Damien/infra-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5a47a8aafc010ad81dbd1b0e6c56f4b879370d1b
infra-scripts/seedbox
History
Damien Arnodo 5a47a8aafc fix(seedbox): bind WebUI to localhost and expose via tailscale serve 
- Change port binding from Tailscale IP to 127.0.0.1:9091
- Add tailscale serve to expose WebUI via HTTPS on tailnet
- Update MOTD and final message to reflect new access method
2025-12-31 19:42:23 +00:00
..
install.sh
fix(seedbox): bind WebUI to localhost and expose via tailscale serve
2025-12-31 19:42:23 +00:00
README.md
docs(seedbox): update for dual NFS mounts and storage architecture
2025-12-28 16:49:48 +00:00

README.md

Seedbox Server

Deploys a seedbox with Transmission for maintaining Linux ISO mirrors and OS images.

Quick Start

NFS_SERVER=nas curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash

Components

  • Transmission: BitTorrent client with WebUI
  • NFS: Dual mount to NAS for downloads and media storage
  • Tailscale: Private access to WebUI
  • Docker: Container runtime
  • UFW: Firewall (only peer port exposed publicly)
  • fail2ban + unattended-upgrades: Basic hardening

Environment Variables

Variable Default Description
NFS_SERVER required NAS hostname/IP (Tailscale)
NFS_SHARE_DOWNLOAD /volume2/Downloads NFS export for downloads
NFS_SHARE_MEDIA /volume2/Multimédia NFS export for media/ISOs
NFS_MOUNT_DOWNLOAD /mnt/download Local mount for downloads
NFS_MOUNT_MEDIA /mnt/media Local mount for media
SEEDBOX_HOSTNAME seedbox Server hostname
PEER_PORT 51413 BitTorrent peer port
TRANSMISSION_USER admin WebUI username
TRANSMISSION_PASS auto-generated WebUI password
TZ Europe/Paris Timezone

Example with custom settings:

NFS_SERVER=nas \
NFS_SHARE_DOWNLOAD=/volume1/torrents \
NFS_SHARE_MEDIA=/volume1/iso \
TRANSMISSION_USER=damien \
curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/seedbox/install.sh | bash

Network Access

Service Public Tailscale
BitTorrent peers Port 51413
Transmission WebUI Port 9091
SSH Tailscale SSH
NFS (to NAS)

Storage Architecture

NAS (via Tailscale)                    Seedbox LXC (70GB)
┌─────────────────────┐                ┌─────────────────────┐
│ /volume2/Downloads  │◄──── NFS ────►│ /mnt/download       │
│ (incomplete + temp) │                │   └► /downloads     │
├─────────────────────┤                │      (in container) │
│ /volume2/Multimédia │◄──── NFS ────►│ /mnt/media          │
│ (ISOs, VMDK, QCOW)  │                │   └► /media         │
└─────────────────────┘                │      (in container) │
                                       └─────────────────────┘

Transmission Paths

Container Path Host Path NAS Path Purpose
/downloads /mnt/download /volume2/Downloads Incomplete + completed torrents
/media /mnt/media /volume2/Multimédia Final ISOs, VMDK, QCOW images

Recommended Workflow

  1. Torrents download to /downloads (on NAS via NFS)
  2. Once complete, move ISOs to /media/iso/<distro>/
  3. Proxmox mounts the same NAS share for VM templates

What it does

  1. Sets hostname
  2. Installs base packages (vim, fail2ban, unattended-upgrades, nfs-common, at)
  3. Installs and connects Tailscale
  4. Installs Docker
  5. Configures dual NFS mounts to NAS (same as Proxmox)
  6. Deploys Transmission container with both mounts
  7. Configures UFW (peer port public, WebUI via Tailscale only)
  8. Temporarily opens SSH port 22 for 5 minutes (safety net)

SSH Safety Net

During installation, SSH port 22 is temporarily opened for 5 minutes to prevent lockout if you're connected via public IP. After 5 minutes, it will be automatically closed and only Tailscale SSH will work.

# List scheduled jobs
sudo atq

# Cancel the scheduled SSH closure (replace N with job number)
sudo atrm N

# Manually close SSH port 22 if needed
sudo ufw delete allow 22/tcp

Directory Structure

Organize your media by type:

/mnt/media/
├── iso/
│   ├── debian/
│   │   └── debian-12.7.0-amd64-netinst.iso
│   ├── ubuntu/
│   │   └── ubuntu-24.04.1-live-server-amd64.iso
│   ├── rhel/
│   │   └── rocky-9.4-x86_64-minimal.iso
│   └── proxmox/
│       └── proxmox-ve_8.2-1.iso
├── vmdk/
│   └── windows-server-2022.vmdk
└── qcow/
    └── cloud-init-debian-12.qcow2

NAS Configuration (Synology)

Ensure your NAS exports both shares via NFS:

  1. Control Panel → Shared Folder → Edit → NFS Permissions
  2. For each share (Downloads and Multimédia), add rule:
    • Hostname/IP: * or Tailscale IP of seedbox (e.g., 100.x.x.x)
    • Privilege: Read/Write
    • Squash: No mapping
    • Security: sys
    • Enable NFSv4.1:

Post-install

# Check NFS mounts
df -h /mnt/download /mnt/media

# View Transmission logs
cd ~/transmission && docker compose logs -f

# Restart Transmission
cd ~/transmission && docker compose restart

# Move completed ISO to final location
mv /mnt/download/debian-12.iso /mnt/media/iso/debian/
Reference in New Issue View Git Blame Copy Permalink