- Install docker (ex:
curl -fsSL https://get.docker.com | sh
)- Install loki driver
docker plugin install grafana/loki-docker-driver:2.9.5 --alias loki --grant-all-permissions
- Latest version
- Arm support
- Install loki driver
docker plugin install miacis/loki-docker-driver:2.9.1 --alias loki --grant-all-permissions
- Install loki driver
- Install loki driver
- Copy
example.env
to.env
and edit (also editlscr.env
) - Create
APPDATA_VOLUME
andSTORAGE_VOLUME
folders/mountpoints - Open
80
,443
(traefik entrypoints),3478
(nextcloud-talk entrypoint) and51413
(transmission seeding) ports in router and firewall docker compose up -d --build && sudo chown -R --reference=${HOME} ${APPDATA_VOLUME}/*
- Use
docker compose up -d --build --wait
or./bin/graceful_start.sh
to start - Change the ownership of the files under
APPDATA_VOLUME
(e.g.sudo chown -R --reference=${HOME} ${APPDATA_VOLUME}/*
) immediately after volume creation
- Use
- Wait for containers to be in a healthy state, then stop some of them to patch
docker compose stop organizr && ./bin/appdata_patcher.sh && docker compose up -d organizr
- Configure web applications manually as indicated in the section below
- duckdns is hardcoded, to use other provider, change
.env
,compose.yaml
andtraefik/traefik.yml
- devices: compose sections
- adapt
jellyfin
compose config to your hardware decoders - add your disks to
scrutiny
compose config
- adapt
- TODO
subo bash -c 'echo "ignore-warnings ARM64-COW-BUG" >> ${APPDATA_VOLUME?}/gitlab/data/redis/redis.conf'
- LLDAP
lldap.${HOST}
- Setup Organizr to pass auth on lldap endpoint if needed (TODO)
- Create users
- TODO
- NextCloud AIO
aio.cloud.${HOST}
- Specify
cloud.${HOST}
in certain field - Change TZ
- Specify apps to install and install
- I prefer to enable all except ClamAV (antivirus) and Docker Socket Proxy
- Specify backup location
/tank/backup
and generate password
- Specify
- NextCloud
cloud.${HOST}
/settings
/apps/disabled
/files_external
EnableExternal storage support
app/user_ldap
EnableLDAP user and group backend
app
/admin/externalstorages
- Storage;Local;None;/tank/storage;All users
/admin/ldap
/admin/overview
Create backup in AIO after setup
- Organizr
${HOST}
- LDAP
/#settings-settings-main
=>Authentication
=> setBind Password
- Setup tabs TODO
- LDAP
- JellyFin
media.${HOST}
/web/index.html#!
/addplugin.html?name=LDAP%20Authentication
- Install LDAP plugin
/dashboard.html
Shutdown (docker will reboot jellyfin)/configurationpage?name=LDAP-Auth
- TODO
/networking.html
Allow remote connections to this server
- TODO Add Media Libraries
- *arr
- TODO
- WAN => fail2ban => docker network
- 80, 443 traefik
- 80 is redirected to 443
- 443 refer to docker-hosted services
- gitlab.${HOST} (TODO)
- whoami.${HOST} (for testing purposes)
- media.${HOST} -> jellyfin (for non-web apps)
- bitwarden.${HOST} -> vaultwarden (TODO)
- cloud.${HOST} -> nextcloud (TODO)
- auth.${HOST} -> authelia
- rest services use authelia auth
- 3478 nextcloud-talk
- 51413 transmission
- 80, 443 traefik
- LAN => docker network
- 8096 jellyfin webUI
- 1900/udp jellyfin service discovery (DNLA)
- 7359/udp jellyfin client discovery
- Domain structure:
${HOST}
=> organizrwww.${HOST}
=> organizrtraefik.${HOST}
=> traefik dashboard- TODO
- Folder structure for media system is:
${STORAGE_VOLUME}/downloads/
${STORAGE_VOLUME}/downloads/{,in}complete
for downloads${STORAGE_VOLUME}/downloads/torrents
for torrent files${STORAGE_VOLUME}/downloads/media
for *arrs and jellyfin media
- Lidarr disabled due to unusable use case for me
- If you need album release software, then uncomment
services.lidarr
section incompose.yaml
- If you need album release software, then uncomment
- Transmission alt speed enabled due to broken pcie on rock-3a to reduce overload
- Target of this build is AMD64
- It was ARM64 before, but I fucked enough with my rock-3a
- hardware (rock-3a)
- rockpi-penta soft
- button
- top PWM fan 5V 40x10mm 3-pin RYB and cut upper ring
- heatsink or microfan on cpu
- height ~15mm
- 19x19mm cpu
- 15x10mm ram
- https://shop.allnetchina.cn/products/heat-sink-for-rock-3a
- https://www.ozon.ru/search/?text=raspberry+pi+радиатор&from_global=true
- height ~15mm
- RTC battery
- software
- is stopping organizr needed for patching?
- why chown?
- speedtest
- move samba and traefik to brand new dir
- maybe add separate env file for acme provider
- jellyfin acceleration
/usr/lib/jellyfin-ffmpeg-custom/ffmpeg
-> https://media.${HOST}/web/index.html#!/encodingsettings.html- https://hub.docker.com/r/jjm2473/jellyfin-mpp
- https://forum.radxa.com/t/rk3588-kodi-rkmpp-accelerated-decoding-working-out-of-box/12785/33
- jellyfin/jellyfin-ffmpeg#34
- https://launchpad.net/~liujianfeng1994/+archive/ubuntu/rockchip-multimedia
- sudo add-apt-repository ppa:liujianfeng1994/rockchip-multimedia -y
- sudo apt update -y
- sudo apt install rockchip-multimedia-config ffmpeg -y
- nextcloud
NEXTCLOUD_ENABLE_DRI_DEVICE
- ldap
- organizr
- nextcloud
- jellyfin
- patchers
apps/
patcher with.env
values{$APPDATA_VOLUME}/
patcher with.env
values
- bluid ssp on arm64 or check if organizr have ssp?
- healthchecks ?
- flaresolverr
- glances
- portainer
- radarr
- scrutiny
- sonarr
- traefik
- whoami
- alternate software
- new software
- syncthing ? (for some important folder, which supposed to be synced on every device (passwords/notes))
- https://github.com/immich-app/immich
- https://github.com/ramanlabs-in/hachi
- probably, on client with webdav
- https://github.com/fallenbagel/jellyseerr
- https://www.photoprism.app
- software late
- fail2ban
- VPN (wireguard)
- inner
- outer
- change lcdr UID GID
- change passwds and ssh-rsa after complete setup and use docker secrets
- secure whole server with vpn or firewall
- log level debug disable
- enable 2FA
- SMTP
- authelia
- https://hstspreload.org/
- readme roadmap
- PBR section
- check for grammar issues
- podman migration
- (faster than docker ?)
- why ?
- nextcloud/all-in-one#3487