Lol, this post was literally below this one in my frontpage
It's tough being an ADHD Hacker
Your install USB is infected by a rookit and reinstalls itself on connect.
Maybe ask if they're willing to switched over to lemmy? You can sort like a forum does. Long shot but hey....
I was considering mentioning that GenX stuff, but I felt it was too obscure and would only serve to posture my creds :)
Sounds like mastodon and other services ought to really support this extension though.
I actually don't care to grow my readership, I've been blogging for 20 years now but it's more of a personal space to write some opinions. Nevertheless thanks for the long analysis. I think some things go against the my style, but will seem what I can retain.
OK, so is lemmy out of standard or not? Like I can understand why lemmy doesn't support apub notes, as it's out of scope, but why does mastodon support articles badly?
You can actually do that on lemmy already like so. Sorting by new doesn't use the voting. Hell you can even sort them like a forum by sorting by "new comments"
I am the author. Heard you were talking shit...
I kid, I kid :D
I insist that in their current form, reddit (and lemmy) can serve as both forums and link aggregators with comment sections.
Not gonna lie, I'd love for better integration between services, but I am fairly sure I saw lemmy devs adamantly insisting they're following apub and mastodon is doing it wrong so 🤷
4
OpenSubtitles.org is shutting down it's previous API. Now only authenticated access allowed.
(blog.opensubtitles.com)
22
The complete guide to building your personal self hosted server for streaming and ad-blocking powered by Plex, Jellyfin, Adguard Home and Docker.
(lemmy.dbzer0.com)
cross-posted from: https://lemmy.dbzer0.com/post/5911320
The complete guide to building your personal self hosted server for streaming and ad-blocking.
Captain's note: This
OCwas originally posted in reddit but it's quality makes me wants to ensure a copy survices in lemmy as well.
We will setup the following applications in this guide:
- Docker
- AdguardHome - Adblocker for all your devices
- Jellyfin/Plex - For watching the content you download
- Qbittorrent - Torrent downloader
- Jackett - Torrent indexers provider
- Flaresolverr - For auto solving captcha in some of the indexers
- Sonarr - *arr service for automatically downloading TV shows
- Radarr - *arr service for movies
- Readarr - *arr service for (audio)books
- lidarr - *arr service for music
- Bazarr - Automatically downloads subtitles for Sonarr and Radarr
- Ombi/Overseer - For requesting movies and tv shows through Sonarr and Radarr
- Heimdall - Dashboard for all the services so you don't need to remember all the ports
Once you are done, your dashboard will look something like this.
I started building my setup after reading this guide https://www.reddit.com/r/Piracy/comments/ma1hlm/the_complete_guide_to_building_your_own_personal/.
Hardware
You don't need powerful hardware to set this up. I use a decade old computer, with the following hardware. Raspberry pi works fine.
Operating system
I will be using Ubuntu server in this guide. You can select whatever linux distro you prefer.
Download ubuntu server from https://ubuntu.com/download/server. Create a bootable USB drive using rufus or any other software(I prefer ventoy). Plug the usb on your computer, and select the usb drive from the boot menu and install ubuntu server. Follow the steps to install and configure ubuntu, and make sure to check "Install OpenSSH server". Don't install docker during the setup as the snap version is installed.
Once installation finishes you can now reboot and connect to your machine remotely using ssh.
ssh username@server-ip # username you selected during installation # Type ip a to find out the ip address of your server. Will be present against device like **enp4s0** prefixed with 192.168.Create the directories for audiobooks, books, movies, music and tv.
I keep all my media at ~/server/media. If you will be using multiple drives you can look up how to mount drives.
We will be using hardlinks so once the torrents are downloaded they are linked to media directory as well as torrents directory without using double storage space. Read up the trash-guides to have a better understanding.
mkdir ~/server mkdir ~/server/media # Media directory mkdir ~/server/torrents # Torrents # Creating the directories for torrents cd ~/server/torrents mkdir audiobooks books incomplete movies music tv cd ~/server/media mkdir audiobooks books movies music tvInstalling docker and docker-compose
Docker https://docs.docker.com/engine/install/ubuntu/
# install packages to allow apt to use a repository over HTTPS sudo apt-get update sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg \ lsb-release # Add Docker’s official GPG key: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg # Setup the repository echo \ "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null # Install Docker Engine sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io # Add user to the docker group to run docker commands without requiring root sudo usermod -aG docker $(whoami)Sign out by typing exit in the console and then ssh back in
Docker compose https://docs.docker.com/compose/install/
# Download the current stable release of Docker Compose sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose # Apply executable permissions to the binary sudo chmod +x /usr/local/bin/docker-composeCreating the compose file for Adguard home
First setup Adguard home in a new compose file.
Docker compose uses a yml file. All of the files contain version and services object.
Create a directory for keeping the compose files.
mkdir ~/server/compose mkdir ~/server/compose/adguard-home vi ~/server/compose/adguard-home/docker-compose.ymlSave the following content to the docker-compose.yml file. You can see here what each port does.
version: '3.3' services: run: container_name: adguardhome restart: unless-stopped volumes: - '/home/${USER}/server/configs/adguardhome/workdir:/opt/adguardhome/work' - '/home/${USER}/server/configs/adguardhome/confdir:/opt/adguardhome/conf' ports: - '53:53/tcp' - '53:53/udp' - '67:67/udp' - '68:68/udp' - '68:68/tcp' - '80:80/tcp' - '443:443/tcp' - '443:443/udp' - '3000:3000/tcp' image: adguard/adguardhomeSave the file and start the container using the following command.
docker-compose up -dOpen up the Adguard home setup on
YOUR_SERVER_IP:3000.Enable the default filter list from filters→DNS blocklist. You can then add custom filters.
Creating the compose file for media-server
Jackett
Jackett is where you define all your torrent indexers. All the *arr apps use the tornzab feed provided by jackett to search torrents.
There is now an *arr app called prowlarr that is meant to be the replacement for jackett. But the flaresolverr(used for auto solving captchas) support was added very recently and doesn't work that well as compared to jackett, so I am still sticking with jackett for meantime. You can instead use prowlarr if none of your indexers use captcha.
jackett: container_name: jackett image: linuxserver/jackett environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata volumes: - '/home/${USER}/server/configs/jackett:/config' - '/home/${USER}/server/torrents:/downloads' ports: - '9117:9117' restart: unless-stopped prowlarr: container_name: prowlarr image: 'hotio/prowlarr:testing' ports: - '9696:9696' environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata volumes: - '/home/${USER}/server/configs/prowlarr:/config' restart: unless-stoppedSonarr - TV
Sonarr is a TV show scheduling and searching download program. It will take a list of shows you enjoy, search via Jackett, and add them to the qbittorrent downloads queue.
sonarr: container_name: sonarr image: linuxserver/sonarr environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata ports: - '8989:8989' volumes: - '/home/${USER}/server/configs/sonarr:/config' - '/home/${USER}/server:/data' restart: unless-stoppedRadarr - Movies
Sonarr but for movies.
radarr: container_name: radarr image: linuxserver/radarr environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata ports: - '7878:7878' volumes: - '/home/${USER}/server/configs/radarr:/config' - '/home/${USER}/server:/data' restart: unless-stoppedLidarr - Music
lidarr: container_name: lidarr image: ghcr.io/linuxserver/lidarr environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata volumes: - '/home/${USER}/server/configs/liadarr:/config' - '/home/${USER}/server:/data' ports: - '8686:8686' restart: unless-stoppedReadarr - Books and AudioBooks
# Notice the different port for the audiobook container readarr: container_name: readarr image: 'hotio/readarr:nightly' ports: - '8787:8787' environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata volumes: - '/home/${USER}/server/configs/readarr:/config' - '/home/${USER}/server:/data' restart: unless-stopped readarr-audio-books: container_name: readarr-audio-books image: 'hotio/readarr:nightly' ports: - '8786:8787' environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata volumes: - '/home/${USER}/server/configs/readarr-audio-books:/config' - '/home/${USER}/server:/data' restart: unless-stoppedBazarr - Subtitles
bazarr: container_name: bazarr image: ghcr.io/linuxserver/bazarr environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata volumes: - '/home/${USER}/server/configs/bazarr:/config' - '/home/${USER}/server:/data' ports: - '6767:6767' restart: unless-stoppedJellyfin
I personally only use jellyfin because it's completely free. I still have plex installed because overseerr which is used to request movies and tv shows require plex. But that's the only role plex has in my setup.
I will talk about the devices section later on.
For the media volume you only need to provide access to the
/data/mediadirectory instead of/dataas jellyfin doesn't need to know about the torrents.jellyfin: container_name: jellyfin image: ghcr.io/linuxserver/jellyfin environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata ports: - '8096:8096' devices: - '/dev/dri/renderD128:/dev/dri/renderD128' - '/dev/dri/card0:/dev/dri/card0' volumes: - '/home/${USER}/server/configs/jellyfin:/config' - '/home/${USER}/server/media:/data/media' restart: unless-stopped plex: container_name: plex image: ghcr.io/linuxserver/plex ports: - '32400:32400' environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata - VERSION=docker volumes: - '/home/${USER}/server/configs/plex:/config' - '/home/${USER}/server/media:/data/media' devices: - '/dev/dri/renderD128:/dev/dri/renderD128' - '/dev/dri/card0:/dev/dri/card0' restart: unless-stoppedOverseer/Ombi - Requesting Movies and TV shows
I use both. You can use ombi only if you don't plan to install plex.
ombi: container_name: ombi image: ghcr.io/linuxserver/ombi environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata volumes: - '/home/${USER}/server/configs/ombi:/config' ports: - '3579:3579' restart: unless-stopped overseerr: container_name: overseerr image: ghcr.io/linuxserver/overseerr environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata volumes: - '/home/${USER}/server/configs/overseerr:/config' ports: - '5055:5055' restart: unless-stoppedQbittorrent - Torrent downloader
I use qflood container. Flood provides a nice UI and this image automatically manages the connection between qbittorrent and flood.
Qbittorrent only needs access to torrent directory, and not the complete data directory.
qflood: container_name: qflood image: hotio/qflood ports: - "8080:8080" - "3005:3000" environment: - PUID=1000 - PGID=1000 - UMASK=002 - TZ=Asia/Kolkata - FLOOD_AUTH=false volumes: - '/home/${USER}/server/configs/qflood:/config' - '/home/${USER}/server/torrents:/data/torrents' restart: unless-stoppedHeimdall - Dashboard
There are multiple dashboard applications but I use Heimdall.
heimdall: container_name: heimdall image: ghcr.io/linuxserver/heimdall environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata volumes: - '/home/${USER}/server/configs/heimdall:/config' ports: - 8090:80 restart: unless-stoppedFlaresolverr - Solves cloudflare captcha
If your indexers use captcha, you will need flaresolverr for them.
flaresolverr: container_name: flaresolverr image: 'ghcr.io/flaresolverr/flaresolverr:latest' ports: - '8191:8191' environment: - PUID=1000 - PGID=1000 - TZ=Asia/Kolkata restart: unless-stoppedTranscoding
As I mentioned in the jellyfin section there is a section in the conmpose file as "devices". It is used for transcoding. If you don't include that section, whenever transcoding happens it will only use CPU. In order to utilise your gpu the devices must be passed on to the container.
https://jellyfin.org/docs/general/administration/hardware-acceleration.html Read up this guide to setup hardware acceleration for your gpu.
Generally, the devices are same for intel gpu transcoding.
devices: - '/dev/dri/renderD128:/dev/dri/renderD128' - '/dev/dri/card0:/dev/dri/card0'To monitor the gpu usage install
intel-gpu-toolssudo apt install intel-gpu-toolsNow, create a compose file for media server.
mkdir ~/server/compose/media-server vi ~/server/compose/media-server/docker-compose.ymlAnd copy all the containers you want to use under services. Remember to add the version string just like adguard home compose file.
Configuring the docker stack
Start the containers using the same command we used to start the adguard home container.
docker-compose up -dJackett
Navigate to
YOUR_SERVER_IP:9117Add a few indexers to jackett using the "add indexer" button. You can see the indexers I use in the image below.
Qbittorrent
Navigate to
YOUR_SERVER_IP:8080The default username is
adminand passwordadminadmin. You can change the user and password by going toTools → Options → WebUIChange "Default Save Path" in WebUI section to
/data/torrents/and "Keep incomplete torrents in" to/data/torrents/incomplete/Create categories by right clicking on sidebar under category. Type category as
TVand path astv. Path needs to be same as the folder you created to store your media. Similarly for movies typeMoviesas category and path asmovies. This will enable to automatically move the media to its correct folder.Sonarr
Navigate to
YOUR_SERVER_IP:8989
- Under "Download Clients" add qbittorrent. Enter the host as
YOUR_SERVER_IPport as**8080,** and the username and password you used for qbittorrent. In category typeTV(or whatever you selected as category name(not path) on qbittorent). Test the connection and then save.- Under indexers, for each indexer you added in Jackett
- Click on add button
- Select Torzab
- Copy the tornzab feed for the indexer from jackett
- Copy the api key from jackett
- Select the categories you want
- Test and save
- Under general, define the root folder as
/data/media/tvRepeat this process for Radarr, Lidarr and readarr.
Use
/data/media/moviesas root for Radarr and so on.The setup for ombi/overseerr is super simple. Just hit the url and follow the on screen instructions.
Bazarr
Navigate to
YOUR_SERVER_IP:6767Go to settings and then sonarr. Enter the host as
YOUR_SERVER_IPport as8989. Copy the api key from sonarr settings→general.Similarly for radarr, enter the host as
YOUR_SERVER_IPport as7878. Copy the api key from radarr settings→general.Jellyfin
Go to
YOUR_SERVER_IP:8096
- Add all the libraries by selecting content type and then giving a name for that library. Select the particular library location from
/data/media. Repeat this for movies, tv, music, books and audiobooks.- Go to dashboard→playback, and enable transcoding by selecting as
VAAPIand enter the device as/dev/dri/renderD128Monitor GPU usage while playing content using
sudo intel_gpu_topHeimdall
Navigate to
YOUR_SERVER_IP:8090Setup all the services you use so you don't need to remember the ports like I showed in the first screenshot.
Updating docker images
With docker compose updates are very easy.
- Navigate to the compose file directory
~/server/compose/media-server.- Then
docker-compose pullto download the latest images.- And finally
docker-compose up -dto use the latest images.- Remove old images by
docker system prune -aWhat's next
- You can setup VPN if torrents are blocked by your ISP/Country. I wanted to keep this guide simple and I don't use VPN for my server, so I have left out the VPN part.
- You can read about port forwarding to access your server over the internet.
77
The complete guide to building your personal self hosted server for streaming and ad-blocking powered by Plex, Jellyfin, Adguard Home and Docker.
(lemmy.dbzer0.com)
The complete guide to building your personal self hosted server for streaming and ad-blocking.
Captain's note: This OC was originally posted in reddit but its quality makes me wants to ensure a copy survices in lemmy as well.
We will setup the following applications in this guide:
- Docker
- AdguardHome - Adblocker for all your devices
- Jellyfin/Plex - For watching the content you download
- Qbittorrent - Torrent downloader
- Jackett - Torrent indexers provider
- Flaresolverr - For auto solving captcha in some of the indexers
- Sonarr - *arr service for automatically downloading TV shows
- Radarr - *arr service for movies
- Readarr - *arr service for (audio)books
- lidarr - *arr service for music
- Bazarr - Automatically downloads subtitles for Sonarr and Radarr
- Ombi/Overseer - For requesting movies and tv shows through Sonarr and Radarr
- Heimdall - Dashboard for all the services so you don't need to remember all the ports
Once you are done, your dashboard will look something like this.
I started building my setup after reading this guide https://www.reddit.com/r/Piracy/comments/ma1hlm/the_complete_guide_to_building_your_own_personal/.
Hardware
You don't need powerful hardware to set this up. I use a decade old computer, with the following hardware. Raspberry pi works fine.
Operating system
I will be using Ubuntu server in this guide. You can select whatever linux distro you prefer.
Download ubuntu server from https://ubuntu.com/download/server. Create a bootable USB drive using rufus or any other software(I prefer ventoy). Plug the usb on your computer, and select the usb drive from the boot menu and install ubuntu server. Follow the steps to install and configure ubuntu, and make sure to check "Install OpenSSH server". Don't install docker during the setup as the snap version is installed.
Once installation finishes you can now reboot and connect to your machine remotely using ssh.
ssh username@server-ip
# username you selected during installation
# Type ip a to find out the ip address of your server. Will be present against device like **enp4s0** prefixed with 192.168.
Create the directories for audiobooks, books, movies, music and tv.
I keep all my media at ~/server/media. If you will be using multiple drives you can look up how to mount drives.
We will be using hardlinks so once the torrents are downloaded they are linked to media directory as well as torrents directory without using double storage space. Read up the trash-guides to have a better understanding.
mkdir ~/server
mkdir ~/server/media # Media directory
mkdir ~/server/torrents # Torrents
# Creating the directories for torrents
cd ~/server/torrents
mkdir audiobooks books incomplete movies music tv
cd ~/server/media
mkdir audiobooks books movies music tv
Installing docker and docker-compose
Docker https://docs.docker.com/engine/install/ubuntu/
# install packages to allow apt to use a repository over HTTPS
sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
# Add Docker’s official GPG key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# Setup the repository
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Install Docker Engine
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
# Add user to the docker group to run docker commands without requiring root
sudo usermod -aG docker $(whoami)
Sign out by typing exit in the console and then ssh back in
Docker compose https://docs.docker.com/compose/install/
# Download the current stable release of Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# Apply executable permissions to the binary
sudo chmod +x /usr/local/bin/docker-compose
Creating the compose file for Adguard home
First setup Adguard home in a new compose file.
Docker compose uses a yml file. All of the files contain version and services object.
Create a directory for keeping the compose files.
mkdir ~/server/compose
mkdir ~/server/compose/adguard-home
vi ~/server/compose/adguard-home/docker-compose.yml
Save the following content to the docker-compose.yml file. You can see here what each port does.
version: '3.3'
services:
run:
container_name: adguardhome
restart: unless-stopped
volumes:
- '/home/${USER}/server/configs/adguardhome/workdir:/opt/adguardhome/work'
- '/home/${USER}/server/configs/adguardhome/confdir:/opt/adguardhome/conf'
ports:
- '53:53/tcp'
- '53:53/udp'
- '67:67/udp'
- '68:68/udp'
- '68:68/tcp'
- '80:80/tcp'
- '443:443/tcp'
- '443:443/udp'
- '3000:3000/tcp'
image: adguard/adguardhome
Save the file and start the container using the following command.
docker-compose up -d
Open up the Adguard home setup on YOUR_SERVER_IP:3000.
Enable the default filter list from filters→DNS blocklist. You can then add custom filters.
Creating the compose file for media-server
Jackett
Jackett is where you define all your torrent indexers. All the *arr apps use the tornzab feed provided by jackett to search torrents.
There is now an *arr app called prowlarr that is meant to be the replacement for jackett. But the flaresolverr(used for auto solving captchas) support was added very recently and doesn't work that well as compared to jackett, so I am still sticking with jackett for meantime. You can instead use prowlarr if none of your indexers use captcha.
jackett:
container_name: jackett
image: linuxserver/jackett
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
volumes:
- '/home/${USER}/server/configs/jackett:/config'
- '/home/${USER}/server/torrents:/downloads'
ports:
- '9117:9117'
restart: unless-stopped
prowlarr:
container_name: prowlarr
image: 'hotio/prowlarr:testing'
ports:
- '9696:9696'
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
volumes:
- '/home/${USER}/server/configs/prowlarr:/config'
restart: unless-stopped
Sonarr - TV
Sonarr is a TV show scheduling and searching download program. It will take a list of shows you enjoy, search via Jackett, and add them to the qbittorrent downloads queue.
sonarr:
container_name: sonarr
image: linuxserver/sonarr
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
ports:
- '8989:8989'
volumes:
- '/home/${USER}/server/configs/sonarr:/config'
- '/home/${USER}/server:/data'
restart: unless-stopped
Radarr - Movies
Sonarr but for movies.
radarr:
container_name: radarr
image: linuxserver/radarr
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
ports:
- '7878:7878'
volumes:
- '/home/${USER}/server/configs/radarr:/config'
- '/home/${USER}/server:/data'
restart: unless-stopped
Lidarr - Music
lidarr:
container_name: lidarr
image: ghcr.io/linuxserver/lidarr
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
volumes:
- '/home/${USER}/server/configs/liadarr:/config'
- '/home/${USER}/server:/data'
ports:
- '8686:8686'
restart: unless-stopped
Readarr - Books and AudioBooks
# Notice the different port for the audiobook container
readarr:
container_name: readarr
image: 'hotio/readarr:nightly'
ports:
- '8787:8787'
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
volumes:
- '/home/${USER}/server/configs/readarr:/config'
- '/home/${USER}/server:/data'
restart: unless-stopped
readarr-audio-books:
container_name: readarr-audio-books
image: 'hotio/readarr:nightly'
ports:
- '8786:8787'
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
volumes:
- '/home/${USER}/server/configs/readarr-audio-books:/config'
- '/home/${USER}/server:/data'
restart: unless-stopped
Bazarr - Subtitles
bazarr:
container_name: bazarr
image: ghcr.io/linuxserver/bazarr
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
volumes:
- '/home/${USER}/server/configs/bazarr:/config'
- '/home/${USER}/server:/data'
ports:
- '6767:6767'
restart: unless-stopped
Jellyfin
I personally only use jellyfin because it's completely free. I still have plex installed because overseerr which is used to request movies and tv shows require plex. But that's the only role plex has in my setup.
I will talk about the devices section later on.
For the media volume you only need to provide access to the /data/media directory instead of /data as jellyfin doesn't need to know about the torrents.
jellyfin:
container_name: jellyfin
image: ghcr.io/linuxserver/jellyfin
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
ports:
- '8096:8096'
devices:
- '/dev/dri/renderD128:/dev/dri/renderD128'
- '/dev/dri/card0:/dev/dri/card0'
volumes:
- '/home/${USER}/server/configs/jellyfin:/config'
- '/home/${USER}/server/media:/data/media'
restart: unless-stopped
plex:
container_name: plex
image: ghcr.io/linuxserver/plex
ports:
- '32400:32400'
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
- VERSION=docker
volumes:
- '/home/${USER}/server/configs/plex:/config'
- '/home/${USER}/server/media:/data/media'
devices:
- '/dev/dri/renderD128:/dev/dri/renderD128'
- '/dev/dri/card0:/dev/dri/card0'
restart: unless-stopped
Overseer/Ombi - Requesting Movies and TV shows
I use both. You can use ombi only if you don't plan to install plex.
ombi:
container_name: ombi
image: ghcr.io/linuxserver/ombi
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
volumes:
- '/home/${USER}/server/configs/ombi:/config'
ports:
- '3579:3579'
restart: unless-stopped
overseerr:
container_name: overseerr
image: ghcr.io/linuxserver/overseerr
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
volumes:
- '/home/${USER}/server/configs/overseerr:/config'
ports:
- '5055:5055'
restart: unless-stopped
Qbittorrent - Torrent downloader
I use qflood container. Flood provides a nice UI and this image automatically manages the connection between qbittorrent and flood.
Qbittorrent only needs access to torrent directory, and not the complete data directory.
qflood:
container_name: qflood
image: hotio/qflood
ports:
- "8080:8080"
- "3005:3000"
environment:
- PUID=1000
- PGID=1000
- UMASK=002
- TZ=Asia/Kolkata
- FLOOD_AUTH=false
volumes:
- '/home/${USER}/server/configs/qflood:/config'
- '/home/${USER}/server/torrents:/data/torrents'
restart: unless-stopped
Heimdall - Dashboard
There are multiple dashboard applications but I use Heimdall.
heimdall:
container_name: heimdall
image: ghcr.io/linuxserver/heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
volumes:
- '/home/${USER}/server/configs/heimdall:/config'
ports:
- 8090:80
restart: unless-stopped
Flaresolverr - Solves cloudflare captcha
If your indexers use captcha, you will need flaresolverr for them.
flaresolverr:
container_name: flaresolverr
image: 'ghcr.io/flaresolverr/flaresolverr:latest'
ports:
- '8191:8191'
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
restart: unless-stopped
Transcoding
As I mentioned in the jellyfin section there is a section in the conmpose file as "devices". It is used for transcoding. If you don't include that section, whenever transcoding happens it will only use CPU. In order to utilise your gpu the devices must be passed on to the container.
https://jellyfin.org/docs/general/administration/hardware-acceleration.html Read up this guide to setup hardware acceleration for your gpu.
Generally, the devices are same for intel gpu transcoding.
devices:
- '/dev/dri/renderD128:/dev/dri/renderD128'
- '/dev/dri/card0:/dev/dri/card0'
To monitor the gpu usage install intel-gpu-tools
sudo apt install intel-gpu-tools
Now, create a compose file for media server.
mkdir ~/server/compose/media-server
vi ~/server/compose/media-server/docker-compose.yml
And copy all the containers you want to use under services. Remember to add the version string just like adguard home compose file.
Configuring the docker stack
Start the containers using the same command we used to start the adguard home container.
docker-compose up -d
Jackett
Navigate to YOUR_SERVER_IP:9117
Add a few indexers to jackett using the "add indexer" button. You can see the indexers I use in the image below.
Qbittorrent
Navigate to YOUR_SERVER_IP:8080
The default username is admin and password adminadmin. You can change the user and password by going to Tools → Options → WebUI
Change "Default Save Path" in WebUI section to /data/torrents/ and "Keep incomplete torrents in" to /data/torrents/incomplete/
Create categories by right clicking on sidebar under category. Type category as TV and path as tv. Path needs to be same as the folder you created to store your media. Similarly for movies type Movies as category and path as movies. This will enable to automatically move the media to its correct folder.
Sonarr
Navigate to YOUR_SERVER_IP:8989
- Under "Download Clients" add qbittorrent. Enter the host as
YOUR_SERVER_IPport as**8080,** and the username and password you used for qbittorrent. In category typeTV(or whatever you selected as category name(not path) on qbittorent). Test the connection and then save. - Under indexers, for each indexer you added in Jackett
- Click on add button
- Select Torzab
- Copy the tornzab feed for the indexer from jackett
- Copy the api key from jackett
- Select the categories you want
- Test and save
- Under general, define the root folder as
/data/media/tv
Repeat this process for Radarr, Lidarr and readarr.
Use /data/media/movies as root for Radarr and so on.
The setup for ombi/overseerr is super simple. Just hit the url and follow the on screen instructions.
Bazarr
Navigate to YOUR_SERVER_IP:6767
Go to settings and then sonarr. Enter the host as YOUR_SERVER_IP port as 8989. Copy the api key from sonarr settings→general.
Similarly for radarr, enter the host as YOUR_SERVER_IP port as 7878. Copy the api key from radarr settings→general.
Jellyfin
Go to YOUR_SERVER_IP:8096
- Add all the libraries by selecting content type and then giving a name for that library. Select the particular library location from
/data/media. Repeat this for movies, tv, music, books and audiobooks. - Go to dashboard→playback, and enable transcoding by selecting as
VAAPIand enter the device as/dev/dri/renderD128
Monitor GPU usage while playing content using
sudo intel_gpu_top
Heimdall
Navigate to YOUR_SERVER_IP:8090
Setup all the services you use so you don't need to remember the ports like I showed in the first screenshot.
Updating docker images
With docker compose updates are very easy.
- Navigate to the compose file directory
~/server/compose/media-server. - Then
docker-compose pullto download the latest images. - And finally
docker-compose up -dto use the latest images. - Remove old images by
docker system prune -a
What's next
- You can setup VPN if torrents are blocked by your ISP/Country. I wanted to keep this guide simple and I don't use VPN for my server, so I have left out the VPN part.
- You can read about port forwarding to access your server over the internet.
5
I just developed and deployed the first real-time protection for lemmy against CSAM!
(lemmy.dbzer0.com)
cross-posted from: https://lemmy.dbzer0.com/post/4500908
In the past months, there's a been a issue in various instances where accounts would start uploading blatant CSAM to popular communities. First of all this traumatizes anyone who gets to see it before the admins get to it, including the admins who have to review to take it down. Second of all, even if the content is a link to an external site, lemmy sill caches the thumbnail and stores it in the local pict-rs, causing headaches for the admins who have to somehow clear that out. Finally, both image posts and problematic thumbnails are federated to other lemmy instances, and then likewise stored in their pict-rs, causing such content to be stored in their image storage.
This has caused multiple instances to take radical measures, from defederating liberaly, to stopping image uploads to even shutting down.
Today I'm happy to announce that I've spend multiple days developing a tool you can plug into your instance to stop this at the source: pictrs-safety
Using a new feature from pictr-rs 0.4.3 we can now cause pictrs to call an arbitary endpoint to validate the content of an image before uploading it. pictrs-safety builds that endpoint which uses an asynchronous approach to validate such images.
I had already developed fedi-safety which could be used to regularly go through your image storage and delete all potential CSAM. I have now extended fedi-safety to plug into pict-rs safety and scan images sent by pict-rs.
The end effect is that any images uploaded or federated into your instance will be scanned in advance and if fedi-safety thinks they're potential CSAM, they will not be uploaded to your image storage at all!
This covers three important vectors for abuse:
- Malicious users cannot upload CSAM to for trolling communities. Even novel GenerativeAI CSAM.
- Users cannot upload CSAM images and never submit a post or comment (making them invisible to admins). The images will be automatically rejected during upload
- Deferated images and thumbnails of CSAM will be rejected by your pict-rs.
Now, that said, this tool is AI-driven and thus, not perfect. There will be false positives, especially around lewd images and images which contain children or child-topics (even if not lewd). This is the bargain we have to take to prevent the bigger problem above.
By my napkin calculations, false positive rates are below 1%, but certainly someone's innocent meme will eventually be affected. If this happen, I request to just move on as currently we don't have a way to whitelist specific images. Don't try to resize or modify the images to pass the filter. It won't help you.
For lemmy admins:
- pictrs-safety contains a docker-compose sample you can add to your lemmy's docker-compose. You will need to your put the .env in the same folder, or adjust the provided variables. (All kudos to @Penguincoder@beehaw.org for the docker support).
- You need to adjust your pict-rs ENVIRONMENT as well. Check the readme.
- fedi-safety must run on a system with GPU. The reason for this is that lemmy provides just a 10-seconds grace period for each upload before it times out the upload regardless of the results. A CPU scan will not be fast enough. However my architecture allows the fedi-safety to run on a different place than pictrs-safety. I am currently running it from my desktop. In fact, if you have a lot of images to scan, you can connect multiple scanning workers to pictrs-safety!
- For those who don't have access to a GPU, I am working on a NSFW-scanner which will use the AI-Horde directly instead and won't require using fedi-safety at all. Stay tuned.
For other fediverse software admins
fedi-safety can already be used to scan your image storage for CSAM, so you can also protect yourself and your users, even on mastodon or firefish or whatever.
I will try to provide real-time scanning in the future for each software as well and PRs are welcome.
Divisions by zero
This tool is already active now on divisions by zero. It's usage should be transparent to you, but do let me know if you notice anything wrong.
Support
If you appreciate the priority work that I've put in this tool, please consider supporting this and future development work on liberapay:
All my work is and will always be FOSS and available for all who need it most.
🥷