| 
							
							
							
						 |  |  | @@ -1,42 +1,42 @@ | 
		
	
		
			
				|  |  |  |  | #!/bin/bash | 
		
	
		
			
				|  |  |  |  | vpn_provider="$(echo $OPENVPN_PROVIDER | tr '[A-Z]' '[a-z]')" | 
		
	
		
			
				|  |  |  |  | vpn_provider_configs="/etc/openvpn/$vpn_provider" | 
		
	
		
			
				|  |  |  |  | if [ ! -d "$vpn_provider_configs" ]; then | 
		
	
		
			
				|  |  |  |  | 	echo "Could not find OpenVPN provider: $OPENVPN_PROVIDER" | 
		
	
		
			
				|  |  |  |  | 	echo "Please check your settings." | 
		
	
		
			
				|  |  |  |  | 	exit 1 | 
		
	
		
			
				|  |  |  |  | VPN_PROVIDER="${OPENVPN_PROVIDER,,}" | 
		
	
		
			
				|  |  |  |  | VPN_PROVIDER_CONFIGS="/etc/openvpn/${VPN_PROVIDER}" | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | if [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then | 
		
	
		
			
				|  |  |  |  |   echo "OpenVPN provider not set. Exiting." | 
		
	
		
			
				|  |  |  |  |   exit 1 | 
		
	
		
			
				|  |  |  |  | elif [[ ! -d "${VPN_PROVIDER_CONFIGS}" ]]; then | 
		
	
		
			
				|  |  |  |  |   echo "Could not find OpenVPN provider: ${OPENVPN_PROVIDER}" | 
		
	
		
			
				|  |  |  |  |   echo "Please check your settings." | 
		
	
		
			
				|  |  |  |  |   exit 1 | 
		
	
		
			
				|  |  |  |  | fi | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | echo "Using OpenVPN provider: $OPENVPN_PROVIDER" | 
		
	
		
			
				|  |  |  |  | echo "Using OpenVPN provider: ${OPENVPN_PROVIDER}" | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | if [ ! -z "$OPENVPN_CONFIG" ] | 
		
	
		
			
				|  |  |  |  | then | 
		
	
		
			
				|  |  |  |  | 	n=$(echo "$OPENVPN_CONFIG" | wc -w) | 
		
	
		
			
				|  |  |  |  | 	if [ $n -gt 1 ] | 
		
	
		
			
				|  |  |  |  | 	then | 
		
	
		
			
				|  |  |  |  |         	rnd=$((RANDOM%n+1)) | 
		
	
		
			
				|  |  |  |  |         	srv=$(echo "$OPENVPN_CONFIG" | awk -vrnd=$rnd '{print $rnd}') | 
		
	
		
			
				|  |  |  |  |         	echo "$n servers found in OPENVPN_CONFIG, $srv chosen randomly" | 
		
	
		
			
				|  |  |  |  |         	OPENVPN_CONFIG=$srv | 
		
	
		
			
				|  |  |  |  | 	fi | 
		
	
		
			
				|  |  |  |  | if [[ -n "${OPENVPN_CONFIG-}" ]]; then | 
		
	
		
			
				|  |  |  |  |   readarray -t OPENVPN_CONFIG_ARRAY <<< "${OPENVPN_CONFIG//,/$'\n'}" | 
		
	
		
			
				|  |  |  |  |   if (( ${#OPENVPN_CONFIG_ARRAY[@]} > 1 )); then | 
		
	
		
			
				|  |  |  |  |     OPENVPN_CONFIG_RANDOM=$((RANDOM%${#OPENVPN_CONFIG_ARRAY[@]})) | 
		
	
		
			
				|  |  |  |  |     echo "${#OPENVPN_CONFIG_ARRAY[@]} servers found in OPENVPN_CONFIG, ${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]} chosen randomly" | 
		
	
		
			
				|  |  |  |  |     OPENVPN_CONFIG="${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]}" | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | 	if [ -f $vpn_provider_configs/"${OPENVPN_CONFIG}".ovpn ] | 
		
	
		
			
				|  |  |  |  |   	then | 
		
	
		
			
				|  |  |  |  | 		echo "Starting OpenVPN using config ${OPENVPN_CONFIG}.ovpn" | 
		
	
		
			
				|  |  |  |  | 		OPENVPN_CONFIG=$vpn_provider_configs/${OPENVPN_CONFIG}.ovpn | 
		
	
		
			
				|  |  |  |  | 	else | 
		
	
		
			
				|  |  |  |  | 		echo "Supplied config ${OPENVPN_CONFIG}.ovpn could not be found." | 
		
	
		
			
				|  |  |  |  | 		echo "Using default OpenVPN gateway for provider ${vpn_provider}" | 
		
	
		
			
				|  |  |  |  | 		OPENVPN_CONFIG=$vpn_provider_configs/default.ovpn | 
		
	
		
			
				|  |  |  |  | 	fi | 
		
	
		
			
				|  |  |  |  |   if [[ -f "${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}".ovpn ]]; then | 
		
	
		
			
				|  |  |  |  |     echo "Starting OpenVPN using config ${OPENVPN_CONFIG}.ovpn" | 
		
	
		
			
				|  |  |  |  |     OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}.ovpn" | 
		
	
		
			
				|  |  |  |  |   else | 
		
	
		
			
				|  |  |  |  |     echo "Supplied config ${OPENVPN_CONFIG}.ovpn could not be found." | 
		
	
		
			
				|  |  |  |  |     echo "Using default OpenVPN gateway for provider ${VPN_PROVIDER}" | 
		
	
		
			
				|  |  |  |  |     OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn" | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  | else | 
		
	
		
			
				|  |  |  |  | 	echo "No VPN configuration provided. Using default." | 
		
	
		
			
				|  |  |  |  | 	OPENVPN_CONFIG=$vpn_provider_configs/default.ovpn | 
		
	
		
			
				|  |  |  |  |   echo "No VPN configuration provided. Using default." | 
		
	
		
			
				|  |  |  |  |   OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn" | 
		
	
		
			
				|  |  |  |  | fi | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | # add OpenVPN user/pass | 
		
	
		
			
				|  |  |  |  | if [ "${OPENVPN_USERNAME}" = "**None**" ] || [ "${OPENVPN_PASSWORD}" = "**None**" ] ; then | 
		
	
		
			
				|  |  |  |  |   if [ ! -f /config/openvpn-credentials.txt ] ; then | 
		
	
		
			
				|  |  |  |  | if [[ "${OPENVPN_USERNAME}" == "**None**" ]] || [[ "${OPENVPN_PASSWORD}" == "**None**" ]] ; then | 
		
	
		
			
				|  |  |  |  |   if [[ ! -f /config/openvpn-credentials.txt ]] ; then | 
		
	
		
			
				|  |  |  |  |     echo "OpenVPN credentials not set. Exiting." | 
		
	
		
			
				|  |  |  |  |     exit 1 | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
	
		
			
				
					
					|  |  |  | @@ -44,67 +44,97 @@ if [ "${OPENVPN_USERNAME}" = "**None**" ] || [ "${OPENVPN_PASSWORD}" = "**None** | 
		
	
		
			
				|  |  |  |  | else | 
		
	
		
			
				|  |  |  |  |   echo "Setting OPENVPN credentials..." | 
		
	
		
			
				|  |  |  |  |   mkdir -p /config | 
		
	
		
			
				|  |  |  |  |   echo $OPENVPN_USERNAME > /config/openvpn-credentials.txt | 
		
	
		
			
				|  |  |  |  |   echo $OPENVPN_PASSWORD >> /config/openvpn-credentials.txt | 
		
	
		
			
				|  |  |  |  |   echo "${OPENVPN_USERNAME}" > /config/openvpn-credentials.txt | 
		
	
		
			
				|  |  |  |  |   echo "${OPENVPN_PASSWORD}" >> /config/openvpn-credentials.txt | 
		
	
		
			
				|  |  |  |  |   chmod 600 /config/openvpn-credentials.txt | 
		
	
		
			
				|  |  |  |  | fi | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | # add transmission credentials from env vars | 
		
	
		
			
				|  |  |  |  | echo $TRANSMISSION_RPC_USERNAME > /config/transmission-credentials.txt | 
		
	
		
			
				|  |  |  |  | echo $TRANSMISSION_RPC_PASSWORD >> /config/transmission-credentials.txt | 
		
	
		
			
				|  |  |  |  | echo "${TRANSMISSION_RPC_USERNAME}" > /config/transmission-credentials.txt | 
		
	
		
			
				|  |  |  |  | echo "${TRANSMISSION_RPC_PASSWORD}" >> /config/transmission-credentials.txt | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | # Persist transmission settings for use by transmission-daemon | 
		
	
		
			
				|  |  |  |  | dockerize -template /etc/transmission/environment-variables.tmpl:/etc/transmission/environment-variables.sh | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/openvpn/tunnelUp.sh --down /etc/openvpn/tunnelDown.sh" | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | if [ "true" = "$ENABLE_UFW" ]; then | 
		
	
		
			
				|  |  |  |  | ## If we use UFW or the LOCAL_NETWORK we need to grab network config info | 
		
	
		
			
				|  |  |  |  | if [[ "${ENABLE_UFW,,}" == "true" ]] || [[ -n "${LOCAL_NETWORK-}" ]]; then | 
		
	
		
			
				|  |  |  |  |   eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') | 
		
	
		
			
				|  |  |  |  |   ## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is | 
		
	
		
			
				|  |  |  |  |   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then | 
		
	
		
			
				|  |  |  |  |     eval $(ip r l dev ${INT} | awk '{if($5=="link"){print "GW_CIDR="$1; exit}}') | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  | fi | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | ## Open port to any address | 
		
	
		
			
				|  |  |  |  | function ufwAllowPort { | 
		
	
		
			
				|  |  |  |  |   typeset -n portNum=${1} | 
		
	
		
			
				|  |  |  |  |   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]]; then | 
		
	
		
			
				|  |  |  |  |     echo "allowing ${portNum} through the firewall" | 
		
	
		
			
				|  |  |  |  |     ufw allow ${portNum} | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  | } | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | ## Open port to specific address. | 
		
	
		
			
				|  |  |  |  | function ufwAllowPortLong { | 
		
	
		
			
				|  |  |  |  |   typeset -n portNum=${1} sourceAddress=${2} | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  |   if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]] && [[ -n "${sourceAddress-}" ]]; then | 
		
	
		
			
				|  |  |  |  |     echo "allowing ${sourceAddress} through the firewall to port ${portNum}" | 
		
	
		
			
				|  |  |  |  |     ufw allow from ${sourceAddress} to any port ${portNum} | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  | } | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | if [[ "${ENABLE_UFW,,}" == "true" ]]; then | 
		
	
		
			
				|  |  |  |  |   # Enable firewall | 
		
	
		
			
				|  |  |  |  |   echo "enabling firewall" | 
		
	
		
			
				|  |  |  |  |   sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw | 
		
	
		
			
				|  |  |  |  |   ufw enable | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  |   if [ "true" = "$TRANSMISSION_PEER_PORT_RANDOM_ON_START" ]; then | 
		
	
		
			
				|  |  |  |  |     PEER_PORT="$TRANSMISSION_PEER_PORT_RANDOM_LOW:$TRANSMISSION_PEER_PORT_RANDOM_HIGH/tcp" | 
		
	
		
			
				|  |  |  |  |   if [[ "${TRANSMISSION_PEER_PORT_RANDOM_ON_START,,}" == "true" ]]; then | 
		
	
		
			
				|  |  |  |  |     PEER_PORT="${TRANSMISSION_PEER_PORT_RANDOM_LOW}:${TRANSMISSION_PEER_PORT_RANDOM_HIGH}" | 
		
	
		
			
				|  |  |  |  |   else | 
		
	
		
			
				|  |  |  |  |     PEER_PORT=$TRANSMISSION_PEER_PORT | 
		
	
		
			
				|  |  |  |  |     PEER_PORT="${TRANSMISSION_PEER_PORT}" | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  |   echo "allowing $PEER_PORT through the firewall" | 
		
	
		
			
				|  |  |  |  |   ufw allow $PEER_PORT | 
		
	
		
			
				|  |  |  |  |   ufwAllowPort PEER_PORT | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  |   if [ "true" = "$WEBPROXY_ENABLED" ]; then | 
		
	
		
			
				|  |  |  |  |     echo "allowing $WEBPROXY_PORT through the firewall" | 
		
	
		
			
				|  |  |  |  |     ufw allow $WEBPROXY_PORT | 
		
	
		
			
				|  |  |  |  |   if [[ "${WEBPROXY_ENABLED,,}" == "true" ]]; then | 
		
	
		
			
				|  |  |  |  |     ufwAllowPort WEBPROXY_PORT | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  |   if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then | 
		
	
		
			
				|  |  |  |  |     ufwAllowPortLong TRANSMISSION_RPC_PORT GW_CIDR | 
		
	
		
			
				|  |  |  |  |   else | 
		
	
		
			
				|  |  |  |  |     ufwAllowPortLong TRANSMISSION_RPC_PORT GW | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  |   eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') | 
		
	
		
			
				|  |  |  |  |   echo "allowing access to $TRANSMISSION_RPC_PORT from $GW" | 
		
	
		
			
				|  |  |  |  |   ufw allow proto tcp from $GW to any port $TRANSMISSION_RPC_PORT | 
		
	
		
			
				|  |  |  |  |   if [ ! -z "${UFW_EXTRA_PORTS}"  ]; then | 
		
	
		
			
				|  |  |  |  |   if [[ -n "${UFW_EXTRA_PORTS-}"  ]]; then | 
		
	
		
			
				|  |  |  |  |     for port in ${UFW_EXTRA_PORTS//,/ }; do | 
		
	
		
			
				|  |  |  |  |       echo "allowing access to ${port} from $GW" | 
		
	
		
			
				|  |  |  |  |       ufw allow proto tcp from $GW to any port ${port} | 
		
	
		
			
				|  |  |  |  |       if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then | 
		
	
		
			
				|  |  |  |  |         ufwAllowPortLong port GW_CIDR | 
		
	
		
			
				|  |  |  |  |       else | 
		
	
		
			
				|  |  |  |  |         ufwAllowPortLong port GW | 
		
	
		
			
				|  |  |  |  |       fi | 
		
	
		
			
				|  |  |  |  |     done | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  | fi | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | if [ -n "${LOCAL_NETWORK-}" ]; then | 
		
	
		
			
				|  |  |  |  |   eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') | 
		
	
		
			
				|  |  |  |  |   if [ -n "${GW-}" -a -n "${INT-}" ]; then | 
		
	
		
			
				|  |  |  |  |     echo "adding route to local network $LOCAL_NETWORK via $GW dev $INT" | 
		
	
		
			
				|  |  |  |  |     /sbin/ip r a "$LOCAL_NETWORK" via "$GW" dev "$INT" | 
		
	
		
			
				|  |  |  |  |     if [ "true" = "$ENABLE_UFW" ]; then | 
		
	
		
			
				|  |  |  |  |       echo "allowing access to $TRANSMISSION_RPC_PORT from $LOCAL_NETWORK" | 
		
	
		
			
				|  |  |  |  |       ufw allow proto tcp from $LOCAL_NETWORK to any port $TRANSMISSION_RPC_PORT | 
		
	
		
			
				|  |  |  |  |       if [ ! -z "${UFW_EXTRA_PORTS}" ]; then | 
		
	
		
			
				|  |  |  |  |         for port in ${UFW_EXTRA_PORTS//,/ }; do | 
		
	
		
			
				|  |  |  |  |           echo "allowing access to ${port} from $LOCAL_NETWORK" | 
		
	
		
			
				|  |  |  |  |           ufw allow proto tcp from $LOCAL_NETWORK to any port ${port} | 
		
	
		
			
				|  |  |  |  |         done | 
		
	
		
			
				|  |  |  |  | if [[ -n "${LOCAL_NETWORK-}" ]]; then | 
		
	
		
			
				|  |  |  |  |   if [[ -n "${GW-}" ]] && [[ -n "${INT-}" ]]; then | 
		
	
		
			
				|  |  |  |  |     for localNet in ${LOCAL_NETWORK//,/ }; do | 
		
	
		
			
				|  |  |  |  |       echo "adding route to local network ${localNet} via ${GW} dev ${INT}" | 
		
	
		
			
				|  |  |  |  |       /sbin/ip r a "${localNet}" via "${GW}" dev "${INT}" | 
		
	
		
			
				|  |  |  |  |       if [[ "${ENABLE_UFW,,}" == "true" ]]; then | 
		
	
		
			
				|  |  |  |  |         ufwAllowPortLong TRANSMISSION_RPC_PORT localNet | 
		
	
		
			
				|  |  |  |  |         if [[ -n "${UFW_EXTRA_PORTS-}" ]]; then | 
		
	
		
			
				|  |  |  |  |           for port in ${UFW_EXTRA_PORTS//,/ }; do | 
		
	
		
			
				|  |  |  |  |             ufwAllowPortLong port localNet | 
		
	
		
			
				|  |  |  |  |           done | 
		
	
		
			
				|  |  |  |  |         fi | 
		
	
		
			
				|  |  |  |  |       fi | 
		
	
		
			
				|  |  |  |  |     fi | 
		
	
		
			
				|  |  |  |  |     done | 
		
	
		
			
				|  |  |  |  |   fi | 
		
	
		
			
				|  |  |  |  | fi | 
		
	
		
			
				|  |  |  |  |  | 
		
	
		
			
				|  |  |  |  | exec openvpn $TRANSMISSION_CONTROL_OPTS $OPENVPN_OPTS --config "$OPENVPN_CONFIG" | 
		
	
		
			
				|  |  |  |  | exec openvpn ${TRANSMISSION_CONTROL_OPTS} ${OPENVPN_OPTS} --config "${OPENVPN_CONFIG}" | 
		
	
	
		
			
				
					
					| 
							
							
							
						 |  |  |   |