myron/mediastack
1
0
Fork 0
mirror of https://github.com/myronblair/mediastack synced 2026-06-30 17:50:33 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
mediastack/README.md
T
myron ef86214caa Initial commit — MediaStack VM config and documentation 
VM 113 on PVE1: Sonarr/Radarr/Prowlarr/qBittorrent behind WireGuard VPN.
All traffic exits through DO server, bypassing home ISP.
NFS exports movies and TV to Jellyfin (VM 112).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-04 12:57:47 +00:00

84 lines
3.2 KiB
Markdown
Raw Permalink Blame History

# MediaStack
Automated media server VM running on PVE1 Proxmox (VM 113).
All traffic routes through WireGuard VPN → DO server — bypasses home ISP entirely.
## VM Info
| Item | Value |
|------|-------|
| VM ID | 113 |
| Name | MediaStack-35 |
| IP | 10.48.200.35 |
| Hypervisor | PVE1 (10.48.200.90) |
| OS | Ubuntu 24.04 |
| SSH | root via PVE1 key (`ssh -i /root/.ssh/id_rsa root@10.48.200.35` from PVE1) |
## Services
| Service | Port | Binary | Data |
|---------|------|--------|------|
| qBittorrent | 8080 | `/usr/bin/qbittorrent-nox` | `/home/qbittorrent/.config/qBittorrent/` |
| Sonarr | 8989 | `/opt/Sonarr/Sonarr` | `/var/lib/sonarr` |
| Radarr | 7878 | `/opt/Radarr/Radarr` | `/var/lib/radarr` |
| Prowlarr | 9696 | `/opt/Prowlarr/Prowlarr` | `/var/lib/prowlarr` |
| NFS server | 2049 | nfs-kernel-server | `/etc/exports` |
| JARVIS agent | — | `/opt/jarvis-agent/agent.py` | `/opt/jarvis-agent/` |
| qemu-guest-agent | — | system | — |
## API Keys
| Service | Key |
|---------|-----|
| Sonarr | `b43e04350a594846b4ee95261c29e9e0` |
| Radarr | `53c4268360444feeae5f98c0cc24e0e3` |
| Prowlarr | `9d0ce6c5660743b5bf1c7951efc62252` |
| qBittorrent | admin / Joker1974!!! |
## Media Paths
| Purpose | Path |
|---------|------|
| Downloads | `/media/downloads/complete` |
| Movies | `/media/movies` (NFS → Jellyfin) |
| TV Shows | `/media/tv` (NFS → Jellyfin) |
| Music | `/media/music` |
## Jellyfin NFS Mounts (VM 112, 10.48.200.33)
| Remote | Local mount |
|--------|-------------|
| `10.48.200.35:/media/movies` | `/mnt/mediastack/movies` |
| `10.48.200.35:/media/tv` | `/mnt/mediastack/tv` |
## WireGuard VPN
- Interface: `wg0`, VM IP: `10.200.0.4/24`
- Routes through **CT110** (WireGuard-19, `10.48.200.19:51821`) → **DO server** (165.22.1.228)
- All internet traffic exits via DO — ISP never sees download activity
- **Kill-switch:** external traffic blocked if VPN drops; LAN `10.48.200.0/24` always allowed
- CT110 public key: `RXxDgIAaie4n0BxBA48rlmt9BJyp2GEktENeQDlc4hA=`
- MediaStack public key: `SjVwsfPvNFDeLxS6vYesiLVrA8BhdYkquSlMCxpeI2Q=`
## DNS
FortiGate blocks outbound port 53 to external DNS servers.
Fix: dnsmasq installed on PVE1 (10.48.200.90), forwards to Tailscale DNS (100.100.100.100).
MediaStack resolv config: `/etc/systemd/resolved.conf.d/dns.conf``DNS=10.48.200.90`
## Indexer
- IPTorrents configured in Prowlarr via cookie auth
- Prowlarr auto-syncs all indexers to Sonarr and Radarr
## Known Issues & Fixes
| Issue | Fix |
|-------|-----|
| musl vs glibc binary crash | Use `linux-core-x64` releases (glibc), NOT `linux-musl-x64` |
| WireGuard kill-switch blocks SSH | ACCEPT LAN rule must use `-A` (append), not `-I` (insert), so it runs before the REJECT rule |
| DNS fails on first boot | PVE1 dnsmasq forwards DNS; set `DNS=10.48.200.90` in systemd-resolved |
| qBittorrent random temp password | Permanent password set; login is admin / Joker1974!!! |
| JARVIS agent config keys | Needs `jarvis_url`, `registration_key`, `ssl_verify: false` — see `config/jarvis-agent/config.json.example` |
## Repository Layout
```
config/
wireguard/ wg0.conf (private key redacted)
systemd/ service unit files for all services
nfs/ /etc/exports
dns/ systemd-resolved DNS override
jarvis-agent/ config.json.example
```
Reference in New Issue View Git Blame Copy Permalink