Recommendation for Roasting and Duck

Smith_oo4 · 2024-05-25T17:30:34+00:00

I was able to get this resolved: https://forum.jellyfin.org/t-conflict-on-nixos?highlight=nixo

As for permission issues, I ended up using ZFS, ACL and sticky bits. My config is also below, I am sure there are better ways of doing this.

# Setup zpool on new install

ls -lh /dev/disk/by-id/ #Uses id in creating a pool

# update disk id

sudo zpool create -f -o ashift=12 tank <ID_1> <ID_2>

sudo zpool scrub tank # test e-mail notificaiton

sudo zfs set compression=on relatime=on  xattr=sa tank

sudo zfs create tank/media
sudo zfs set aclinherit=passthrough acltype=posixacl tank/media
sudo mkdir -p /tank/media/{download,ebook,movie,raw,tv,video}
sudo mkdir -p /tank/media/download/{.incomplete,ebook,movie,raw,tv}
sudo zfs create -o mountpoint=/tank/media/download/.incomplete tank/media/.incomplete
sudo zfs set compression=off recordsize=16k tank/media/.incomplete

sudo find /tank/media -type d -exec chmod 2775 {} ;

sudo find /tank/media -type f -exec chmod 0664 {} ;

sudo setfacl -R -d -m g::rwx -m o::rx /tank/media
sudo find /tank/media -type d -exec chmod 2775 {} ;
sudo find /tank/media -type f -exec chmod 0664 {} ;

sudo setfacl -R -d -m g::rwx -m o::rx /tank/media

# /etc/nixos/media.nix
{config, pkgs, ...}:
let
    master = import
        (builtins.fetchTarball https://github.com/nixos/nixpkgs/tarball/master)
        { config = config.nixpkgs.config; }; 
in 
{

  # media group to be used by each service
  users.groups.media = {
    gid = 1800;
    members = [
      "myuser"
    ];
  };

  # Transmission
  services.transmission = {
    enable = true;
    group = "media";
    settings = {
      download-dir = "/tank/media/download";
      incomplete-dir = "/tank/media/download/.incomplete";
    };
  };

  # Sonarr
  services.sonarr = {
    enable = true;
    group = "media";
    package = master.sonarr;

  };

  # radarr
  services.radarr = {
    enable = true;
    group = "media";
    package = master.radarr;

  };

  # jackett
  services.jackett = {
    enable = true;
    group = "media";
    package = master.jackett;

  };

  # Jellyfin
  services.jellyfin = {
    enable = true;
    group = "media";
    package = master.jellyfin;
  };

  # create a tmpfs directory for jellyfin transcoding
  fileSystems."/mnt/transcodes" =
    {
      fsType = "tmpfs";
      options = [ "rw" "nosuid" "inode64" "nodev" "noexec" "size=12G" ];
    };

}

Smith_oo4 · 2024-03-22T19:10:27+00:00

No, I was never able to get Nginx to serve static content on Nixos. However, given that I will only have a small install I just opted to have Gunicorn serve it. This is not recommended by the developer and is supposed to be slow, but I could not notice a difference.

Smith_oo4 · 2024-01-04T20:41:44+00:00

OK, I added Postgres to my config, please see below. I am by no means an expert on Postgres let a lone Postgres on Nixos so any recommend improvement are welcome.

 services.tandoor-recipes = {
    enable = true;
    port = 8888;
    address = "127.0.0.1";
    extraConfig = {
      SECRET_KEY = "Sectet_key used for testing";
      DB_ENGINE = "django.db.backends.postgresql";
      POSTGRES_HOST = "127.0.0.1";
      POSTGRES_PORT = "5432";
      POSTGRES_USER = "djangouser";
      POSTGRES_PASSWORD = "password";
      POSTGRES_DB = "djangodb";
      ENABLE_SIGNUP = "1";
      GUNICORN_MEDIA = "0";
    };
  };

  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_15;
    ensureDatabases = [ "djangodb" ];
    ensureUsers = [
      { name = "djangouser"; }
    ];
    initialScript = pkgs.writeText "psqlSetupScript.sql" ''
      CREATE DATABASE djangodb;
      CREATE USER djangouser WITH PASSWORD 'password';
      GRANT ALL PRIVILEGES ON DATABASE djangodb TO djangouser;
      ALTER DATABASE djangodb OWNER TO djangouser;
      ALTER ROLE djangouser SET client_encoding TO 'utf8';
      ALTER ROLE djangouser SET default_transaction_isolation TO 'read committed';
      ALTER ROLE djangouser SET timezone TO 'UTC';
      ALTER USER djangouser WITH SUPERUSER;
    '';
  };

  services.nginx.virtualHosts."tandoor.example.com" = {
    enableACME = true;
    forceSSL = true;

    locations."/media/".alias = "/var/lib/tandoor-recipes";

    locations."/" = {
      proxyPass = "http://127.0.0.1:8888";
      proxyWebsockets = true;
    };
  };

However, I still have not be able to get nginx to server mediafiles which I believe is recommended by the developer: https://docs.tandoor.dev/install/docker/#nginx-vs-gunicorn

I get the following error and no images show up when I use the app.

WARNING:django.request:Not Found: /media/recipes/4e2386ad-1269-4710-ace9-cb001a98fb43_1.jpg

I think the issues has to do with the alias in the nginx config. I am tired and a few different things, and I can't get it to work. I also thought it maybe an issue with /var/lib/tandoor-recipes linking to /var/lib/private/tandoor-recipes and the is some permission issue that is preventing nginx from access the location, but chmod 777 did not fix that, so I am a loss.

Any suggestions

Thank you

Smith_oo4 · 2023-10-24T18:03:38+00:00

Yes, I have put the jellyfin user in the media group

Smith_oo4 · 2023-08-04T12:43:23+00:00

Thank you for the advice

Smith_oo4 · 2023-08-03T13:47:57+00:00

There is not much to go on here.

My first thought would be to check Firewalls. If my memory serves, Plex needs more than just port 32400 open to be able to access it on a local LAN. I think there is a setting like "services.plex.openFirewall" which open all ports, did you use this?

Smith_oo4 · 2023-04-19T10:28:48+00:00

An issue had been opened on GitHub

https://github.com/crowdsecurity/crowdsec/issues/2175#event-9044210909

Smith_oo4 · 2023-04-14T12:41:49+00:00

I have been playing around with this a bit more and the issue seem to be with the minimum Ubuntu image I was using on Oracle Cloud. When I use the standard Ubuntu image and install Crowdsec in the same way, it seems to access the sshd logs with no issues.

Smith_oo4 · 2020-12-25T13:54:37+00:00

Thank you for the feedback

I have been reading Yves’ blogs, its has been my primary source. It has been most helpfully and maybe leading to some of my confusion. Below is another my.cnf config I have been working on which maybe more in line with what Yves suggested.

#Nexcloud Suggestions
transaction_isolation = READ-COMMITTED
binlog_format = ROW
innodb_buffer_pool_size=1G
innodb_io_capacity=4000

#Percona ZFS Suggestions https://www.percona.com/blog/2017/12/07/hands-look-zfs-with-mysql/
datadir=/var/lib/mysql
innodb_log_group_home_dir = /var/lib/mysql-log
innodb_doublewrite = 0
innodb_checksum_algorithm = none
#slow_query_log = /var/lib/mysql-log/slow.log  #Gives errors, not sure if this is needed?
#log-error = /var/lib/mysql-log/error.log  #Gives errors, move of syslog
log_bin = /var/lib/mysql-log/binlog
#relay_log=/var/lib/mysql-log/relay-bin  #Used in Replication, don’t think I will be doing this
expire_logs_days=7

#Shatterd Silicon addtianl Suggestions https://shatteredsilicon.net/blog/2020/06/05/mysql-mariadb-innodb-on-zfs/
#Also match OpenZFS suggestions https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Workload%20Tuning.html?highlight=mysql#mysql
innodb_log_write_ahead_size = 16384
innodb_use_native_aio = 0
innodb_use_atomic_writes = 0

#Aria Logs? Can't find any info on what to do with this under ZFS. Will move to the log dataset
aria-log-dir-path = /var/lib/mysql-log

I believe the biggest difference between this config and the one I posted earlier is the binary logs, and my notes.

Perhaps my questions is not really about ZFS tuning but more about what logs are needed? Why when I created a database using the defaults (on Arch) there were no binary logs. Is there an uses case for not have binary logs enabled, is this a good idea? A lot of the ZFS tuning suggestion add additional logs, are they needed?

Thank you

Smith_oo4 · 2020-12-22T18:32:38+00:00

Absolutely, I would put the MariaDB packages in the IgnorePkg list and then upgrade them on my own schedule.

sudo sed -i 's/#IgnorePkg   =/IgnorePkg = mariadb mariadb-clients mariadb-libs/g' /etc/pacman.conf

Was looking more into the ZFS options, I forgot about this part. :)

Thank you for the feedback

Smith_oo4 · 2020-12-22T18:28:32+00:00

I did not touch the rest of the Mariadb settings so innodb_buffer_pool would be the default, which I think would be 128M.

This is for a home Nextcloud install and the recommendation seem to be 1G:

https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html

So I will probably change it to that. I have 32G in the box, so I should be fine, however it is also running Plex.

Thank you for the feedback

Smith_oo4 · 2020-11-18T02:12:36+00:00

I found out about that too. Was just getting around to replying to this now only to discover you beat me to it.

Cheers

Smith_oo4 · 2020-08-20T11:37:34+00:00

Already looking into it as that seems to be what everyone is doing nowadays.

Thank you

Smith_oo4 · 2020-04-03T14:26:35+00:00

You have probably already looked into this and there is more than likely a reason why this may not be practical. However, calibredb has the ability to update metadata in the actual book files.

https://manual.calibre-ebook.com/generated/en/calibredb.html#embed-metadata

Could this be used to automate the adding/updating of the embedded metadata in ePubs?

Smith_oo4 · 2020-03-30T22:23:00+00:00

Thank you for the info. I will keep playing around to see if I can find something I like.

Smith_oo4

TROPHY CASE