I try to check this thread about every 2 weeks but I will not respond to PMs for support. Please post in the thread so other people also assist.
Like a number of people who may be in the same case I was in, I had gone to Corral for Docker Support. While these applications worked well in Corral as docker containers with datasets shared via 9PFS. I found coming back to FreeNAS 11 some of the applications such as Transmission and Plex began to choke and lockup with the same datasets shared under NFS in Docker containers running under Rancher.
I decided I'd migrate all of my applications back to Jails as I had them before Corral as I found them easier to manage and less resource intensive on the system. When I did that I made detailed notes on how to setup each application's base install from scratch. I figured I'd try to give back to the community a bit and share the steps for each application.
This should help guide you to getting these apps installed however I don't have specifics on settings for each as it may vary based on your usage requirements. Most of these apps have their own forums, github repos, etc, where you can get help for each application on its own.
This setup assumes you have a video dataset, a torrent dataset and apps dataset that has a dataset under it for each application's configuration files owned by the user that it will run as.
Determining the best choice for permissions for the video and torrents dataset is up to you to decide based on your setup. I highly recommend reading this post to get a better idea on the numerous ways permissions can be done in jails to best fit your needs.
Having the apps dataset and datasets under it made for easy snapshots of just the application config data and easy reinstalls of jails as to import data you would just need to mount the /config directory back into the new jail.
If anyone would like to see any changes let me know and I'll be happy to make them. If you find an issue with anything please make a post in the discussion thread for this resource.
For any jail below that has commands for iocage all commands should be run from the FreeNAS host. On the iocage create command for each jail you MUST replace <IP>,<MASK>,<GATEWAY> with the correct values for your setup.
Example:
------------------------
Plex
------------------------
Tautulli
Tautulli should then be available at http://<JailIP>:8181
------------------------
Radarr
Create an rc file for radarr using your favorite editor at /mnt/iocage/jails/radarr/root/usr/local/etc/rc.d/radarr
Radarr should be available at http://<JailIP>:7878
------------------------
Sonarr
Create an rc file for radarr using your favorite editor at /mnt/iocage/jails/sonarr/root/usr/local/etc/rc.d/sonarr
Sonarr should be available at http://<JailIP>:8989
------------------------
Lidarr
Create an rc file for radarr using your favorite editor at /mnt/iocage/jails/lidarr/root/usr/local/etc/rc.d/lidarr
Lidarr should be available at http://<JailIP>:8686
------------------------
Jackett
Create an rc file for jackett using your favorite editor at /mnt/iocage/jails/jackett/root/usr/local/etc/rc.d/jackett
Jackett should be available at http://<JailIP>:9117
------------------------
Transmission with OpenVPN + IPFW Killswitch
------------------------
Organizr
Create or replace /mnt/iocage/jails/organizr/root/usr/local/etc/nginx/nginx.conf with the following which is the default with comments removed and the bare minimum changes required to run Organizr.
Navigate to http://JailIP and set the database location to "/config" and pick your timezone.
After you have completed the initial setup in the UI go back and do the following as some settings are stored in the config.php in the web directory such as homepage settings and email settings. If you ever need to recreate the jail you can omit the first 2 of the next 3 steps and just run the link instead of setting up your settings again.
------------------------
Like a number of people who may be in the same case I was in, I had gone to Corral for Docker Support. While these applications worked well in Corral as docker containers with datasets shared via 9PFS. I found coming back to FreeNAS 11 some of the applications such as Transmission and Plex began to choke and lockup with the same datasets shared under NFS in Docker containers running under Rancher.
I decided I'd migrate all of my applications back to Jails as I had them before Corral as I found them easier to manage and less resource intensive on the system. When I did that I made detailed notes on how to setup each application's base install from scratch. I figured I'd try to give back to the community a bit and share the steps for each application.
This should help guide you to getting these apps installed however I don't have specifics on settings for each as it may vary based on your usage requirements. Most of these apps have their own forums, github repos, etc, where you can get help for each application on its own.
This setup assumes you have a video dataset, a torrent dataset and apps dataset that has a dataset under it for each application's configuration files owned by the user that it will run as.
Determining the best choice for permissions for the video and torrents dataset is up to you to decide based on your setup. I highly recommend reading this post to get a better idea on the numerous ways permissions can be done in jails to best fit your needs.
Having the apps dataset and datasets under it made for easy snapshots of just the application config data and easy reinstalls of jails as to import data you would just need to mount the /config directory back into the new jail.
If anyone would like to see any changes let me know and I'll be happy to make them. If you find an issue with anything please make a post in the discussion thread for this resource.
For any jail below that has commands for iocage all commands should be run from the FreeNAS host. On the iocage create command for each jail you MUST replace <IP>,<MASK>,<GATEWAY> with the correct values for your setup.
Example:
iocage create -n "jailname" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|192.168.1.100/24" defaultrouter="192.168.1.1" vnet="on" allow_raw_sockets="1" boot="on"
------------------------
Plex
There are 2 sets of directions below based on if you require the plexpass version or not. Personally I mount the video filesystem as readonly inside the plex jail as I don't need to be able to delete media from inside plex as it is managed through other applications.
Non Plexpass:
Plexpass:
If you would like to change to the latest repo to get faster updates to Plex than every month or so you can do that by creating the following file.
Plex should then be avaible at http://<JailIP>:32400/web
Non Plexpass:
echo '{"pkgs":["plexmediaserver","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "plex" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec plex mkdir -p /config
iocage exec plex mkdir -p /mnt/video
iocage fstab -a plex /mnt/tank1/apps/plex /config nullfs rw 0 0
iocage fstab -a plex /mnt/tank1/video /mnt/video nullfs ro 0 0
iocage exec plex chown -R plex:plex /config
iocage exec plex sysrc "plexmediaserver_enable=YES"
iocage exec plex sysrc plexmediaserver_support_path="/config"
iocage exec plex service plexmediaserver start
Plexpass:
echo '{"pkgs":["plexmediaserver-plexpass","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "plex" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec plex mkdir -p /config
iocage exec plex mkdir -p /mnt/video
iocage fstab -a plex /mnt/tank1/apps/plex /config nullfs rw 0 0
iocage fstab -a plex /mnt/tank1/video /mnt/video nullfs ro 0 0
iocage exec plex chown -R plex:plex /config
iocage exec plex sysrc "plexmediaserver_plexpass_enable=YES"
iocage exec plex sysrc plexmediaserver_plexpass_support_path="/config"
iocage exec plex service plexmediaserver_plexpass start
If you would like to change to the latest repo to get faster updates to Plex than every month or so you can do that by creating the following file.
iocage exec plex "mkdir -p /usr/local/etc/pkg/repos"
iocage exec plex "vi /usr/local/etc/pkg/repos/FreeBSD.conf"
Code:
FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }
Plex should then be avaible at http://<JailIP>:32400/web
Tautulli
echo '{"pkgs":["python2","py27-sqlite3","py27-openssl","ca_root_nss","git"]}' > /tmp/pkg.json
iocage create -n "tautulli" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec tautulli mkdir -p /config
iocage fstab -a tautulli /mnt/tank1/apps/tautulli /config nullfs rw 0 0
iocage exec tautulli git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli
iocage exec tautulli "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin"
iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config
iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli
iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli
iocage exec tautulli sysrc "tautulli_enable=YES"
iocage exec tautulli sysrc "tautulli_flags=--datadir /config"
iocage exec tautulli service tautulli start
Tautulli should then be available at http://<JailIP>:8181
Radarr
echo '{"pkgs":["mono","mediainfo","sqlite3","ca_root_nss","curl"]}' > /tmp/pkg.json
iocage create -n "radarr" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec radarr mkdir -p /config
iocage exec radarr mkdir -p /mnt/video
iocage exec radarr mkdir -p /mnt/torrents
iocage fstab -a radarr /mnt/tank1/apps/radarr /config nullfs rw 0 0
iocage fstab -a radarr /mnt/tank1/torrents /mnt/torrents nullfs rw 0 0
iocage fstab -a radarr /mnt/tank1/video /mnt/video nullfs rw 0 0
iocage exec radarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.995/Radarr.develop.0.2.0.995.linux.tar.gz -o /usr/local/share"
iocage exec radarr "tar -xzvf /usr/local/share/Radarr.*.linux.tar.gz -C /usr/local/share"
iocage exec radarr rm /usr/local/share/Radarr.*.linux.tar.gz
iocage exec radarr "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin"
iocage exec radarr chown -R radarr:radarr /usr/local/share/Radarr /config
iocage exec radarr mkdir /usr/local/etc/rc.d
Create an rc file for radarr using your favorite editor at /mnt/iocage/jails/radarr/root/usr/local/etc/rc.d/radarr
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: radarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# radarr_enable: Set to YES to enable radarr
# Default: NO
# radarr_user: The user account used to run the radarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# radarr_group: The group account used to run the radarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# radarr_data_dir: Directory where radarr configuration
# data is stored.
# Default: /var/db/radarr
. /etc/rc.subr
name=radarr
rcvar=${name}_enable
load_rc_config $name
: ${radarr_enable:="NO"}
: ${radarr_user:="radarr"}
: ${radarr_group:="radarr"}
: ${radarr_data_dir:="/config"}
pidfile="${radarr_data_dir}/nzbdrone.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Radarr/Radarr.exe --data=${radarr_data_dir} --nobrowser"
start_precmd=radarr_precmd
radarr_precmd() {
if [ ! -d ${radarr_data_dir} ]; then
install -d -o ${radarr_user} -g ${radarr_group} ${radarr_data_dir}
fi
export XDG_CONFIG_HOME=${radarr_data_dir}
}
run_rc_command "$1"
# $FreeBSD$
#
# PROVIDE: radarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# radarr_enable: Set to YES to enable radarr
# Default: NO
# radarr_user: The user account used to run the radarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# radarr_group: The group account used to run the radarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# radarr_data_dir: Directory where radarr configuration
# data is stored.
# Default: /var/db/radarr
. /etc/rc.subr
name=radarr
rcvar=${name}_enable
load_rc_config $name
: ${radarr_enable:="NO"}
: ${radarr_user:="radarr"}
: ${radarr_group:="radarr"}
: ${radarr_data_dir:="/config"}
pidfile="${radarr_data_dir}/nzbdrone.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Radarr/Radarr.exe --data=${radarr_data_dir} --nobrowser"
start_precmd=radarr_precmd
radarr_precmd() {
if [ ! -d ${radarr_data_dir} ]; then
install -d -o ${radarr_user} -g ${radarr_group} ${radarr_data_dir}
fi
export XDG_CONFIG_HOME=${radarr_data_dir}
}
run_rc_command "$1"
iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr
iocage exec radarr sysrc "radarr_enable=YES"
iocage exec radarr service radarr start
Radarr should be available at http://<JailIP>:7878
Sonarr
echo '{"pkgs":["mono","mediainfo","sqlite3","ca_root_nss","curl"]}' > /tmp/pkg.json
iocage create -n "sonarr" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec sonarr mkdir -p /config
iocage exec sonarr mkdir -p /mnt/video
iocage exec sonarr mkdir -p /mnt/torrents
iocage fstab -a sonarr /mnt/tank1/apps/sonarr /config nullfs rw 0 0
iocage fstab -a sonarr /mnt/tank1/torrents /mnt/torrents nullfs rw 0 0
iocage fstab -a sonarr /mnt/tank1/video /mnt/video nullfs rw 0 0
iocage exec sonarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec sonarr "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share"
iocage exec sonarr "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share"
iocage exec sonarr rm /usr/local/share/NzbDrone.master.tar.gz
iocage exec sonarr "pw user add sonarr -c sonarr -u 351 -d /nonexistent -s /usr/bin/nologin"
iocage exec sonarr chown -R sonarr:sonarr /usr/local/share/NzbDrone /config
iocage exec sonarr mkdir /usr/local/etc/rc.d
Create an rc file for radarr using your favorite editor at /mnt/iocage/jails/sonarr/root/usr/local/etc/rc.d/sonarr
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: sonarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# sonarr_enable: Set to YES to enable sonarr
# Default: NO
# sonarr_user: The user account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# sonarr_group: The group account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# sonarr_data_dir: Directory where sonarr configuration
# data is stored.
# Default: /var/db/sonarr
. /etc/rc.subr
name=sonarr
rcvar=${name}_enable
load_rc_config $name
: ${sonarr_enable:="NO"}
: ${sonarr_user:="sonarr"}
: ${sonarr_group:="sonarr"}
: ${sonarr_data_dir:="/config"}
pidfile="${sonarr_data_dir}/nzbdrone.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/NzbDrone/NzbDrone.exe --data=${sonarr_data_dir} --nobrowser"
start_precmd=sonarr_precmd
sonarr_precmd() {
if [ ! -d ${sonarr_data_dir} ]; then
install -d -o ${sonarr_user} -g ${sonarr_group} ${sonarr_data_dir}
fi
export XDG_CONFIG_HOME=${sonarr_data_dir}
}
run_rc_command "$1"
# $FreeBSD$
#
# PROVIDE: sonarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# sonarr_enable: Set to YES to enable sonarr
# Default: NO
# sonarr_user: The user account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# sonarr_group: The group account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# sonarr_data_dir: Directory where sonarr configuration
# data is stored.
# Default: /var/db/sonarr
. /etc/rc.subr
name=sonarr
rcvar=${name}_enable
load_rc_config $name
: ${sonarr_enable:="NO"}
: ${sonarr_user:="sonarr"}
: ${sonarr_group:="sonarr"}
: ${sonarr_data_dir:="/config"}
pidfile="${sonarr_data_dir}/nzbdrone.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/NzbDrone/NzbDrone.exe --data=${sonarr_data_dir} --nobrowser"
start_precmd=sonarr_precmd
sonarr_precmd() {
if [ ! -d ${sonarr_data_dir} ]; then
install -d -o ${sonarr_user} -g ${sonarr_group} ${sonarr_data_dir}
fi
export XDG_CONFIG_HOME=${sonarr_data_dir}
}
run_rc_command "$1"
iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr
iocage exec sonarr sysrc "sonarr_enable=YES"
iocage exec sonarr service sonarr start
Sonarr should be available at http://<JailIP>:8989
Lidarr
echo '{"pkgs":["mono","mediainfo","sqlite3","ca_root_nss","curl","chromaprint"]}' > /tmp/pkg.json
iocage create -n "lidarr" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec lidarr mkdir -p /config
iocage exec lidarr mkdir -p /mnt/music
iocage exec lidarr mkdir -p /mnt/torrents
iocage fstab -a lidarr /mnt/tank1/apps/lidarr /config nullfs rw 0 0
iocage fstab -a lidarr /mnt/tank1/torrents /mnt/torrents nullfs rw 0 0
iocage fstab -a lidarr /mnt/tank1/music /mnt/music nullfs rw 0 0
iocage exec lidarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec lidarr "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share"
iocage exec lidarr "tar -xzvf /usr/local/share/Lidarr.develop.*.linux.tar.gz -C /usr/local/share"
iocage exec lidarr "rm /usr/local/share/Lidarr.*.tar.gz"
iocage exec lidarr "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin"
iocage exec lidarr chown -R lidarr:lidarr /usr/local/share/Lidarr /config
iocage exec lidarr mkdir /usr/local/etc/rc.d
Create an rc file for radarr using your favorite editor at /mnt/iocage/jails/lidarr/root/usr/local/etc/rc.d/lidarr
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: lidarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable lidarr:
# lidarr_enable="YES"
. /etc/rc.subr
name=lidarr
rcvar=${name}_enable
load_rc_config $name
: ${lidarr_enable="NO"}
: ${lidarr_user:="lidarr"}
: ${lidarr_group:="lidarr"}
: ${lidarr_data_dir:="/config"}
pidfile="${lidarr_data_dir}/lidarr.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Lidarr/Lidarr.exe -- data=${lidarr_data_dir} --nobrowser"
start_precmd=lidarr_precmd
lidarr_precmd() {
if [ ! -d ${lidarr_data_dir} ]; then
install -d -o ${lidarr_user} -g ${lidarr_group} ${lidarr_data_dir}
fi
export XDG_CONFIG_HOME=${lidarr_data_dir}
}
run_rc_command "$1"
# $FreeBSD$
#
# PROVIDE: lidarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable lidarr:
# lidarr_enable="YES"
. /etc/rc.subr
name=lidarr
rcvar=${name}_enable
load_rc_config $name
: ${lidarr_enable="NO"}
: ${lidarr_user:="lidarr"}
: ${lidarr_group:="lidarr"}
: ${lidarr_data_dir:="/config"}
pidfile="${lidarr_data_dir}/lidarr.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Lidarr/Lidarr.exe -- data=${lidarr_data_dir} --nobrowser"
start_precmd=lidarr_precmd
lidarr_precmd() {
if [ ! -d ${lidarr_data_dir} ]; then
install -d -o ${lidarr_user} -g ${lidarr_group} ${lidarr_data_dir}
fi
export XDG_CONFIG_HOME=${lidarr_data_dir}
}
run_rc_command "$1"
iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr
iocage exec lidarr sysrc "lidarr_enable=YES"
iocage exec lidarr service lidarr start
Lidarr should be available at http://<JailIP>:8686
Jackett
echo '{"pkgs":["mono","curl","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "jackett" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec jackett mkdir -p /config
iocage fstab -a jackett /mnt/tank1/apps/jackett /config nullfs rw 0 0
iocage exec jackett ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec jackett "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share"
iocage exec jackett "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share"
iocage exec jackett rm /usr/local/share/Jackett.Binaries.Mono.tar.gz
iocage exec jackett "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin"
iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config
iocage exec jackett mkdir /usr/local/etc/rc.d
Create an rc file for jackett using your favorite editor at /mnt/iocage/jails/jackett/root/usr/local/etc/rc.d/jackett
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: jackett
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# jackett_enable: Set to YES to enable jackett
# Default: NO
# jackett_user: The user account used to run the jackett daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# jackett_group: The group account used to run the jackett daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# jackett_data_dir: Directory where jackett configuration
# data is stored.
# Default: /var/db/jackett
. /etc/rc.subr
name=jackett
rcvar=${name}_enable
load_rc_config $name
: ${jackett_enable:="NO"}
: ${jackett_user:="jackett"}
: ${jackett_group:="jackett"}
: ${jackett_data_dir:="/config"}
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-p ${jackett_data_dir}/jackett.pid -f ${procname} /usr/local/share/Jackett/JackettConsole.exe -d ${jackett_data_dir}"
start_precmd=jackett_precmd
jackett_precmd() {
export USER=${jackett_user}
if [ ! -d ${jackett_data_dir} ]; then
install -d -o ${jackett_user} -g ${jackett_group} ${jackett_data_dir}
fi
export XDG_CONFIG_HOME=${jackett_data_dir}
}
run_rc_command "$1"
# $FreeBSD$
#
# PROVIDE: jackett
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# jackett_enable: Set to YES to enable jackett
# Default: NO
# jackett_user: The user account used to run the jackett daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# jackett_group: The group account used to run the jackett daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# jackett_data_dir: Directory where jackett configuration
# data is stored.
# Default: /var/db/jackett
. /etc/rc.subr
name=jackett
rcvar=${name}_enable
load_rc_config $name
: ${jackett_enable:="NO"}
: ${jackett_user:="jackett"}
: ${jackett_group:="jackett"}
: ${jackett_data_dir:="/config"}
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-p ${jackett_data_dir}/jackett.pid -f ${procname} /usr/local/share/Jackett/JackettConsole.exe -d ${jackett_data_dir}"
start_precmd=jackett_precmd
jackett_precmd() {
export USER=${jackett_user}
if [ ! -d ${jackett_data_dir} ]; then
install -d -o ${jackett_user} -g ${jackett_group} ${jackett_data_dir}
fi
export XDG_CONFIG_HOME=${jackett_data_dir}
}
run_rc_command "$1"
iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett
iocage exec jackett sysrc "jackett_enable=YES"
iocage exec jackett service jackett restart
Jackett should be available at http://<JailIP>:9117
Transmission with OpenVPN + IPFW Killswitch
If you don't need or want the VPN, you can omit installing openvpn, setting up the ipfw_rules file, running the devfs command and any sysrc / service commands related to openvpn/firewall/ipfw.
If you are going to going to use the vpn, you will need add a preinit task in the webui to run the following command as well as run it once before you setup the jail. This adds a rule to the default devfs_ruleset applied to all iocage jails to allow them to access tun devices.
The firewall rules prevent anything from going out over your normal ISP your VPN dies.
Create your Firewall rules using your favorite editor at /mnt/tank1/apps/transmission/config/ipfw_rules
In the rules below my transmission jail has the ip 172.16.0.14 in the 172.16.0.0/23 network. You will need to alter them based on your setup.
Place the conf file for your vpn connection at /mnt/tank1/apps/transmission/config/openvpn.conf
The default transmission settings will prevent any access to the WebUI from anything other than from localhost. We need to access edit the settings file for transmission to fix this to do so we need to stop transmission and edit settings.json file for Transmission.
Using your favorite editor edit /mnt/tank1/apps/transmission/config/transmission-home/settings.json and find the lines prefixed with rpc-whitelist. You have 2 options disabling the whitelist or adding your IP to the whitelist.
To disable the whitelist change the following lines:
to
To add your IP edit the line below to include your ip. The setting is a comma separated list, so if your ip was 192.168.1.100 you would change it as follows.
to
After you have completed either of these you can start transmission again.
Transmission should be available at http://<JailIP>:9091/transmission/web/
If you are going to going to use the vpn, you will need add a preinit task in the webui to run the following command as well as run it once before you setup the jail. This adds a rule to the default devfs_ruleset applied to all iocage jails to allow them to access tun devices.
devfs rule -s 4 add path 'tun*' unhide
The firewall rules prevent anything from going out over your normal ISP your VPN dies.
echo '{"pkgs":["bash","unzip","unrar","transmission","openvpn","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "transmission" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on" allow_tun="1"
rm /tmp/pkg.json
iocage exec transmission mkdir -p /config
iocage exec transmission mkdir -p /mnt/torrents
iocage fstab -a transmission /mnt/tank1/apps/transmission /config nullfs rw 0 0
iocage fstab -a transmission /mnt/tank1/torrents /mnt/torrents nullfs rw 0 0
iocage exec transmission mkdir -p /config/transmission-home
iocage exec transmission chown -R transmission:transmission /config/transmission-home
Create your Firewall rules using your favorite editor at /mnt/tank1/apps/transmission/config/ipfw_rules
In the rules below my transmission jail has the ip 172.16.0.14 in the 172.16.0.0/23 network. You will need to alter them based on your setup.
# Allow internal traffic
add 03000 allow ip from 172.16.0.14/32 to 172.16.0.0/23 keep-state
add 03000 allow ip from 172.16.0.0/23 to 172.16.0.14/32 keep-state
# Allow access to Entrace IP for VPN
add 04000 allow ip from 172.16.0.14/32 to <IP of VPN Entrance Node> keep-state
# Allow any traffic over the VPN interface
add 05000 allow ip from any to any via tun*
# Deny any other traffic
add 65534 deny ip from any to any
add 03000 allow ip from 172.16.0.14/32 to 172.16.0.0/23 keep-state
add 03000 allow ip from 172.16.0.0/23 to 172.16.0.14/32 keep-state
# Allow access to Entrace IP for VPN
add 04000 allow ip from 172.16.0.14/32 to <IP of VPN Entrance Node> keep-state
# Allow any traffic over the VPN interface
add 05000 allow ip from any to any via tun*
# Deny any other traffic
add 65534 deny ip from any to any
Place the conf file for your vpn connection at /mnt/tank1/apps/transmission/config/openvpn.conf
iocage exec transmission "chown 0:0 /config/ipfw_rules"
iocage exec transmission "chmod 600 /config/ipfw_rules"
iocage exec transmission sysrc "firewall_enable=YES"
iocage exec transmission sysrc "firewall_type=/config/ipfw_rules"
iocage exec transmission sysrc "openvpn_enable=YES"
iocage exec transmission sysrc "openvpn_dir=/config"
iocage exec transmission sysrc "openvpn_configfile=/config/openvpn.conf"
iocage exec transmission sysrc "transmission_enable=YES"
iocage exec transmission sysrc "transmission_conf_dir=/config/transmission-home"
iocage exec transmission sysrc "transmission_download_dir=/mnt/torrents/completed"
iocage exec transmission service ipfw start
iocage exec transmission service openvpn start
iocage exec transmission service transmission start
The default transmission settings will prevent any access to the WebUI from anything other than from localhost. We need to access edit the settings file for transmission to fix this to do so we need to stop transmission and edit settings.json file for Transmission.
iocage exec transmission service transmission stop
Using your favorite editor edit /mnt/tank1/apps/transmission/config/transmission-home/settings.json and find the lines prefixed with rpc-whitelist. You have 2 options disabling the whitelist or adding your IP to the whitelist.
To disable the whitelist change the following lines:
Code:
"rpc-whitelist-enabled": true,
Code:
"rpc-whitelist-enabled": false,
To add your IP edit the line below to include your ip. The setting is a comma separated list, so if your ip was 192.168.1.100 you would change it as follows.
Code:
"rpc-whitelist": "127.0.0.1",
Code:
"rpc-whitelist": "127.0.0.1,192.168.1.100",
After you have completed either of these you can start transmission again.
iocage exec transmission service transmission start
Transmission should be available at http://<JailIP>:9091/transmission/web/
Organizr
echo '{"pkgs":["nginx","php72","php72-filter","php72-curl","php72-hash","php72-json","php72-openssl","php72-pdo","php72-pdo_sqlite","php72-session","php72-simplexml","php72-sqlite3","php72-zip","git","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "organizr" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec organizr mkdir -p /config
iocage fstab -a organizr /mnt/tank1/apps/organizr /config nullfs rw 0 0
iocage exec organizr sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf
iocage exec organizr sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf
iocage exec organizr sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf
iocage exec organizr sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf
iocage exec organizr cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
iocage exec organizr sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini
iocage exec organizr sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini
Create or replace /mnt/iocage/jails/organizr/root/usr/local/etc/nginx/nginx.conf with the following which is the default with comments removed and the bare minimum changes required to run Organizr.
user www;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root /usr/local/www/Organizr;
location / {
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
}
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root /usr/local/www/Organizr;
location / {
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
}
iocage exec organizr git clone https://github.com/causefx/Organizr.git /usr/local/www/Organizr
iocage exec organizr chown -R www:www /usr/local/www /config
iocage exec organizr sysrc nginx_enable=YES
iocage exec organizr sysrc php_fpm_enable=YES
iocage exec organizr service nginx start
iocage exec organizr service php-fpm start
Navigate to http://JailIP and set the database location to "/config" and pick your timezone.
After you have completed the initial setup in the UI go back and do the following as some settings are stored in the config.php in the web directory such as homepage settings and email settings. If you ever need to recreate the jail you can omit the first 2 of the next 3 steps and just run the link instead of setting up your settings again.
iocage exec organizr cp -a /usr/local/www/Organizr/api/config/config.php /config/config.php
iocage exec organizr rm /usr/local/www/Organizr/api/config/config.php
iocage exec organizr ln -s /config/config.php /usr/local/www/Organizr/api/config/config.php
Ombi
You only need to run the next two commands if you are creating the jail for the first time.
Create an rc file for ombi using your favorite editor at /mnt/iocage/jails/ombi/root/usr/local/etc/rc.d/ombi
Ombi should be available at http://<JailIP>:3579
------------------------
Sabnzbd
http://<>:8080/sabnzbd/
echo '{"pkgs":["mono","ca_root_nss","unzip","sqlite3"]}' > /tmp/pkg.json
iocage create -n "ombi" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage fstab -a ombi /mnt/tank1/apps/ombi /config nullfs rw 0 0
iocage exec ombi ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec ombi "fetch https://github.com/tidusjar/Ombi/releases/download/v2.2.1/Ombi.zip -o /usr/local/share"
iocage exec ombi "unzip -d /usr/local/share /usr/local/share/Ombi.zip"
iocage exec ombi mv /usr/local/share/Release /usr/local/share/ombi
iocage exec ombi rm /usr/local/share/Ombi.zip
You only need to run the next two commands if you are creating the jail for the first time.
iocage exec ombi sqlite3 /config/Ombi.sqlite "create table aTable(field1 int); drop table aTable;"
iocage exec ombi mkdir -p /config/Backups
iocage exec ombi ln -s /config/Ombi.sqlite /usr/local/share/ombi/Ombi.sqlite
iocage exec ombi ln -s /config/Backups /usr/local/share/ombi/Backups
iocage exec ombi "pw user add ombi -c ombi -u 819 -d /nonexistent -s /usr/bin/nologin"
iocage exec ombi chown -R ombi:ombi /usr/local/share/ombi /config
iocage exec ombi mkdir /usr/local/etc/rc.d
Create an rc file for ombi using your favorite editor at /mnt/iocage/jails/ombi/root/usr/local/etc/rc.d/ombi
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: ombi
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# ombi_enable (bool): Set to NO by default.
# Set it to YES to enable it.
# ombi_user: The user account ombi daemon runs as what
# you want it to be. It uses 'ombi' user by
# default. Do not sets it as empty or it will run
# as root.
# ombi_group: The group account ombi daemon runs as what
# you want it to be. It uses 'ombi' group by
# default. Do not sets it as empty or it will run
# as wheel.
# ombi_data_dir: Directory where ombi configuration
# data is stored.
# Default: /usr/local/share/ombi
. /etc/rc.subr
name=ombi
rcvar=ombi_enable
load_rc_config ${name}
: ${ombi_enable:=NO}
: ${ombi_user:=ombi}
: ${ombi_group:=ombi}
: ${ombi_data_dir:="/config"}
procname="/usr/local/bin/mono"
command="/usr/sbin/daemon"
command_args="-f ${procname} /usr/local/share/ombi/Ombi.exe"
start_precmd=ombi_precmd
ombi_precmd() {
if [ ! -d ${ombi_data_dir} ];
then install -d -o ${ombi_user} -g ${ombi_group} ${ombi_data_dir}
fi
export XDG_CONFIG_HOME=${ombi_data_dir}
}
run_rc_command "$1"
#
# $FreeBSD$
#
# PROVIDE: ombi
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# ombi_enable (bool): Set to NO by default.
# Set it to YES to enable it.
# ombi_user: The user account ombi daemon runs as what
# you want it to be. It uses 'ombi' user by
# default. Do not sets it as empty or it will run
# as root.
# ombi_group: The group account ombi daemon runs as what
# you want it to be. It uses 'ombi' group by
# default. Do not sets it as empty or it will run
# as wheel.
# ombi_data_dir: Directory where ombi configuration
# data is stored.
# Default: /usr/local/share/ombi
. /etc/rc.subr
name=ombi
rcvar=ombi_enable
load_rc_config ${name}
: ${ombi_enable:=NO}
: ${ombi_user:=ombi}
: ${ombi_group:=ombi}
: ${ombi_data_dir:="/config"}
procname="/usr/local/bin/mono"
command="/usr/sbin/daemon"
command_args="-f ${procname} /usr/local/share/ombi/Ombi.exe"
start_precmd=ombi_precmd
ombi_precmd() {
if [ ! -d ${ombi_data_dir} ];
then install -d -o ${ombi_user} -g ${ombi_group} ${ombi_data_dir}
fi
export XDG_CONFIG_HOME=${ombi_data_dir}
}
run_rc_command "$1"
iocage exec ombi chmod u+x /usr/local/etc/rc.d/ombi
iocage exec ombi sysrc ombi_enable=YES
iocage exec ombi service ombi start
Ombi should be available at http://<JailIP>:3579
Sabnzbd
echo '{"pkgs":["sabnzbdplus","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "sabnzbd" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage fstab -a sabnzbd /mnt/tank1/apps/sabnzbd /config nullfs rw 0 0
iocage fstab -a sabnzbd /mnt/tank1/torrents /mnt/torrents nullfs rw 0 0
iocage exec sabnzbd mkdir -p /mnt/torrents/sabnzbd/incomplete
iocage exec sabnzbd mkdir -p /mnt/torrents/sabnzbd/complete
iocage exec sabnzbd ln -s /usr/local/bin/python2.7 /usr/bin/python
iocage exec sabnzbd ln -s /usr/local/bin/python2.7 /usr/bin/python2
iocage exec sabnzbd chown -R _sabnzbd:_sabnzbd /mnt/torrents/sabnzbd /config
iocage exec sabnzbd sysrc sabnzbd_enable=YES
iocage exec sabnzbd sysrc sabnzbd_conf_dir="/config"
iocage exec sabnzbd service sabnzbd start
iocage exec sabnzbd service sabnzbd stop
iocage exec sabnzbd sed -i '' -e 's?host = 127.0.0.1?host = 0.0.0.0?g' /config/sabnzbd.ini
iocage exec sabnzbd sed -i '' -e 's?download_dir = Downloads/incomplete?download_dir = /mnt/torrents/sabnzbd/incomplete?g' /config/sabnzbd.ini
iocage exec sabnzbd sed -i '' -e 's?complete_dir = Downloads/complete?complete_dir = /mnt/torrents/sabnzbd/complete?g' /config/sabnzbd.ini
iocage exec sabnzbd service sabnzbd start
http://<>:8080/sabnzbd/