Damien/infra-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(seedbox): update README for tailscale serve and password handling

Browse Source 
- Add warning about setting TRANSMISSION_PASS explicitly
- Update Quick Start example with password
- Add password recovery section
- Update network access table for tailscale serve
- Add WebUI access section explaining HTTPS via tailnet
- Add troubleshooting section
This commit is contained in:
Damien Arnodo
2025-12-31 19:44:34 +00:00
parent 5a47a8aafc
commit dd052246b5
1 changed files with 66 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
seedbox/README.md
View File

@@ -5,14 +5,17 @@ Deploys a seedbox with Transmission for maintaining Linux ISO mirrors and OS ima
## Quick Start
```bash
NFS_SERVER=nas curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash
NFS_SERVER=nas TRANSMISSION_PASS=MySecureP@ss123 \
curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash
```
> **⚠️ Important:** Always set `TRANSMISSION_PASS` explicitly. If omitted, a random password is generated and displayed only once at the end of the installation. It cannot be recovered afterward without resetting the config.
## Components
- **Transmission**: BitTorrent client with WebUI
- **NFS**: Dual mount to NAS for downloads and media storage
- **Tailscale**: Private access to WebUI
- **Tailscale**: Private access to WebUI via `tailscale serve`
- **Docker**: Container runtime
- **UFW**: Firewall (only peer port exposed publicly)
- **fail2ban** + **unattended-upgrades**: Basic hardening
@@ -29,7 +32,7 @@ NFS_SERVER=nas curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branc
| `SEEDBOX_HOSTNAME` | `seedbox` | Server hostname |
| `PEER_PORT` | `51413` | BitTorrent peer port |
| `TRANSMISSION_USER` | `admin` | WebUI username |
| `TRANSMISSION_PASS` | *auto-generated* | WebUI password |
| `TRANSMISSION_PASS` | *auto-generated* | WebUI password (⚠️ set explicitly!) |
| `TZ` | `Europe/Paris` | Timezone |
Example with custom settings:
@@ -39,18 +42,43 @@ NFS_SERVER=nas \
NFS_SHARE_DOWNLOAD=/volume1/torrents \
NFS_SHARE_MEDIA=/volume1/iso \
TRANSMISSION_USER=damien \
TRANSMISSION_PASS=MySecurePassword \
curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash
```
### Password Recovery
If you forgot to set `TRANSMISSION_PASS` and lost the auto-generated password:
```bash
# Option 1: Check the docker-compose.yml (password in clear text)
grep PASS ~/transmission/docker-compose.yml
# Option 2: Reset by editing docker-compose.yml
cd ~/transmission
sed -i 's/PASS=.*/PASS=NewPassword/' docker-compose.yml
docker compose down && docker compose up -d
```
## Network Access
| Service | Public | Tailscale |
|---------|--------|-----------|
| BitTorrent peers | ✅ Port 51413 | ✅ |
| Transmission WebUI | ❌ | ✅ Port 9091 |
| Transmission WebUI | ❌ | ✅ HTTPS via `tailscale serve` |
| SSH | ❌ | ✅ Tailscale SSH |
| NFS (to NAS) | ❌ | ✅ |
### WebUI Access
The WebUI is exposed via Tailscale Serve with automatic HTTPS:
```
https://seedbox.<your-tailnet>.ts.net
```
The WebUI binds to `localhost:9091` and is proxied through `tailscale serve`, ensuring it's never accessible from the public internet.
## Storage Architecture
```
@@ -86,8 +114,9 @@ NAS (via Tailscale) Seedbox LXC (70GB)
4. Installs Docker
5. Configures dual NFS mounts to NAS (same as Proxmox)
6. Deploys Transmission container with both mounts
7. Configures UFW (peer port public, WebUI via Tailscale only)
8. Temporarily opens SSH port 22 for 5 minutes (safety net)
7. Exposes WebUI via `tailscale serve` (HTTPS on tailnet)
8. Configures UFW (peer port public, WebUI via Tailscale only)
9. Temporarily opens SSH port 22 for 5 minutes (safety net)
## SSH Safety Net
@@ -149,6 +178,37 @@ cd ~/transmission && docker compose logs -f
# Restart Transmission
cd ~/transmission && docker compose restart
# Check tailscale serve status
tailscale serve status
# Move completed ISO to final location
mv /mnt/download/debian-12.iso /mnt/media/iso/debian/
```
## Troubleshooting
### WebUI not accessible
```bash
# Check tailscale serve is running
tailscale serve status
# Restart if needed
sudo tailscale serve --bg http://localhost:9091
# Check container is running
docker ps | grep transmission
# Check container logs
cd ~/transmission && docker compose logs
```
### Reset Transmission credentials
```bash
cd ~/transmission
docker compose down
# Edit docker-compose.yml to change USER and PASS
vim docker-compose.yml
docker compose up -d
```