• merthyr1831@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    You know what’s hotter? Running an automated piracy server using Plex (Or Jellyfin i guess xoxo) and the -arr family of apps on a raspberry Pi so you can pretend you’ve got a cute little netflix system :^)

    • boonhet@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Requires slightly more hardware than a pi, but once you get to the double digit terabytes range of storage, you can honestly have a better plex/jellyfin library than Netflix in any one particular country (except maybe the US? I think US netflix has all the good shows and movies that we’re missing here in Europe).

      Netflix might have more volume, but there’s a lot of low quality shit nobody wants to watch, whereas you can just throw literally every blockbuster ever made on just a couple of terabytes at lower quality levels.

      • glue_snorter@lemmy.sdfeu.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I have an always-on vpn container and a transmission server container on my home server. Then I use transmission as a client on my laptop and I don’t need to continually connect and disconnect.

        Any interest in a how-to guide? I won’t get to it for at least two weeks, mind.

          • glue_snorter@lemmy.sdfeu.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Implementation of VPN’d torrent client

            This is how I torrent over Mullvad. I have no hesitation to recommend Mullvad - but I am not a crypto or security expert.

            The main image fails closed - if the VPN goes down, transmission disconnects.

            This setup also includes a SOCKS server that proxies your traffic over the same VPN. I use a separate browser (librewolf) and set the SOCKS proxy to :2020 including sending DNS over SOCKS. That’s because my country blocks piracy-related sites at the DNS level. If you don’t need this, you can delete the socks section of the docker-compose file.

            On my ubuntu laptop, I install transmission-remote-gtk in order to click on a magnet link and have it added. Otherwise you have to browse to the container’s web interface, which gets tiresome.

            I have this installed as a systemd service so it runs on boot. I use the systemd state and credential features as a safeguard against my own mistakes with permissions, but my long-term goal is to encrypt these files on disk. Linux can be pwned - I have read that around 35% of botnet nodes are linux (although these are presumably mostly weak IoT devices). The secondary benefit of the LoadCredential/CREDENTIALS_DIRECTORY mechanism is that it doesn’t expose secrets as environment variables.

            The p2p.service file needs to be in that path, but you can put the other files wherever you want.

            Known issues / todo list

            • The socks proxy sometimes falls over, I haven’t looked into why
            • The downloaded files will be owned by root, since that’s what the container runs as

            File contents

            /root/.secrets/mullvad:

            123456789
            ""
            

            For mullvad, there is no password, only an account number. I believe that the empty quotes are necessary. This file should be owned by root and chmod 600; containing dir should be 700. Replace the account number with your own account, obvs!

            /etc/systemd/system/p2p.service:

            [Unit]
            Description=p2p
            Requires=docker.service multi-user.target
            After=docker.service network-online.target dhcpd.service
            
            [Service]
            Restart=always
            RemainAfterExit=yes
            WorkingDirectory=/usr/local/bin/p2p
            ExecStart=docker compose up --remove-orphans
            ExecStop=docker compose down
            LoadCredential=mullvad:/root/.secrets/mullvad
            DynamicUser=yes
            SupplementaryGroups=docker
            StateDirectory=p2p
            StateDirectoryMode=700
            
            [Install]
            WantedBy=multi-user.target
            

            /usr/local/bin/p2p/docker-compose.yml:

            ---
            version: "3.7"
            
            services:
              p2p:
                restart: always
                container_name: p2p
                image: haugene/transmission-openvpn   # see also: https://www.nickkjolsing.com/posts/dockermullvadvpn/
                cap_add:
                  - NET_ADMIN
                sysctls:
                  - "net.ipv6.conf.all.disable_ipv6=0"  # ipv6 must be enabled for Mullvad to work
                volumes:
                  - ${STATE_DIRECTORY:-./config/}:/config   # dir managed by systemd - but defaults to ./config if running interactively
                  - ${CREDENTIALS_DIRECTORY:-.}/mullvad:/config/openvpn-credentials.txt:ro  # var populated by LoadCredential - but defaults to ./mullvad if running interactively
                  - transmission:/data
                  - transmission_incomplete:/data/incomplete
                  - /my/directory/Downloads:/data/completed
                environment:
                  - OPENVPN_PROVIDER=MULLVAD
                  - OPENVPN_CONFIG=se_all  # sweden
                  - LOCAL_NETWORK=192.168.1.0/24    # put your own LAN network here - in most cases it should end in .0/24
                  - TRANSMISSION_WEB_UI=flood-for-transmission  # optional
                ports:
                  - 9091:9091
                  - 80:9091
                  - 2020:2020
            
              socks:
                restart: always
                container_name: socks
                image: lthn/dante
                network_mode: "service:p2p"
                volumes:
                  - ./sockd.conf:/etc/sockd.conf
                depends_on:
                  - p2p
            
            volumes:
              transmission:
                external: false
              transmission_completed:
                external: false
              transmission_incomplete:
                external: false
            

            /usr/local/bin/p2p/sockd.conf:

            logoutput: stderr
            # debug: 2
            internal: 0.0.0.0 port = 2020
            external: tun0
            external.rotation: route
            
            clientmethod: none
            socksmethod: username none
            
            user.privileged: root
            user.notprivileged: nobody
            user.unprivileged: sockd
            
            # Allow everyone to connect to this server.
            client pass {
                from: 0.0.0.0/0 to: 0.0.0.0/0
                log: connect error  # disconnect
            }
            
            # Allow all operations for connected clients on this server.
            socks pass {
                from: 0.0.0.0/0 to: 0.0.0.0/0
                command: bind connect udpassociate
                log: error  # connect disconnect iooperation
                #socksmethod: username
            }
            # Allow all inbound packets.
            socks pass {
                from: 0.0.0.0/0 to: 0.0.0.0/0
                command: bindreply udpreply
                log: error  # connect disconnect iooperation
            }
            

            Steps

            1. Install docker and docker-compose, e.g. with sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
            2. Create the files with contents as above
            3. sudo systemctl enable p2p
            4. sudo systemctl start p2p
            5. Check what it’s doing: systemctl status p2p
            6. On first start, it will take a few minutes to pull the images
            7. To debug interactively while also passing the creds, use sudo systemd-run -P --wait -p LoadCredential=mullvad:/root/.secrets/mullvad docker compose up --remove-orphans
            8. Every so often, cd into /usr/local/bin/p2p and run docker compose pull to update the images.
      • merthyr1831@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Even without the volume you can have a “better” library, especially when platforms like Netflix sometimes cut out episodes or scenes from shows. Community, for example, is missing a bunch of scenes on Netflix that can mess up the story a bit.

        • boonhet@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          That’s also true. But it’s the selection where you can really win with volume. Apple has great shows but there’s not a lot. Netflix has some good movies, but not too many. But you can have them all.