commit 815a18ec00511722b4089947170270b1d212c76d Author: Kovasky Buezo Date: Fri Mar 8 14:57:06 2024 -0500 add files diff --git a/README.md b/README.md new file mode 100644 index 0000000..745fcdc --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# A collection of useful (to me) scripts diff --git a/docker/authelia/action.d/cloudflare.conf b/docker/authelia/action.d/cloudflare.conf new file mode 100644 index 0000000..f1f27cc --- /dev/null +++ b/docker/authelia/action.d/cloudflare.conf @@ -0,0 +1,3 @@ +[Definition] +actionban = /data/action.d/entryPoint.py add +actionunban = /data/action.d/entryPoint.py clea del diff --git a/docker/authelia/action.d/entryPoint.py b/docker/authelia/action.d/entryPoint.py new file mode 100644 index 0000000..ea83039 --- /dev/null +++ b/docker/authelia/action.d/entryPoint.py @@ -0,0 +1,19 @@ +#!/usr/bin/python3 + +import os +import sys + +if len(sys.argv) < 3: + print("Usage: ./entryPoint.py ") + sys.exit(1) + +venv_dir = 'env' + +if not os.path.exists(venv_dir): + os.system(f"{sys.executable} -m venv {venv_dir}") + +activate_script = os.path.join(venv_dir, 'bin', 'activate') +os.system(f"chmod +x {activate_script}") +os.system(f"{os.path.join(venv_dir, 'bin', 'pip')} install --upgrade requests ipaddress") + +os.system(f"{os.path.join(venv_dir, 'bin', 'python')} /data/action.d/modifyBanList.py {sys.argv[1]} {sys.argv[2]}") diff --git a/docker/authelia/action.d/modifyBanList.py b/docker/authelia/action.d/modifyBanList.py new file mode 100644 index 0000000..82ae3de --- /dev/null +++ b/docker/authelia/action.d/modifyBanList.py @@ -0,0 +1,77 @@ +#!/usr/bin/python3 + +import sys +import requests +from requests import Response +import json +import ipaddress + +def getIPList(apiEndpoint : str, headers : dict) -> json: + response = requests.get(apiEndpoint, headers=headers) + if response.status_code == 200: + return response.json() + else: + print(f"Failed to fetch existing IP list. Status code: {response.status_code}") + print(response.text) + sys.exit(1) + +def addIPtoList(ipAddr : str, apiEndpoint : str, headers : dict) -> Response: + payload = [{"ip": ipAddr}] + response = requests.post(apiEndpoint, headers=headers, data=json.dumps(payload)) + return response + +def removeIPFromList(ipId : str, apiEndpoint : str, headers : dict) -> Response: + payload = {"items": [{"id": ipId}]} + response = requests.delete(apiEndpoint, headers=headers, data=json.dumps(payload)) + return response + +if __name__ == "__main__": + if len(sys.argv) < 3: + print("Usage: ./modifyBanList.py ") + sys.exit(1) + + ipAddr = sys.argv[1] + + try: + addr = ipaddress.IPv6Address(ipAddr) + first_64_bits = str(addr.exploded).split(':')[:4] + ipAddr = ':'.join(first_64_bits) + '::/64' + except: + pass + + action = sys.argv[2] + listId = '' + accountId = '' + email = '' + apiKey = '' + apiEndpoint = f'https://api.cloudflare.com/client/v4/accounts/{accountId}/rules/lists/{listId}/items' + + headers = { + 'X-Auth-Email': f'{email}', + 'X-Auth-Key': f'{apiKey}', + 'Content-Type': 'application/json' + } + + existingIpList = getIPList(apiEndpoint,headers) + response = None + + if action == "del": + ipId = None + for item in existingIpList['result']: + if item['ip'] == ipAddr: + ipId = item['id'] + break + payload = {"items": [{"id": ipId}]} + + if ipId is not None: + response = requests.delete(apiEndpoint,headers=headers,data=json.dumps(payload)) + elif not any(item['ip'] == ipAddr for item in existingIpList['result']): + payload = [{ + "ip": ipAddr + }] + response = requests.post(apiEndpoint, headers=headers, data=json.dumps(payload)) + + if response is not None and response.status_code == 200: + print(f"IP address {ipAddr} {action} to the custom IP list successfully.") + else: + print(f"Failed to {action} IP address {ipAddr} to the custom IP list.") diff --git a/docker/compose/arrs.yml b/docker/compose/arrs.yml new file mode 100644 index 0000000..d4c2afc --- /dev/null +++ b/docker/compose/arrs.yml @@ -0,0 +1,82 @@ +--- +version: "3.7" +services: + transmission: + image: haugene/transmission-openvpn:latest + container_name: transmission + restart: always + ports: + - "9091:9091" + cap_add: + - NET_ADMIN + environment: + - TZ=$TZ + - OPENVPN_PROVIDER=$PROVIDER + - OPENVPN_CONFIG=$CONFIG + - OPENVPN_USERNAME=$USER + - OPENVPN_PASSWORD=$PASSWORD + - LOCAL_NETWORK=$NETWORK + - TRANSMISSION_SPEED_LIMIT_UP=$SPEED_LIMIT_UP + - TRANSMISSION_SPEED_LIMIT_UP_ENABLED=true + - WEBPROXY_ENABLED=false + - LOG_TO_STDOUT=true + - TRANSMISSION_WEB_UI=flood-for-transmission + - PUID=1000 + - PGID=1000 + volumes: + - $DOWNLOADS:/data + - /etc/localtime:/etc/localtime:ro + + radarr: + image: linuxserver/radarr:latest + container_name: radarr + restart: always + ports: + - "7878:7878" + environment: + - PGID=1000 + - PUID=1000 + - TZ=$TZ + volumes: + - radarr_config:/config + - $MOVIES:/movies + - $DOWNLOADS:/downloads + + sonarr: + image: linuxserver/sonarr:latest + container_name: sonarr + restart: always + ports: + - "8989:8989" + environment: + - PGID=1000 + - PUID=1000 + - TZ=$TZ + volumes: + - sonarr_config:/config + - $TV:/tv + - $DOWNLOADS:/downloads + + prowlarr: + image: linuxserver/prowlarr:develop + container_name: prowlarr + restart: always + ports: + - "9696:9696" + cap_add: + - NET_ADMIN + environment: + - PGID=1000 + - PUID=1000 + - TZ=$TZ + volumes: + - prowlarr_config:/config + - $DOWNLOADS/watch:/downloads + +volumes: + radarr_config: + driver: local + sonarr_config: + driver: local + prowlarr_config: + driver: local \ No newline at end of file diff --git a/docker/compose/exposee.yml b/docker/compose/exposee.yml new file mode 100644 index 0000000..05bdf11 --- /dev/null +++ b/docker/compose/exposee.yml @@ -0,0 +1,83 @@ +--- +version: "3.7" +services: + transmission: + image: haugene/transmission-openvpn:latest + container_name: transmission + restart: always + ports: + - "8091:9091" + cap_add: + - NET_ADMIN + environment: + - TZ=$TZ + - OPENVPN_PROVIDER=$PROVIDER + - OPENVPN_CONFIG=$CONFIG + - OPENVPN_USERNAME=$USER + - OPENVPN_PASSWORD=$PASSWORD + - WEBPROXY_ENABLED=false + - LOCAL_NETWORK=$NETWORK + - TRANSMISSION_SPEED_LIMIT_UP=$SPEED_LIMIT_UP + - TRANSMISSION_SPEED_LIMIT_UP_ENABLED=true + - LOG_TO_STDOUT=true + - TRANSMISSION_WEB_UI=flood-for-transmission + volumes: + - $DOWNLOADS:/data + - /etc/localtime:/etc/localtime:ro + - transmission_config:/config + + radarr: + image: linuxserver/radarr:latest + container_name: radarr + restart: always + ports: + - "7878:7878" + environment: + - PGID=1000 + - PUID=1000 + - TZ=$TZ + volumes: + - radarr_config:/config + - $MOVIES:/movies + - $DOWNLOADS:/downloads + + sonarr: + image: linuxserver/sonarr:latest + container_name: sonarr + restart: always + ports: + - "8989:8989" + environment: + - PGID=1000 + - PUID=1000 + - TZ=$TZ + volumes: + - sonarr_config:/config + - $TV:/tv + - $DOWNLOADS:/downloads + + prowlarr: + image: linuxserver/prowlarr:develop + container_name: prowlarr + restart: always + ports: + - "9696:9696" + cap_add: + - NET_ADMIN + environment: + - PGID=1000 + - PUID=1000 + - TZ=$TZ + volumes: + - prowlarr_config:/config + - $DOWNLOADS/watch:/downloads + +volumes: + radarr_config: + driver: local + sonarr_config: + driver: local + prowlarr_config: + driver: local + transmission_config: + driver: local \ No newline at end of file diff --git a/docker/compose/kanboard.yml b/docker/compose/kanboard.yml new file mode 100644 index 0000000..a0d6f26 --- /dev/null +++ b/docker/compose/kanboard.yml @@ -0,0 +1,21 @@ +--- +version: "3.7" +services: + kanboard: + image: kanboard/kanboard:latest + ports: + - "10080:80" + - "10443:443" + volumes: + - data:/var/www/app/data + - plugins:/var/www/app/plugins + - $HOME_FOLDER/config.php:/var/www/app/config.php + - kanboard_ssl:/etc/nginx/ssl + +volumes: + data: + driver: local + plugins: + driver: local + ssl: + driver: local \ No newline at end of file diff --git a/pfSense/suricata/generateRules.py b/pfSense/suricata/generateRules.py new file mode 100644 index 0000000..ef310c9 --- /dev/null +++ b/pfSense/suricata/generateRules.py @@ -0,0 +1,46 @@ +#!/usr/local/bin/python + +import sys +import socket +import concurrent.futures + +def getIP(dns_name) -> str: + try: + ipAddr = socket.gethostbyname(dns_name) + return ipAddr + except socket.gaierror: + return None + +def generateRule(dnsName, currentSID, outputFile) -> None: + dnsName = dnsName.strip().encode('ascii', errors='ignore') + ipAddr = getIP(dnsName) + + if ipAddr: + outboundRule = f'pass ip any any -> {ipAddr} any (msg:"Allow outbound connection to {dnsName}"; sid:{currentSID};)\n' + outputFile.write(outboundRule) + print(f"Converted {dnsName} to {ipAddr} and added outbound rule with SID {currentSID}") + currentSID += 1 + inboundRule = f'pass ip {ipAddr} any -> any any (msg:"Allow inbound connection from {ipAddr}"; sid:{currentSID};)\n' + outputFile.write(inboundRule) + print(f"Added inbound rule for {ipAddr} with SID {currentSID}") + currentSID += 1 + +if __name__ == "__main__": + if len(sys.argv) != 3: + print("Usage: ./generateRules.py inputFile outputFile") + sys.exit(1) + + inputFilePath = sys.argv[1] + outputFilePath = sys.argv[2] + + with open(inputFilePath, "r") as inputFile, open(outputFilePath, "w") as outputFile: + currentSID = 1 + with concurrent.futures.ThreadPoolExecutor(max_workers=4) as executor: + futures = [] + for line in inputFile: + future = executor.submit(generateRule, line, currentSID, outputFile) + futures.append(future) + currentSID += 2 + concurrent.futures.wait(futures) + + print("Rule generation complete") diff --git a/proxmox/pfSense/startPfSense.service b/proxmox/pfSense/startPfSense.service new file mode 100644 index 0000000..0a336f7 --- /dev/null +++ b/proxmox/pfSense/startPfSense.service @@ -0,0 +1,10 @@ +[Unit] +Description=Start PfSense without quorum +After=pve-cluster.service + +[Service] +type=oneshot +ExecStart=/root/startPfSense.sh + +[Install] +WantedBy=multi-user.target diff --git a/proxmox/pfSense/startPfSense.sh b/proxmox/pfSense/startPfSense.sh new file mode 100644 index 0000000..b220f73 --- /dev/null +++ b/proxmox/pfSense/startPfSense.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +sleep 5 +systemctl stop pve-cluster +pmxcfs -l +qm start 102 +sleep 5 +killall pmxcfs +systemctl start pve-cluster