diff --git a/Dockerfile b/Dockerfile index 5bd42c9..e749218 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,28 +7,20 @@ MAINTAINER Kristian Haugene VOLUME /data -# Update package sources list -RUN apt-get update - -# Add transmission ppa repository for latest releases -RUN apt-get -y install software-properties-common -RUN add-apt-repository ppa:transmissionbt/ppa - # Update packages and install software -RUN apt-get update -RUN apt-get install -y transmission-cli -RUN apt-get install -y transmission-common -RUN apt-get install -y transmission-daemon -RUN apt-get install -y openvpn -RUN apt-get install -y curl - -VOLUME /config +RUN apt-get update \ + && apt-get -y install software-properties-common \ + && add-apt-repository ppa:transmissionbt/ppa \ + && apt-get update \ + && apt-get install -y transmission-cli transmission-common transmission-daemon openvpn curl \ + && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ + && curl -L https://github.com/jwilder/dockerize/releases/download/v0.0.2/dockerize-linux-amd64-v0.0.2.tar.gz | tar -C /usr/local/bin -xzv # Add configuration and scripts -ADD piaconfig/config.ovpn /etc/openvpn/config.ovpn +ADD piaconfig/* /etc/openvpn/ ADD piaconfig/ca.crt /etc/openvpn/ca.crt ADD piaconfig/crl.pem /etc/openvpn/crl.pem -ADD transmission/defaultSettings.json /etc/transmission-daemon/settings.json +ADD transmission/defaultSettings.tmpl /etc/transmission-daemon/settings.tmpl ADD transmission/updateTransmissionPort.sh /etc/transmission-daemon/updatePort.sh ADD transmission/periodicUpdates.sh /etc/transmission-daemon/periodicUpdates.sh ADD transmission/run.sh /etc/transmission-daemon/start.sh @@ -36,9 +28,81 @@ ADD transmission/runUpdates.sh /etc/transmission-daemon/startPortUpdates.sh ADD transmission/down.sh /etc/transmission-daemon/stop.sh ADD runOpenVpn.sh /etc/openvpn/start.sh +ENV PIA_USERNAME=**None** \ + PIA_PASSWORD=**None** \ + "TRANSMISSION_ALT_SPEED_DOWN=50" \ + "TRANSMISSION_ALT_SPEED_ENABLED=false" \ + "TRANSMISSION_ALT_SPEED_TIME_BEGIN=540" \ + "TRANSMISSION_ALT_SPEED_TIME_DAY=127" \ + "TRANSMISSION_ALT_SPEED_TIME_ENABLED=false" \ + "TRANSMISSION_ALT_SPEED_TIME_END=1020" \ + "TRANSMISSION_ALT_SPEED_UP=50" \ + "TRANSMISSION_BIND_ADDRESS_IPV4=0.0.0.0" \ + "TRANSMISSION_BIND_ADDRESS_IPV6=::" \ + "TRANSMISSION_BLOCKLIST_ENABLED=false" \ + "TRANSMISSION_BLOCKLIST_URL=http://www.example.com/blocklist" \ + "TRANSMISSION_CACHE_SIZE_MB=4" \ + "TRANSMISSION_DHT_ENABLED=true" \ + "TRANSMISSION_DOWNLOAD_DIR=/data/completed" \ + "TRANSMISSION_DOWNLOAD_LIMIT=100" \ + "TRANSMISSION_DOWNLOAD_LIMIT_ENABLED=0" \ + "TRANSMISSION_DOWNLOAD_QUEUE_ENABLED=true" \ + "TRANSMISSION_DOWNLOAD_QUEUE_SIZE=5" \ + "TRANSMISSION_ENCRYPTION=1" \ + "TRANSMISSION_IDLE_SEEDING_LIMIT=30" \ + "TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=false" \ + "TRANSMISSION_INCOMPLETE_DIR=/data/incomplete" \ + "TRANSMISSION_INCOMPLETE_DIR_ENABLED=true" \ + "TRANSMISSION_LPD_ENABLED=false" \ + "TRANSMISSION_MAX_PEERS_GLOBAL=200" \ + "TRANSMISSION_MESSAGE_LEVEL=2" \ + "TRANSMISSION_PEER_CONGESTION_ALGORITHM=" \ + "TRANSMISSION_PEER_ID_TTL_HOURS=6" \ + "TRANSMISSION_PEER_LIMIT_GLOBAL=200" \ + "TRANSMISSION_PEER_LIMIT_PER_TORRENT=50" \ + "TRANSMISSION_PEER_PORT=51413" \ + "TRANSMISSION_PEER_PORT_RANDOM_HIGH=65535" \ + "TRANSMISSION_PEER_PORT_RANDOM_LOW=49152" \ + "TRANSMISSION_PEER_PORT_RANDOM_ON_START=false" \ + "TRANSMISSION_PEER_SOCKET_TOS=default" \ + "TRANSMISSION_PEX_ENABLED=true" \ + "TRANSMISSION_PORT_FORWARDING_ENABLED=false" \ + "TRANSMISSION_PREALLOCATION=1" \ + "TRANSMISSION_PREFETCH_ENABLED=1" \ + "TRANSMISSION_QUEUE_STALLED_ENABLED=true" \ + "TRANSMISSION_QUEUE_STALLED_MINUTES=30" \ + "TRANSMISSION_RATIO_LIMIT=2" \ + "TRANSMISSION_RATIO_LIMIT_ENABLED=false" \ + "TRANSMISSION_RENAME_PARTIAL_FILES=true" \ + "TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=false" \ + "TRANSMISSION_RPC_BIND_ADDRESS=0.0.0.0" \ + "TRANSMISSION_RPC_ENABLED=true" \ + "TRANSMISSION_RPC_PASSWORD=password" \ + "TRANSMISSION_RPC_PORT=9091" \ + "TRANSMISSION_RPC_URL=/transmission/" \ + "TRANSMISSION_RPC_USERNAME=username" \ + "TRANSMISSION_RPC_WHITELIST=127.0.0.1" \ + "TRANSMISSION_RPC_WHITELIST_ENABLED=false" \ + "TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=true" \ + "TRANSMISSION_SCRIPT_TORRENT_DONE_ENABLED=false" \ + "TRANSMISSION_SCRIPT_TORRENT_DONE_FILENAME=" \ + "TRANSMISSION_SEED_QUEUE_ENABLED=false" \ + "TRANSMISSION_SEED_QUEUE_SIZE=10" \ + "TRANSMISSION_SPEED_LIMIT_DOWN=100" \ + "TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED=false" \ + "TRANSMISSION_SPEED_LIMIT_UP=100" \ + "TRANSMISSION_SPEED_LIMIT_UP_ENABLED=false" \ + "TRANSMISSION_START_ADDED_TORRENTS=true" \ + "TRANSMISSION_TRASH_ORIGINAL_TORRENT_FILES=false" \ + "TRANSMISSION_UMASK=2" \ + "TRANSMISSION_UPLOAD_LIMIT=100" \ + "TRANSMISSION_UPLOAD_LIMIT_ENABLED=0" \ + "TRANSMISSION_UPLOAD_SLOTS_PER_TORRENT=14" \ + "TRANSMISSION_UTP_ENABLED=true" \ + "TRANSMISSION_WATCH_DIR=/data/watch" \ + "TRANSMISSION_WATCH_DIR_ENABLED=true" \ + RESOLV_OVERRIDE=**None** + # Expose port and run. Use baseimage-docker's init system EXPOSE 9091 CMD ["/etc/openvpn/start.sh"] - -# Clean up APT when done. -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/README.md b/README.md index 805b39f..abb3cc8 100644 --- a/README.md +++ b/README.md @@ -6,15 +6,64 @@ This Docker container lets you run Transmission with WebUI while connecting to P The container is available from the Docker registry and this is the simplest way to get it. To run the container use this command: ``` -$ docker run --privileged -d -v /your/storage/path/:/data -v /your/config/path/:/config -p 9091:9091 haugene/transmission-openvpn +$ docker run --privileged -d \ + -v /your/storage/path/:/data \ + -e "PIA_USERNAME=user" \ + -e "PIA_PASSWORD=pass" \ + -p 9091:9091 \ + haugene/transmission-openvpn ``` -As you can see, the container expects two volumes to be mounted. One is used for storing your downloads from Transmission, and the other provides configurations. The container comes with a default Transmission settings.json file that expects the folders "completed, incomplete and watch" to be present in /your/storage/path (aka /data). This is where Transmission will store your downloads, incomplete downloads and a watch directory to look for new .torrent files. +or you could optionally specify which vpn server to use by setting an environment variable to one of the ovpn configs avaliable [in this folder](https://github.com/haugene/docker-transmission-openvpn/tree/master/piaconfig). -The only mandatory configuration is a pia-credentials.txt file that needs to be put in /your/config/path/ directory. In the file you supply your username and password for Private Internet Access VPN connections. The file should have two lines; your username on line 1 and your password on line 2. The container will connect to the Private Internet Access VPN servers in Netherlands by default. +``` +$ docker run --privileged -d \ + -v /your/storage/path/:/data \ + -e "PIA_USERNAME=user" \ + -e "PIA_PASSWORD=pass" \ + -p 9091:9091 \ + -e "OPEN_VPN_CONFIG=US West" \ + haugene/transmission-openvpn +``` + +As you can see, the container expects a data volume to be mounted. It is used for storing your downloads from Transmission. The container comes with a default Transmission `settings.json` file that expects the folders `completed`, `incomplete`, and `watch` to be present in /your/storage/path (aka /data). This is where Transmission will store your downloads, incomplete downloads and a watch directory to look for new .torrent files. + +The only mandatory configuration is to set two environment variables for your PIA username and password. You must set the environment variables `PIA_USERNAME` and `PIA_PASSWORD` to your login credentials. The container will connect to the Private Internet Access VPN servers in Netherlands by default. NB: Instructions on how to use your own Transmission settings, and how to connect to the WebUI, is further down in the README. +## Required environment options +| Variable | Function | Example | +|----------|----------|-------| +|`PIA_USERNAME`|Your login username for PIA|`PIA_USERNAME=asdf`| +|`PIA_PASSWORD`|Your login password for PIA|`PIA_PASSWORD=asdf`| + +## Network configuration options +| Variable | Function | Example | +|----------|----------|-------| +|`OPEN_VPN_CONFIG` | Sets the PIA endpoint to connect to. | `OPEN_VPN_CONFIG=UK Southampton`| +|`RESOLV_OVERRIDE` | The value of this variable will be written to `/etc/resolv.conf`. | `RESOLV_OVERRIDE=nameserver 8.8.8.8\nnameserver 8.8.4.4\n`| + +## Storage options +| Variable | Function | Example | +|----------|----------|-------| +|`KEEP_TRANSMISSION_STATE`|If set, persists transmission data to your /data mount point. Keeps state between restarts. Delete the folder to disable this later. |`KEEP_TRANSMISSION_STATE=YES`| + +## Transmission configuration options + +You may override transmission options by setting the appropriate environment variable. + +The environment variables are the same name as used in the transmission settings.json file and follow the format given in these examples: + +| Transmission variable name | Environment variable name | +|----------------------------|---------------------------| +| `speed-limit-up` | `TRANSMISSION_SPEED_LIMIT_UP` | +| `speed-limit-up-enabled` | `TRANSMISSION_SPEED_LIMIT_UP_ENABLED` | +| `ratio-limit` | `TRANSMISSION_RATIO_LIMIT` | +| `ratio-limit-enabled` | `TRANSMISSION_RATIO_LIMIT_ENABLED` | + +As you can see the variables are prefixed with `TRANSMISSION_`, the variable is capitalized, and `-` is converted to `_`. + # Building the container yourself To build this container, clone the repository and cd into it. @@ -25,20 +74,16 @@ $ docker build -t="docker-transmission-openvpn" . ``` ### Run it: ``` -$ docker run --privileged -d -v /your/storage/path/:/data -v /your/config/path/:/config -p 9091:9091 docker-transmission-openvpn +$ docker run --privileged -d \ + -v /your/storage/path/:/data \ + -e "PIA_USERNAME=user" \ + -e "PIA_PASSWORD=pass" \ + -p 9091:9091 \ + docker-transmission-openvpn ``` As described in the "Run container from Docker registry" section, this will start a container with default settings. This means that you should have the folders "completed, incomplete and watch" in /your/storage/path, and pia-credentials.txt in /your/config/path. -### But I want to provide my own Transmission settings! -OK, so you're advanced. If you want to change the Transmission settings from the defaults, create your own settings.json file or base it on the default config. Then make the container use it by adding a folder called "transmission" in /your/config/path and place your settings.json there. - -On container startup it checks for /config/transmission/settings.json and uses /config/transmission as config directory if the settings file is present. This also means that Transmission will store its state here, so that you don't have to add torrents again when the container restarts. - -If you enable rpc-authentication in your Transmission settings, you need to provide your credentials in a file called transmission-credentials.txt and place it in your config directory. The file is on the same format as pia-credentials.txt, username and password. This is needed because we run a script hourly to get an open port, making us connectable, from PIA. To set this port in Transmission the script needs to know your rpc-authentication username and password. - -NB: Do not change the settings.json file while container is running. Transmission persist its config on shutdown, and this will override your changes. Stop the container, do configurations, then start it again. - ### Access the WebUI But what's going on? My http://my-host:9091 isn't responding? This is because the VPN is active, and since docker is running in a different ip range than your client the response to your request will be treated as "non-local" traffic and therefore be routed out through the VPN interface. diff --git a/piaconfig/AU Melbourne.ovpn b/piaconfig/AU Melbourne.ovpn new file mode 100644 index 0000000..b2be48e --- /dev/null +++ b/piaconfig/AU Melbourne.ovpn @@ -0,0 +1,22 @@ +client +dev tun +proto udp +remote aus-melbourne.privateinternetaccess.com 1194 +resolv-retry infinite +nobind +persist-key +persist-tun +tls-client +remote-cert-tls server +comp-lzo +verb 1 +reneg-sec 0 + +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem + +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/AU Sydney.ovpn b/piaconfig/AU Sydney.ovpn new file mode 100644 index 0000000..5106144 --- /dev/null +++ b/piaconfig/AU Sydney.ovpn @@ -0,0 +1,22 @@ +client +dev tun +proto udp +remote aus.privateinternetaccess.com 1194 +resolv-retry infinite +nobind +persist-key +persist-tun +tls-client +remote-cert-tls server +comp-lzo +verb 1 +reneg-sec 0 + +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem + +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/CA North York.ovpn b/piaconfig/CA North York.ovpn index e45149c..80853f2 100644 --- a/piaconfig/CA North York.ovpn +++ b/piaconfig/CA North York.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/CA Toronto.ovpn b/piaconfig/CA Toronto.ovpn index 0db9b9e..7baeb4b 100644 --- a/piaconfig/CA Toronto.ovpn +++ b/piaconfig/CA Toronto.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/France.ovpn b/piaconfig/France.ovpn index 085688c..140c3e9 100644 --- a/piaconfig/France.ovpn +++ b/piaconfig/France.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/Germany.ovpn b/piaconfig/Germany.ovpn index 6e140af..fa1cce7 100644 --- a/piaconfig/Germany.ovpn +++ b/piaconfig/Germany.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/Hong Kong.ovpn b/piaconfig/Hong Kong.ovpn index b59005c..299f984 100644 --- a/piaconfig/Hong Kong.ovpn +++ b/piaconfig/Hong Kong.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/Israel.ovpn b/piaconfig/Israel.ovpn new file mode 100644 index 0000000..bcf0d76 --- /dev/null +++ b/piaconfig/Israel.ovpn @@ -0,0 +1,22 @@ +client +dev tun +proto udp +remote israel.privateinternetaccess.com 1194 +resolv-retry infinite +nobind +persist-key +persist-tun +tls-client +remote-cert-tls server +comp-lzo +verb 1 +reneg-sec 0 + +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem + +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/Japan.ovpn b/piaconfig/Japan.ovpn new file mode 100644 index 0000000..2a1d44e --- /dev/null +++ b/piaconfig/Japan.ovpn @@ -0,0 +1,22 @@ +client +dev tun +proto udp +remote japan.privateinternetaccess.com 1194 +resolv-retry infinite +nobind +persist-key +persist-tun +tls-client +remote-cert-tls server +comp-lzo +verb 1 +reneg-sec 0 + +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem + +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/Mexico.ovpn b/piaconfig/Mexico.ovpn new file mode 100644 index 0000000..7199dd3 --- /dev/null +++ b/piaconfig/Mexico.ovpn @@ -0,0 +1,22 @@ +client +dev tun +proto udp +remote mexico.privateinternetaccess.com 1194 +resolv-retry infinite +nobind +persist-key +persist-tun +tls-client +remote-cert-tls server +comp-lzo +verb 1 +reneg-sec 0 + +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem + +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/Netherlands.ovpn b/piaconfig/Netherlands.ovpn index 806eb79..7293b2a 100644 --- a/piaconfig/Netherlands.ovpn +++ b/piaconfig/Netherlands.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/Romania.ovpn b/piaconfig/Romania.ovpn index 3cbfae3..15e4d3f 100644 --- a/piaconfig/Romania.ovpn +++ b/piaconfig/Romania.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/Russia.ovpn b/piaconfig/Russia.ovpn new file mode 100644 index 0000000..1e885d6 --- /dev/null +++ b/piaconfig/Russia.ovpn @@ -0,0 +1,22 @@ +client +dev tun +proto udp +remote russia.privateinternetaccess.com 1194 +resolv-retry infinite +nobind +persist-key +persist-tun +tls-client +remote-cert-tls server +comp-lzo +verb 1 +reneg-sec 0 + +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem + +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/config.ovpn b/piaconfig/Singapore.ovpn similarity index 90% rename from piaconfig/config.ovpn rename to piaconfig/Singapore.ovpn index c3f8b06..15f14ff 100644 --- a/piaconfig/config.ovpn +++ b/piaconfig/Singapore.ovpn @@ -1,18 +1,19 @@ client dev tun proto udp -remote nl.privateinternetaccess.com 1194 +remote sg.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-tun -ca /etc/openvpn/ca.crt tls-client remote-cert-tls server -auth-user-pass /config/pia-credentials.txt comp-lzo verb 1 reneg-sec 0 + +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt crl-verify /etc/openvpn/crl.pem # OpenVPN control startup and shut down of transmission diff --git a/piaconfig/Sweden.ovpn b/piaconfig/Sweden.ovpn index 1c37cb9..cd8a963 100644 --- a/piaconfig/Sweden.ovpn +++ b/piaconfig/Sweden.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/Switzerland.ovpn b/piaconfig/Switzerland.ovpn index a1f7aed..98bcef0 100644 --- a/piaconfig/Switzerland.ovpn +++ b/piaconfig/Switzerland.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/UK London.ovpn b/piaconfig/UK London.ovpn index 13e911c..ed5ceb5 100644 --- a/piaconfig/UK London.ovpn +++ b/piaconfig/UK London.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/UK Southampton.ovpn b/piaconfig/UK Southampton.ovpn index 570d647..e0c426a 100644 --- a/piaconfig/UK Southampton.ovpn +++ b/piaconfig/UK Southampton.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/US California.ovpn b/piaconfig/US California.ovpn index 344125a..907d10c 100644 --- a/piaconfig/US California.ovpn +++ b/piaconfig/US California.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/US East.ovpn b/piaconfig/US East.ovpn index b8f7aa2..c67929f 100644 --- a/piaconfig/US East.ovpn +++ b/piaconfig/US East.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/US Florida.ovpn b/piaconfig/US Florida.ovpn index c2a05ab..b593738 100644 --- a/piaconfig/US Florida.ovpn +++ b/piaconfig/US Florida.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/US Midwest.ovpn b/piaconfig/US Midwest.ovpn index 0fcdbe4..ac68135 100644 --- a/piaconfig/US Midwest.ovpn +++ b/piaconfig/US Midwest.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/US Seattle.ovpn b/piaconfig/US Seattle.ovpn index 7a3f838..127dc4e 100644 --- a/piaconfig/US Seattle.ovpn +++ b/piaconfig/US Seattle.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/US Silicon Valley.ovpn b/piaconfig/US Silicon Valley.ovpn new file mode 100644 index 0000000..92eb68c --- /dev/null +++ b/piaconfig/US Silicon Valley.ovpn @@ -0,0 +1,22 @@ +client +dev tun +proto udp +remote us-siliconvalley.privateinternetaccess.com 1194 +resolv-retry infinite +nobind +persist-key +persist-tun +tls-client +remote-cert-tls server +comp-lzo +verb 1 +reneg-sec 0 + +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem + +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/US Texas.ovpn b/piaconfig/US Texas.ovpn index 5eab59e..289a73e 100644 --- a/piaconfig/US Texas.ovpn +++ b/piaconfig/US Texas.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/piaconfig/US West.ovpn b/piaconfig/US West.ovpn index 6aa2411..d09b1e8 100644 --- a/piaconfig/US West.ovpn +++ b/piaconfig/US West.ovpn @@ -6,13 +6,17 @@ resolv-retry infinite nobind persist-key persist-tun -ca ca.crt tls-client remote-cert-tls server -auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.pem +ca /etc/openvpn/ca.crt +auth-user-pass /config/pia-credentials.txt +crl-verify /etc/openvpn/crl.pem +# OpenVPN control startup and shut down of transmission +script-security 2 +up /etc/transmission-daemon/start.sh +down /etc/transmission-daemon/stop.sh diff --git a/runOpenVpn.sh b/runOpenVpn.sh index 4dbc3f5..8909c2a 100755 --- a/runOpenVpn.sh +++ b/runOpenVpn.sh @@ -1,3 +1,50 @@ #!/bin/sh -exec openvpn --config /etc/openvpn/config.ovpn +if [ ! -z "$OPEN_VPN_CONFIG" ] +then + if [ -f /etc/openvpn/"${OPEN_VPN_CONFIG}".ovpn ] + then + echo "Starting OpenVPN using config ${OPEN_VPN_CONFIG}.ovpn" + OPEN_VPN_CONFIG=/etc/openvpn/${OPEN_VPN_CONFIG}.ovpn + else + echo "Supplied config ${OPEN_VPN_CONFIG}.ovpn could not be found." + echo "Using default OpenVPN gateway: Netherlands" + OPEN_VPN_CONFIG=/etc/openvpn/Netherlands.ovpn + fi +else + echo "No VPN configuration provided. Using default: Netherlands" + OPEN_VPN_CONFIG=/etc/openvpn/Netherlands.ovpn +fi + +# override resolv.conf +if [ "$RESOLV_OVERRIDE" != "**None**" ]; +then + echo "Overriding resolv.conf..." + printf "$RESOLV_OVERRIDE" > /etc/resolv.conf +fi + +# add PIA user/pass +if [ "${PIA_USERNAME}" = "**None**" ] || [ "${PIA_PASSWORD}" = "**None**" ] ; then + echo "PIA credentials not set. Exiting." + exit 1 +else + echo "Setting PIA credentials..." + mkdir -p /config + echo $PIA_USERNAME > /config/pia-credentials.txt + echo $PIA_PASSWORD >> /config/pia-credentials.txt +fi + +# add transmission credentials from env vars +echo $TRANSMISSION_RPC_USERNAME > /config/transmission-credentials.txt +echo $TRANSMISSION_RPC_PASSWORD >> /config/transmission-credentials.txt + + +if [ ! -z ${KEEP_TRANSMISSION_STATE} ] +then + mkdir -p /data/transmission-data/ + dockerize -template /etc/transmission-daemon/settings.tmpl:/data/transmission-data/settings.json true +else + dockerize -template /etc/transmission-daemon/settings.tmpl:/etc/transmission-daemon/settings.json true +fi + +exec openvpn --config "$OPEN_VPN_CONFIG" diff --git a/transmission/defaultSettings.json b/transmission/defaultSettings.json deleted file mode 100644 index 20c1864..0000000 --- a/transmission/defaultSettings.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "alt-speed-down": 50, - "alt-speed-enabled": false, - "alt-speed-time-begin": 540, - "alt-speed-time-day": 127, - "alt-speed-time-enabled": false, - "alt-speed-time-end": 1020, - "alt-speed-up": 50, - "bind-address-ipv4": "0.0.0.0", - "bind-address-ipv6": "::", - "blocklist-enabled": false, - "blocklist-url": "http://www.example.com/blocklist", - "cache-size-mb": 4, - "dht-enabled": true, - "download-dir": "/data/completed", - "download-limit": 100, - "download-limit-enabled": 0, - "download-queue-enabled": true, - "download-queue-size": 5, - "encryption": 1, - "idle-seeding-limit": 30, - "idle-seeding-limit-enabled": false, - "incomplete-dir": "/data/incomplete", - "incomplete-dir-enabled": true, - "lpd-enabled": false, - "max-peers-global": 200, - "message-level": 2, - "peer-congestion-algorithm": "", - "peer-id-ttl-hours": 6, - "peer-limit-global": 200, - "peer-limit-per-torrent": 50, - "peer-port": 51413, - "peer-port-random-high": 65535, - "peer-port-random-low": 49152, - "peer-port-random-on-start": false, - "peer-socket-tos": "default", - "pex-enabled": true, - "port-forwarding-enabled": false, - "preallocation": 1, - "prefetch-enabled": 1, - "queue-stalled-enabled": true, - "queue-stalled-minutes": 30, - "ratio-limit": 2, - "ratio-limit-enabled": false, - "rename-partial-files": true, - "rpc-authentication-required": false, - "rpc-bind-address": "0.0.0.0", - "rpc-enabled": true, - "rpc-password": "{425745bf3914984c2abcc013276f40e8fa5d84ecC5.df8oF", - "rpc-port": 9091, - "rpc-url": "/transmission/", - "rpc-username": "username", - "rpc-whitelist": "127.0.0.1", - "rpc-whitelist-enabled": false, - "scrape-paused-torrents-enabled": true, - "script-torrent-done-enabled": false, - "script-torrent-done-filename": "", - "seed-queue-enabled": false, - "seed-queue-size": 10, - "speed-limit-down": 100, - "speed-limit-down-enabled": false, - "speed-limit-up": 100, - "speed-limit-up-enabled": false, - "start-added-torrents": true, - "trash-original-torrent-files": false, - "umask": 2, - "upload-limit": 100, - "upload-limit-enabled": 0, - "upload-slots-per-torrent": 14, - "utp-enabled": true, - "watch-dir": "/data/watch", - "watch-dir-enabled": true -} - diff --git a/transmission/defaultSettings.tmpl b/transmission/defaultSettings.tmpl new file mode 100644 index 0000000..3f3b11c --- /dev/null +++ b/transmission/defaultSettings.tmpl @@ -0,0 +1,74 @@ +{ + "alt-speed-down": {{ .Env.TRANSMISSION_ALT_SPEED_DOWN }}, + "alt-speed-enabled": {{ .Env.TRANSMISSION_ALT_SPEED_ENABLED }}, + "alt-speed-time-begin": {{ .Env.TRANSMISSION_ALT_SPEED_TIME_BEGIN }}, + "alt-speed-time-day": {{ .Env.TRANSMISSION_ALT_SPEED_TIME_DAY }}, + "alt-speed-time-enabled": {{ .Env.TRANSMISSION_ALT_SPEED_TIME_ENABLED }}, + "alt-speed-time-end": {{ .Env.TRANSMISSION_ALT_SPEED_TIME_END }}, + "alt-speed-up": {{ .Env.TRANSMISSION_ALT_SPEED_UP }}, + "bind-address-ipv4": "{{ .Env.TRANSMISSION_BIND_ADDRESS_IPV4 }}", + "bind-address-ipv6": "{{ .Env.TRANSMISSION_BIND_ADDRESS_IPV6 }}", + "blocklist-enabled": {{ .Env.TRANSMISSION_BLOCKLIST_ENABLED }}, + "blocklist-url": "{{ .Env.TRANSMISSION_BLOCKLIST_URL }}", + "cache-size-mb": {{ .Env.TRANSMISSION_CACHE_SIZE_MB }}, + "dht-enabled": {{ .Env.TRANSMISSION_DHT_ENABLED }}, + "download-dir": "{{ .Env.TRANSMISSION_DOWNLOAD_DIR }}", + "download-limit": {{ .Env.TRANSMISSION_DOWNLOAD_LIMIT }}, + "download-limit-enabled": {{ .Env.TRANSMISSION_DOWNLOAD_LIMIT_ENABLED }}, + "download-queue-enabled": {{ .Env.TRANSMISSION_DOWNLOAD_QUEUE_ENABLED }}, + "download-queue-size": {{ .Env.TRANSMISSION_DOWNLOAD_QUEUE_SIZE }}, + "encryption": {{ .Env.TRANSMISSION_ENCRYPTION }}, + "idle-seeding-limit": {{ .Env.TRANSMISSION_IDLE_SEEDING_LIMIT }}, + "idle-seeding-limit-enabled": {{ .Env.TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED }}, + "incomplete-dir": "{{ .Env.TRANSMISSION_INCOMPLETE_DIR }}", + "incomplete-dir-enabled": {{ .Env.TRANSMISSION_INCOMPLETE_DIR_ENABLED }}, + "lpd-enabled": {{ .Env.TRANSMISSION_LPD_ENABLED }}, + "max-peers-global": {{ .Env.TRANSMISSION_MAX_PEERS_GLOBAL }}, + "message-level": {{ .Env.TRANSMISSION_MESSAGE_LEVEL }}, + "peer-congestion-algorithm": "{{ .Env.TRANSMISSION_PEER_CONGESTION_ALGORITHM }}", + "peer-id-ttl-hours": {{ .Env.TRANSMISSION_PEER_ID_TTL_HOURS }}, + "peer-limit-global": {{ .Env.TRANSMISSION_PEER_LIMIT_GLOBAL }}, + "peer-limit-per-torrent": {{ .Env.TRANSMISSION_PEER_LIMIT_PER_TORRENT }}, + "peer-port": {{ .Env.TRANSMISSION_PEER_PORT }}, + "peer-port-random-high": {{ .Env.TRANSMISSION_PEER_PORT_RANDOM_HIGH }}, + "peer-port-random-low": {{ .Env.TRANSMISSION_PEER_PORT_RANDOM_LOW }}, + "peer-port-random-on-start": {{ .Env.TRANSMISSION_PEER_PORT_RANDOM_ON_START }}, + "peer-socket-tos": "{{ .Env.TRANSMISSION_PEER_SOCKET_TOS }}", + "pex-enabled": {{ .Env.TRANSMISSION_PEX_ENABLED }}, + "port-forwarding-enabled": {{ .Env.TRANSMISSION_PORT_FORWARDING_ENABLED }}, + "preallocation": {{ .Env.TRANSMISSION_PREALLOCATION }}, + "prefetch-enabled": {{ .Env.TRANSMISSION_PREFETCH_ENABLED }}, + "queue-stalled-enabled": {{ .Env.TRANSMISSION_QUEUE_STALLED_ENABLED }}, + "queue-stalled-minutes": {{ .Env.TRANSMISSION_QUEUE_STALLED_MINUTES }}, + "ratio-limit": {{ .Env.TRANSMISSION_RATIO_LIMIT }}, + "ratio-limit-enabled": {{ .Env.TRANSMISSION_RATIO_LIMIT_ENABLED }}, + "rename-partial-files": {{ .Env.TRANSMISSION_RENAME_PARTIAL_FILES }}, + "rpc-authentication-required": {{ .Env.TRANSMISSION_RPC_AUTHENTICATION_REQUIRED }}, + "rpc-bind-address": "{{ .Env.TRANSMISSION_RPC_BIND_ADDRESS }}", + "rpc-enabled": {{ .Env.TRANSMISSION_RPC_ENABLED }}, + "rpc-password": "{{ .Env.TRANSMISSION_RPC_PASSWORD }}", + "rpc-port": {{ .Env.TRANSMISSION_RPC_PORT }}, + "rpc-url": "{{ .Env.TRANSMISSION_RPC_URL }}", + "rpc-username": "{{ .Env.TRANSMISSION_RPC_USERNAME }}", + "rpc-whitelist": "{{ .Env.TRANSMISSION_RPC_WHITELIST }}", + "rpc-whitelist-enabled": {{ .Env.TRANSMISSION_RPC_WHITELIST_ENABLED }}, + "scrape-paused-torrents-enabled": {{ .Env.TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED }}, + "script-torrent-done-enabled": {{ .Env.TRANSMISSION_SCRIPT_TORRENT_DONE_ENABLED }}, + "script-torrent-done-filename": "{{ .Env.TRANSMISSION_SCRIPT_TORRENT_DONE_FILENAME }}", + "seed-queue-enabled": {{ .Env.TRANSMISSION_SEED_QUEUE_ENABLED }}, + "seed-queue-size": {{ .Env.TRANSMISSION_SEED_QUEUE_SIZE }}, + "speed-limit-down": {{ .Env.TRANSMISSION_SPEED_LIMIT_DOWN }}, + "speed-limit-down-enabled": {{ .Env.TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED }}, + "speed-limit-up": {{ .Env.TRANSMISSION_SPEED_LIMIT_UP }}, + "speed-limit-up-enabled": {{ .Env.TRANSMISSION_SPEED_LIMIT_UP_ENABLED }}, + "start-added-torrents": {{ .Env.TRANSMISSION_START_ADDED_TORRENTS }}, + "trash-original-torrent-files": {{ .Env.TRANSMISSION_TRASH_ORIGINAL_TORRENT_FILES }}, + "umask": {{ .Env.TRANSMISSION_UMASK }}, + "upload-limit": {{ .Env.TRANSMISSION_UPLOAD_LIMIT }}, + "upload-limit-enabled": {{ .Env.TRANSMISSION_UPLOAD_LIMIT_ENABLED }}, + "upload-slots-per-torrent": {{ .Env.TRANSMISSION_UPLOAD_SLOTS_PER_TORRENT }}, + "utp-enabled": {{ .Env.TRANSMISSION_UTP_ENABLED }}, + "watch-dir": "{{ .Env.TRANSMISSION_WATCH_DIR }}", + "watch-dir-enabled": {{ .Env.TRANSMISSION_WATCH_DIR_ENABLED }} +} + diff --git a/transmission/run.sh b/transmission/run.sh index 09bf33f..59a25f9 100755 --- a/transmission/run.sh +++ b/transmission/run.sh @@ -1,11 +1,11 @@ #!/bin/sh -if [ -f /config/transmission/settings.json ]; +if [ -f /data/transmission-data/settings.json ] then - echo "STARTING TRANSMISSION: Using custom config directory /config/transmission" - exec /usr/bin/transmission-daemon -g /config/transmission/ & + echo "STARTING TRANSMISSION: Using transmission-data subdirectory to your /data mount point to store state." + exec /usr/bin/transmission-daemon -g /data/transmission-data/ & else - echo "STARTING TRANSMISSION: No configuration provided, using defaults" + echo "STARTING TRANSMISSION: Storing state in container only." exec /usr/bin/transmission-daemon -g /etc/transmission-daemon/ & fi diff --git a/transmission/updateTransmissionPort.sh b/transmission/updateTransmissionPort.sh index bcaedf7..f798ff1 100755 --- a/transmission/updateTransmissionPort.sh +++ b/transmission/updateTransmissionPort.sh @@ -13,9 +13,9 @@ pia_client_id_file=/etc/transmission-daemon/pia_client_id transmission_settings_file=/etc/transmission-daemon/settings.json port_assignment_url=https://www.privateinternetaccess.com/vpninfo/port_forward_assignment -if [ -f /config/transmission/settings.json ]; +if [ -f /data/transmission-data/settings.json ]; then - transmission_settings_file=/config/transmission/settings.json + transmission_settings_file=/data/transmission-data/settings.json else transmission_settings_file=/etc/transmission-daemon/settings.json fi