ivan-c/.gitmodules

## .gitmodules
[submodule "wait-for"]
	path = wait-for
	url = https://github.com/Eficode/wait-for

## 0_README.md

      
    Raw
  

              0_README.md
            
          
    The Setup

This is a docker-compose file for a simple, secure torrent setup. It includes
rTorrent (a torrent client), flood (a web interface for rTorrent), OpenVPN
(to tunnel traffic through your ISP) and a simple iptables firewall to allow
rTorrent to only access the internet through a VPN.
To run everything, put your open vpn configuration file in ./vpn.ovpn and the
other configuration files from this gist in a directory then go to that
directory and run
docker-compose up

Now flood can be accessed by visiting localhost:3000.
🎉

  
## docker-compose.yml
version: '3.4'

services:
  # This service sets up a firewall which only allows traffic to the docker
  # network and the specified destination (ip, port protocol). See its repo for
  # more information: https://github.com/0xcaff/docker-simple-firewall
  firewall:
    build:
      context: https://github.com/0xcaff/docker-simple-firewall.git

    # Needed by the image to setup the firewall.
    cap_add:
      - net_admin

    # The DNS servers which are used through the VPN.
    dns:
      - 8.8.8.8
      - 8.8.4.4

    environment:
      # The only address, port and protocol combination allowed through the
      # firewall. This should be the address, port and protocol of the VPN
      # service.
      ALLOW_IP_ADDRESS:
      ALLOW_PORT:
      ALLOW_PROTO: udp

      # TCP connections will be accepted at this port once the firewall is
      # configured.
      FIREWALL_READY_SIGNAL_PORT: 60000

    # The only traffic allowed out of this container is traffic to this network
    # and traffic to the specified ip address.
    networks:
      - local

  # A service which creates an openvpn tunnel. Check out its repo for more
  # information: https://github.com/0xcaff/docker-openvpn-client
  vpn:
    build:
      context: https://github.com/jessfraz/dockerfiles.git#pull/397/head
      dockerfile: openvpn/Dockerfile

    # Needed for OpenVPN to work.
    cap_add:
      - net_admin
    devices:
      - /dev/net/tun

    # Share the network stack of the firewall client container. When this
    # container binds ports, they can be reached through the "firewall" service.
    network_mode: service:firewall

    volumes:
      # This is the wait-for script from https://github.com/Eficode/wait-for. It
      # is used to ensure that the VPN only starts after the firewall is
      # configured. This is done so if the VPN tries to connect to a non-allowed
      # address the failure is fast.
      - ./wait-for/wait-for:/wait-for

      # The VPN configuration file.
      - ./vpn.ovpn:/vpn/config/config.ovpn

    # Start openvpn after the firewall is done.
    entrypoint: "/bin/sh"
    command: "/wait-for localhost:60000 -- openvpn --config $OVPN_FILE --auth-user-pass $PASSWORD_FILE"

  # A service with the rtorrent torrent client. See the repository for more
  # information: https://github.com/0xcaff/docker-rtorrent
  rtorrent:
    environment:
      PUID: ${PUID:-1000}
      PGID: ${PGID:-1000}
    build:
      context: https://github.com/looselyrigorous/docker-rtorrent.git#0.2


    # Share the network stack of the firewall client container. When this
    # container binds ports, they can be reached through the "firewall" service.
    network_mode: service:firewall

    volumes:
      - "rtorrent-sock:/socket"

      # rTorrent persistant state.
      - "./watch:/watch"
      - "./config:/config"
      - "./session:/session"
      - "./download:/download"

      # This is the wait-for script from https://github.com/Eficode/wait-for. It
      # is used to ensure that the rtorrent starts only after the firewall is
      # initialized.
      - ./wait-for/wait-for:/wait-for

    # Waits for the firewall to be set up before running rtorrent. The VPN may
    # or may not be ready but no traffic will be leaked because of the firewall.
    entrypoint: "/bin/sh"
    command: "/wait-for localhost:60000 -- rtorrent"

    # exit 0 on first run (`Copying default configuration`?) unless auto-restart enabled
    restart: unless-stopped

  # A service containing flood, a web interface for rtorrent.
  flood:
    build:
      context: https://github.com/jfurrow/flood.git#pull/671/head
    depends_on:
      - rtorrent

    environment:
      # Configuration for flood. Check out this file for all possible
      # configuration options:
      # https://github.com/jfurrow/flood/blob/master/config.docker.js
      #
      RTORRENT_SOCK: 'true'
    volumes:
      - "rtorrent-sock:/data"

    # Expose the flood web interface port.
    ports:
      - 3000:3000

    # The firewall destination (vpn, firewall, rtorrent) is only accessible
    # through the local network.
    networks:
      - local

volumes:
  rtorrent-sock: {}

networks:
  # A network for connecting local services.
  local:

## rtorrent.rc
directory = ~/downloaded
session = ~/.rtorrent.session

system.daemon.set = true
scgi_port = 0.0.0.0:5000
	[submodule "wait-for"]
	path = wait-for
	url = https://github.com/Eficode/wait-for
	version: '3.4'

	services:
	# This service sets up a firewall which only allows traffic to the docker
	# network and the specified destination (ip, port protocol). See its repo for
	# more information: https://github.com/0xcaff/docker-simple-firewall
	firewall:
	build:
	context: https://github.com/0xcaff/docker-simple-firewall.git

	# Needed by the image to setup the firewall.
	cap_add:
	- net_admin

	# The DNS servers which are used through the VPN.
	dns:
	- 8.8.8.8
	- 8.8.4.4

	environment:
	# The only address, port and protocol combination allowed through the
	# firewall. This should be the address, port and protocol of the VPN
	# service.
	ALLOW_IP_ADDRESS:
	ALLOW_PORT:
	ALLOW_PROTO: udp

	# TCP connections will be accepted at this port once the firewall is
	# configured.
	FIREWALL_READY_SIGNAL_PORT: 60000

	# The only traffic allowed out of this container is traffic to this network
	# and traffic to the specified ip address.
	networks:
	- local

	# A service which creates an openvpn tunnel. Check out its repo for more
	# information: https://github.com/0xcaff/docker-openvpn-client
	vpn:
	build:
	context: https://github.com/jessfraz/dockerfiles.git#pull/397/head
	dockerfile: openvpn/Dockerfile

	# Needed for OpenVPN to work.
	cap_add:
	- net_admin
	devices:
	- /dev/net/tun

	# Share the network stack of the firewall client container. When this
	# container binds ports, they can be reached through the "firewall" service.
	network_mode: service:firewall

	volumes:
	# This is the wait-for script from https://github.com/Eficode/wait-for. It
	# is used to ensure that the VPN only starts after the firewall is
	# configured. This is done so if the VPN tries to connect to a non-allowed
	# address the failure is fast.
	- ./wait-for/wait-for:/wait-for

	# The VPN configuration file.
	- ./vpn.ovpn:/vpn/config/config.ovpn

	# Start openvpn after the firewall is done.
	entrypoint: "/bin/sh"
	command: "/wait-for localhost:60000 -- openvpn --config $OVPN_FILE --auth-user-pass $PASSWORD_FILE"

	# A service with the rtorrent torrent client. See the repository for more
	# information: https://github.com/0xcaff/docker-rtorrent
	rtorrent:
	environment:
	PUID: ${PUID:-1000}
	PGID: ${PGID:-1000}
	build:
	context: https://github.com/looselyrigorous/docker-rtorrent.git#0.2


	# Share the network stack of the firewall client container. When this
	# container binds ports, they can be reached through the "firewall" service.
	network_mode: service:firewall

	volumes:
	- "rtorrent-sock:/socket"

	# rTorrent persistant state.
	- "./watch:/watch"
	- "./config:/config"
	- "./session:/session"
	- "./download:/download"

	# This is the wait-for script from https://github.com/Eficode/wait-for. It
	# is used to ensure that the rtorrent starts only after the firewall is
	# initialized.
	- ./wait-for/wait-for:/wait-for

	# Waits for the firewall to be set up before running rtorrent. The VPN may
	# or may not be ready but no traffic will be leaked because of the firewall.
	entrypoint: "/bin/sh"
	command: "/wait-for localhost:60000 -- rtorrent"

	# exit 0 on first run (`Copying default configuration`?) unless auto-restart enabled
	restart: unless-stopped

	# A service containing flood, a web interface for rtorrent.
	flood:
	build:
	context: https://github.com/jfurrow/flood.git#pull/671/head
	depends_on:
	- rtorrent

	environment:
	# Configuration for flood. Check out this file for all possible
	# configuration options:
	# https://github.com/jfurrow/flood/blob/master/config.docker.js
	#
	RTORRENT_SOCK: 'true'
	volumes:
	- "rtorrent-sock:/data"

	# Expose the flood web interface port.
	ports:
	- 3000:3000

	# The firewall destination (vpn, firewall, rtorrent) is only accessible
	# through the local network.
	networks:
	- local

	volumes:
	rtorrent-sock: {}

	networks:
	# A network for connecting local services.
	local:
	directory = ~/downloaded
	session = ~/.rtorrent.session

	system.daemon.set = true
	scgi_port = 0.0.0.0:5000