pbrisbin/setup.md

## setup.md

      
    Raw
  

              setup.md
            
          
    Containerized setup for downloading and sharing media.
Accounts


https://www.giganews.com -- NZB access +VPN
https://nzbfinder.ws/ -- NZB search

File System

Everything is root-owned and all services run as root. Anything other than
this quickly devolves into madness.
A /data directory will hold all service configuration and persisted files
(databases, caches, etc). There is a sub-directory per service, volume-mounted
into the various docker containers.
/mnt/media is my main 5TB drive where the media goes. I also configure
SABnzbd and Deluge to put their download directories somewhere on here. With
everything on the same disk, the various moves and renames are faster.
Note: I configure Deluge to put its complete files in SABnzbd's complete
directory. This means Sickbeard and CouchPotato will pick them up like it would
an NZB download.
Unit definitions go at /etc/systemd/system/docker-<service>.service.
This means backing up the entire system (besides the media itself) means backing
up /data and /etc/systemd/system/docker-*. I backup the media itself by
simply keeping a second drive rsynced weekly.
Example fcrontab:
@ 1w rsync \
  --archive --delete --verbose \
  --exclude lost+found /mnt/media/ /mnt/media-clone/

@ 1m tarsnap \
  --keyfile /root/tarsnap.key \
  --cachedir /usr/local/tarsnap-cache \
  -c -f "backup-$(date +%Y%m%d)" -v \
  /data /etc/systemd/system/docker*.service

SABnzbd

[Unit]
Description=SABnzbd
Requires=docker.service
After=docker.service

[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop sabnzbd
ExecStartPre=-/usr/bin/docker rm sabnzbd
ExecStartPre=/usr/bin/docker pull timhaak/sabnzbd
ExecStart=/usr/bin/docker run --name sabnzbd \
  --publish 8080:8080 \
  --volume /mnt/media:/data \
  --volume /data/sabnzbd:/config \
  timhaak/sabnzbd

[Install]
WantedBy=multi-user.target

Configure via /data/sabnzbd/sabnzbd.ini.

Add Giganews server

Sickbeard

[Unit]
Description=Sickbeard
Requires=docker.service
After=docker.service

[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop sickbeard
ExecStartPre=-/usr/bin/docker rm sickbeard
ExecStartPre=/usr/bin/docker pull timhaak/sickbeard
ExecStart=/usr/bin/docker run --name sickbeard \
  --publish 8081:8081 \
  --volume /mnt/media:/data \
  --volume /data/sickbeard:/config \
  timhaak/sickbeard

[Install]
WantedBy=multi-user.target

Configure via /data/sickbeard/config.ini.

Talk to SABnzbd at http://172.17.42.1:8080/
Setup NZBFinder search provider
Find completed episodes in /data/sabnzbd/complete

CouchPotato

[Unit]
Description=CouchPotato
Requires=docker.service
After=docker.service

[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop couchpotato
ExecStartPre=-/usr/bin/docker rm couchpotato
ExecStartPre=/usr/bin/docker pull pbrisbin/couchpotato
ExecStart=/usr/bin/docker run --name couchpotato \
  --publish 5050:5050 \
  --volume /mnt/media:/media \
  --volume /data/couchpotato:/data \
  --volume /data/couchpotato:/config \
  pbrisbin/couchpotato

[Install]
WantedBy=multi-user.target

Configure via /data/couchpotato/CouchPotato.cfg.

Talk to SABnzbd at http://172.17.42.1:8080/
Setup NZBFinder search provider
Find completed movies in /data/sabnzbd/complete

OpenVPN

[Unit]
Description=OpenVPN Proxy
Requires=docker.service
After=docker.service

[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop vpn
ExecStartPre=-/usr/bin/docker rm vpn
ExecStartPre=/usr/bin/docker pull pbrisbin/openvpn-proxy
ExecStart=/usr/bin/docker run --name vpn \
  --cap-add=NET_ADMIN \
  --publish 8118:8118 \
  --env-file /data/openvpn/environment \
  pbrisbin/openvpn-proxy

[Install]
WantedBy=multi-user.target

Configure via /data/openvpn/environment

VPN_{USER,PASS,GATEWAY} from Giganews settings
VPN_CERTIFICATE=ca.vyprvpn.com.crt

Caveats:


At my plan level, I'm only allowed 1 connection
This can cause confusion as you're setting this up because if you restart the
service, the old connection will block the new one. Be sure to sever the
connection in the Giganews UI if/when restarting.


Sometimes OpenVPN just dies
I haven't yet determined how to tell supervisord to die if one of the services
it's managing dies; and I can't ask it to restart OpenVPN because of the first
caveat. Long story short: make sure you're actively verifying the proxy is in
effect whenever you're using it.
Protip: https://wiki.btguard.com/index.php/CheckMyTorrentIP


Deluge

[Unit]
Description=Deluge
Requires=docker.service
After=docker.service

[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop deluge
ExecStartPre=-/usr/bin/docker rm deluge
ExecStartPre=/usr/bin/docker pull aostanin/deluge
ExecStart=/usr/bin/docker run --name deluge \
  --publish 8112:8112 \
  --publish 58846:58846 \
  --volume /mnt/media:/media \
  --volume /data/deluge:/data \
  aostanin/deluge

[Install]
WantedBy=multi-user.target

Configure via /data/deluge/core.conf

Proxy everything though 172.17.42.1:8118

Caveat:


This docker image doesn't have correct shut-down behavior
See aostanin/dockerfiles#14


Samba

I share my media out to my HTPC via samba. I prefer to mount in a smb.conf,
but this image also allows defining shares via command-line arguments. YMMV.
[Unit]
Description=Samba
Requires=docker.service
After=docker.service

[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop samba
ExecStartPre=-/usr/bin/docker rm samba
ExecStartPre=/usr/bin/docker pull dperson/samba
ExecStart=/usr/bin/docker run --name samba \
  --publish 139:139 \
  --publish 445:445 \
  --volume /mnt/media:/mount:ro \
  --volume /data/samba/smb.conf:/etc/samba/smb.conf:ro \
  --entrypoint smbd \
  dperson/samba -FS

[Install]
WantedBy=multi-user.target

Configure via /data/samba/smb.conf