Navy.gif/media-stack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: #7 Add optional support for sabnzbd

Browse Source
This commit is contained in:
Adrien Poupa 2023-05-07 12:24:55 -04:00
parent 8e3a2b0344
commit 9863ef5e49
4 changed files with 59 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -24,3 +24,5 @@ docker-compose.override.yml
!/adguardhome/conf/.gitkeep !/adguardhome/conf/.gitkeep
/adguardhome/work /adguardhome/work
!/adguardhome/work/.gitkeep !/adguardhome/work/.gitkeep
/sabnzbd
!/sabnzbd/.gitkeep

63
README.md
View File

@ -2,7 +2,7 @@
After searching for the perfect NAS solution, I realized what I wanted could be achieved After searching for the perfect NAS solution, I realized what I wanted could be achieved
with some Docker containers on a vanilla Linux box. The result is an opinionated Docker Compose configuration capable of with some Docker containers on a vanilla Linux box. The result is an opinionated Docker Compose configuration capable of
browsing indexers to retrieve media resources and downloading them through a Wireguard VPN with port forwarding. browsing indexers to retrieve media resources and downloading them through a WireGuard VPN with port forwarding.
SSL certificates and remote access through Tailscale are supported. SSL certificates and remote access through Tailscale are supported.
Requirements: Any Docker-capable recent Linux box with Docker Engine and Docker Compose V2. Requirements: Any Docker-capable recent Linux box with Docker Engine and Docker Compose V2.
@ -16,7 +16,7 @@ I am running it in Ubuntu Server 22.04; I also tested this setup on a [Synology
* [Applications](#applications) * [Applications](#applications)
* [Quick Start](#quick-start) * [Quick Start](#quick-start)
* [Environment Variables](#environment-variables) * [Environment Variables](#environment-variables)
* [PIA Wireguard VPN](#pia-wireguard-vpn) * [PIA WireGuard VPN](#pia-wireguard-vpn)
* [Sonarr & Radarr](#sonarr--radarr) * [Sonarr & Radarr](#sonarr--radarr)
* [File Structure](#file-structure) * [File Structure](#file-structure)
* [Download Client](#download-client) * [Download Client](#download-client)
@ -27,6 +27,7 @@ I am running it in Ubuntu Server 22.04; I also tested this setup on a [Synology
* [Accessing from the outside with Tailscale](#accessing-from-the-outside-with-tailscale) * [Accessing from the outside with Tailscale](#accessing-from-the-outside-with-tailscale)
* [Optional Services](#optional-services) * [Optional Services](#optional-services)
* [FlareSolverr](#flaresolverr) * [FlareSolverr](#flaresolverr)
* [SABnzbd](#sabnzbd)
* [AdGuard Home](#adguard-home) * [AdGuard Home](#adguard-home)
* [Encryption](#encryption) * [Encryption](#encryption)
* [DHCP](#dhcp) * [DHCP](#dhcp)
@ -34,7 +35,7 @@ I am running it in Ubuntu Server 22.04; I also tested this setup on a [Synology
* [Customization](#customization) * [Customization](#customization)
* [Synology Quirks](#synology-quirks) * [Synology Quirks](#synology-quirks)
* [Free Ports 80 and 443](#free-ports-80-and-443) * [Free Ports 80 and 443](#free-ports-80-and-443)
* [Install Synology Wireguard](#install-synology-wireguard) * [Install Synology WireGuard](#install-synology-wireguard)
* [Free Port 1900](#free-port-1900) * [Free Port 1900](#free-port-1900)
* [Synology DHCP Server and Adguard Home Port Conflict](#synology-dhcp-server-and-adguard-home-port-conflict) * [Synology DHCP Server and Adguard Home Port Conflict](#synology-dhcp-server-and-adguard-home-port-conflict)
* [NFS Share](#nfs-share) * [NFS Share](#nfs-share)
@ -44,21 +45,25 @@ I am running it in Ubuntu Server 22.04; I also tested this setup on a [Synology
## Applications ## Applications
| **Application** | **Description** | **Image** | **URL** | | **Application** | **Description** | **Image** | **URL** |
|----------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------|----------------| |----------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|--------------|
| [Sonarr](https://sonarr.tv) | PVR for newsgroup and bittorrent users | [linuxserver/sonarr](https://hub.docker.com/r/linuxserver/sonarr) | /sonarr | | [Sonarr](https://sonarr.tv) | PVR for newsgroup and bittorrent users | [linuxserver/sonarr](https://hub.docker.com/r/linuxserver/sonarr) | /sonarr |
| [Radarr](https://radarr.video) | Movie collection manager for Usenet and BitTorrent users | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr) | /radarr | | [Radarr](https://radarr.video) | Movie collection manager for Usenet and BitTorrent users | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr) | /radarr |
| [Prowlarr](https://github.com/Prowlarr/Prowlarr) | Indexer aggregator for Sonarr and Radarr | [linuxserver/prowlarr:latest](https://hub.docker.com/r/linuxserver/prowlarr) | /prowlarr | | [Prowlarr](https://github.com/Prowlarr/Prowlarr) | Indexer aggregator for Sonarr and Radarr | [linuxserver/prowlarr:latest](https://hub.docker.com/r/linuxserver/prowlarr) | /prowlarr |
| [PIA Wireguard VPN](https://github.com/thrnz/docker-wireguard-pia) | Encapsulate qBittorrent traffic in [PIA](https://www.privateinternetaccess.com/) using [Wireguard](https://www.wireguard.com/) with port forwarding. | [thrnz/docker-wireguard-pia](https://hub.docker.com/r/thrnz/docker-wireguard-pia) | | | [PIA WireGuard VPN](https://github.com/thrnz/docker-wireguard-pia) | Encapsulate qBittorrent traffic in [PIA](https://www.privateinternetaccess.com/) using [WireGuard](https://www.wireguard.com/) with port forwarding. | [thrnz/docker-wireguard-pia](https://hub.docker.com/r/thrnz/docker-wireguard-pia) | |
| [qBittorrent](https://www.qbittorrent.org) | Bittorrent client with a complete web UI<br/>Uses VPN network<br/>Using Libtorrent 1.x | [linuxserver/qbittorrent:libtorrentv1](https://hub.docker.com/r/linuxserver/qbittorrent) | /qbittorrent | | [qBittorrent](https://www.qbittorrent.org) | Bittorrent client with a complete web UI<br/>Uses VPN network<br/>Using Libtorrent 1.x | [linuxserver/qbittorrent:libtorrentv1](https://hub.docker.com/r/linuxserver/qbittorrent) | /qbittorrent |
| [Jellyfin](https://jellyfin.org) | Media server designed to organize, manage, and share digital media files to networked devices | [linuxserver/jellyfin](https://hub.docker.com/r/linuxserver/jellyfin) | /jellyfin | | [Jellyfin](https://jellyfin.org) | Media server designed to organize, manage, and share digital media files to networked devices | [linuxserver/jellyfin](https://hub.docker.com/r/linuxserver/jellyfin) | /jellyfin |
| [Heimdall](https://heimdall.site) | Application dashboard | [linuxserver/heimdall](https://hub.docker.com/r/linuxserver/heimdall) | / | | [Heimdall](https://heimdall.site) | Application dashboard | [linuxserver/heimdall](https://hub.docker.com/r/linuxserver/heimdall) | / |
| [Traefik](https://traefik.io) | Reverse proxy | [traefik](https://hub.docker.com/_/traefik) | | | [Traefik](https://traefik.io) | Reverse proxy | [traefik](https://hub.docker.com/_/traefik) | |
| [Watchtower](https://containrrr.dev/watchtower/) | Automated Docker images update | [containrrr/watchtower](https://hub.docker.com/r/containrrr/watchtower) | | | [Watchtower](https://containrrr.dev/watchtower/) | Automated Docker images update | [containrrr/watchtower](https://hub.docker.com/r/containrrr/watchtower) | |
| [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr) | Optional - Proxy server to bypass Cloudflare protection in Prowlarr | [flaresolverr/flaresolverr](https://hub.docker.com/r/flaresolverr/flaresolverr) | | | [SABnzbd](https://sabnzbd.org/) | Optional - Free and easy binary newsreader | [linuxserver/sabnzbd](https://hub.docker.com/r/linuxserver/sabnzbd) | /sabnzbd |
| [AdGuard Home](https://adguard.com/en/adguard-home/overview.html) | Optional - Network-wide software for blocking ads & tracking | [adguard/adguardhome](https://hub.docker.com/r/adguard/adguardhome) | | | [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr) | Optional - Proxy server to bypass Cloudflare protection in Prowlarr | [flaresolverr/flaresolverr](https://hub.docker.com/r/flaresolverr/flaresolverr) | |
| [DHCP Relay](https://github.com/modem7/DHCP-Relay) | Optional - Docker DHCP Relay | [modem7/dhcprelay](https://hub.docker.com/r/modem7/dhcprelay) | | | [AdGuard Home](https://adguard.com/en/adguard-home/overview.html) | Optional - Network-wide software for blocking ads & tracking | [adguard/adguardhome](https://hub.docker.com/r/adguard/adguardhome) | |
| [Traefik Certs Dumper](https://github.com/ldez/traefik-certs-dumper) | Optional - Dump ACME data from Traefik to certificates | [ldez/traefik-certs-dumper](https://hub.docker.com/r/ldez/traefik-certs-dumper) | | | [DHCP Relay](https://github.com/modem7/DHCP-Relay) | Optional - Docker DHCP Relay | [modem7/dhcprelay](https://hub.docker.com/r/modem7/dhcprelay) | |
| [Traefik Certs Dumper](https://github.com/ldez/traefik-certs-dumper) | Optional - Dump ACME data from Traefik to certificates | [ldez/traefik-certs-dumper](https://hub.docker.com/r/ldez/traefik-certs-dumper) | |
Optional containers are not run by default, they need to be enabled,
see [Optional Services](#optional-services) for more information.
## Quick Start ## Quick Start
@ -89,17 +94,17 @@ For the first time, run `./update-config.sh` to update the applications base URL
| `CLOUDFLARE_DNS_API_TOKEN` | API token with `DNS:Edit` permission | | | `CLOUDFLARE_DNS_API_TOKEN` | API token with `DNS:Edit` permission | |
| `CLOUDFLARE_ZONE_API_TOKEN` | API token with `Zone:Read` permission | | | `CLOUDFLARE_ZONE_API_TOKEN` | API token with `Zone:Read` permission | |
## PIA Wireguard VPN ## PIA WireGuard VPN
I chose PIA since it supports Wireguard and [port forwarding](https://github.com/thrnz/docker-wireguard-pia/issues/26#issuecomment-868165281), I chose PIA since it supports WireGuard and [port forwarding](https://github.com/thrnz/docker-wireguard-pia/issues/26#issuecomment-868165281),
but you could use other providers: but you could use other providers:
- OpenVPN: [linuxserver/openvpn-as](https://hub.docker.com/r/linuxserver/openvpn-as) - OpenVPN: [linuxserver/openvpn-as](https://hub.docker.com/r/linuxserver/openvpn-as)
- Wireguard: [linuxserver/wireguard](https://hub.docker.com/r/linuxserver/wireguard) - WireGuard: [linuxserver/wireguard](https://hub.docker.com/r/linuxserver/wireguard)
- NordVPN + OpenVPN: [bubuntux/nordvpn](https://hub.docker.com/r/bubuntux/nordvpn/dockerfile) - NordVPN + OpenVPN: [bubuntux/nordvpn](https://hub.docker.com/r/bubuntux/nordvpn/dockerfile)
- NordVPN + Wireguard (NordLynx): [bubuntux/nordlynx](https://hub.docker.com/r/bubuntux/nordlynx) - NordVPN + WireGuard (NordLynx): [bubuntux/nordlynx](https://hub.docker.com/r/bubuntux/nordlynx)
For PIA + Wireguard, fill `.env` and fill it with your PIA credentials. For PIA + WireGuard, fill `.env` and fill it with your PIA credentials.
The location of the server it will connect to is set by `LOC=ca`, defaulting to Montreal - Canada. The location of the server it will connect to is set by `LOC=ca`, defaulting to Montreal - Canada.
@ -145,7 +150,7 @@ Their API keys can be found in Settings > Security > API Key.
## qBittorrent ## qBittorrent
Set the default save path to `/data/torrents` in Settings, and restrict the network interface to Wireguard (`wg0`). Set the default save path to `/data/torrents` in Settings, and restrict the network interface to WireGuard (`wg0`).
The web UI login page can be disabled on for the local network in Settings > Web UI > Bypass authentication for clients The web UI login page can be disabled on for the local network in Settings > Web UI > Bypass authentication for clients
@ -235,6 +240,12 @@ Say you want to enable FlareSolverr, you should have `COMPOSE_FILE=docker-compos
In Prowlarr, add the FlareSolverr indexer with the URL http://flaresolverr:8191/ In Prowlarr, add the FlareSolverr indexer with the URL http://flaresolverr:8191/
### SABnzbd
Enable SABnzbd by setting `COMPOSE_FILE=docker-compose.yml:sabnzbd/docker-compose.yml`. It will be accessible at `/sabnzbd`.
If that is not the case, the `url_base` parameter in `sabnzbd.ini` should be set to `/sabnzbd`.
### AdGuard Home ### AdGuard Home
Set the `ADGUARD_HOSTNAME`, I chose a different subdomain to use secure DNS without the folder. Set the `ADGUARD_HOSTNAME`, I chose a different subdomain to use secure DNS without the folder.
@ -314,9 +325,9 @@ sed -i -e 's/80/81/' -e 's/443/444/' /usr/syno/share/nginx/server.mustache /usr/
synosystemctl restart nginx synosystemctl restart nginx
``` ```
### Install Synology Wireguard ### Install Synology WireGuard
Since Wireguard is not part of DSM's kernel, an external package must be installed for the `vpn` container to run. Since WireGuard is not part of DSM's kernel, an external package must be installed for the `vpn` container to run.
For DSM 7.1, download and install the package corresponding to your NAS CPU architecture For DSM 7.1, download and install the package corresponding to your NAS CPU architecture
[from here](https://github.com/vegardit/synology-wireguard/releases). [from here](https://github.com/vegardit/synology-wireguard/releases).

0
sabnzbd/.gitkeep Normal file
View File

20
sabnzbd/docker-compose.yml Normal file
View File

@ -0,0 +1,20 @@
version: '3.9'
services:
sabnzbd:
image: lscr.io/linuxserver/sabnzbd:latest
container_name: sabnzbd
environment:
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- TZ=${TIMEZONE}
volumes:
- ./sabnzbd:/config
- ${DATA_ROOT}:/data
restart: always
labels:
- traefik.enable=true
- traefik.http.routers.sabnzbd.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sabnzbd`) || PathPrefix(`/sabnzbd`))
- traefik.http.routers.sabnzbd.tls=true
- traefik.http.routers.sabnzbd.tls.certresolver=myresolver
- traefik.http.services.sabnzbd.loadbalancer.server.port=8080