#OPENVPN_USERNAME= | #OPENVPN_USERNAME= | ||||
#OPENVPN_PASSWORD= | #OPENVPN_PASSWORD= | ||||
#LOCAL_NETWORK= | #LOCAL_NETWORK= | ||||
#ENABLE_UFW=false | |||||
#TRANSMISSION_ALT_SPEED_DOWN=50 | #TRANSMISSION_ALT_SPEED_DOWN=50 | ||||
#TRANSMISSION_ALT_SPEED_ENABLED=false | #TRANSMISSION_ALT_SPEED_ENABLED=false | ||||
#TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 | #TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 | ||||
#TRANSMISSION_UTP_ENABLED=true | #TRANSMISSION_UTP_ENABLED=true | ||||
#TRANSMISSION_WATCH_DIR=/data/watch | #TRANSMISSION_WATCH_DIR=/data/watch | ||||
#TRANSMISSION_WATCH_DIR_ENABLED=true | #TRANSMISSION_WATCH_DIR_ENABLED=true | ||||
#TRANSMISSION_HOME=/data/transmission-home | |||||
#TRANSMISSION_HOME=/data/transmission-home |
# Update packages and install software | # Update packages and install software | ||||
RUN apt-get update \ | RUN apt-get update \ | ||||
&& apt-get -y install software-properties-common \ | |||||
&& apt-get -y install software-properties-common ufw \ | |||||
&& add-apt-repository multiverse \ | && add-apt-repository multiverse \ | ||||
&& add-apt-repository ppa:transmissionbt/ppa \ | && add-apt-repository ppa:transmissionbt/ppa \ | ||||
&& apt-get update \ | && apt-get update \ | ||||
"TRANSMISSION_WATCH_DIR=/data/watch" \ | "TRANSMISSION_WATCH_DIR=/data/watch" \ | ||||
"TRANSMISSION_WATCH_DIR_ENABLED=true" \ | "TRANSMISSION_WATCH_DIR_ENABLED=true" \ | ||||
"TRANSMISSION_HOME=/data/transmission-home" \ | "TRANSMISSION_HOME=/data/transmission-home" \ | ||||
"ENABLE_UFW=false" \ | |||||
PUID=\ | PUID=\ | ||||
PGID= | PGID= | ||||
# Update packages and install software | # Update packages and install software | ||||
RUN apt-get update \ | RUN apt-get update \ | ||||
&& apt-get install -y transmission-cli transmission-common transmission-daemon \ | && apt-get install -y transmission-cli transmission-common transmission-daemon \ | ||||
&& apt-get install -y openvpn curl \ | |||||
&& apt-get install -y openvpn curl ufw \ | |||||
&& curl -sLO https://archive.raspbian.org/raspbian/pool/main/d/dumb-init/dumb-init_1.0.3-1_armhf.deb \ | && curl -sLO https://archive.raspbian.org/raspbian/pool/main/d/dumb-init/dumb-init_1.0.3-1_armhf.deb \ | ||||
&& dpkg -i dumb-init_*.deb \ | && dpkg -i dumb-init_*.deb \ | ||||
&& rm -rf dumb-init_*.deb \ | && rm -rf dumb-init_*.deb \ | ||||
"TRANSMISSION_WATCH_DIR=/data/watch" \ | "TRANSMISSION_WATCH_DIR=/data/watch" \ | ||||
"TRANSMISSION_WATCH_DIR_ENABLED=true" \ | "TRANSMISSION_WATCH_DIR_ENABLED=true" \ | ||||
"TRANSMISSION_HOME=/data/transmission-home" \ | "TRANSMISSION_HOME=/data/transmission-home" \ | ||||
"ENABLE_UFW=false" \ | |||||
PUID=\ | PUID=\ | ||||
PGID= | PGID= | ||||
|`OPENVPN_OPTS` | Will be passed to OpenVPN on startup | See [OpenVPN doc](https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html) | | |`OPENVPN_OPTS` | Will be passed to OpenVPN on startup | See [OpenVPN doc](https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html) | | ||||
|`LOCAL_NETWORK` | Sets the local network that should have access. | `LOCAL_NETWORK=192.168.0.0/24`| | |`LOCAL_NETWORK` | Sets the local network that should have access. | `LOCAL_NETWORK=192.168.0.0/24`| | ||||
### Firewall configuration options | |||||
When enabled, the firewall blocks everything except traffic to the peer port and traffic to the rpc port from the LOCAL_NETWORK and the internal docker gateway. | |||||
If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to the range of peer ports defined by TRANSMISSION_PEER_PORT_RANDOM_HIGH and TRANSMISSION_PEER_PORT_RANDOM_LOW. | |||||
| Variable | Function | Example | | |||||
|----------|----------|-------| | |||||
|`ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true`| | |||||
### Transmission configuration options | ### Transmission configuration options | ||||
You may override transmission options by setting the appropriate environment variable. | You may override transmission options by setting the appropriate environment variable. |
TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/transmission/start.sh --down /etc/transmission/stop.sh" | TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/transmission/start.sh --down /etc/transmission/stop.sh" | ||||
if [ "true" = "$ENABLE_UFW" ]; then | |||||
# Enable firewall | |||||
echo "enabling firewall" | |||||
sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw | |||||
ufw enable | |||||
if [ "true" = "$TRANSMISSION_PEER_PORT_RANDOM_ON_START" ]; then | |||||
PEER_PORT="$TRANSMISSION_PEER_PORT_RANDOM_LOW:$TRANSMISSION_PEER_PORT_RANDOM_HIGH/tcp" | |||||
else | |||||
PEER_PORT=$TRANSMISSION_PEER_PORT | |||||
fi | |||||
echo "allowing $PEER_PORT through the firewall" | |||||
ufw allow $PEER_PORT | |||||
eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') | |||||
echo "allowing access to $TRANSMISSION_RPC_PORT from $GW" | |||||
ufw allow proto tcp from $GW to any port $TRANSMISSION_RPC_PORT | |||||
fi | |||||
if [ -n "${LOCAL_NETWORK-}" ]; then | if [ -n "${LOCAL_NETWORK-}" ]; then | ||||
eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') | eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') | ||||
if [ -n "${GW-}" -a -n "${INT-}" ]; then | if [ -n "${GW-}" -a -n "${INT-}" ]; then | ||||
echo "adding route to local network $LOCAL_NETWORK via $GW dev $INT" | echo "adding route to local network $LOCAL_NETWORK via $GW dev $INT" | ||||
/sbin/ip r a "$LOCAL_NETWORK" via "$GW" dev "$INT" | /sbin/ip r a "$LOCAL_NETWORK" via "$GW" dev "$INT" | ||||
if [ "true" = "$ENABLE_UFW" ]; then | |||||
echo "allowing access to $TRANSMISSION_RPC_PORT from $LOCAL_NETWORK" | |||||
ufw allow proto tcp from $LOCAL_NETWORK to any port $TRANSMISSION_RPC_PORT | |||||
fi | |||||
fi | fi | ||||
fi | fi | ||||
# Transmission needs to know which VPN provider is used | # Transmission needs to know which VPN provider is used | ||||
export OPENVPN_PROVIDER={{ .Env.OPENVPN_PROVIDER }} | export OPENVPN_PROVIDER={{ .Env.OPENVPN_PROVIDER }} | ||||
export ENABLE_UFW={{ .Env.ENABLE_UFW }} | |||||
export PUID={{ .Env.PUID }} | export PUID={{ .Env.PUID }} | ||||
export PGID={{ .Env.PGID }} | export PGID={{ .Env.PGID }} |