Add right type to transmission-vpn.service

Fix: add new file for previous commit
Add timer for transmission-daemon at boot
2023-02-19 16:45:27 +01:00 · 2023-02-12 18:05:09 +01:00 · 2023-02-12 18:04:11 +01:00 · 2023-02-12 17:37:38 +01:00 · 2023-02-12 13:34:18 +01:00 · 2023-02-11 16:59:56 +01:00
11 changed files with 54 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -7,20 +7,28 @@ The idea is to provide the following features, chosen at install:
 * a web interface for file management with [File Browser](https://github.com/filebrowser/filebrowser);
 * a DLNA server with MiniDLNA;
 * a BitTorrent client with Transmission, which comes with a server web interface;
-* an VPN client with OpenVPN;
+* a VPN client with OpenVPN;
 * a FTP server with vsftpd.
 In addition, Nginx is used to provide HTTPS proxy to File Browser and Transmission
 ### Requirements
 The following list of packages must be installed manually (depending on which features are needed):
-```transmission-daemon minidlna openvpn nginx```
+```transmission-daemon minidlna openvpn nginx vsftpd```
 File Browser must be installed manually at `/usr/local/bin/filebrowser`.
 A "NAS user" should be defined, owner of the NAS root directory: This user shall run some of above services.
 If using Transmission, you need to set an OpenVPN connection config as `vpn`.
 ### File Browser init
 If using File Browser, it should be initiated first:
 ```
 sudo -u <nas-user> filebrowser -d <nas>/filebrowser.db --username <admin>
 ```
 ### Files
 * `transmission-vpn.sh` is a script which checks if a VPN connection is active and stops Transmission otherwise.
-* `variables.conf.template` contains examples variables definitions, and should be copied locally to `variables.conf`
+* `variables.conf.template` contains examples of variables definitions, and should be copied locally to `variables.conf`
  (with any required modifications).
 * `systemd-templates/` contains Systemd units templates for all the services.
 * `nginx-blocks/` contains Nginx configuration blocks.
--- a/install.sh
+++ b/install.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-run_directory=$(dirname "$0")
+run_directory=$(dirname $(readlink -f "$0"))
 user=$(whoami)
 source "$run_directory/variables.conf"
@ -18,8 +18,8 @@ fi
 echo "Copying Systemd units to system directory..."
-if [ ! -f /etc/ssl/cert.crt ]; then
+if [ ! -f $crt_path ]; then
-  $sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/ssl/cert.crt -keyout /etc/ssl/cert.key \
+  $sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $crt_path -keyout $key_path \
    -subj "/C=/ST=/L=/O=/OU=/CN="
 fi
 if [ -d /etc/nginx ]; then
@ -32,7 +32,9 @@ if [ "$filebrowser" = "yes" ]; then
  $sudo sed -i -e "s/PH_NAS_USER/$nas_user/g" /etc/systemd/system/filebrowser.service
  $sudo sed -i -e "s:PH_NAS_DIRECTORY:$nas_location:g" /etc/systemd/system/filebrowser.service
  $sudo cp $run_directory/nginx-blocks/filebrowser /etc/nginx/sites-available/filebrowser
-  $sudo sed -i -e "s/PH_FQDN/$(hostname)/g" /etc/nginx/sites-available/filebrowser
+  $sudo sed -i -e "s/PH_SRVNAME/$filebrowser_server_name/g" /etc/nginx/sites-available/filebrowser
  $sudo sed -i -e "s:PH_CRT:$crt_path:g" /etc/nginx/sites-available/filebrowser
  $sudo sed -i -e "s:PH_KEY:$key_path:g" /etc/nginx/sites-available/filebrowser
  $sudo ln -sf ../sites-available/filebrowser /etc/nginx/sites-enabled/filebrowser
 fi
@ -44,16 +46,22 @@ fi
 if [ "$dl_server" = "yes" ]; then
  $sudo cp $run_directory/systemd-templates/transmission-daemon.service /etc/systemd/system/
  $sudo sed -i -e "s/PH_NAS_USER/$nas_user/g" /etc/systemd/system/transmission-daemon.service
  $sudo sed -i -e "s:PH_DIRECTORY:$run_directory:g" /etc/systemd/system/transmission-daemon.service
  $sudo sed -i -e "s/PH_AUTHORIZED_ADDRESSES/$authorized_ips/g" /etc/systemd/system/transmission-daemon.service
  $sudo sed -i -e "s/PH_USER/$user/g" /etc/systemd/system/transmission-daemon.service
  $sudo sed -i -e "s/PH_PASSWORD/$password/g" /etc/systemd/system/transmission-daemon.service
  $sudo sed -i -e "s:PH_DL_LOCATION:$dl_location:g" /etc/systemd/system/transmission-daemon.service
  $sudo cp $run_directory/systemd-templates/transmission-daemon.timer /etc/systemd/system/
  $sudo cp $run_directory/systemd-templates/transmission-vpn.service /etc/systemd/system/
  $sudo sed -i -e "s:PH_DIRECTORY:$run_directory:g" /etc/systemd/system/transmission-vpn.service
  $sudo cp $run_directory/systemd-templates/transmission-vpn.timer /etc/systemd/system/
  $sudo cp $run_directory/nginx-blocks/transmission /etc/nginx/sites-available/transmission
-  $sudo sed -i -e "s/PH_FQDN/$(hostname)/g" /etc/nginx/sites-available/transmission
+  $sudo sed -i -e "s/PH_SRVNAME/$transmission_server_name/g" /etc/nginx/sites-available/transmission
  $sudo sed -i -e "s:PH_CRT:$crt_path:g" /etc/nginx/sites-available/transmission
  $sudo sed -i -e "s:PH_KEY:$key_path:g" /etc/nginx/sites-available/transmission
  $sudo ln -sf ../sites-available/transmission /etc/nginx/sites-enabled/transmission
  $sudo systemctl disable transmission-daemon.service
  $sudo systemctl enable transmission-daemon.timer
 fi
 if [ "$ftp_server" = "yes" ]; then
--- a/nginx-blocks/filebrowser
+++ b/nginx-blocks/filebrowser
@ -1,12 +1,12 @@
 server {
  listen              443 ssl;
-  server_name         nas.PH_FQDN;
+  server_name         PH_SRVNAME;
-  ssl_certificate     /etc/ssl/cert.crt;
+  ssl_certificate     PH_CRT;
-  ssl_certificate_key /etc/ssl/cert.key;
+  ssl_certificate_key PH_KEY;
  location / {
-    proxy_pass                            http://localhost:8080;
+    proxy_pass                            http://127.0.0.1:8080;
    add_header Strict-Transport-Security  "max-age=31536000; includeSubDomains";
  }
 }
--- a/nginx-blocks/transmission
+++ b/nginx-blocks/transmission
@ -1,12 +1,12 @@
 server {
  listen              443 ssl;
-  server_name         dl.PH_FQDN;
+  server_name         PH_SRVNAME;
-  ssl_certificate     /etc/ssl/cert.crt;
+  ssl_certificate     PH_CRT;
-  ssl_certificate_key /etc/ssl/cert.key;
+  ssl_certificate_key PH_KEY;
  location / {
-    proxy_pass                            http://localhost:3389;
+    proxy_pass                            http://127.0.0.1:9091;
    add_header Strict-Transport-Security  "max-age=31536000; includeSubDomains";
  }
 }
--- a/systemd-templates/filebrowser.service
+++ b/systemd-templates/filebrowser.service
@ -4,7 +4,7 @@ Description=File Browser web interface
 [Service]
 User=PH_NAS_USER
 Type=simple
-ExecStart=/usr/local/bin/filebrowser -d PH_NAS_DIRECTORY
+ExecStart=/usr/local/bin/filebrowser -d PH_NAS_DIRECTORY/PH_NAS_USER/filebrowser.db -r PH_NAS_DIRECTORY
 [Install]
 WantedBy=default.target
--- a/systemd-templates/transmission-daemon.service
+++ b/systemd-templates/transmission-daemon.service
@ -1,12 +1,12 @@
 [Unit]
 Description=Transmission BitTorrent Daemon (KTO)
 Wants=transmission-vpn.service
 BindsTo=transmission-vpn.timer
 After=network.target transmission-vpn.timer
 [Service]
 User=PH_NAS_USER
 Type=notify
 ExecStartPre=PH_DIRECTORY/transmission-vpn.sh
 ExecStart=/usr/bin/transmission-daemon -f --log-error -a PH_AUTHORIZED_ADDRESSES -C -t -u PH_USER -v PH_PASSWORD -w PH_DL_LOCATION
 ExecStop=/bin/kill -s STOP $MAINPID
 ExecReload=/bin/kill -s HUP $MAINPID
--- a/systemd-templates/transmission-daemon.timer
+++ b/systemd-templates/transmission-daemon.timer
@ -0,0 +1,8 @@
 [Unit]
 Description=Wait 1m before starting Transmission at boot
 [Timer]
 OnBootSec=1m
 [Install]
 WantedBy=default.target
--- a/systemd-templates/transmission-vpn.service
+++ b/systemd-templates/transmission-vpn.service
@ -3,6 +3,7 @@ Description=Make sure VPN is active for Transmission
 OnFailure=transmission-daemon.service
 [Service]
 Type=oneshot
 ExecStart=PH_DIRECTORY/transmission-vpn.sh
 [Install]
--- a/systemd-templates/transmission-vpn.timer
+++ b/systemd-templates/transmission-vpn.timer
@ -3,7 +3,7 @@ Description=Regular check for VPN while Transmission is running
 BindsTo=transmission-daemon.service
 [Timer]
-OnUnitInactiveSec=10m
+OnUnitInactiveSec=5m
 [Install]
 WantedBy=default.target
--- a/transmission-vpn.sh
+++ b/transmission-vpn.sh
@ -5,11 +5,13 @@
    # This will be achieved with a timer started and stopped with transmission service
  # On transmission starting
 # When the script exits with failure, associated service should try to start transmission service
  # NOTE not on transmission starting, as this script is not run by its service; it means there's an issue with VPN at
  # start, and this should be looked at manually
 # Thus this script will be executed again
  # We can enter an infinite loop, but this will effectively prevent transmission from connecting
 # If both services are stopped, this script will never be run by error
-run_directory=$(dirname "$0")
+run_directory=$(dirname $(readlink -f "$0"))
 source "$run_directory/variables.conf"
 # Parameters
--- a/variables.conf.template
+++ b/variables.conf.template
@ -5,14 +5,21 @@
 nas_location=""
 nas_user=""
 # Paths to X509 certificate and key
 # If they do not exist, they will be created as a self-singed certificate
 crt_path="/etc/ssl/cert.crt"
 key_path="/etc/ssl/cert.key"
 # Set up File Browser
 filebrowser="yes"
 filebrowser_server_name="files.$(hostname)"
 # Set up MiniDLNA
 dlna_server="yes"
 # Set up Transmission and OpenVPN
 dl_server="yes"
 transmission_server_name="dl.$(hostname)"
 real_ip="" # for VPN check
 authorized_ips="" # for transmission web interface
 user="" # user for transmission web interface
Author	SHA1	Message	Date
Alexandre CATTEAU	caafba2ed2	Add right type to transmission-vpn.service	2023-02-19 16:45:27 +01:00
Alexandre CATTEAU	2798e786a9	Fix: add new file for previous commit	2023-02-12 18:05:09 +01:00
Alexandre CATTEAU	24e1a6221a	Add timer for transmission-daemon at boot	2023-02-12 18:04:11 +01:00
Alexandre CATTEAU	5722bc62da	Change behaviour of transmission at start (so that cannot start without VPN)	2023-02-12 17:37:38 +01:00
Alexandre CATTEAU	9f3b607414	Replaces Wants transmission-vpn.service by Requires in transmission-daemon.service	2023-02-12 13:34:18 +01:00
Alexandre CATTEAU	e35d7400c6	Change default path for Filebrowser DB	2023-02-11 16:59:56 +01:00
Alexandre CATTEAU	ec3f7c7bdf	Change VPN timer to 5min	2023-01-08 17:09:20 +01:00
Alexandre CATTEAU	6b29e8ff3f	Add support for providing other certificate	2022-11-16 18:28:13 +01:00
Alexandre CATTEAU	d433f0d04f	Correct error in install script	2022-11-12 15:30:45 +01:00
Alexandre CATTEAU	011243f863	Replace localhost by loopback address in Nginx blocks	2022-11-11 12:36:33 +01:00
Alexandre CATTEAU	aac6bc62ea	Set scripts to new run_directory norm	2022-09-22 18:55:15 +02:00
Alexandre CATTEAU	856281d1fd	Update README	2022-09-18 11:57:20 +02:00
Alexandre CATTEAU	321f92e962	Fix port error in Nginx Transmission block	2022-09-16 20:29:33 +02:00
Alexandre CATTEAU	3e33da0710	Fix typo in install script	2022-09-16 20:25:23 +02:00
Alexandre CATTEAU	30a35759ca	Add root directory to File Browser service unit	2022-09-16 18:31:45 +02:00
Alexandre CATTEAU	890c2bd030	Update README	2022-09-16 18:23:51 +02:00
Alexandre CATTEAU	a147a1655d	Fix error in File Browser service unit	2022-09-16 18:23:43 +02:00