jmhobbs · March 28, 2017 15:22
diff --git a/setup.sh b/setup.sh
 TRANSMISSION_RPC_PASSWORD="set something here"

 add-apt-repository -y ppa:transmissionbt/ppa
 apt-get -y update
 apt-get install -qy nginx transmission-cli transmission-daemon

 ufw status
 ufw allow 22
 ufw allow 443
 ufw allow 1194
 ufw enable

 service transmission-daemon stop
 cat <<EOF > /var/lib/transmission-daemon/info/settings.json
 {
    "alt-speed-down": 50,
    "alt-speed-enabled": false,
    "alt-speed-time-begin": 540,
    "alt-speed-time-day": 127,
    "alt-speed-time-enabled": false,
    "alt-speed-time-end": 1020,
    "alt-speed-up": 50,
    "bind-address-ipv4": "0.0.0.0",
    "bind-address-ipv6": "::",
    "blocklist-enabled": false,
    "blocklist-url": "http://www.example.com/blocklist",
    "cache-size-mb": 4,
    "dht-enabled": true,
    "download-dir": "/var/lib/transmission-daemon/downloads",
    "download-limit": 100,
    "download-limit-enabled": 0,
    "download-queue-enabled": true,
    "download-queue-size": 5,
    "encryption": 1,
    "idle-seeding-limit": 30,
    "idle-seeding-limit-enabled": false,
    "incomplete-dir": "/var/lib/transmission-daemon/Downloads",
    "incomplete-dir-enabled": false,
    "lpd-enabled": false,
    "max-peers-global": 200,
    "message-level": 1,
    "peer-congestion-algorithm": "",
    "peer-id-ttl-hours": 6,
    "peer-limit-global": 200,
    "peer-limit-per-torrent": 50,
    "peer-port": 51413,
    "peer-port-random-high": 65535,
    "peer-port-random-low": 49152,
    "peer-port-random-on-start": false,
    "peer-socket-tos": "default",
    "pex-enabled": true,
    "port-forwarding-enabled": false,
    "preallocation": 1,
    "prefetch-enabled": true,
    "queue-stalled-enabled": true,
    "queue-stalled-minutes": 30,
    "ratio-limit": 2,
    "ratio-limit-enabled": false,
    "rename-partial-files": true,
    "rpc-authentication-required": true,
    "rpc-bind-address": "0.0.0.0",
    "rpc-enabled": true,
    "rpc-password": "$TRANSMISSION_PASSWORD",
    "rpc-port": 9091,
    "rpc-url": "/transmission/",
    "rpc-username": "tx",
    "rpc-whitelist": "127.0.0.1",
    "rpc-whitelist-enabled": true,
    "scrape-paused-torrents-enabled": true,
    "script-torrent-done-enabled": false,
    "script-torrent-done-filename": "",
    "seed-queue-enabled": false,
    "seed-queue-size": 10,
    "speed-limit-down": 100,
    "speed-limit-down-enabled": false,
    "speed-limit-up": 100,
    "speed-limit-up-enabled": false,
    "start-added-torrents": true,
    "trash-original-torrent-files": false,
    "umask": 18,
    "upload-limit": 100,
    "upload-limit-enabled": 0,
    "upload-slots-per-torrent": 14,
    "utp-enabled": true
 }
 EOF

 # Generate a self-signed cert
 openssl req -x509 -newkey rsa:4096 -keyout /etc/nginx/tx.pem -out /etc/nginx/tx.crt -days 3650
 # And strip the passphrase on the key
 openssl rsa -in /etc/nginx/tx.pem -out /etc/nginx/tx.key

 echo "Enter web UI access password"
 printf "tx:`openssl passwd -apr1`\n" >> /etc/nginx/htpasswd

 cat <<EOF > /etc/nginx/nginx.conf
 user www-data;
 worker_processes auto;
 pid /run/nginx.pid;

 events {
  worker_connections 768;
 }

 http {
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  server_tokens off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  gzip on;
  gzip_disable "msie6";

  server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name           tx;

    auth_basic            "Server Restricted";
    auth_basic_user_file  /etc/nginx/htpasswd;

    ssl_certificate /etc/nginx/tx.crt;
    ssl_certificate_key /etc/nginx/tx.key;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    location / {
      proxy_read_timeout 300;
      proxy_pass_header  X-Transmission-Session-Id;
      proxy_set_header   X-Forwarded-Host   $host;
      proxy_set_header   X-Forwarded-Server $host;
      proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
      proxy_pass         http://127.0.0.1:9091/transmission/web/;
    }

    location /rpc {
      proxy_pass         http://127.0.0.1:9091/transmission/rpc;
    }

    location /upload {
      proxy_pass         http://127.0.0.1:9091/transmission/upload;
    }

    location /downloads {
      autoindex on;
      alias /var/lib/transmission-daemon/downloads;
    }
  }
 }
 EOF

 # Install blocklist builder
 git clone https://github.com/walshie4/Ultimate-Blocklist.git /root/blocklist
 /bin/bash /root/Ultimate-Blocklist/UpdateList.sh -c /var/lib/transmission-daemon/info/
 cat <<EOF > /tmp/crontab
 # m h  dom mon dow   command
 0 0 * * * /bin/bash /root/Ultimate-Blocklist/UpdateList.sh -c /var/lib/transmission-daemon/info/
 EOF
 crontab /tmp/crontab && rm /tmp/crontab

 service nginx restart
 service transmission-daemon start

 # OpenVPN install
 curl https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh > /root/openvpn-install.sh
 bash /root/openvpn-install.sh
	TRANSMISSION_RPC_PASSWORD="set something here"

	add-apt-repository -y ppa:transmissionbt/ppa
	apt-get -y update
	apt-get install -qy nginx transmission-cli transmission-daemon

	ufw status
	ufw allow 22
	ufw allow 443
	ufw allow 1194
	ufw enable

	service transmission-daemon stop
	cat <<EOF > /var/lib/transmission-daemon/info/settings.json
	{
	"alt-speed-down": 50,
	"alt-speed-enabled": false,
	"alt-speed-time-begin": 540,
	"alt-speed-time-day": 127,
	"alt-speed-time-enabled": false,
	"alt-speed-time-end": 1020,
	"alt-speed-up": 50,
	"bind-address-ipv4": "0.0.0.0",
	"bind-address-ipv6": "::",
	"blocklist-enabled": false,
	"blocklist-url": "http://www.example.com/blocklist",
	"cache-size-mb": 4,
	"dht-enabled": true,
	"download-dir": "/var/lib/transmission-daemon/downloads",
	"download-limit": 100,
	"download-limit-enabled": 0,
	"download-queue-enabled": true,
	"download-queue-size": 5,
	"encryption": 1,
	"idle-seeding-limit": 30,
	"idle-seeding-limit-enabled": false,
	"incomplete-dir": "/var/lib/transmission-daemon/Downloads",
	"incomplete-dir-enabled": false,
	"lpd-enabled": false,
	"max-peers-global": 200,
	"message-level": 1,
	"peer-congestion-algorithm": "",
	"peer-id-ttl-hours": 6,
	"peer-limit-global": 200,
	"peer-limit-per-torrent": 50,
	"peer-port": 51413,
	"peer-port-random-high": 65535,
	"peer-port-random-low": 49152,
	"peer-port-random-on-start": false,
	"peer-socket-tos": "default",
	"pex-enabled": true,
	"port-forwarding-enabled": false,
	"preallocation": 1,
	"prefetch-enabled": true,
	"queue-stalled-enabled": true,
	"queue-stalled-minutes": 30,
	"ratio-limit": 2,
	"ratio-limit-enabled": false,
	"rename-partial-files": true,
	"rpc-authentication-required": true,
	"rpc-bind-address": "0.0.0.0",
	"rpc-enabled": true,
	"rpc-password": "$TRANSMISSION_PASSWORD",
	"rpc-port": 9091,
	"rpc-url": "/transmission/",
	"rpc-username": "tx",
	"rpc-whitelist": "127.0.0.1",
	"rpc-whitelist-enabled": true,
	"scrape-paused-torrents-enabled": true,
	"script-torrent-done-enabled": false,
	"script-torrent-done-filename": "",
	"seed-queue-enabled": false,
	"seed-queue-size": 10,
	"speed-limit-down": 100,
	"speed-limit-down-enabled": false,
	"speed-limit-up": 100,
	"speed-limit-up-enabled": false,
	"start-added-torrents": true,
	"trash-original-torrent-files": false,
	"umask": 18,
	"upload-limit": 100,
	"upload-limit-enabled": 0,
	"upload-slots-per-torrent": 14,
	"utp-enabled": true
	}
	EOF

	# Generate a self-signed cert
	openssl req -x509 -newkey rsa:4096 -keyout /etc/nginx/tx.pem -out /etc/nginx/tx.crt -days 3650
	# And strip the passphrase on the key
	openssl rsa -in /etc/nginx/tx.pem -out /etc/nginx/tx.key

	echo "Enter web UI access password"
	printf "tx:`openssl passwd -apr1`\n" >> /etc/nginx/htpasswd

	cat <<EOF > /etc/nginx/nginx.conf
	user www-data;
	worker_processes auto;
	pid /run/nginx.pid;

	events {
	worker_connections 768;
	}

	http {
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	gzip on;
	gzip_disable "msie6";

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name tx;

	auth_basic "Server Restricted";
	auth_basic_user_file /etc/nginx/htpasswd;

	ssl_certificate /etc/nginx/tx.crt;
	ssl_certificate_key /etc/nginx/tx.key;

	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	ssl_protocols TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_prefer_server_ciphers on;

	location / {
	proxy_read_timeout 300;
	proxy_pass_header X-Transmission-Session-Id;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass http://127.0.0.1:9091/transmission/web/;
	}

	location /rpc {
	proxy_pass http://127.0.0.1:9091/transmission/rpc;
	}

	location /upload {
	proxy_pass http://127.0.0.1:9091/transmission/upload;
	}

	location /downloads {
	autoindex on;
	alias /var/lib/transmission-daemon/downloads;
	}
	}
	}
	EOF

	# Install blocklist builder
	git clone https://github.com/walshie4/Ultimate-Blocklist.git /root/blocklist
	/bin/bash /root/Ultimate-Blocklist/UpdateList.sh -c /var/lib/transmission-daemon/info/
	cat <<EOF > /tmp/crontab
	# m h dom mon dow command
	0 0 * * * /bin/bash /root/Ultimate-Blocklist/UpdateList.sh -c /var/lib/transmission-daemon/info/
	EOF
	crontab /tmp/crontab && rm /tmp/crontab

	service nginx restart
	service transmission-daemon start

	# OpenVPN install
	curl https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh > /root/openvpn-install.sh
	bash /root/openvpn-install.sh