From f9c929b5019c1af9ecd85a42c6fff5c97d6d70ec Mon Sep 17 00:00:00 2001
From: Andy Bunce <bunce.andy@gmail.com>
Date: Thu, 21 Oct 2021 20:30:21 +0000
Subject: [PATCH] Initial apps

---
 tvheadend/.gitignore                      |   2 ++
 tvheadend/README.md                       |   1 +
 tvheadend/docker-compose.yml              |  19 ++++++++++++++++
 wireguard/.gitignore                      |   1 +
 wireguard/README.md                       |   1 +
 wireguard/config/.donoteditthisfile       |   6 ++++++
 wireguard/config/coredns/Corefile         |   4 ++++
 wireguard/config/peer1/peer1.conf         |  10 +++++++++
 wireguard/config/peer1/peer1.png          | Bin 0 -> 1023 bytes
 wireguard/config/peer1/privatekey-peer1   |   1 +
 wireguard/config/peer1/publickey-peer1    |   1 +
 wireguard/config/server/privatekey-server |   1 +
 wireguard/config/server/publickey-server  |   1 +
 wireguard/config/templates/peer.conf      |  10 +++++++++
 wireguard/config/templates/server.conf    |   6 ++++++
 wireguard/config/wg0.conf                 |  12 +++++++++++
 wireguard/docker-compose.yml              |  25 ++++++++++++++++++++++
 17 files changed, 101 insertions(+)
 create mode 100644 tvheadend/.gitignore
 create mode 100644 tvheadend/README.md
 create mode 100644 tvheadend/docker-compose.yml
 create mode 100644 wireguard/.gitignore
 create mode 100644 wireguard/README.md
 create mode 100644 wireguard/config/.donoteditthisfile
 create mode 100644 wireguard/config/coredns/Corefile
 create mode 100644 wireguard/config/peer1/peer1.conf
 create mode 100644 wireguard/config/peer1/peer1.png
 create mode 100644 wireguard/config/peer1/privatekey-peer1
 create mode 100644 wireguard/config/peer1/publickey-peer1
 create mode 100644 wireguard/config/server/privatekey-server
 create mode 100644 wireguard/config/server/publickey-server
 create mode 100644 wireguard/config/templates/peer.conf
 create mode 100644 wireguard/config/templates/server.conf
 create mode 100644 wireguard/config/wg0.conf
 create mode 100644 wireguard/docker-compose.yml

diff --git a/tvheadend/.gitignore b/tvheadend/.gitignore
new file mode 100644
index 0000000..8a8e84a
--- /dev/null
+++ b/tvheadend/.gitignore
@@ -0,0 +1,2 @@
+recordings/
+
diff --git a/tvheadend/README.md b/tvheadend/README.md
new file mode 100644
index 0000000..19e539a
--- /dev/null
+++ b/tvheadend/README.md
@@ -0,0 +1 @@
+tvheadend setup
diff --git a/tvheadend/docker-compose.yml b/tvheadend/docker-compose.yml
new file mode 100644
index 0000000..4b368f7
--- /dev/null
+++ b/tvheadend/docker-compose.yml
@@ -0,0 +1,19 @@
+---
+version: "2.1"
+services:
+  tvheadend:
+    image: lscr.io/linuxserver/tvheadend
+    container_name: tvheadend
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+    volumes:
+      - ./config:/config
+      - ./recordings:/recordings
+    ports:
+      - 9981:9981
+      - 9982:9982
+    devices:
+      - /dev/dvb:/dev/dvb #optional
+    restart: unless-stopped
diff --git a/wireguard/.gitignore b/wireguard/.gitignore
new file mode 100644
index 0000000..94f7b77
--- /dev/null
+++ b/wireguard/.gitignore
@@ -0,0 +1 @@
+# ignore
diff --git a/wireguard/README.md b/wireguard/README.md
new file mode 100644
index 0000000..bb6d2d5
--- /dev/null
+++ b/wireguard/README.md
@@ -0,0 +1 @@
+wireguard setup
diff --git a/wireguard/config/.donoteditthisfile b/wireguard/config/.donoteditthisfile
new file mode 100644
index 0000000..9e36d87
--- /dev/null
+++ b/wireguard/config/.donoteditthisfile
@@ -0,0 +1,6 @@
+ORIG_SERVERURL="80.229.26.80"
+ORIG_SERVERPORT="51820"
+ORIG_PEERDNS="10.13.13.1"
+ORIG_PEERS="1"
+ORIG_INTERFACE="10.13.13"
+ORIG_ALLOWEDIPS="0.0.0.0/0, ::/0"
diff --git a/wireguard/config/coredns/Corefile b/wireguard/config/coredns/Corefile
new file mode 100644
index 0000000..c8e2152
--- /dev/null
+++ b/wireguard/config/coredns/Corefile
@@ -0,0 +1,4 @@
+. {
+    loop
+    forward . /etc/resolv.conf
+}
\ No newline at end of file
diff --git a/wireguard/config/peer1/peer1.conf b/wireguard/config/peer1/peer1.conf
new file mode 100644
index 0000000..92fbec0
--- /dev/null
+++ b/wireguard/config/peer1/peer1.conf
@@ -0,0 +1,10 @@
+[Interface]
+Address = 10.13.13.2
+PrivateKey = GO6r2NZq0UgkB/u3S6oV6k+CxYDQg+xYvlhjFC34Tnk=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = a7bifNDAdLCYuJCELsMCZzVntp1xujOzXYLSCQ1TF0o=
+Endpoint = 80.229.26.80:51820
+AllowedIPs = 0.0.0.0/0, ::/0
diff --git a/wireguard/config/peer1/peer1.png b/wireguard/config/peer1/peer1.png
new file mode 100644
index 0000000000000000000000000000000000000000..dbc84886e5122f78374246b595ed0491b5ab1951
GIT binary patch
literal 1023
zcmV<b0|5MqP)<h;3K|Lk000e1NJLTq006@P006@Q0{{R31+h2j00006P)t-s00030
z|No`gpWOfe00MMUPE-H?$hF_c00009a7bBm000XT000XT0n*)m`~Uz0kx4{BR9J=W
zm%EMRFc3srph0hx00E{!k10tB=##)GC3;Ll022^B8iM+&XSMe+c7f@2PneaVx6p^(
zT~#Fh>Y)GRTXGN$wroseazi-heD;YtEvbAC(E)NZ3za4KE#sn=BsZpVgtKpE<#TM*
zXBvM*%mR|lmdin9`x%+ptjTYQ@cIw?Ga_q%v*&zvI47F_UY$1y>N95d&+kv=-X?N1
zH`#NrCsA3M`oFsBU2;U4n;Xcl^1jrkvbDX_lG@4@WI4&64=NR}oOx3dKD*>=+DCR%
zD3$jqqGC#Ngz^mLNv>~Yk&i&-?={encusa7qF)(pNRNp6oSl}SYZmMJWVoFj)-s!#
z@n1^9n6q3KyJPa6w3DSdeXN0o9OR#Y*MutZLasyQW7)LivTn{h$>6#!;q~2kccO+=
ze0?sQ{SxRywD6EkOStWWr77%PqQ31tmo?+8B$q80ofOUq&%w+kS(2(I1ZnqALIYxm
zUC-tU`=}<?Yz?zp4(lGGe7<Hq!H_+osZ0|=m}O`nfxVufWzf->Idee|80|xPf@)-x
z2m^<v#u}h2@3&SE+#4m@#L8%9jI!v#rX~0z>mh#7yy+zmM4q*zHWb9ew4c!U=$8n)
z@SBz#0iI)Csw~daztn}bgdxcp58(qEAK{I#AYZklHX?FUL~Fw<oU|mlUQH6B#LN7l
zqnTH!_GjKv5V`Cmo+R`jvVg}Fc3N^p>1zz`0X1c@M~MBbCAC3XFlXpNtOVMpJfmSX
z$%u!JqIC3v%1frW>!To?FmsGgKP-ZeG|p>|mE<Dal_1FvD;f{$;NKJcKEaT^Y)49s
z+aD3ae0!sUT=4&dEC#1F2U0ed+CElPL(ta)83bWuff>3YDevwo6%ohY7*AtK0Rg<Q
zn!Jn}eh8(9^9&JipVg$5Eg|xpNOl7u??7Wdl}|xrw?vNsTa)#Go4o`^Nw}3Gq8W{7
zRS<Pq@0rsO_z%gh3k?V{J_ng#*J}x~*oGn}Qzf%Y_Nll3Xb4Nbb|l_N@YtFCL8j^n
zCSym~LG~Y;``DU{T7uh8m|fbjTk4>ERwQB566_>Kh^XDMpB@6tO}uec6ZCZxZyd0(
zOA@AzPv6#&DM0z8uOHY|Aa2Kdf^}qWcz0M3Qa{{-7yJ7;?-O)iaD;7BM3}{;9U)Xr
tWFIVnLQIk@GL%2=467ku9skL9<QHdh>gkr_rtAO!002ovPDHLkV1m6U;6(rc

literal 0
HcmV?d00001

diff --git a/wireguard/config/peer1/privatekey-peer1 b/wireguard/config/peer1/privatekey-peer1
new file mode 100644
index 0000000..ed7bfac
--- /dev/null
+++ b/wireguard/config/peer1/privatekey-peer1
@@ -0,0 +1 @@
+GO6r2NZq0UgkB/u3S6oV6k+CxYDQg+xYvlhjFC34Tnk=
diff --git a/wireguard/config/peer1/publickey-peer1 b/wireguard/config/peer1/publickey-peer1
new file mode 100644
index 0000000..e1d5f3b
--- /dev/null
+++ b/wireguard/config/peer1/publickey-peer1
@@ -0,0 +1 @@
+UmxCFo8f/TxObdyEbwuUgw/9yTJ4teMQZoSQiySwfG4=
diff --git a/wireguard/config/server/privatekey-server b/wireguard/config/server/privatekey-server
new file mode 100644
index 0000000..419c479
--- /dev/null
+++ b/wireguard/config/server/privatekey-server
@@ -0,0 +1 @@
+ICVV/aXsTdYg5Y44F6j8a7rO8rNZGtLxoOmsb0B+12c=
diff --git a/wireguard/config/server/publickey-server b/wireguard/config/server/publickey-server
new file mode 100644
index 0000000..4542359
--- /dev/null
+++ b/wireguard/config/server/publickey-server
@@ -0,0 +1 @@
+a7bifNDAdLCYuJCELsMCZzVntp1xujOzXYLSCQ1TF0o=
diff --git a/wireguard/config/templates/peer.conf b/wireguard/config/templates/peer.conf
new file mode 100644
index 0000000..205a1bd
--- /dev/null
+++ b/wireguard/config/templates/peer.conf
@@ -0,0 +1,10 @@
+[Interface]
+Address = ${CLIENT_IP}
+PrivateKey = $(cat /config/${PEER_ID}/privatekey-${PEER_ID})
+ListenPort = 51820
+DNS = ${PEERDNS}
+
+[Peer]
+PublicKey = $(cat /config/server/publickey-server)
+Endpoint = ${SERVERURL}:${SERVERPORT}
+AllowedIPs = ${ALLOWEDIPS}
\ No newline at end of file
diff --git a/wireguard/config/templates/server.conf b/wireguard/config/templates/server.conf
new file mode 100644
index 0000000..9255d38
--- /dev/null
+++ b/wireguard/config/templates/server.conf
@@ -0,0 +1,6 @@
+[Interface]
+Address = ${INTERFACE}.1
+ListenPort = 51820
+PrivateKey = $(cat /config/server/privatekey-server)
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
diff --git a/wireguard/config/wg0.conf b/wireguard/config/wg0.conf
new file mode 100644
index 0000000..222709d
--- /dev/null
+++ b/wireguard/config/wg0.conf
@@ -0,0 +1,12 @@
+[Interface]
+Address = 10.13.13.1
+ListenPort = 51820
+PrivateKey = ICVV/aXsTdYg5Y44F6j8a7rO8rNZGtLxoOmsb0B+12c=
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
+[Peer]
+# peer1
+PublicKey = UmxCFo8f/TxObdyEbwuUgw/9yTJ4teMQZoSQiySwfG4=
+AllowedIPs = 10.13.13.2/32
+
diff --git a/wireguard/docker-compose.yml b/wireguard/docker-compose.yml
new file mode 100644
index 0000000..b27e1c5
--- /dev/null
+++ b/wireguard/docker-compose.yml
@@ -0,0 +1,25 @@
+version: "2.1"
+services:
+  wireguard:
+    image: linuxserver/wireguard
+    container_name: wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+      - SERVERURL=80.229.26.80 #optional
+      - SERVERPORT=51820 #optional
+      - PEERS=1 #optional
+      - PEERDNS=auto #optional
+      - INTERNAL_SUBNET=10.13.13.0 #optional
+    volumes:
+      - ./config:/config
+      - /lib/modules:/lib/modules
+    ports:
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped