- Install docker (ex:
curl -fsSL https://get.docker.com | sh)- Install loki driver
docker plugin install grafana/loki-docker-driver:2.9.5 --alias loki --grant-all-permissions- Latest version
- Arm support
- Install loki driver
docker plugin install miacis/loki-docker-driver:2.9.1 --alias loki --grant-all-permissions
- Install loki driver
- Install loki driver
- Copy
example.envto.envand edit (also editlscr.env) - Create
APPDATA_VOLUMEandSTORAGE_VOLUMEfolders/mountpoints - Open
80,443(traefik entrypoints),3478(nextcloud-talk entrypoint) and51413(transmission seeding) ports in router and firewall docker compose up -d --build && sudo chown -R --reference=${HOME} ${APPDATA_VOLUME}/*- Use
docker compose up -d --build --waitor./bin/graceful_start.shto start - Change the ownership of the files under
APPDATA_VOLUME(e.g.sudo chown -R --reference=${HOME} ${APPDATA_VOLUME}/*) immediately after volume creation
- Use
- Wait for containers to be in a healthy state, then stop some of them to patch
docker compose stop organizr && ./bin/appdata_patcher.sh && docker compose up -d organizr - Configure web applications manually as indicated in the section below
- duckdns is hardcoded, to use other provider, change
.env,compose.yamlandtraefik/traefik.yml - devices: compose sections
- adapt
jellyfincompose config to your hardware decoders - add your disks to
scrutinycompose config
- adapt
- TODO
subo bash -c 'echo "ignore-warnings ARM64-COW-BUG" >> ${APPDATA_VOLUME?}/gitlab/data/redis/redis.conf'
- LLDAP
lldap.${HOST}- Setup Organizr to pass auth on lldap endpoint if needed (TODO)
- Create users
- TODO
- NextCloud AIO
aio.cloud.${HOST}- Specify
cloud.${HOST}in certain field - Change TZ
- Specify apps to install and install
- I prefer to enable all except ClamAV (antivirus) and Docker Socket Proxy
- Specify backup location
/tank/backupand generate password
- Specify
- NextCloud
cloud.${HOST}/settings/apps/disabled/files_externalEnableExternal storage supportapp/user_ldapEnableLDAP user and group backendapp
/admin/externalstorages- Storage;Local;None;/tank/storage;All users
/admin/ldap/admin/overviewCreate backup in AIO after setup
- Organizr
${HOST}- LDAP
/#settings-settings-main=>Authentication=> setBind Password - Setup tabs TODO
- LDAP
- JellyFin
media.${HOST}/web/index.html#!/addplugin.html?name=LDAP%20Authentication- Install LDAP plugin
/dashboard.htmlShutdown (docker will reboot jellyfin)/configurationpage?name=LDAP-Auth- TODO
/networking.htmlAllow remote connections to this server
- TODO Add Media Libraries
- *arr
- TODO
- WAN => fail2ban => docker network
- 80, 443 traefik
- 80 is redirected to 443
- 443 refer to docker-hosted services
- gitlab.${HOST} (TODO)
- whoami.${HOST} (for testing purposes)
- media.${HOST} -> jellyfin (for non-web apps)
- bitwarden.${HOST} -> vaultwarden (TODO)
- cloud.${HOST} -> nextcloud (TODO)
- auth.${HOST} -> authelia
- rest services use authelia auth
- 3478 nextcloud-talk
- 51413 transmission
- 80, 443 traefik
- LAN => docker network
- 8096 jellyfin webUI
- 1900/udp jellyfin service discovery (DNLA)
- 7359/udp jellyfin client discovery
- Domain structure:
${HOST}=> organizrwww.${HOST}=> organizrtraefik.${HOST}=> traefik dashboard- TODO
- Folder structure for media system is:
${STORAGE_VOLUME}/downloads/${STORAGE_VOLUME}/downloads/{,in}completefor downloads${STORAGE_VOLUME}/downloads/torrentsfor torrent files${STORAGE_VOLUME}/downloads/mediafor *arrs and jellyfin media
- Lidarr disabled due to unusable use case for me
- If you need album release software, then uncomment
services.lidarrsection incompose.yaml
- If you need album release software, then uncomment
- Transmission alt speed enabled due to broken pcie on rock-3a to reduce overload
- Target of this build is AMD64
- It was ARM64 before, but I fucked enough with my rock-3a
- hardware (rock-3a)
- rockpi-penta soft
- button
- top PWM fan 5V 40x10mm 3-pin RYB and cut upper ring
- heatsink or microfan on cpu
- height ~15mm
- 19x19mm cpu
- 15x10mm ram
- https://shop.allnetchina.cn/products/heat-sink-for-rock-3a
- https://www.ozon.ru/search/?text=raspberry+pi+радиатор&from_global=true
- height ~15mm
- RTC battery
- software
- is stopping organizr needed for patching?
- why chown?
- speedtest
- move samba and traefik to brand new dir
- maybe add separate env file for acme provider
- jellyfin acceleration
/usr/lib/jellyfin-ffmpeg-custom/ffmpeg-> https://media.${HOST}/web/index.html#!/encodingsettings.html- https://hub.docker.com/r/jjm2473/jellyfin-mpp
- https://forum.radxa.com/t/rk3588-kodi-rkmpp-accelerated-decoding-working-out-of-box/12785/33
- jellyfin/jellyfin-ffmpeg#34
- https://launchpad.net/~liujianfeng1994/+archive/ubuntu/rockchip-multimedia
- sudo add-apt-repository ppa:liujianfeng1994/rockchip-multimedia -y
- sudo apt update -y
- sudo apt install rockchip-multimedia-config ffmpeg -y
- nextcloud
NEXTCLOUD_ENABLE_DRI_DEVICE
- ldap
- organizr
- nextcloud
- jellyfin
- patchers
apps/patcher with.envvalues{$APPDATA_VOLUME}/patcher with.envvalues
- bluid ssp on arm64 or check if organizr have ssp?
- healthchecks ?
- flaresolverr
- glances
- portainer
- radarr
- scrutiny
- sonarr
- traefik
- whoami
- alternate software
- new software
- syncthing ? (for some important folder, which supposed to be synced on every device (passwords/notes))
- https://github.com/immich-app/immich
- https://github.com/ramanlabs-in/hachi
- probably, on client with webdav
- https://github.com/fallenbagel/jellyseerr
- https://www.photoprism.app
- software late
- fail2ban
- VPN (wireguard)
- inner
- outer
- change lcdr UID GID
- change passwds and ssh-rsa after complete setup and use docker secrets
- secure whole server with vpn or firewall
- log level debug disable
- enable 2FA
- SMTP
- authelia
- https://hstspreload.org/
- readme roadmap
- PBR section
- check for grammar issues
- podman migration
- (faster than docker ?)
- why ?
- nextcloud/all-in-one#3487