add files

README.md

@@ -0,0 +1 @@
+# A collection of useful (to me) scripts

docker/authelia/action.d/cloudflare.conf

@@ -0,0 +1,3 @@
+[Definition]
+actionban = /data/action.d/entryPoint.py <ip> add
+actionunban = /data/action.d/entryPoint.py <ip>clea del

docker/authelia/action.d/entryPoint.py

@@ -0,0 +1,19 @@
+#!/usr/bin/python3
+
+import os
+import sys
+
+if len(sys.argv) < 3:
+    print("Usage: ./entryPoint.py <ip> <add|del>")
+    sys.exit(1)
+
+venv_dir = 'env'
+
+if not os.path.exists(venv_dir):
+    os.system(f"{sys.executable} -m venv {venv_dir}")
+
+activate_script = os.path.join(venv_dir, 'bin', 'activate')
+os.system(f"chmod +x {activate_script}")
+os.system(f"{os.path.join(venv_dir, 'bin', 'pip')} install --upgrade requests ipaddress")
+
+os.system(f"{os.path.join(venv_dir, 'bin', 'python')} /data/action.d/modifyBanList.py {sys.argv[1]} {sys.argv[2]}")

docker/authelia/action.d/modifyBanList.py

@@ -0,0 +1,77 @@
+#!/usr/bin/python3
+
+import sys
+import requests
+from requests import Response
+import json
+import ipaddress
+
+def getIPList(apiEndpoint : str, headers : dict) -> json:
+    response = requests.get(apiEndpoint, headers=headers)
+    if response.status_code == 200:
+        return response.json()
+    else:
+        print(f"Failed to fetch existing IP list. Status code: {response.status_code}")
+        print(response.text)
+        sys.exit(1)
+
+def addIPtoList(ipAddr : str, apiEndpoint : str, headers : dict) -> Response:
+    payload = [{"ip": ipAddr}]
+    response = requests.post(apiEndpoint, headers=headers, data=json.dumps(payload))
+    return response
+
+def removeIPFromList(ipId : str, apiEndpoint : str, headers : dict) -> Response:
+    payload = {"items": [{"id": ipId}]}
+    response = requests.delete(apiEndpoint, headers=headers, data=json.dumps(payload))
+    return response
+
+if __name__ == "__main__":
+    if len(sys.argv) < 3:
+        print("Usage: ./modifyBanList.py <ip> <add|del>")
+        sys.exit(1)
+
+    ipAddr = sys.argv[1]
+
+    try:
+        addr = ipaddress.IPv6Address(ipAddr)
+        first_64_bits = str(addr.exploded).split(':')[:4]
+        ipAddr = ':'.join(first_64_bits) + '::/64'
+    except:
+        pass
+
+    action = sys.argv[2]
+    listId = ''
+    accountId = ''
+    email = ''
+    apiKey = ''
+    apiEndpoint = f'https://api.cloudflare.com/client/v4/accounts/{accountId}/rules/lists/{listId}/items'
+
+    headers = {
+        'X-Auth-Email': f'{email}',
+        'X-Auth-Key': f'{apiKey}',
+        'Content-Type': 'application/json'
+    }
+
+    existingIpList = getIPList(apiEndpoint,headers)
+    response = None
+
+    if action == "del":
+        ipId = None
+        for item in existingIpList['result']:
+            if item['ip'] == ipAddr:
+                ipId = item['id']
+                break
+        payload = {"items": [{"id": ipId}]}
+
+        if ipId is not None:
+            response = requests.delete(apiEndpoint,headers=headers,data=json.dumps(payload))
+    elif not any(item['ip'] == ipAddr for item in existingIpList['result']):
+        payload = [{
+            "ip": ipAddr
+        }]
+        response = requests.post(apiEndpoint, headers=headers, data=json.dumps(payload))
+
+    if response is not None and response.status_code == 200:
+            print(f"IP address {ipAddr} {action} to the custom IP list successfully.")
+    else:
+        print(f"Failed to {action} IP address {ipAddr} to the custom IP list.")

docker/compose/arrs.yml

@@ -0,0 +1,82 @@
+---
+version: "3.7"
+services:
+  transmission:
+    image: haugene/transmission-openvpn:latest
+    container_name: transmission
+    restart: always
+    ports:
+      - "9091:9091"
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - TZ=$TZ
+      - OPENVPN_PROVIDER=$PROVIDER
+      - OPENVPN_CONFIG=$CONFIG
+      - OPENVPN_USERNAME=$USER
+      - OPENVPN_PASSWORD=$PASSWORD
+      - LOCAL_NETWORK=$NETWORK
+      - TRANSMISSION_SPEED_LIMIT_UP=$SPEED_LIMIT_UP
+      - TRANSMISSION_SPEED_LIMIT_UP_ENABLED=true
+      - WEBPROXY_ENABLED=false
+      - LOG_TO_STDOUT=true
+      - TRANSMISSION_WEB_UI=flood-for-transmission
+      - PUID=1000
+      - PGID=1000
+    volumes:
+      - $DOWNLOADS:/data
+      - /etc/localtime:/etc/localtime:ro
+
+  radarr:
+    image: linuxserver/radarr:latest
+    container_name: radarr
+    restart: always
+    ports:
+      - "7878:7878"
+    environment:
+      - PGID=1000
+      - PUID=1000
+      - TZ=$TZ
+    volumes:
+      - radarr_config:/config
+      - $MOVIES:/movies
+      - $DOWNLOADS:/downloads
+
+  sonarr:
+    image: linuxserver/sonarr:latest
+    container_name: sonarr
+    restart: always
+    ports:
+      - "8989:8989"
+    environment:
+      - PGID=1000
+      - PUID=1000
+      - TZ=$TZ
+    volumes:
+      - sonarr_config:/config
+      - $TV:/tv
+      - $DOWNLOADS:/downloads
+
+  prowlarr:
+    image: linuxserver/prowlarr:develop
+    container_name: prowlarr
+    restart: always
+    ports:
+      - "9696:9696"
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - PGID=1000
+      - PUID=1000
+      - TZ=$TZ
+    volumes:
+      - prowlarr_config:/config
+      - $DOWNLOADS/watch:/downloads
+
+volumes:
+  radarr_config:
+    driver: local
+  sonarr_config:
+    driver: local
+  prowlarr_config:
+    driver: local

docker/compose/exposee.yml

@@ -0,0 +1,83 @@
+---
+version: "3.7"
+services:
+  transmission:
+    image: haugene/transmission-openvpn:latest
+    container_name: transmission
+    restart: always
+    ports:
+      - "8091:9091"
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - TZ=$TZ
+      - OPENVPN_PROVIDER=$PROVIDER
+      - OPENVPN_CONFIG=$CONFIG
+      - OPENVPN_USERNAME=$USER
+      - OPENVPN_PASSWORD=$PASSWORD
+      - WEBPROXY_ENABLED=false
+      - LOCAL_NETWORK=$NETWORK
+      - TRANSMISSION_SPEED_LIMIT_UP=$SPEED_LIMIT_UP
+      - TRANSMISSION_SPEED_LIMIT_UP_ENABLED=true
+      - LOG_TO_STDOUT=true
+      - TRANSMISSION_WEB_UI=flood-for-transmission
+    volumes:
+      - $DOWNLOADS:/data
+      - /etc/localtime:/etc/localtime:ro
+      - transmission_config:/config
+
+  radarr:
+    image: linuxserver/radarr:latest
+    container_name: radarr
+    restart: always
+    ports:
+      - "7878:7878"
+    environment:
+      - PGID=1000
+      - PUID=1000
+      - TZ=$TZ
+    volumes:
+      - radarr_config:/config
+      - $MOVIES:/movies
+      - $DOWNLOADS:/downloads
+
+  sonarr:
+    image: linuxserver/sonarr:latest
+    container_name: sonarr
+    restart: always
+    ports:
+      - "8989:8989"
+    environment:
+      - PGID=1000
+      - PUID=1000
+      - TZ=$TZ
+    volumes:
+      - sonarr_config:/config
+      - $TV:/tv
+      - $DOWNLOADS:/downloads
+
+  prowlarr:
+    image: linuxserver/prowlarr:develop
+    container_name: prowlarr
+    restart: always
+    ports:
+      - "9696:9696"
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - PGID=1000
+      - PUID=1000
+      - TZ=$TZ
+    volumes:
+      - prowlarr_config:/config
+      - $DOWNLOADS/watch:/downloads
+
+volumes:
+  radarr_config:
+    driver: local
+  sonarr_config:
+    driver: local
+  prowlarr_config:
+    driver: local
+  transmission_config:
+    driver: local

docker/compose/kanboard.yml

@@ -0,0 +1,21 @@
+---
+version: "3.7"
+services:
+  kanboard:
+      image: kanboard/kanboard:latest
+      ports:
+        - "10080:80"
+        - "10443:443"
+      volumes:
+        - data:/var/www/app/data
+        - plugins:/var/www/app/plugins
+        - $HOME_FOLDER/config.php:/var/www/app/config.php
+        - kanboard_ssl:/etc/nginx/ssl
+
+volumes:
+  data:
+    driver: local
+  plugins:
+    driver: local
+  ssl:
+    driver: local

pfSense/suricata/generateRules.py

@@ -0,0 +1,46 @@
+#!/usr/local/bin/python
+
+import sys
+import socket
+import concurrent.futures
+
+def getIP(dns_name) -> str:
+    try:
+        ipAddr = socket.gethostbyname(dns_name)
+        return ipAddr
+    except socket.gaierror:
+        return None
+
+def generateRule(dnsName, currentSID, outputFile) -> None:
+    dnsName = dnsName.strip().encode('ascii', errors='ignore')
+    ipAddr = getIP(dnsName)
+
+    if ipAddr:
+        outboundRule = f'pass ip any any -> {ipAddr} any (msg:"Allow outbound connection to {dnsName}"; sid:{currentSID};)\n'
+        outputFile.write(outboundRule)
+        print(f"Converted {dnsName} to {ipAddr} and added outbound rule with SID {currentSID}")
+        currentSID += 1
+        inboundRule = f'pass ip {ipAddr} any -> any any (msg:"Allow inbound connection from {ipAddr}"; sid:{currentSID};)\n'
+        outputFile.write(inboundRule)
+        print(f"Added inbound rule for {ipAddr} with SID {currentSID}")
+        currentSID += 1
+
+if __name__ == "__main__":
+    if len(sys.argv) != 3:
+        print("Usage: ./generateRules.py inputFile outputFile")
+        sys.exit(1)
+
+    inputFilePath = sys.argv[1]
+    outputFilePath = sys.argv[2]
+
+    with open(inputFilePath, "r") as inputFile, open(outputFilePath, "w") as outputFile:
+        currentSID = 1
+        with concurrent.futures.ThreadPoolExecutor(max_workers=4) as executor:
+            futures = []
+            for line in inputFile:
+                future = executor.submit(generateRule, line, currentSID, outputFile)
+                futures.append(future)
+                currentSID += 2
+            concurrent.futures.wait(futures)
+
+    print("Rule generation complete")

proxmox/pfSense/startPfSense.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Start PfSense without quorum
+After=pve-cluster.service
+
+[Service]
+type=oneshot
+ExecStart=/root/startPfSense.sh
+
+[Install]
+WantedBy=multi-user.target

proxmox/pfSense/startPfSense.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+sleep 5
+systemctl stop pve-cluster
+pmxcfs -l
+qm start 102
+sleep 5
+killall pmxcfs
+systemctl start pve-cluster