myron/infra
1
0
Fork 0
mirror of https://github.com/myronblair/infra synced 2026-06-30 17:50:10 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
infra/ai-memory/project_mediastack.md
T

3.5 KiB
Raw Permalink Blame History

name, description, metadata
name description metadata
project-mediastack MediaStack VM on PVE1 — Sonarr/Radarr/Prowlarr/qBittorrent behind WireGuard VPN through CT110→DO
node_type type originSessionId
memory project b1e93a6a-f101-4ea4-aafb-9cb7e2958821

VM Details (updated 2026-06-24)

  • VM ID: 103 | Name: MediaStack-35 | IP: 10.48.200.35
  • Hypervisor: PVE1 (10.48.200.90)
  • Disk: 50GB on GoFlex storage (moved off SynologyProx 2026-06-24 due to I/O errors)
  • OS: Ubuntu 24.04 (noble cloud image)
  • QEMU guest agent: installed and running (installed 2026-06-24)
  • SSH: PVE1 key → ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa root@10.48.200.35
  • GitHub: myronblair/mediastack cloned at /opt/mediastack

Services, Ports & Credentials

Service Port Login API Key
qBittorrent :8080 admin / Joker1974!!!
Sonarr :8989 b43e04350a594846b4ee95261c29e9e0
Radarr :7878 53c4268360444feeae5f98c0cc24e0e3
Prowlarr :9696 9d0ce6c5660743b5bf1c7951efc62252

All services run as root (NFS ACL requires root for writes).

VPN Architecture (updated 2026-06-24)

wg0 — Internet kill-switch (primary VPN)

  • Interface: wg0 | VPN IP: 10.200.0.4/24
  • Endpoint: CT110 at 10.48.200.67:51821 → NordVPN (us9156, 2.56.190.66:51820) → internet
  • Exit IP: 2.56.190.69 (NordVPN US, verified 2026-06-29)
  • Kill-switch: iptables rules — REJECT all non-wg0 non-fwmark traffic; LAN 10.48.200.0/24 always allowed
  • Config: /etc/wireguard/wg0.conf — fwmark hardcoded as 51820 (not dynamic, avoids PostDown race)
  • Auto-start: systemctl enable wg-quick@wg0 (enabled 2026-06-24)
  • DNS: 10.48.200.90 (PVE1 dnsmasq)
  • MediaStack pubkey: CaG79S1fJeJDlYCMhHz8BrDfizBq+OiGnO5VzFIk3gE=
  • CT110 pubkey: Fqb1KLfHe1r3+Hwhem7YGZB2KikGYy/8pPsOIP4rn18= (updated 2026-06-29 — old key was RXxD...)
  • NordVPN exit IP: 2.56.190.69 (us9156.nordvpn.com) — verified 2026-06-29

wg1 — Jellyfin media access (NOT internet VPN)

  • MediaStack is WireGuard server on wg1 (port 51820, 10.200.0.1/24)
  • Jellyfin (10.48.200.33) connects as peer (10.200.0.3)
  • Used for NFS media file access only

Media Storage

  • Downloads: /mnt/nas/video/downloads (Synology NAS NFS)
  • Movies: /mnt/nas/video/movies | TV: /mnt/nas/video/tv
  • Old paths /media/movies and /media/tv are NFS mounts from NAS (Jellyfin backward compat)
  • Jellyfin fstab: 10.48.200.35:/media/movies /mnt/mediastack/movies nfs defaults,_netdev 0 0

Indexer — IPTorrents

  • Cookie auth in Prowlarr: uid=2237410; pass=JzLP2niTWxBJAZIU3yvtLbJzD55kdLeB
  • Cookies expire — if indexer fails, log into iptorrents.com in browser, copy uid+pass cookies

JARVIS Agent

  • Agent ID: MediaStack_2c00b1b8 | Config: /opt/jarvis-agent/config.json
  • Registration key: f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518 | ssl_verify: false

PBS Backup

  • Nightly at 21:00 → SynologyProx storage
  • Backs up VM regardless of which storage the disk lives on

Known Issues

  • wg-quick down/up over SSH kills the connection — PostDown briefly removes LAN ACCEPT before REJECT; SSH reply is dropped. Always use VM console for wg0 cycling, or use nohup background.
  • NFS write failures = services not running as root
  • Radarr "0 active indexers" = blocked in DB; fix: sqlite3 /var/lib/radarr/radarr.db "DELETE FROM IndexerStatus WHERE ProviderId=1;"
  • Stale NFS file handle on Jellyfin = lazy unmount + remount on Jellyfin VM
Reference in New Issue View Git Blame Copy Permalink