Please let me know what you find for jellyfin with arrs and VPN. I have found that the VPN always interferes with jellyfin and other stuff and haven’t been able to figure out gluetun.
Comment on First Nas Build
fahad@lemmy.world 6 months agoI apologise for not being clear.
These are the specs of my NAS build:
-
Node 804 case
-
16GB DDR4 RAM
-
Seagate IronWolf Pro 2x 4TB
-
1TB nvme Samsung 970 evo plus
-
Gigabyte H610M S2H V2 Intel H610 LGA1200 DDR4 Micro-ATX Motherboardd
-
DeepCool GAMMAXX GT CPU Cooler A-RGB 120mm PWM Addressable RGB LED Fan Intel AMD
-
500W EVGA Power Supply Unit / PSU VAT INC
-
Intel core i5-12400t QS 6c/12t Support ASUS ROG Strix B660-I Gaming WiFi LGA1700.
-
I want to store all data onto the NAS, past projects, pics, etc.
-
Set up automatic backups for Windows, Mac
-
Set up media server (Jellyfin) with Arr apps using a VPN (I’m not sure how to set up a VPN with torrent client)
-
Set up headscale to access my NAS from anywhere (also, I can’t find any tutorials).
-
For 3-2-1 backups, I have decided to get an external HDD and use cloud storage.
-
Self-host services such as Nextcloud, Immich and Bitwarden.
-
VMs - Future
-
Web hosting - Future
-
Home assistant - Future
To be clear, I want to do all that; however, I have never done it before, so that any tutorials would be appreciated.
By “Dos and Don’ts,” I’m referring to the settings that should be adjusted for optimal performance, security, and privacy.
Also, any other recommendations would be appreciated.
HumanPerson@sh.itjust.works 6 months ago
Lem453@lemmy.ca 6 months ago
version: "3.4" volumes: sonarr-config: name: sonarr-config driver_opts: type: nfs o: addr=192.168.37.25,nolock,soft,rw device: :/zfspool1/dockerData/arr-stack/sonarr radarr-config: name: radarr-config driver_opts: type: nfs o: addr=192.168.37.25,nolock,soft,rw device: :/zfspool1/dockerData/arr-stack/radarr prowlarr-config: name: prowlarr-config driver_opts: type: nfs o: addr=192.168.37.25,nolock,soft,rw device: :/zfspool1/dockerData/arr-stack/prowlarr sabnzbd-config: name: sabnzbd-config driver_opts: type: nfs o: addr=192.168.37.25,nolock,soft,rw device: :/zfspool1/dockerData/arr-stack/sabnzbd qbittorrent-config: name: qbittorrent-config driver_opts: type: nfs o: addr=192.168.37.25,nolock,soft,rw device: :/zfspool1/dockerData/arr-stack/qbittorrent media-tv: name: media-tv driver_opts: type: nfs o: addr=192.168.37.31,nolock,soft,rw device: :/mnt/user/media/TV Shows media-movies: name: media-movies driver_opts: type: nfs o: addr=192.168.37.31,nolock,soft,rw device: :/mnt/user/media/Movies media-downloads: name: media-downloads driver_opts: type: nfs o: addr=192.168.37.31,nolock,soft,rw device: :/mnt/user/downloads networks: traefik_proxy: name: traefik_proxy external: true services: arr-stack-gluetun: container_name: arr-stack-gluetun hostname: arr-stack-gluetun image: qmcgaw/gluetun deploy: resources: limits: cpus: '4' memory: 4G reservations: cpus: '2' memory: 1G cap_add: - NET_ADMIN restart: unless-stopped env_file: - ../stack.env #get mullvad key from here "WIREGUARD_PRIVATE_KEY", "WIREGUARD_ADDRESSES", "SERVER_CITIES" networks: # only this container needs access to the proxy network. It also doesn't need any ports exposed to access # the other services like qbit, etc. Traefik points to this container and because the other services use # the service network type they can be accessed through here. traefik_proxy: ipv4_address: 172.18.0.6 environment: - VPN_SERVICE_PROVIDER=private internet access - OPENVPN_USER=xxxxxxxxz - SERVER_HOSTNAMES=lu.privacy.network - TZ=America/Chicago labels: - "traefik.enable=true" - "traefik.docker.network=traefik_proxy" # qbittorrent traefik labels - "traefik.http.routers.arr-stack-qbittorrent.entrypoints=websecure" - "traefik.http.routers.arr-stack-qbittorrent.rule=Host(`torrent.local.domain.com`)" - "traefik.http.routers.arr-stack-qbittorrent.tls=true" - "traefik.http.routers.arr-stack-qbittorrent.service=arr-stack-qbittorrent" - "traefik.http.services.arr-stack-qbittorrent.loadbalancer.server.port=8085" - "traefik.http.routers.arr-stack-qbittorrent.middlewares=authentik" # prowlarr traefik labels - "traefik.http.routers.arr-stack-prowlarr.entrypoints=websecure" - "traefik.http.routers.arr-stack-prowlarr.rule=Host(`prowlarr.local.domain.com`)" - "traefik.http.routers.arr-stack-prowlarr.tls=true" - "traefik.http.routers.arr-stack-prowlarr.service=arr-stack-prowlarr" - "traefik.http.services.arr-stack-prowlarr.loadbalancer.server.port=9696" - "traefik.http.routers.arr-stack-prowlarr.middlewares=authentik" # sabnzbd traefik labels - "traefik.http.routers.arr-stack-sabnzbd.entrypoints=websecure" - "traefik.http.routers.arr-stack-sabnzbd.rule=Host(`sabnzbd.local.domain.ca`)" - "traefik.http.routers.arr-stack-sabnzbd.tls=true" - "traefik.http.routers.arr-stack-sabnzbd.service=arr-stack-sabnzbd" - "traefik.http.services.arr-stack-sabnzbd.loadbalancer.server.port=8080" - "traefik.http.routers.arr-stack-sabnzbd.middlewares=authentik" # sonarr traefik labels - "traefik.http.routers.arr-stack-sonarr.entrypoints=websecure" - "traefik.http.routers.arr-stack-sonarr.rule=Host(`sonarr.local.domain.com`)" - "traefik.http.routers.arr-stack-sonarr.tls=true" - "traefik.http.routers.arr-stack-sonarr.service=arr-stack-sonarr" - "traefik.http.services.arr-stack-sonarr.loadbalancer.server.port=8989" - "traefik.http.routers.arr-stack-sonarr.middlewares=authentik" # radarr traefik labels - "traefik.http.routers.arr-stack-radarr.entrypoints=websecure" - "traefik.http.routers.arr-stack-radarr.rule=Host(`radarr.local.domain.com`)" - "traefik.http.routers.arr-stack-radarr.tls=true" - "traefik.http.routers.arr-stack-radarr.service=arr-stack-radarr" - "traefik.http.services.arr-stack-radarr.loadbalancer.server.port=7878" - "traefik.http.routers.arr-stack-radarr.middlewares=authentik" # _____________________________Downloaders__________________________ arr-stack-qbittorrent: image: ghcr.io/linuxserver/qbittorrent:4.6.0 container_name: arr-stack-qbittorrent network_mode: service:arr-stack-gluetun volumes: - qbittorrent-config:/config - media-downloads:/downloads:z deploy: resources: limits: cpus: '4' memory: 4G reservations: cpus: '2' memory: 1G depends_on: - arr-stack-gluetun environment: - WEBUI_PORT=8085 - TZ=America/Chicago #file permissions need to be the same for all apps - PUID=1000 - PGID=1000 - UMASK_SET=022 restart: unless-stopped labels: # Note 1: Default user is admin, pass is adminadmin # Note 2: Tools-> options-> web UI -> bypass localhost and whitelist: # 172.18.0.0/24, torrent.local.domain.com, arr-stack-gluetun arr-stack-sabnzbd: image: ghcr.io/linuxserver/sabnzbd:4.1.0 container_name: arr-stack-sabnzbd network_mode: service:arr-stack-gluetun deploy: resources: limits: cpus: '4' memory: 4G reservations: cpus: '2' memory: 1G volumes: - sabnzbd-config:/config - media-downloads:/downloads:z depends_on: - arr-stack-gluetun environment: - TZ=America/Chicago #file permissions need to be the same for all apps - PUID=1000 - PGID=1000 #- UMASK_SET=022 restart: unless-stopped # ______________________________Arrs__________________________________ arr-stack-prowlarr: image: ghcr.io/linuxserver/prowlarr:1.9.4 container_name: arr-stack-prowlarr deploy: resources: limits: cpus: '4' memory: 4G reservations: cpus: '2' memory: 1G environment: - PUID=1000 - PGID=1000 - UMASK=022 - TZ=America/Chicago volumes: - prowlarr-config:/config restart: unless-stopped network_mode: service:arr-stack-gluetun depends_on: - arr-stack-gluetun # - arr-stack-qbittorrent # - arr-stack-sabnzbd arr-stack-sonarr: image: ghcr.io/linuxserver/sonarr:3.0.10 container_name: arr-stack-sonarr deploy: resources: limits: cpus: '4' memory: 4G reservations: cpus: '2' memory: 1G volumes: - sonarr-config:/config - media-tv:/media/TV Shows - media-downloads:/downloads:z # this is only needed if qbit-torrent is used. It must be added to remote path in the app(complete foler) environment: - PUID=1000 - PGID=1000 - UMASK=022 - TZ=America/Vancouver restart: unless-stopped network_mode: service:arr-stack-gluetun depends_on: - arr-stack-gluetun arr-stack-radarr: image: ghcr.io/linuxserver/radarr:5.0.3 container_name: arr-stack-radarr deploy: resources: limits: cpus: '4' memory: 4G reservations: cpus: '2' memory: 1G volumes: - radarr-config:/config - media-movies:/media/Movies - media-downloads:/downloads:z # this is only needed if qbit-torrent is used. It must be added to remote path in the app(complete foler) environment: - PUID=1000 - PGID=1000 - UMASK=022 - TZ=America/Vancouver restart: unless-stopped network_mode: service:arr-stack-gluetun depends_on: - arr-stack-gluetun
HumanPerson@sh.itjust.works 5 months ago
Thank you so much. I have spent so long trying to find this.
kif@lemmy.nz 6 months ago
Sounds like you’ve done a bunch of research! Since you’re using unRAID, setting up your services shouldn’t be too difficult.
For your torrents and VPN, there’s a few in the unRAID community store - I’d recommend qBittorrentVPN from Binhex - here’s the documentation for setting up their VPN-enabled containers.
For Headscale, I don’t have any direct experience but unRAID has a decent Wireguard plugin, and should get you up and running in a pinch.
And for your self-hosted services (especially Bitwarden) ensure you’re not exposing this on the net, by VPN is the only option I’d recommend. Even so, I prefer to use Bitwarden’s hosting with a family plan, for peace of mind and resiliency. It’s also much easier for my family.
UnRAID is a great place to start - it allows you to scale cheaply as you need and is easier to fix mistakes. Good luck, and happy homelabbing!