From acbe7373110d0eda424ce14c8ab2989665669d16 Mon Sep 17 00:00:00 2001
From: Damien Arnodo <damien@noreply.localhost>
Date: Fri, 26 Dec 2025 11:15:09 +0000
Subject: [PATCH] docs: add seedbox README

---
 seedbox/README.md | 104 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)
 create mode 100644 seedbox/README.md

diff --git a/seedbox/README.md b/seedbox/README.md
new file mode 100644
index 0000000..98dff85
--- /dev/null
+++ b/seedbox/README.md
@@ -0,0 +1,104 @@
+# Seedbox Server
+
+Deploys a seedbox with Transmission for maintaining Linux ISO mirrors.
+
+## Quick Start
+
+```bash
+NFS_SERVER=nas.tailnet.ts.net curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash
+```
+
+## Components
+
+- **Transmission**: BitTorrent client with WebUI
+- **NFS v4.1**: Mount to NAS for ISO storage
+- **Tailscale**: Private access to WebUI
+- **Docker**: Container runtime
+- **UFW**: Firewall (only peer port exposed publicly)
+- **fail2ban** + **unattended-upgrades**: Basic hardening
+
+## Environment Variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `NFS_SERVER` | *required* | NAS hostname/IP (Tailscale) |
+| `NFS_SHARE` | `/volume1/iso` | NFS export path on NAS |
+| `NFS_MOUNT` | `/mnt/iso` | Local mount point |
+| `SEEDBOX_HOSTNAME` | `seedbox` | Server hostname |
+| `PEER_PORT` | `51413` | BitTorrent peer port |
+| `TRANSMISSION_USER` | `admin` | WebUI username |
+| `TRANSMISSION_PASS` | *auto-generated* | WebUI password |
+| `TZ` | `Europe/Paris` | Timezone |
+
+Example with custom settings:
+
+```bash
+NFS_SERVER=nas.tailnet.ts.net \
+NFS_SHARE=/volume1/linux-iso \
+TRANSMISSION_USER=damien \
+TRANSMISSION_PASS=mysecurepass \
+curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash
+```
+
+## Network Access
+
+| Service | Public | Tailscale |
+|---------|--------|-----------|
+| BitTorrent peers | ✅ Port 51413 | ✅ |
+| Transmission WebUI | ❌ | ✅ Port 9091 |
+| SSH | ❌ | ✅ Tailscale SSH |
+| NFS (to NAS) | ❌ | ✅ |
+
+## What it does
+
+1. Sets hostname
+2. Installs base packages (vim, fail2ban, unattended-upgrades, nfs-common)
+3. Installs and connects Tailscale
+4. Installs Docker
+5. Configures NFS mount to NAS (via Tailscale)
+6. Deploys Transmission container
+7. Configures UFW (peer port public, WebUI via Tailscale only)
+
+## Directory Structure
+
+Organize your downloads by distribution:
+
+```
+/mnt/iso/
+├── debian/
+│   ├── debian-12.7.0-amd64-netinst.iso
+│   └── debian-11.11.0-amd64-netinst.iso
+├── ubuntu/
+│   ├── ubuntu-24.04.1-live-server-amd64.iso
+│   └── ubuntu-22.04.5-live-server-amd64.iso
+├── rhel/
+│   ├── rocky-9.4-x86_64-minimal.iso
+│   └── almalinux-9.4-x86_64-minimal.iso
+└── proxmox/
+    └── proxmox-ve_8.2-1.iso
+```
+
+## NAS Configuration (Synology)
+
+Ensure your NAS exports the share via NFS v4.1:
+
+1. Control Panel → Shared Folder → Edit → NFS Permissions
+2. Add rule:
+   - Hostname/IP: Tailscale IP of seedbox (e.g., `100.x.x.x`)
+   - Privilege: Read/Write
+   - Squash: No mapping
+   - Security: sys
+   - Enable NFSv4.1: ✅
+
+## Post-install
+
+```bash
+# Check NFS mount
+df -h /mnt/iso
+
+# View Transmission logs
+cd ~/transmission && docker compose logs -f
+
+# Restart Transmission
+cd ~/transmission && docker compose restart
+```