Merge branch 'swizzin:master' into master

.pre-commit-config.yaml

@@ -1,15 +1,15 @@
 repos:
   - repo: https://github.com/maxwinterstein/shfmt-py
-    rev: v3.4.3.1
+    rev: v3.7.0.1
     hooks:
       - id: shfmt
         args: ["-w", "-ci", "-sr", "-i", "4"]
   - repo: https://github.com/shellcheck-py/shellcheck-py
-    rev: v0.9.0.5
+    rev: v0.9.0.6
     hooks:
       - id: shellcheck
         args: ["--severity=error"]
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0 # Use the ref you want to point at
+    rev: v4.5.0 # Use the ref you want to point at
     hooks:
       - id: check-executables-have-shebangs

CHANGELOG.md

@@ -1,5 +1,105 @@
 # Changelog
 
+## [3.12.0]
+
+## June 22, 2024
+
+### New:
+- Ubuntu Noble support
+
+### Fixed:
+- Libtorrent will use boost 1.85 on bookworm and newer distros
+- Libtorrent version string grep
+- Install rsyslog explicitly for fail2ban
+- qbittorrent: add qt6-base-private-dev depedency
+
+## [3.11.1]
+
+## March 12, 2024
+
+### SECURITY:
+ - Pyload has been removed from installation due to a Remote Code Execution vulnerability (CVE-2023-0297). Existing users will be encouraged to uninstall the software with every box update. This is a major issue, please remove. You've been warned!
+
+### Fixed:
+ - curl: scripts may use the wrong path (/usr/bin/curl) if curl has been previously primed during execution of the scripts and which caches its path. Clear the hash table for curl after we compile it ourselves to prevent odd errors.
+
+## [3.11.0]
+
+## Feb 17, 2024
+
+### New:
+- Sonarr v4 support :tada:
+
+### Changed:
+- nginx: stop version emission
+- boost: more robust mirror fallback mechanisms
+- curl: upgrade to 8.4
+- box: package descriptions have been updated
+- node: bump to 20.x LTS
+
+### Fixed:
+- rutorrent: country flags
+- autobrr: issue with package selection during install
+- navidrome: fails to download on arm64
+- netdata: install/remove url
+- nzbhydra: java variable resolution
+- nzbhydra: use python wrapper for launching
+- nzbhydra: upgrader issues
+- rtorrent: build flag issues
+- rtorrent: remove piece boundary fix
+- rtorrent: pin xmlrpc to rev 3212
+- fpm: fix dotenv dependency issue in focal/buster
+- nginx: fancyindex installation (note, it should fix existing installs if you haven't touched anything)
+
+
+## [3.10.0]
+
+## November 6, 2023
+
+## SECURITY
+
+> [!WARNING]
+> All btsync/rslsync users are encouraged to check their installations to ensure they have a Web UI password set. You can do so from the Settings > Web UI. This issue should be resolved moving forward. New installations should once more prompt username/password generation on first setup.
+
+- btsync/rslsync: we were made aware that new installs of resilio haven't been prompting users to create passwords. To be clear, this is a regression, as previous behavior prompted the user to create a password on first setup. It was identified the the "Skip EULA" config option was causing this behavior and has been removed. An update script will run to remove this option from existing configs, but it may not trigger password creation.
+
+### Changed:
+- rtorrent: stickz commited a bunch of performance related patches. Enjoy!
+- qbittorrent: builds for 4.6 have been enabled but not thoroughly tested. Feel free to report any issues
+
+### Fixed
+- qbittorrent: overzealous grep will continue to warn you of "misconfigurations" despite having the desired bind config set.
+- npm: swapped from script to repo method of initializing npm and nodejs
+- calibre-web: don't set proxy_bind (fixes issue with ipv6)
+
+## [3.9.2]
+
+## September 16, 2023
+
+### Meta/Development:
+- Update pre-commit.ci integrations
+- Update contributing.md
+- Remove feathub link from issue template
+
+### Changed:
+- nginx: dhparam generation will now happen asyncronously
+- tautulli: now uses a venv, updated buster to use pyenv
+- rtorrent: xmlrpc will now track super-stable
+- rtorrent: added PGO build option
+
+### Fixed:
+- curl: regression with gcc12 on jammy
+- curl: fix potential unzip issue
+- qbit: expand qt6 deps (packages were split)
+- qbit: fix deps for focal
+- qbit: don't bind to `*` if nginx is installed. Warn existing users of this (mis)config
+- arrs: allow access for /feed/calendar via nginx
+- nginx: maintained update code
+- nginx: fix package errors during remove
+- pyload: fix pycurl install
+- rtorrent: various fixes
+- jfago: will no longer run as root
+
 ## [3.9.1]
 
 ## July 16, 2023

README.md

@@ -2,14 +2,14 @@
 
 [![CodeFactor](https://www.codefactor.io/repository/github/liaralabs/swizzin/badge)](https://www.codefactor.io/repository/github/liaralabs/swizzin) [![Discord](https://img.shields.io/discord/577667871727943696?logo=discord&logoColor=white)](https://discord.gg/sKjs9UM)  ![GitHub](https://img.shields.io/github/license/liaralabs/swizzin) ![GitHub commit activity](https://img.shields.io/github/commit-activity/m/liaralabs/swizzin) ![GitHub code size in bytes](https://img.shields.io/github/languages/code-size/liaralabs/swizzin)
 
-# 3.9.1 Stable
+# 3.12.0 Stable
 
 [website](https://swizzin.ltd) \| [docs](https://swizzin.ltd/getting-started) \| [discord](https://discord.gg/bDFqAUF)
 
 Please use [Discord](https://discord.gg/bDFqAUF) for all community functions, and [GitHub discussions](https://github.com/swizzin/swizzin/discussions) for feature requests and to raise issues.
 
 ## What is swizzin?
-Swizzin is a light, modular seedbox solution that can be installed on Debian 10/11/12 or Ubuntu 20.04/22.04. The QuickBox package repo has been ported over for your installing pleasure, including the panel -- if you so choose!
+Swizzin is a light, modular seedbox solution that can be installed on Debian 10/11/12 or Ubuntu 20.04/22.04/24.04. The QuickBox package repo has been ported over for your installing pleasure, including the panel -- if you so choose!
 
 Box has been revamped to reduce and consolidate the amount of commands you need to remember to manage your seedbox. More on this below. In addition to that, additional add-on packages can be installed during installation. No need to wait until the installer finishes! Now with unattended installs!
 
@@ -71,7 +71,7 @@ bash <(curl -sL git.io/swizzin) --env /path/to/your/env/file/here.env
 Long-term support branches only:
 
 -   Debian 10/11/12
--   Ubuntu 20.04/22.04
+-   Ubuntu 20.04/22.04/24.04
 
 ## Support and Help
 

scripts/box

@@ -138,7 +138,7 @@ function _update() {
 
     #Checking for EOL releases
     case "$(_os_codename)" in
-        "focal" | "buster" | "bullseye" | "jammy" | "bookworm")
+        "focal" | "buster" | "bullseye" | "jammy" | "bookworm" | "noble")
             echo_log_only "OS supported"
             ;;
         *)

scripts/install/btsync.sh

@@ -42,7 +42,6 @@ function _installBTSync5() {
     "listening_port" : 0,
     "storage_path" : "/home/${MASTER}/.config/resilio-sync/",
     "pid_file" : "/var/run/resilio-sync/sync.pid",
-    "agree_to_EULA": "yes",
 
     "webui" :
     {

scripts/install/jfago.sh

@@ -23,19 +23,26 @@ else
     echo_info "jfago will run on port 8056"
 fi
 
+# Create jfago user
+useradd -r jfago -s /usr/sbin/nologin > /dev/null 2>&1
+
 # Create systemd service
 echo_progress_start "Setting up systemd service"
 jfagobinary=$(which jfa-go)
-cat > "/etc/systemd/system/jfago.service" << ADC
+mkdir -p /opt/jfago/config/
+chown jfago: /opt/jfago -R
+
+cat > /etc/systemd/system/jfago.service << EOF
 [Unit]
 Description=An account management system for Jellyfin.
-
+After=network.target
 [Service]
-ExecStart=$jfagobinary -config /root/.config/jfa-go/config.ini -data /root/.config/jfa-go/
+ExecStart=${jfagobinary} -config /opt/jfago/config/config.ini -data /opt/jfago/config/
+User=jfago
 
 [Install]
 WantedBy=multi-user.target
-ADC
+EOF
 
 systemctl daemon-reload -q
 echo_progress_done "Service installed"
@@ -45,10 +52,10 @@ echo_progress_start "Enabling and starting jfago to create config file"
 systemctl -q enable jfago --now
 echo_progress_done
 
-crudini --set /root/.config/jfa-go/config.ini ui url_base /jfa-go
+crudini --set /opt/jfago/config/config.ini ui url_base /jfa-go
 
 # This file is created after installation to prevent reinstalling. You will need to remove the app first which deletes this file.
 touch /install/.jfago.lock
 echo_success "jfago installed but not configured"
-echo_info "Edit /root/.config/jfa-go/config.ini to configure and then restart the service with systemctl restart jfago"
+echo_info "Edit /opt/jfago/config/config.ini to configure and then restart the service with systemctl restart jfago"
 exit

scripts/install/netdata.sh

@@ -3,7 +3,7 @@
 # Author: liara
 
 echo_progress_start "Running netdata install script"
-bash <(curl -Ss https://my-netdata.io/kickstart.sh) --non-interactive >> $log 2>&1
+bash <(curl -Ss https://get.netdata.cloud/kickstart.sh) --non-interactive >> $log 2>&1
 echo_progress_done
 
 if [[ -f /install/.nginx.lock ]]; then

scripts/install/nginx.sh

@@ -47,11 +47,35 @@ case $codename in
         ;;
 esac
 
-APT="nginx libnginx-mod-http-fancyindex subversion ssl-cert php-fpm libfcgi0ldbl php-cli php-dev php-xml php-curl php-xmlrpc php-json php-mbstring php-opcache php-zip ${geoip} ${mcrypt}"
+# Prepare the /etc/nginx/ssl/ for openssl dhparm generation
+mkdir -p /etc/nginx/ssl/
+chmod 700 /etc/nginx/ssl
+cd /etc/nginx/ssl
+
+# Create temp.log for openssl dhparm generation to prevent a race condition with logging
+. /etc/swizzin/sources/functions/utils
+templog="/root/logs/temp.log"
+rm_if_exists $templog
+touch $templog
 
+# Start openssl dhparam as a background task using temp.log
+openssl dhparam -out dhparam.pem 2048 >> $templog 2>&1 &
+
+# Install packages for nginx in the foreground
+APT="nginx libnginx-mod-http-fancyindex subversion ssl-cert php-fpm libfcgi0ldbl php-cli php-dev php-xml php-curl php-xmlrpc php-json php-mbstring php-opcache php-zip ${geoip} ${mcrypt}"
 apt_install $APT
-mkdir -p /srv
 
+# Wait for the background task of openssl dhparm generation to finish
+wait
+
+# Append the results of temp.log to swizzin.log and remove temp.log
+echo_log_only "Begin of OpenSSL dhparm results"
+cat $templog >> $log 2>&1
+echo_log_only "End of OpenSSL dhparm results"
+rm_if_exists $templog
+
+# Began configuring nginx in the foreground
+mkdir -p /srv
 cd /etc/php
 phpv=$(ls -d */ | cut -d/ -f1)
 echo_progress_start "Making adjustments to PHP"
@@ -88,6 +112,7 @@ server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name _;
+  server_tokens off;
 
   location /.well-known {
     alias /srv/.well-known;
@@ -121,15 +146,9 @@ server {
 }
 NGC
 
-mkdir -p /etc/nginx/ssl/
 mkdir -p /etc/nginx/snippets/
 mkdir -p /etc/nginx/apps/
 
-chmod 700 /etc/nginx/ssl
-
-cd /etc/nginx/ssl
-openssl dhparam -out dhparam.pem 2048 >> $log 2>&1
-
 cat > /etc/nginx/snippets/ssl-params.conf << SSC
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_prefer_server_ciphers on;
@@ -179,7 +198,10 @@ PROX
 echo_progress_done "Config installed"
 
 echo_progress_start "Installing fancyindex"
-svn export https://github.com/Naereen/Nginx-Fancyindex-Theme/trunk/Nginx-Fancyindex-Theme-dark /srv/fancyindex >> $log 2>&1
+git clone https://github.com/Naereen/Nginx-Fancyindex-Theme/ /tmp/fancyindex >> $log 2>&1
+mv /tmp/fancyindex/Nginx-Fancyindex-Theme-dark /srv/fancyindex >> $log 2>&1
+rm -rf /tmp/fancyindex
+
 cat > /etc/nginx/snippets/fancyindex.conf << FIC
 fancyindex on;
 fancyindex_localtime on;

scripts/install/nzbhydra.sh

@@ -20,15 +20,15 @@ fi
 
 username=$(_get_master_username)
 
-case $(os_codename) in
+case $(_os_codename) in
     bullseye)
         java=openjdk-17-jdk-headless
         ;;
     *)
         java=default-jre-headless
         ;;
 esac
-LIST='unzip $java'
+LIST="unzip $java"
 apt_install $LIST
 
 echo_progress_start "Installing NZBHydra ${latestversion}"
@@ -41,7 +41,7 @@ wget -O nzbhydra2.zip ${latest} >> ${log} 2>&1
 unzip nzbhydra2.zip >> ${log} 2>&1
 rm -f nzbhydra2.zip
 
-chmod +x nzbhydra2
+chmod +x nzbhydra2 nzbhydra2wrapperPy3.py
 chown -R ${username}: /opt/nzbhydra2
 echo_progress_done
 
@@ -73,7 +73,7 @@ WorkingDirectory=/opt/nzbhydra2
 # NZBHydra stores its data in a "data" subfolder of its installation path
 # To change that set the --datafolder parameter:
 # --datafolder /path-to/datafolder
-ExecStart=/opt/nzbhydra2/nzbhydra2 --nobrowser --datafolder /home/${username}/.config/nzbhydra2 --nopidfile
+ExecStart=/opt/nzbhydra2/nzbhydra2wrapperPy3.py --nobrowser --datafolder /home/${username}/.config/nzbhydra2 --nopidfile
 
 Restart=always