fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated docs

Browse Source
This commit is contained in:
rasmus-kirk
2024-03-13 15:43:13 +01:00
parent f99728342b
commit a0597889c3
5 changed files with 215 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/wiki/examples/example-2/index.md
+91
View File
@@ -0,0 +1,91 @@
---
title: Example Configuration where Port Forwarding is not an Option
---
An example where port forwarding is not an option. This is useful if,
for example, you're living in a dorm that does not allow it. This
example does the following:
- Runs Jellyfin and exposes it to the internet on a set port
- Starts openssh and runs it through the VPN so that it can be accessed
outside your home network
- Runs all the supported "*Arrs"
**Warning:** This is largely untested ATM!
```nix {.numberLines}
nixarr = {
enable = true;
vpn = {
enable = true;
wgConf = "/data/.secret/wg.conf";
};
jellyfin = {
enable = true;
vpn.enable = true;
# Access the Jellyfin web-ui from the internet.
# Get this port from your VPN provider
expose.vpn = {
enable = true;
port = 12345;
};
};
# Setup SSH service that runs through VPN.
# Lets you connect through ssh from the internet without having access to
# port forwarding
openssh.expose.vpn.enable = true;
transmission = {
enable = true;
vpn.enable = true;
peerPort = 50000; # Set this to the port forwarded by your VPN
};
bazarr.enable = true;
sonarr.enable = true;
radarr.enable = true;
prowlarr.enable = true;
readarr.enable = true;
lidarr.enable = true;
};
# The `openssh.vpn.enable` option does not enable openssh, so we do that here:
# We disable password authentication as it's generally insecure.
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
# Get this port from your VPN provider
ports = [ 54321 ]
};
# Adds your public keys as trusted devices
users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
./path/to/public/key/machine.pub}
];
```
This example uses SSH tunneling to expose most of your services. See the
[expose](/wiki/expose) wiki page for more info on how to safely access
your services.
In this example, you don't have access to any services without being on your
home network or accessing them through localhost. If you have SSH setup you
can use SSH tunneling. Simply run:
```sh
ssh -N user@ip \
-L 6001:localhost:9091 \
-L 6002:localhost:9696 \
-L 6003:localhost:8989 \
-L 6004:localhost:7878 \
-L 6005:localhost:8686 \
-L 6006:localhost:8787 \
-L 6007:localhost:6767
```
Replace `user` with your user and `ip` with the public ip, or domain if set
up, of your server. This lets you access the services on `localhost:6001`
through `localhost:6007`.