The Birth of JailMan (#2)

* move ex (+25 squashed commit)

Squashed commit:

[e5e9c57] verb

[16b023f] exp

[e0299d9] easier

[67fcf93] no message

[404687f] different

[bd82e7c] test

[14b91d9] mod

[f2bb227] test again

[a9d5ad0] again

[0dcb106] with bash

[7324c15] more

[8ec72d5] another test

[0933fdc] again

[a5247df] test more

[ee61137] temp test

[c90aa90] add some more tests

[9f8e47a] make executable

[ac84788] rename part 2

[890c3ca] rename part 1

[f17e571] test create

[9bd8ecd] typo aqgain

[eb865a7] test2

[fb57e28] typo

[595d9e9] make executable

[5d1ae75] first steps

* test5 (+22 squashed commit)

Squashed commit:

[f059ada] tweaks

[5c325de] again

[9f59aa6] ip4

[9990a77] Standardised creation

[0a6fa7f] whoops

[620d07c] no message

[2a98559] error

[62e9c39] hmmm

[9f8e4df] no message

[d1e9025] puzzle

[73aa99b] substitution try 1

[117e75e] other sub

[7c080b0] more flexible

[a0778f4] testzoveel

[739a3bf] fix

[f881425] no message

[1962b83] oops

[994692c] no message

[b6dd2a2] test

[6713186] echo

[6d8d95a] test

[f8c3740] quote processing

* small update fix (+18 squashed commit)

Squashed commit:

[8f0c2aa] Basic update

[c44eae5] simplification

[b1e9314] define basic pkgs

[1a55a85] define global pkgs

[6829d30] dirtest

[5d2a215] checking for install script existance

[d936df3] 1

[fcc7403] hmm

[08e7e07] exit 0

[380da4d] jail interfaces

[634f12e] make all executable

[0f2728c] add first test jail

[8320d77] restructure individual install scripts

[752b375] Standardise

[cbab837] itterate through jails

[37ecc1d] if array is without elements

[0a9e899] moving it to arrays

[cc356ee] mockup jailman

* moving docs,fixing test thingy (+27 squashed commit)

Squashed commit:

[76e856b] rc.d pathing

[4e1b178] fixing some pathing bugs

[e9e9648] quotes

[7c5aa9e] test10 fixes

[e8858cc] sonarr first steps

[0cb1efe] exit on invalid option

[e3451da] exit on unknown option

[60a1f9c] exit

[0536c11] test idea

[81d3465] hmm

[cb3b935] work on h

[1311fea] enable help

[aa8d55a] space?

[5ef67e0] add comment to global

[61be2fa] Add commenting and in-script help

[aac8557] Testing broken config

[ecc1142] oops

[e0059be] condition fix

[9628297] Add check for missing network settings

[44be2bc] Creating DHCP option, working on default example config.

[b0fe910] Adding documentation, setting up Jackett

[0045b2b] strucutre

[fbe3d20] includes first

[a1b032d] gitupdate space

[1b503b5] update fix

[512f597] add update feature

[e9b8359] add initial upgrade script

* Create LICENSE (#1)

* to 30

* move back kms includes readme, add config.yml to gitignore, add kms to config.yml.example (+24 squashed commit)

Squashed commit:

[095aa36] added py ks to readme

[28526d8] Setup KMS

[82f7bfa] Exeuction fix

[89de700] finish organizr and setup first steps of kms

[0624952] Add dummy cert generation

[2583e39] slight nginx mod

[3b3da6a] fixed again

[7f5807b] Readme and fix for wrong copy

[6cab6ca] Make tautulli permanent and prepare organizr

[6801447] Tautulli setup, plex to permanent

[6198469] also fix update if

[49cff5d] if fix 2

[4c436c4] fixing plex if

[1adf56f] Add first go at plex support

[446dff6] fixing some linking and dataset creation

[6dee179] forgot to set yaml files

[4e767de] settings file is not needed at all

[8ff9d73] setup lidarr, begin setup for transmission

[8f8d9ee] Fixing wrong echo's, adding *arr to readme

[7aab5f0] lidarr test setup, making radarr final, yaml restructure

[3113f71] some dataset creation tweaks

[286437b] movies, much

[181cf3e] test setup

[6477b74] Sonarr done, radarr next

* set to master and make executable

jails/organizr/includes/custom/organizr.conf

@@ -0,0 +1,145 @@
+send_timeout 5m;
+proxy_read_timeout 240;
+proxy_send_timeout 240;
+proxy_connect_timeout 240;
+client_header_timeout 240;
+client_body_timeout 240;
+
+
+location / {
+    root /usr/local/www/Organizr;
+    index index.php index.html index.htm index.nginx-debian.html;
+    location ~ /auth-(.*) {
+	    internal;
+	    rewrite ^/auth-(.*) /api/?v1/auth&group=$1;
+    }
+    error_page 400 401 402 403 404 405 408 500 502 503 504 $scheme://$server_name/?error=$status;
+    location / {try_files $uri $uri/ =404;}
+    include custom/phpblock.conf;  #PHP Block
+  }
+
+
+location /transmission/ {
+    auth_request /auth-0;
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass http://192.168.31.22:9091;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+location /sonarr/ {
+    auth_request /auth-0;    
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass http://192.168.31.23:8989;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+location /radarr/ {
+    auth_request /auth-0;
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass http://192.168.31.24:7878;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+  
+  location /lidarr/ {
+    auth_request /auth-0;
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass http://192.168.31.25:8686;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+location /jackett/ {
+    auth_request /auth-0;
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass http://192.168.31.21:9117;
+    proxy_http_version 1.1;
+    proxy_set_header   Upgrade $http_upgrade;
+    proxy_set_header   Connection keep-alive;
+    proxy_cache_bypass $http_upgrade;
+    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_set_header   X-Forwarded-Host $http_host;
+}
+
+location /plex/ {
+    auth_request /auth-4;
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass https://192.168.30.27:32400/;
+    client_max_body_size 10m;
+    client_body_buffer_size 128k;
+    proxy_bind $server_addr;
+    proxy_buffers 32 4k;
+    #Timeout if the real server is dead
+    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+    # Advanced Proxy Config
+    send_timeout 5m;
+    proxy_read_timeout 240;
+    proxy_send_timeout 240;
+    proxy_connect_timeout 240;
+    proxy_hide_header X-Frame-Options;
+    # Basic Proxy Config
+    proxy_set_header Host $host:$server_port;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_redirect  http://  $scheme://;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
+    proxy_no_cache $cookie_session;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";  
+  }
+if ($http_referer ~* /plex/) {
+    rewrite ^/web/(.*) /plex/web/$1? redirect;
+  }
+
+location /tautulli/ {
+    auth_request /auth-4;
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass http://192.168.31.26:8181;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host $server_name;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_read_timeout 90;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header X-Forwarded-Ssl on;
+    #proxy_redirect ~^(http(?:s)?://)([^:/]+)(?::\d+)?(/.*)?$ $1$2:$server_port$3;
+    proxy_redirect off;
+}
+
+location /ombi/ {
+    auth_request /auth-4;
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass https://192.168.31.27:3579/;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection keep-alive;
+    proxy_set_header Host $host;
+    proxy_cache_bypass $http_upgrade;
+  }
+
+  location /grafana {
+    auth_request /auth-0;
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass https://192.168.30.34/;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+  
+  location /bitwarden {
+    auth_request /auth-0;
+    add_header X-Frame-Options "SAMEORIGIN";
+    proxy_pass https://bitwarden.schouten-lebbing.nl/;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }

jails/organizr/includes/custom/phpblock.conf

@@ -0,0 +1,9 @@
+fastcgi_read_timeout 240;
+
+location ~ \.php$ {
+			fastcgi_split_path_info ^(.+\.php)(/.+)$;
+			fastcgi_pass unix:/var/run/php-fpm.sock;
+			fastcgi_index index.php;
+			fastcgi_param SCRIPT_FILENAME $request_filename;
+			include fastcgi_params;
+}

jails/organizr/includes/nginx.conf

@@ -0,0 +1,25 @@
+user www;
+worker_processes 1;
+
+events {
+	worker_connections 1024;
+}
+
+http {
+	include mime.types;
+	default_type application/octet-stream;
+	sendfile on;
+	keepalive_timeout 65;
+	server {
+	listen 80;
+	server_name localhost;
+	include custom/organizr.conf;
+	}
+	server {
+		listen 443 ssl;
+		server_name localhost;
+		include custom/organizr.conf;
+		ssl_certificate /config/cert/Organizr-Cert.crt; # Replace with actually valid certificate
+		ssl_certificate_key /config/cert/Organizr-Cert.key; # Replace with actually valid certificate
+	}
+}

jails/organizr/install.sh

@@ -0,0 +1,34 @@
+#!/usr/local/bin/bash
+# This file contains the install script for Organizr
+
+iocage exec organizr sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf
+iocage exec organizr sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf
+iocage exec organizr sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf
+iocage exec organizr sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf
+iocage exec organizr cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
+iocage exec organizr sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini
+iocage exec organizr sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini
+mv /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf.bak
+cp ${SCRIPT_DIR}/jails/organizr/includes/nginx.conf /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf
+cp -Rf ${SCRIPT_DIR}/jails/organizr/includes/custom /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/custom
+
+if [ ! -d "/mnt/${global_dataset_config}/organizr/cert" ]; then
+	echo "cert folder not existing... creating..."
+	iocage exec organizr mkdir /config/cert
+fi
+
+if [ -f "/mnt/${global_dataset_config}/organizr/cert/Organizr-Cert.crt" ]; then
+    echo "certificate exist... Skipping cert generation"
+else
+	"No ssl certificate present, generating self signed certificate"
+	openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/${global_dataset_config}/organizr/cert/Organizr-Cert.key -out /mnt/${global_dataset_config}/organizr/cert/Organizr-Cert.crt
+fi
+
+
+iocage exec organizr git clone https://github.com/causefx/Organizr.git /usr/local/www/Organizr
+iocage exec organizr chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom
+iocage exec organizr ln -s /config/config.php /usr/local/www/Organizr/api/config/config.php
+iocage exec organizr sysrc nginx_enable=YES
+iocage exec organizr sysrc php_fpm_enable=YES
+iocage exec organizr service nginx start
+iocage exec organizr service php-fpm start

jails/organizr/update.sh

@@ -0,0 +1,12 @@
+#!/usr/local/bin/bash
+# This file contains the update script for Organizr
+
+
+iocage exec organizr service nginx stop
+iocage exec organizr service php-fpm stop
+# TODO setup cli update for Organizr here.
+cp ${SCRIPT_DIR}/jails/organizr/includes/nginx.conf /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf
+iocage exec organizr "cd /usr/local/www/Organizr && git pull"
+iocage exec organizr chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom
+iocage exec organizr service nginx start
+iocage exec organizr service php-fpm start