Excellent resource! Thanks so very much. I would love to see a little more clarity on the recommended setup for the datasets, as well as setting permissions. I know that permissions in particular can be very troublesome and the addition of a short step-by-step for this aspect would make this guide even more incredible that it already is.
I got around this by adding: fetch --no-verify-peer
Lastly, can we use media:media credentials on all iocages so they all match and all have the same permissions to write/read to the same folders?
If so would I just have to change:
iocage exec radarr chown -R media:media /usr/local/share/Radarr /config
Because I tried this and just got an error :(
Lastly iocage exec radarr rm /usr/local/share/Radarr.*.linux.tar.gz
Didnt work, I had to go into the jail and do it manually, no biggie just thought I'd mention it.
Just curious... have any of you tried following the guide for Organizr? I get to the point where I navigate to http://JailIP and nginx throws an error. I'm guessing it has something to do with nginx.conf. When I change the line "root /usr/local/www/Organizr;" to "root /usr/local/www/nginx;", I do not get an error. Any suggestions?
Fantastic documentation! Thank you! I have been hesitant to upgrade from 9.10 due to the switch to iocage but this resource has been very informative and I now have everything working as before. It would be great to see Nzbget and Nzbhydra2 added.
Very comprehensive and helpful. A few issues with transmission settings and ipfw rules though.
Transmission: If you don't set transmission_chown="NO", then transmission resets the mounted dataset ownership to root:wheel on start of service, which you don't want.
IPFW: When the openvpn is up, can't access transmission web from LAN. Transmission web is only accessible when openvpn is down. No solution updated for this yet so far.
I've been using this ipfw script which seems to work as a killswitch for openvpn.
# Flush out the list before we begin
ipfw -q -f flush
# Set rules command prefix
cmd="ipfw -q add"
# allow all local traffic on the loopback interface
$cmd 00001 allow all from any to any via lo0
# allow any connection to/from VPN interface
$cmd 00010 allow all from any to any via $vpn
# allow connection to/from LAN by Transmission
$cmd 00101 allow all from me to 10.11.102.0/24 uid transmission
$cmd 00102 allow all from 10.11.102.0/24 to me uid transmission
# deny any Transmission connection outside LAN that does not use VPN
$cmd 00103 deny all from any to any uid transmission
root@freenas:~ # iocage exec transmission service ipfw start
Flushed all rules.
00100 allow IP from any to any via lo0
00200 deny IP from any to 127.0.0.0/8
00300 deny IP from 127.0.0.0/8 to any
00400 deny IP from any to ::1
00500 deny IP from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
03000 allow IP from 192.168.1.100 to 192.168.1.0/24 keep-state :default
03000 allow IP from 192.168.1.0/24 to 192.168.1.0 keep-state :default
04000 allow IP from 192.168.1.100 to 22.214.171.124 keep-state :default
05000 allow IP from any to any via tun*
65534 deny IP from any to any
Firewall rules loaded.