From ee6a628e23d69910b6b22f8b7ce400a6c004b4d6 Mon Sep 17 00:00:00 2001
From: Rik Veenboer <rik.veenboer@gmail.com>
Date: Mon, 25 Nov 2024 17:47:44 +0100
Subject: [PATCH] move some services behind authentik

---
 bazarr/config/config.yaml                   | 253 ++++++++++++++++++++
 caddy/Caddyfile                             |  43 ++--
 docker-compose.droppy.yml                   |   2 +-
 docker-compose.filebrowser.yml              |   3 +-
 docker-compose.jackett.yml                  |   2 +-
 droppy/config.json                          |  27 +++
 filebrowser/.filebrowser.json               |   8 +
 nginx/etc/nginx/conf.d/global.conf          |  35 ---
 radarr/config.xml                           |  18 ++
 sonarr/config.xml                           |   2 +-
 transmission/etc/transmission/settings.json |  73 ++++++
 11 files changed, 407 insertions(+), 59 deletions(-)
 create mode 100644 bazarr/config/config.yaml
 create mode 100644 droppy/config.json
 create mode 100644 filebrowser/.filebrowser.json
 create mode 100644 radarr/config.xml
 create mode 100644 transmission/etc/transmission/settings.json

diff --git a/bazarr/config/config.yaml b/bazarr/config/config.yaml
new file mode 100644
index 0000000..2009437
--- /dev/null
+++ b/bazarr/config/config.yaml
@@ -0,0 +1,253 @@
+---
+addic7ed:
+  cookies: ''
+  password: ''
+  user_agent: ''
+  username: ''
+  vip: false
+analytics:
+  enabled: false
+anticaptcha:
+  anti_captcha_key: ''
+assrt:
+  token: ''
+auth:
+  apikey: 8d0c7c8c7eba845a6774440d1c2136ae
+  password: ''
+  type: null
+  username: ''
+backup:
+  day: 6
+  folder: /config/backup
+  frequency: Weekly
+  hour: 3
+  retention: 31
+betaseries:
+  token: ''
+cors:
+  enabled: false
+deathbycaptcha:
+  password: ''
+  username: ''
+embeddedsubtitles:
+  hi_fallback: false
+  include_ass: true
+  include_srt: true
+  included_codecs: []
+  timeout: 600
+  unknown_as_english: false
+general:
+  adaptive_searching: false
+  adaptive_searching_delay: 3w
+  adaptive_searching_delta: 1w
+  anti_captcha_provider: null
+  auto_update: true
+  base_url: ''
+  branch: master
+  chmod: '0640'
+  chmod_enabled: false
+  days_to_upgrade_subs: 7
+  debug: false
+  default_und_audio_lang: ''
+  default_und_embedded_subtitles_lang: ''
+  dont_notify_manual_actions: false
+  embedded_subs_show_desired: true
+  embedded_subtitles_parser: ffprobe
+  enabled_providers:
+  - embeddedsubtitles
+  - opensubtitles
+  - tvsubtitles
+  flask_secret_key: f7cb0b9466ff2a51dd6f7fba4263d1d8
+  hi_extension: hi
+  ignore_ass_subs: false
+  ignore_pgs_subs: false
+  ignore_vobsub_subs: false
+  ip: 0.0.0.0
+  language_equals: []
+  minimum_score: 90
+  minimum_score_movie: 70
+  movie_default_enabled: false
+  movie_default_profile: ''
+  multithreading: true
+  page_size: 25
+  page_size_manual_search: 10
+  parse_embedded_audio_track: false
+  path_mappings: []
+  path_mappings_movie: []
+  port: 6767
+  postprocessing_cmd: ''
+  postprocessing_threshold: 90
+  postprocessing_threshold_movie: 70
+  serie_default_enabled: false
+  serie_default_profile: ''
+  single_language: false
+  skip_hashing: false
+  subfolder: current
+  subfolder_custom: ''
+  subzero_mods: ''
+  theme: auto
+  upgrade_frequency: 12
+  upgrade_manual: true
+  upgrade_subs: true
+  use_embedded_subs: true
+  use_postprocessing: false
+  use_postprocessing_threshold: false
+  use_postprocessing_threshold_movie: false
+  use_radarr: true
+  use_scenename: true
+  use_sonarr: true
+  utf8_encode: true
+  wanted_search_frequency: 6
+  wanted_search_frequency_movie: 6
+hdbits:
+  passkey: ''
+  username: ''
+karagarga:
+  f_password: ''
+  f_username: ''
+  password: ''
+  username: ''
+ktuvit:
+  email: ''
+  hashed_password: ''
+legendasdivx:
+  password: ''
+  skip_wrong_fps: false
+  username: ''
+legendastv:
+  featured_only: false
+  password: ''
+  username: ''
+movie_scores:
+  audio_codec: 3
+  edition: 0
+  hash: 119
+  hearing_impaired: 1
+  release_group: 15
+  resolution: 2
+  source: 7
+  streaming_service: 0
+  title: 60
+  video_codec: 2
+  year: 30
+napisy24:
+  password: ''
+  username: ''
+opensubtitles:
+  password: ''
+  skip_wrong_fps: false
+  ssl: false
+  timeout: 15
+  use_tag_search: false
+  username: ''
+  vip: false
+opensubtitlescom:
+  include_ai_translated: false
+  password: ''
+  use_hash: true
+  username: ''
+podnapisi:
+  verify_ssl: true
+postgresql:
+  database: ''
+  enabled: false
+  host: localhost
+  password: ''
+  port: 5432
+  username: ''
+proxy:
+  exclude:
+  - localhost
+  - 127.0.0.1
+  password: ''
+  port: ''
+  type: null
+  url: ''
+  username: ''
+radarr:
+  apikey: a74a5eb3683146659905a87f0d6d1587
+  base_url: /radarr
+  defer_search_signalr: false
+  excluded_tags: []
+  full_update: Daily
+  full_update_day: 6
+  full_update_hour: 5
+  http_timeout: 60
+  ip: host
+  movies_sync: 60
+  only_monitored: false
+  port: 17878
+  ssl: false
+  sync_only_monitored_movies: false
+  use_ffprobe_cache: true
+series_scores:
+  audio_codec: 3
+  edition: 0
+  episode: 30
+  hash: 359
+  hearing_impaired: 1
+  release_group: 15
+  resolution: 2
+  season: 30
+  series: 180
+  source: 7
+  streaming_service: 0
+  video_codec: 2
+  year: 90
+sonarr:
+  apikey: 872c463bc4e84567b84605bf213e0409
+  base_url: /sonarr
+  defer_search_signalr: false
+  episodes_sync: 60
+  exclude_season_zero: false
+  excluded_series_types: []
+  excluded_tags: []
+  full_update: Daily
+  full_update_day: 6
+  full_update_hour: 4
+  http_timeout: 60
+  ip: host
+  only_monitored: false
+  port: 18989
+  series_sync: 60
+  ssl: false
+  sync_only_monitored_episodes: false
+  sync_only_monitored_series: false
+  use_ffprobe_cache: true
+subf2m:
+  user_agent: ''
+  verify_ssl: true
+subscene:
+  password: ''
+  username: ''
+subsync:
+  checker:
+    blacklisted_languages: []
+    blacklisted_providers: []
+  debug: false
+  force_audio: false
+  gss: true
+  max_offset_seconds: 60
+  no_fix_framerate: true
+  subsync_movie_threshold: 70
+  subsync_threshold: 90
+  use_subsync: false
+  use_subsync_movie_threshold: false
+  use_subsync_threshold: false
+titlovi:
+  password: ''
+  username: ''
+titulky:
+  approved_only: false
+  multithreading: true
+  password: ''
+  skip_wrong_fps: false
+  username: ''
+whisperai:
+  endpoint: http://127.0.0.1:9000
+  loglevel: INFO
+  response: 5
+  timeout: 3600
+xsubs:
+  password: ''
+  username: ''
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 4c87bfc..94d7868 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -101,32 +101,19 @@ import unprotected jellyseerr host:15055
 }
 
 import protected sonarr host:18989
-import protected app host:12345
+import protected radarr host:17878
+import protected bazarr host:16767
+import protected jackett host:9117
 import protected dagster host:3000
 import protected photoprism host:2342
 import protected qbittorrent host:9092
 import protected esp host:6052
 import protected dsmr host:8888
+import protected transmission host:9091
+import protected droppy host:8989
+import protected filebrowser host:8002
 
-insecure.rik.veenboer.xyz {
-	reverse_proxy host:12345
-}
-
-unused.rik.veenboer.xyz {
-	handle {
-		# import authentik
-		reverse_proxy host:8100
-	}
-
-	handle /seafhttp* {
-		uri strip_prefix seafhttp
-		reverse_proxy host:8182
-	}
-
-	handle /seafdav* {
-		reverse_proxy host:8180
-	}
-}
+#import protected app host:12345
 
 ha.rik.veenboer.xyz {
 	log {
@@ -155,6 +142,22 @@ ha.rik.veenboer.xyz {
 	}
 }
 
+unused.rik.veenboer.xyz {
+	handle {
+		# import authentik
+		reverse_proxy host:8100
+	}
+
+	handle /seafhttp* {
+		uri strip_prefix seafhttp
+		reverse_proxy host:8182
+	}
+
+	handle /seafdav* {
+		reverse_proxy host:8180
+	}
+}
+
 geo.rik.veenboer.xyz {
 	log {
 		output file /var/log/geo.log
diff --git a/docker-compose.droppy.yml b/docker-compose.droppy.yml
index d7a63c6..e5b4d75 100644
--- a/docker-compose.droppy.yml
+++ b/docker-compose.droppy.yml
@@ -1,7 +1,7 @@
 services:
     droppy:
         container_name: droppy
-        image: silverwind/droppy:11.1.0
+        image: silverwind/droppy:12.2.0
         ports:
         - 8989:8989
         restart: unless-stopped
diff --git a/docker-compose.filebrowser.yml b/docker-compose.filebrowser.yml
index d5528b2..64e057c 100644
--- a/docker-compose.filebrowser.yml
+++ b/docker-compose.filebrowser.yml
@@ -1,7 +1,8 @@
 services:
     filebrowser:
         container_name: filebrowser
-        image: filebrowser/filebrowser:v2.1.0
+        image: filebrowser/filebrowser:v2.31.2
+        # command: ["config", "set", "--auth.method=noauth"]
         ports:
         - 8002:80
         restart: unless-stopped
diff --git a/docker-compose.jackett.yml b/docker-compose.jackett.yml
index 01e1da3..979232a 100644
--- a/docker-compose.jackett.yml
+++ b/docker-compose.jackett.yml
@@ -8,7 +8,7 @@ services:
         external_links:
         - transmission
         - qbittorrent
-        image: linuxserver/jackett:0.20.216
+        image: linuxserver/jackett:0.22.1003
         ports:
         - 9117:9117
         restart: unless-stopped
diff --git a/droppy/config.json b/droppy/config.json
new file mode 100644
index 0000000..a24b383
--- /dev/null
+++ b/droppy/config.json
@@ -0,0 +1,27 @@
+{
+  "listeners": [
+    {
+      "host": [
+        "0.0.0.0",
+        "::"
+      ],
+      "port": 8989,
+      "protocol": "http"
+    }
+  ],
+  "public": true,
+  "timestamps": true,
+  "linkLength": 5,
+  "linkExtensions": false,
+  "logLevel": 2,
+  "maxFileSize": 0,
+  "updateInterval": 1000,
+  "pollingInterval": 0,
+  "keepAlive": 20000,
+  "uploadTimeout": 604800000,
+  "allowFrame": false,
+  "readOnly": false,
+  "ignorePatterns": [],
+  "watch": true,
+  "headers": {}
+}
\ No newline at end of file
diff --git a/filebrowser/.filebrowser.json b/filebrowser/.filebrowser.json
new file mode 100644
index 0000000..1a9ede2
--- /dev/null
+++ b/filebrowser/.filebrowser.json
@@ -0,0 +1,8 @@
+{
+  "port": 80,
+  "baseURL": "/filebrowser",
+  "address": "",
+  "log": "stdout",
+  "database": "/database.db",
+  "root": ""
+}
diff --git a/nginx/etc/nginx/conf.d/global.conf b/nginx/etc/nginx/conf.d/global.conf
index 9f35752..d0251c5 100644
--- a/nginx/etc/nginx/conf.d/global.conf
+++ b/nginx/etc/nginx/conf.d/global.conf
@@ -6,41 +6,6 @@ server {
         proxy_pass http://host:80;
         include /etc/nginx/conf/proxy.conf;
     }
-    location /transmission {
-        # transmission
-        proxy_pass http://host:9091;
-        include /etc/nginx/conf/proxy.conf;
-    }
-    location /jackett {
-        # jackett
-        proxy_pass http://host:9117;
-        include /etc/nginx/conf/proxy.conf;
-    }
-    location /radarr {
-        # radarr
-        proxy_pass http://host:17878;
-        include /etc/nginx/conf/proxy.conf;
-    }
-    location /sonarr {
-        # sonarr
-        proxy_pass http://host:18989;
-        include /etc/nginx/conf/proxy.conf;
-    }
-    location /bazarr {
-        # bazarr
-        proxy_pass http://host:16767;
-        include /etc/nginx/conf/proxy.conf;
-    }
-    location /droppy/ {
-        # droppy
-        proxy_pass http://host:8989/;
-        include /etc/nginx/conf/proxy.conf;
-    }
-    location /filebrowser/ {
-        # filebrowser
-        proxy_pass http://host:8002/;
-        include /etc/nginx/conf/proxy.conf;
-    }
 }
 
 server {
diff --git a/radarr/config.xml b/radarr/config.xml
new file mode 100644
index 0000000..8bf1870
--- /dev/null
+++ b/radarr/config.xml
@@ -0,0 +1,18 @@
+<Config>
+  <LogLevel>Info</LogLevel>
+  <Port>7878</Port>
+  <UrlBase></UrlBase>
+  <BindAddress>*</BindAddress>
+  <SslPort>9898</SslPort>
+  <EnableSsl>False</EnableSsl>
+  <ApiKey>a74a5eb3683146659905a87f0d6d1587</ApiKey>
+  <AuthenticationMethod>External</AuthenticationMethod>
+  <Branch>master</Branch>
+  <LaunchBrowser>False</LaunchBrowser>
+  <UpdateMechanism>Docker</UpdateMechanism>
+  <AnalyticsEnabled>False</AnalyticsEnabled>
+  <SslCertPath></SslCertPath>
+  <SslCertPassword></SslCertPassword>
+  <AuthenticationRequired>DisabledForLocalAddresses</AuthenticationRequired>
+  <InstanceName>Radarr</InstanceName>
+</Config>
\ No newline at end of file
diff --git a/sonarr/config.xml b/sonarr/config.xml
index aa3c41d..5bc1fbf 100644
--- a/sonarr/config.xml
+++ b/sonarr/config.xml
@@ -6,7 +6,7 @@
   <SslPort>9898</SslPort>
   <EnableSsl>False</EnableSsl>
   <ApiKey>872c463bc4e84567b84605bf213e0409</ApiKey>
-  <AuthenticationMethod>Basic</AuthenticationMethod>
+  <AuthenticationMethod>External</AuthenticationMethod>
   <Branch>main</Branch>
   <LaunchBrowser>False</LaunchBrowser>
   <UpdateMechanism>Docker</UpdateMechanism>
diff --git a/transmission/etc/transmission/settings.json b/transmission/etc/transmission/settings.json
new file mode 100644
index 0000000..d9b7d25
--- /dev/null
+++ b/transmission/etc/transmission/settings.json
@@ -0,0 +1,73 @@
+{
+    "alt-speed-down": 50,
+    "alt-speed-enabled": false,
+    "alt-speed-time-begin": 540,
+    "alt-speed-time-day": 127,
+    "alt-speed-time-enabled": false,
+    "alt-speed-time-end": 1020,
+    "alt-speed-up": 50,
+    "bind-address-ipv4": "0.0.0.0",
+    "bind-address-ipv6": "::",
+    "blocklist-enabled": false,
+    "blocklist-url": "http://www.example.com/blocklist",
+    "cache-size-mb": 4,
+    "dht-enabled": true,
+    "download-dir": "/host/srv/downloads",
+    "download-limit": "",
+    "download-limit-enabled": 0,
+    "download-queue-enabled": false,
+    "download-queue-size": 5,
+    "encryption": 1,
+    "idle-seeding-limit": 30,
+    "idle-seeding-limit-enabled": true,
+    "incomplete-dir": "/host/tmp/downloads",
+    "incomplete-dir-enabled": true,
+    "lpd-enabled": false,
+    "max-peers-global": 200,
+    "message-level": 1,
+    "peer-congestion-algorithm": "",
+    "peer-id-ttl-hours": 6,
+    "peer-limit-global": 200,
+    "peer-limit-per-torrent": 50,
+    "peer-port": 49669,
+    "peer-port-random-high": 65535,
+    "peer-port-random-low": 49152,
+    "peer-port-random-on-start": true,
+    "peer-socket-tos": "default",
+    "pex-enabled": true,
+    "port-forwarding-enabled": true,
+    "preallocation": 1,
+    "prefetch-enabled": true,
+    "queue-stalled-enabled": true,
+    "queue-stalled-minutes": 30,
+    "ratio-limit": 2,
+    "ratio-limit-enabled": true,
+    "rename-partial-files": true,
+    "rpc-authentication-required": true,
+    "rpc-bind-address": "0.0.0.0",
+    "rpc-enabled": true,
+    "rpc-password": "{1788c430ef94ca896c468682f17faba176b40e953Hryly3I",
+    "rpc-port": 9091,
+    "rpc-url": "/",
+    "rpc-username": "user",
+    "rpc-whitelist": "127.0.0.1",
+    "rpc-whitelist-enabled": false,
+    "scrape-paused-torrents-enabled": true,
+    "script-torrent-done-enabled": false,
+    "script-torrent-done-filename": "",
+    "seed-queue-enabled": false,
+    "seed-queue-size": 10,
+    "speed-limit-down": 100,
+    "speed-limit-down-enabled": false,
+    "speed-limit-up": 10000,
+    "speed-limit-up-enabled": false,
+    "start-added-torrents": true,
+    "trash-original-torrent-files": false,
+    "umask": 18,
+    "upload-limit": 100,
+    "upload-limit-enabled": 0,
+    "upload-slots-per-torrent": 14,
+    "utp-enabled": true,
+    "watch-dir": "/host/srv/torrents",
+    "watch-dir-enabled": true
+}