#
#
################################################################################
#
apt install -y git sqlite3
#Get the correct download link for the latest version
#wget https://dl.gitea.com/gitea/1.20.4/gitea-1.20.4-linux-amd64
wget https://dl.gitea.com/gitea/1.21.0/gitea-1.21.0-linux-amd64
#Move the binary to bin
mv gitea* /usr/local/bin/gitea
#Make executable
chmod +x /usr/local/bin/gitea
#Ensure it works
# /usr/local/bin/gitea --version
#Create the user/group for gitea to operate as
adduser --system --group --disabled-password --home /etc/gitea gitea
#Config directory was created by adduser
#Create directory structure (mountpoint should be /var/lib/gitea)
mkdir -p /var/lib/gitea/custom
mkdir -p /var/lib/gitea/data
mkdir -p /var/lib/gitea/indexers
mkdir -p /var/lib/gitea/log
mkdir -p /var/lib/gitea/public
chown -R gitea:gitea /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
cat > /etc/systemd/system/gitea.service <<"EOF"
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
[Service]
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
# LimitNOFILE=524288:524288
RestartSec=2s
Type=notify
User=gitea
Group=gitea
#The mount point we added to the container
WorkingDirectory=/var/lib/gitea
#Create directory in /run
RuntimeDirectory=gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=gitea HOME=/var/lib/gitea/data GITEA_WORK_DIR=/var/lib/gitea
WatchdogSec=30s
#Capabilities to bind to low-numbered ports
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload && systemctl enable --now gitea && systemctl start gitea
apt autoremove && apt autoclean && apt clean

70
LXC-Debian/PVE01_LXC_Debian_Jellyfin.sh Normal file
View File

@ -0,0 +1,70 @@
#!/bin/sh
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: jellyfin.iot.lan
#
# IP: 192.168.60.20/24
#
# OS: Debain 12
#
# Url: http://192.168.60.20:8096
#
# Url: https://jellyfin.vmnetz.lan64.de/
#
# Container ID: 117
#
# Node: PVE01
#
################################################################################
#
# root pass: master_user#01@vm-net
#
# Admin pass: master_user@jellyfin#01
#
#
################################################################################
#
# systemctl [start | stop | reload | restart | status] jellyfin
#
################################################################################
# echo 'mp0: /storage02/fileserver/multimedia,mp=/srv/multimedia' >> /etc/pve/nodes/pve01/lxc/117.conf
# echo 'mp1: /storage01/fileserver/downloads/jdownloader,mp=/srv/downloads' >> /etc/pve/nodes/pve01/lxc/117.conf
################################################################################
# 8096/tcp is used by default for HTTP traffic. This is admin configurable.
# 8920/tcp is used by default for HTTPS traffic. This is admin configurable.
# 1900/udp is used for service autodiscovery. This is not admin configurable as it would break client autodiscover.
#################################################################################
#
# Reset Initial Setup:
# If you made an error during the initial setup, you could revert with the following steps:
#
# nano /etc/jellyfin/system.xml
# Change the following, which is located on line 4:
#
# <IsStartupWizardCompleted>true</IsStartupWizardCompleted>
# To this:
#
# <IsStartupWizardCompleted>false</IsStartupWizardCompleted>
#################################################################################
apt install -y gnupg2 apt-transport-https
#apt install -y faac libfaac-dev
wget -O - https://repo.jellyfin.org/debian/jellyfin_team.gpg.key | apt-key add -
echo "deb [arch=$( dpkg --print-architecture )] https://repo.jellyfin.org/debian $( lsb_release -c -s ) main" | tee /etc/apt/sources.list.d/jellyfin.list
apt update && apt install -y jellyfin
systemctl enable jellyfin && systemctl start jellyfin
apt autoremove && apt autoclean && apt clean

109
LXC-Debian/PVE01_LXC_Debian_MariaDB.sh Normal file
View File

@ -0,0 +1,109 @@
#!/bin/sh
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: mariadb.dmz.lan
#
# IP: 192.168.50.19/24
#
# OS: Debain 12
#
# Container ID: 120
#
# Node: PVE01
#
################################################################################
#
#
#
################################################################################
apt install -y mariadb-server
systemctl stop mysql
mkdir -p /var/log/mysql
chown -R mysql:mysql /var/log/mysql
mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak
cat > /etc/mysql/my.cnf <<"EOF"
[client]
default-character-set = utf8mb4
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
log_error=/var/log/mysql/mysql_error.log
nice = 0
socket = /var/run/mysqld/mysqld.sock
[mysqld]
# performance_schema=ON
basedir = /usr
bind-address = 0.0.0.0
binlog_format = ROW
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
datadir = /var/lib/mysql
default_storage_engine = InnoDB
expire_logs_days = 2
general_log_file = /var/log/mysql/mysql.log
innodb_buffer_pool_size = 2G
innodb_log_buffer_size = 32M
innodb_log_file_size = 512M
innodb_read_only_compressed=OFF
join_buffer_size = 2M
key_buffer_size = 512M
lc_messages_dir = /usr/share/mysql
lc_messages = en_US
log_bin = /var/log/mysql/mariadb-bin
log_bin_index = /var/log/mysql/mariadb-bin.index
log_error = /var/log/mysql/mysql_error.log
log_slow_verbosity = query_plan
log_warnings = 2
long_query_time = 1
max_connections = 100
max_heap_table_size = 64M
myisam_sort_buffer_size = 512M
port = 3306
pid-file = /var/run/mysqld/mysqld.pid
query_cache_limit = 0
query_cache_size = 0
read_buffer_size = 2M
read_rnd_buffer_size = 2M
skip-name-resolve
socket = /var/run/mysqld/mysqld.sock
sort_buffer_size = 2M
table_open_cache = 400
table_definition_cache = 800
tmp_table_size = 32M
tmpdir = /tmp
transaction_isolation = READ-COMMITTED
user = mysql
wait_timeout = 600
[mysqldump]
max_allowed_packet = 16M
quick
quote-names
[isamchk]
key_buffer = 16M
EOF
systemctl restart mysql.service
echo -e '\033[33m------Secure MariaDB installation-----\033[33m'
echo -e "\033[0m"
# master_user@mariaDB#01
mysql_secure_installation
apt autoremove && apt autoclean && apt clean

43
LXC-Debian/PVE01_LXC_Debian_PBS.sh Normal file
View File

@ -0,0 +1,43 @@
#!/bin/sh
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: pbs01.home.lan
#
# IP: 192.168.10.55/24
#
# OS: Debian 12
#
# URL: https://192.168.10.55:8007
#
# URL: https://pbs01.vmnetz.lan64.de:8007/
#
# Container ID:108
#
# Node: PVE01
#
################################################################################
wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
# Add pbs-no-subscription repository
echo "deb http://download.proxmox.com/debian/pbs bookworm pbs-no-subscription" >> /etc/apt/sources.list
# Install Proxmox Backup Server on Debian:
# ========================================
apt update && apt install -y proxmox-backup-server
apt autoremove && apt autoclean && apt clean

200
LXC-Debian/PVE01_LXC_Debian_Seedbox.sh Normal file
View File

@ -0,0 +1,200 @@
#!/bin/sh
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: seedbox.vpn.lan
#
# IP: 192.168.20.10/24
#
# OS: Debian 12
#
# URL DanteProxy: http://192.168.20.10:1080
#
# URL qBittorrent: http://192.168.20.10:8080
#
# URL Jackett: http://192.168.20.10:9117
#
# Container ID: 109
#
# Node: PVE01
#
################################################################################
#
# qbittorrent Username is admin. Default password is “adminadmin”
# Config: /home/qbittorrent-nox/.config/qBittorrent/qBittorrent.conf
#
# root pass: master_user#01@vmnets.de
#
################################################################################
#
#
# echo 'mp0: /storage01/fileserver/downloads/torrent,mp=/srv/downloads' >> /etc/pve/nodes/pve01/lxc/109.conf
#
################################################################################
#
# systemctl [start | stop | reload | restart | status] danted
#
# systemctl [start | stop | reload | restart | status] qbittorrent-nox
#
# systemctl [start | stop | reload | restart | status] jackett
#
################################################################################
while :
do
clear
echo ""
echo "\033[1m I N S T A L L Seedbox"
echo " -----------------------------"
echo "\033[0m"
echo "01.Install Dante SOCKS5 proxy"
echo "02.Install qBittorrent"
echo "03.Install Jackett"
echo ""
echo " x. Exit"
echo ""
echo -n " Please enter option [01 - 04]"
read opt
case $opt in
##################################################################################
01) echo "************ Install Dante Proxy **********************";
##################################################################################
apt install -y dante-server
mv /etc/danted.conf /etc/danted.conf.default
cat > /etc/danted.conf <<"EOF"
#logoutput: /var/log/socks.log
internal: eth0 port = 1080
external: eth0
socksmethod: username none
user.privileged: root
user.notprivileged: nobody
client pass {
from: 192.168.10.0/24 port 1-65535 to: 0.0.0.0/0
}
client pass {
from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}
socks pass {
from: 192.168.10.0/24 to: 0.0.0.0/0
protocol: tcp udp
}
socks pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
}
socks block {
from: 0.0.0.0/0 to: 127.0.0.0/8
log: connect disconnect error
}
socks block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}
EOF
service danted restart
cat > /root/myip.sh <<"EOF"
#!/bin/sh
#
curl ipinfo.io
EOF
chmod +x /root/myip.sh
apt autoremove && apt autoclean && apt clean
;;
##################################################################################
02) echo "************ Install qBittorrent ****************";
##################################################################################
#
# http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz
#
# /srv/downloads/torrent/tmp
# /srv/downloads/torrent/torrents
# /srv/downloads/torrent/qbittorrent
#
##################################################################################
apt install -y qbittorrent-nox
adduser --system --group qbittorrent-nox
cat > /etc/systemd/system/qbittorrent-nox.service <<"EOF"
[Unit]
Description=qBittorrent Command Line Client
After=network.target
[Service]
#Do not change to "simple"
Type=forking
User=qbittorrent-nox
Group=qbittorrent-nox
UMask=000
ExecStart=/usr/bin/qbittorrent-nox -d --webui-port=8080
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload && systemctl enable qbittorrent-nox && systemctl start qbittorrent-nox
#systemctl status qbittorrent-nox
apt autoremove && apt autoclean && apt clean
;;
##################################################################################
03) echo "************ Install Jackett *****************";
##################################################################################
#https://github.com/Jackett/Jackett/releases
apt install -y liblttng-ust0 libunwind8 libuuid1 libcurl4 libkrb5-3 zlib1g libssl1.1
useradd -m jackett
cd /opt && wget https://github.com/Jackett/Jackett/releases/download/v0.20.314/Jackett.Binaries.LinuxAMDx64.tar.gz
tar zxvf Jackett.Binaries.LinuxAMDx64.tar.gz && rm Jackett.Binaries.LinuxAMDx64.tar.gz
chown -R jackett:jackett /opt/Jackett
/opt/Jackett/./install_service_systemd.sh
;;
x) echo "";
exit 1;;
*) echo " Press [enter] key to continue. . .";
read enterKey;;
esac
done

106
LXC-Debian/PVE01_LXC_Debian_Syncthing.sh Normal file
View File

@ -0,0 +1,106 @@
#!/bin/bash
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: syncthing.dmz.lan
#
# IP: 192.168.50.14/24
#
# Url: https://192.168.50.14:8384
#
# Url: https://syncthing.vmnetz.lan64.de/
#
# OS: Debain 12
#
# Container ID: 105
#
# Node: PVE01
#
################################################################################
#
#
#
################################################################################
#
# echo 'mp0: /storage01/fileserver/syncthing,mp=/srv/syncthing' >> /etc/pve/nodes/pve01/lxc/105.conf
#
################################################################################
apt install -y gnupg
curl -s -o /usr/share/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg
echo "deb [signed-by=/usr/share/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | tee /etc/apt/sources.list.d/syncthing.list
# Bevorzugung von Syncthing-Paketen ("Pinning")
printf "Package: *\nPin: origin apt.syncthing.net\nPin-Priority: 990\n" | tee /etc/apt/preferences.d/syncthing
echo -e '\033[33m------ADDUSER Syncthing------\033[33m'
echo -e "\033[0m"
adduser --disabled-login syncthing
# Make synthing home directory accessable for all other users:
chmod 2770 /home/syncthing/
su -l syncthing -c 'echo "umask 007" >> /home/syncthing/.profile'
su -l syncthing -c 'echo "umask 007" >> /home/syncthing/https://syncthing.vmnetz.lan64.de/.bash_profile'
echo -e '\033[33m------Update and install Syncthing------\033[33m'
echo -e "\033[0m"
apt update && apt install -y syncthing
mv /lib/systemd/system/syncthing@.service /lib/systemd/system/syncthing@.service.default
cat > /lib/systemd/system/syncthing@.service <<"EOF"
[Unit]
Description=Syncthing - Open Source Continuous File Synchronization for %I
Documentation=man:syncthing(1)
After=network.target
StartLimitIntervalSec=60
StartLimitBurst=4
[Service]
User=%i
#ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0
ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0 -home="/home/syncthing/.config/syncthing" -gui-address="192.168.50.14:8384"
Restart=on-failure
RestartSec=1
SuccessExitStatus=3 4
RestartForceExitStatus=3 4
# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true
# Elevated permissions to sync ownership (disabled by default),
# see https://docs.syncthing.net/advanced/folder-sync-ownership
#AmbientCapabilities=CAP_CHOWN CAP_FOWNER
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload && systemctl enable syncthing@syncthing.service
#systemctl status syncthing@syncthing.service
cp /home/syncthing/.config/syncthing/config.xml /home/syncthing/.config/syncthing/config.default
systemctl start syncthing@syncthing.service
apt autoremove && apt autoclean && apt clean

71
LXC-Debian/PVE01_LXC_Debian_jDownloader.sh Normal file
View File

@ -0,0 +1,71 @@
#!/bin/bash
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
if [ ! -f /etc/debian_version ]; then
echo "Unsupported Linux Distribution. Prepared for Debian"
exit 1
fi
################################################################################
#
# Hostname: jdownloader.home.lan
#
# IP: 192.168.10.57/24
#
# OS: Debian 12
#
# Container ID: 116
#
# Node: pve01
#
################################################################################
#
# root pass: master_user#01@vmnets.de
#
################################################################################
#
# echo 'mp0: /srv/fileserver_data/downloads/jdownloader,mp=/opt/jdownloader/Downloads' >> /etc/pve/nodes/pve01/lxc/116.conf
#
################################################################################
#
apt install -y \
openjdk-17-jdk-headless \
unzip \
unrar
groupadd --system jdownloader
#adduser jdownloader --system --group jdownloader--home /opt/jdownloader --shell=/bin/false
adduser jdownloader --system --home /opt/jdownloader --shell=/bin/false
usermod -a -G jdownloader jdownloader
mkdir -p /opt/jdownloader/downloads
chown -R jdownloader:jdownloader /opt/jdownloader
cat << 'EOF' > /etc/systemd/system/jdownloader.service
[Unit]
Description=JDownloader
After=network.target
[Service]
#ExecStart=/usr/bin/java -Djava.awt.headless=true -Xmx512m -jar /opt/jdownloader/JDownloader.jar
ExecStart=/usr/bin/java -Djava.awt.headless=true -jar /opt/jdownloader/JDownloader.jar
Type=simple
User=jdownloader
Group=jdownloader
RemainAfterExit=yes
UMask=000
[Install]
WantedBy=multi-user.target
EOF
systemctl enable --now jdownloader
apt autoremove && apt autoclean && apt clean