myron/mediastack
1
0
Fork 0
mirror of https://github.com/myronblair/mediastack synced 2026-06-30 17:50:33 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
ef86214caa474b1d376834c8a84bb98eb106f1f0
mediastack/README.md
T
myron ef86214caa Initial commit — MediaStack VM config and documentation 
VM 113 on PVE1: Sonarr/Radarr/Prowlarr/qBittorrent behind WireGuard VPN.
All traffic exits through DO server, bypassing home ISP.
NFS exports movies and TV to Jellyfin (VM 112).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-04 12:57:47 +00:00

3.2 KiB
Raw Blame History

MediaStack

Automated media server VM running on PVE1 Proxmox (VM 113).
All traffic routes through WireGuard VPN → DO server — bypasses home ISP entirely.

VM Info

Item Value
VM ID 113
Name MediaStack-35
IP 10.48.200.35
Hypervisor PVE1 (10.48.200.90)
OS Ubuntu 24.04
SSH root via PVE1 key (ssh -i /root/.ssh/id_rsa root@10.48.200.35 from PVE1)

Services

Service Port Binary Data
qBittorrent 8080 /usr/bin/qbittorrent-nox /home/qbittorrent/.config/qBittorrent/
Sonarr 8989 /opt/Sonarr/Sonarr /var/lib/sonarr
Radarr 7878 /opt/Radarr/Radarr /var/lib/radarr
Prowlarr 9696 /opt/Prowlarr/Prowlarr /var/lib/prowlarr
NFS server 2049 nfs-kernel-server /etc/exports
JARVIS agent /opt/jarvis-agent/agent.py /opt/jarvis-agent/
qemu-guest-agent system

API Keys

Service Key
Sonarr b43e04350a594846b4ee95261c29e9e0
Radarr 53c4268360444feeae5f98c0cc24e0e3
Prowlarr 9d0ce6c5660743b5bf1c7951efc62252
qBittorrent admin / Joker1974!!!

Media Paths

Purpose Path
Downloads /media/downloads/complete
Movies /media/movies (NFS → Jellyfin)
TV Shows /media/tv (NFS → Jellyfin)
Music /media/music

Jellyfin NFS Mounts (VM 112, 10.48.200.33)

Remote Local mount
10.48.200.35:/media/movies /mnt/mediastack/movies
10.48.200.35:/media/tv /mnt/mediastack/tv

WireGuard VPN

  • Interface: wg0, VM IP: 10.200.0.4/24
  • Routes through CT110 (WireGuard-19, 10.48.200.19:51821) → DO server (165.22.1.228)
  • All internet traffic exits via DO — ISP never sees download activity
  • Kill-switch: external traffic blocked if VPN drops; LAN 10.48.200.0/24 always allowed
  • CT110 public key: RXxDgIAaie4n0BxBA48rlmt9BJyp2GEktENeQDlc4hA=
  • MediaStack public key: SjVwsfPvNFDeLxS6vYesiLVrA8BhdYkquSlMCxpeI2Q=

DNS

FortiGate blocks outbound port 53 to external DNS servers.
Fix: dnsmasq installed on PVE1 (10.48.200.90), forwards to Tailscale DNS (100.100.100.100).
MediaStack resolv config: /etc/systemd/resolved.conf.d/dns.confDNS=10.48.200.90

Indexer

  • IPTorrents configured in Prowlarr via cookie auth
  • Prowlarr auto-syncs all indexers to Sonarr and Radarr

Known Issues & Fixes

Issue Fix
musl vs glibc binary crash Use linux-core-x64 releases (glibc), NOT linux-musl-x64
WireGuard kill-switch blocks SSH ACCEPT LAN rule must use -A (append), not -I (insert), so it runs before the REJECT rule
DNS fails on first boot PVE1 dnsmasq forwards DNS; set DNS=10.48.200.90 in systemd-resolved
qBittorrent random temp password Permanent password set; login is admin / Joker1974!!!
JARVIS agent config keys Needs jarvis_url, registration_key, ssl_verify: false — see config/jarvis-agent/config.json.example

Repository Layout

config/
  wireguard/    wg0.conf (private key redacted)
  systemd/      service unit files for all services
  nfs/          /etc/exports
  dns/          systemd-resolved DNS override
  jarvis-agent/ config.json.example
Reference in New Issue View Git Blame Copy Permalink