#!/bin/bash # # Title: qBittorrent (with OpenVPN and Privoxy) # Author(s): Mike Tzou (Chocobo1), Vladimir Golovnev (glassez), Diego Heras (ngosang), binhex # URL: https://www.qbittorrent.org/ - https://github.com/binhex/arch-qbittorrentvpn # GNU: General Public License v2.0 (w/ exception) ################################################################################ --- - hosts: localhost gather_facts: false tasks: # FACTS ####################################################################### - name: 'Set Known Facts' set_fact: pgrole: 'qbittorrentvpn' intport: '8098' extport: '8098' intport2: '8118' extport2: '8118' intport3: '6881' extport3: '6881' image: 'binhex/arch-qbittorrentvpn:latest' # CORE (MANDATORY) ############################################################# - name: 'Including cron job' include_tasks: '/opt/coreapps/apps/_core.yml' - name: 'Including folders' include_tasks: '/opt/coreapps/apps/_downloaders.yml' - name: 'Including plugins' include_tasks: '/opt/coreapps/apps/_plugins.yml' # LABELS ###################################################################### - name: 'Adding Traefik' set_fact: pg_labels: traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' traefik.frontend.headers.SSLHost: '{{domain.stdout}}' traefik.frontend.headers.SSLRedirect: 'true' traefik.frontend.headers.STSIncludeSubdomains: 'true' traefik.frontend.headers.STSPreload: 'true' traefik.frontend.headers.STSSeconds: '315360000' traefik.frontend.headers.browserXSSFilter: 'true' traefik.frontend.headers.contentTypeNosniff: 'true' traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting {{pgrole}} Volumes' set_fact: pg_volumes: - '/etc/localtime:/etc/localtime:ro' - '{{path.stdout}}:{{path.stdout}}' - '/opt/appdata/{{pgrole}}:/config' - name: 'Setting {{pgrole}} ENV' set_fact: pg_env: PUID: '1000' PGID: '1000' UMASK: '000' VPN_ENABLED: 'no' VPN_USER: 'username' VPN_PASS: 'password' VPN_PROV: 'custom' VPN_OPTIONS: '' STRICT_PORT_FORWARD: 'no' ENABLE_PRIVOXY: 'no' LAN_NETWORK: '172.18.0.0/16' NAME_SERVERS: '209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1' DEBUG: 'false' WEBUI_PORT: '{{intport}}' # MAIN DEPLOYMENT ############################################################# - name: 'Checking for existing app data' stat: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' register: confcheck - name: 'Deploying {{pgrole}}' docker_container: name: '{{pgrole}}' image: '{{image}}' pull: yes published_ports: - '{{ports.stdout}}{{extport}}:{{intport}}' - '{{ports.stdout}}{{extport2}}:{{intport2}}' - '{{ports.stdout}}{{extport3}}:{{intport3}}' volumes: '{{pg_volumes}}' env: '{{pg_env}}' restart_policy: unless-stopped devices: - '/dev/net/tun:/dev/net/tun:rwm' purge_networks: yes capabilities: - NET_ADMIN networks: - name: plexguide aliases: - '{{pgrole}}' ipv4_address: 172.18.0.55 state: started labels: '{{pg_labels}}' # CONFIGURATION #################################################### - name: 'Waiting for {{pgrole}} to initialize' wait_for: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' state: present timeout: 15 delay: 5 - name: 'Stopping {{pgrole}}' docker_container: name: '{{pgrole}}' state: stopped - name: Set torrent port ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Connection\PortRangeMin value: '7889' state: present - name: Set SavePath ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Downloads\SavePath value: '{{path.stdout}}/downloads/{{pgrole}}' state: present - name: Set TempPathEnabled ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Downloads\TempPathEnabled value: True state: present - name: Get latest blocklist shell: curl -L http://john.bitsurge.net/public/biglist.p2p.gz | gzip -cdf > /opt/appdata/{{pgrole}}/qBittorrent/config/biglist.p2p - name: 'Checking for existing openvpn folder' stat: path: '/opt/appdata/{{pgrole}}/openvpn' register: ovpncheck - name: Initialize opvn block: - name: Create opvn folder shell: mkdir /opt/appdata/{{pgrole}}/openvpn && touch mkdir /opt/appdata/{{pgrole}}/openvpn/OVPN\ files\ go\ here && chown -R 1000:1000 /opt/appdata/{{pgrole}}/openvpn when: not ovpncheck.stat.exists # FIRST TIME CONFIGURATION #################################################### - name: 'Configuring {{pgrole}} for first time use' block: - name: Enable AutoRun ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: AutoRun option: enabled value: True state: present - name: Enable Auto UnRar ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: AutoRun option: program value: '/usr/bin/unrar x -r \"%F/.\" \"%F/\"' state: present - name: Disable DHT ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Bittorrent\DHT value: false state: present - name: Disable PeX ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Bittorrent\PeX value: false state: present - name: Disable LSD ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Bittorrent\LSD value: false state: present - name: Enable Encryption ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Bittorrent\Encryption value: 1 state: present - name: Don't use incomplete extension ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Downloads\UseIncompleteExtension value: false state: present - name: Ignore slow torrents ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Queueing\IgnoreSlowTorrents value: True state: present - name: Set MaxActiveDownloads ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Queueing\MaxActiveDownloads value: 10 state: present - name: Set MaxActiveTorrents ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Queueing\MaxActiveTorrents value: 100 state: present - name: Set MaxActiveUploads ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Queueing\MaxActiveUploads value: 100 state: present - name: Set GlobalMaxSeedingMinutes ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: BitTorrent option: Session\GlobalMaxSeedingMinutes value: 20160 state: present - name: Set MaxRatio ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Bittorrent\MaxRatio value: 1 state: present - name: pause on MaxRatioAction ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Bittorrent\MaxRatioAction value: 1 state: present - name: Disable csrf ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: WebUI\CSRFProtection value: false force: yes state: present - name: Disable HostHeaderValidation ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: WebUI\HostHeaderValidation value: false force: yes state: present - name: Disable ClickjackingProtection ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: WebUI\ClickjackingProtection value: false force: yes state: present - name: Set ServerDomains ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: WebUI\ServerDomains value: '*' force: yes state: present - name: Set Address ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: WebUI\Address value: '*' force: yes state: present - name: Set Port ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Connection\PortRangeMin value: '{{intport2}}' force: yes state: present - name: Set torrent Watch folder ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: Downloads\ScanDirsV2 value: '@Variant(\0\0\0\x1c\0\0\0\x1\0\0\0$\0/\0m\0n\0t\0/\0t\0o\0r\0r\0\x65\0n\0t\0/\0w\0\x61\0t\0\x63\0h\0\0\0\x2\0\0\0\0)' force: yes state: present - name: Set Blocklist enabled ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: IPFilter\Enabled value: 'true' force: yes state: present - name: Set Blocklist location ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: IPFilter\File value: '/config/qBittorrent/config/biglist.p2p' force: yes state: present - name: Set default login ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' section: Preferences option: WebUI\Password_ha1 value: '@ByteArray(22f616dbc8cdb4aa96105b1c8f36ea63)' force: yes state: present when: not confcheck.stat.exists - name: Restart {{pgrole}} docker_container: name: '{{pgrole}}' state: started