- Install docker (ex:
curl -fsSL https://get.docker.com | sh
) - Copy
example.env
to.env
and edit (also editlscr.env
) - Create
APPDATA_VOLUME
andSTORAGE_VOLUME
folders/mountpoints - Open
80
,443
(traefik entrypoints),3478
(nextcloud-talk entrypoint) and51413
(transmission seeding) ports in router and firewall docker compose up -d --build && sudo chown -R --reference=${HOME} ${APPDATA_VOLUME}/*
- Use
docker compose up -d --build --wait
or./bin/graceful_start.sh
to start - Change the ownership of the files under
APPDATA_VOLUME
(e.g.sudo chown -R --reference=${HOME} ${APPDATA_VOLUME}/*
) immediately after volume creation
- Use
- Wait for containers to be in a healthy state, then stop some of them to patch
docker compose stop organizr && ./bin/appdata_patcher.sh && docker compose up -d organizr
- Configure web applications manually as indicated in the section below
- devices: compose sections
- adapt
jellyfin
compose config to your hardware decoders - add your disks to
scrutiny
compose config
- adapt
- TODO
subo bash -c 'echo "ignore-warnings ARM64-COW-BUG" >> ${APPDATA_VOLUME?}/gitlab/data/redis/redis.conf'
- LLDAP
lldap.${HOST}
- Setup Organizr to pass auth on lldap endpoint if needed (TODO)
- Create users
- TODO
- NextCloud AIO
aio.cloud.${HOST}
- Specify
cloud.${HOST}
in certain field - Change TZ
- Specify apps to install and install
- I prefer to enable all except ClamAV (antivirus) and Docker Socket Proxy
- Specify backup location
/tank/backup
and generate password
- Specify
- NextCloud
cloud.${HOST}
/settings
/apps/disabled
/files_external
EnableExternal storage support
app/user_ldap
EnableLDAP user and group backend
app
/admin/externalstorages
- Storage;Local;None;/tank/storage;All users
/admin/ldap
/admin/overview
Create backup in AIO after setup
- Organizr
${HOST}
- LDAP
/#settings-settings-main
=>Authentication
=> setBind Password
- Setup tabs TODO
- LDAP
- JellyFin
media.${HOST}
/web/index.html#!
/addplugin.html?name=LDAP%20Authentication
- Install LDAP plugin
/dashboard.html
Shutdown (docker will reboot jellyfin)/configurationpage?name=LDAP-Auth
- TODO
/networking.html
Allow remote connections to this server
- TODO Add Media Libraries
- *arr
- TODO
- WAN => fail2ban => docker network
- 80, 443 traefik
- 80 is redirected to 443
- 443 refer to docker-hosted services
- gitlab.${HOST} (TODO)
- whoami.${HOST} (for testing purposes)
- media.${HOST} -> jellyfin (for non-web apps)
- bitwarden.${HOST} -> vaultwarden (TODO)
- cloud.${HOST} -> nextcloud (TODO)
- auth.${HOST} -> authelia
- rest services use authelia auth
- 3478 nextcloud-talk
- 22000 syncthing
- 51413 transmission
- 80, 443 traefik
- LAN => docker network
- 8096 jellyfin webUI
- 1900/udp jellyfin service discovery (DNLA)
- 7359/udp jellyfin client discovery
- 21027/udp syncthing client discovery
- Domain structure:
${HOST}
=> organizrwww.${HOST}
=> organizrtraefik.${HOST}
=> traefik dashboard- TODO
- Folder structure for media system is:
${STORAGE_VOLUME}/downloads/
${STORAGE_VOLUME}/downloads/{,in}complete
for downloads${STORAGE_VOLUME}/downloads/torrents
for torrent files${STORAGE_VOLUME}/downloads/media
for *arrs and jellyfin media
- Lidarr disabled due to unusable use case for me
- If you need album release software, then uncomment
services.lidarr
section incompose.yaml
- If you need album release software, then uncomment
- Transmission alt speed enabled due to broken pcie on rock-3a to reduce overload
- Target of this build is AMD64
- It was ARM64 before, but I fucked enough with my rock-3a
- CrowdSec cheatsheet
docker compose exec crowdsec cscli metrics
docker compose exec crowdsec cscli alerts list
docker compose exec crowdsec cscli decisions list
docker compose exec crowdsec cscli decisions delete -i x.x.x.x
- software
- is stopping organizr needed for patching?
- why chown?
- speedtest
- move samba and traefik to brand new dir
- maybe add separate env file for acme provider
- ldap
- organizr
- nextcloud
- jellyfin
- patchers
apps/
patcher with.env
values{$APPDATA_VOLUME}/
patcher with.env
values
- organizr SSO ?
- healthchecks ?
- flaresolverr
- glances
- portainer
- radarr
- scrutiny
- sonarr
- traefik
- whoami
- alternate software
- new software
- software late
- VPN (wireguard)
- inner
- outer
- security
- change lscr.env UID GID
- change passwds
- change ssh-key after complete setup
- use docker secrets
- secure whole server with vpn and/or firewall
- traefik stsSeconds
- SMTP
- authelia
- VPN (wireguard)
- readme roadmap
- PBR section
- check for grammar issues
- podman migration
- (better than docker ?)
- why ?
- nextcloud/all-in-one#3487