Another tip, please be very careful when exposing ports to the public. With docker you’re already mitigating your attack surfaces but an open port allows anyone to make a connection and there are lots of bots out there looking for open ports and vulnerabilities. A good alternative would be to setup wireguard and instead then connect through that or if you like simplicity check out Tailscale.
This is kinda how I’ve come to look at it. You cannot ask questions of fact to a machine that works in probabilities.
Don’t, you can still install nix into Garuda. Works great as a separate package manager that won’t get in the way.
I think the problem is that most people dive right in and go to NixOS which has its quirks as a linux OS (see FHS). The Nix language is great at building and moving source code between computers, really any big collection of binaries. If you don’t do that, try just using the nix-shell command to instantly run a piece of software without installing it. You can write a shell.nix file to hop into and out of an environment with whatever software you need. Once you can write a couple .nix files then move onto NixOS; which after all is just a big collection of binaries.
Okay… one is closed sourced and the other open. That much I know. With those points out of the way, why is jellyfish superior?
What happened with Emby? I’ve used their service for a long time and have been very happy with their lifetime premium.
Good news, they support OIDC! Haven’t tested it myself so your mileage may vary.
I can create tools for my company that launches right out of ConfigMgr Software Center and other technicians can contribute without needing a programming background.
Now this is a bit of magic I would like to learn. I read through PowerShell in a month of lunches a couple of years ago and it’s saved my butt a couple of times. I’m due for a re-read though. Would you have a source on where I could go to learn more about creating GUI applications in PowerShell?
Check out this guide to get started with exposing your services via proxy. I started with v1 and migrated to v2. Until I dug this link out for you, I had no idea about v3; but if it’s as good as the first two I can only imagine how good it is now.
https://www.smarthomebeginner.com/traefik-v3-docker-compose-guide-2024/
Servarr is a stack of applications that sets up a media suite. Radarr and Sonarr handle the managing of movies and TV shows, respectively. Prowlarr searches for the media through either Torrenting or Usenet. Then you’d need a downloader like SABnzbd or Deluge. Ombi is another application to handle requests and finally you’d need a streaming app like Plex, Emby or Jellyfin.
Think of it like a marionette; you’re making a bunch of services work together for one goal. Most people use docker and create a docker compose file to manage all the services. Typically the flow goes like this, a person makes a request to Ombi for something to watch. That request goes to Radarr or Sonarr, which creates a folder and populates the Metadata from IMDB. Then a request is sent to Prowlarr to find the media. Once found its sent to the downloader, like Deluge, to actually grab the media. After it’s done, Radarr / Sonarr will import the media into the correct folder. Now you’ve got a perfect collection for Plex / Emby / Jellyfish to start streaming your media. Really awesome suite once you get it up and running.
You use a GPG key that you then add to the yubikey. The keys can only be written or deleted off the yubikey, you can’t read the secret once written. Then you can use the GPG key to either encrypt a file or sign it. Check out Pretty Good Privacy and the GnuPrivacy Guard software for more information on how that works.
I use my yubikey to encrypt files, sign my work in Git, as well as the usual password authenticator stuff. You can still use FIDO, U2F and OTP codes while using the GPG too.
Check out this awesome guide on how to setup an airgapped computer to generate the GPG key. https://github.com/drduh/YubiKey-Guide
I ran into this same situation, this repo helped me solve it.
https://github.com/chaifeng/ufw-docker#solving-ufw-and-docker-issues
I believe media hosting is only against their ToS if you try and use the proxy service. In the DNS page you would want to make sure the clouds are not orange. Fair warning though now your IP is exposed to the public.
https://www.linuxserver.io/blog/advanced-wireguard-container-routing
I think what you’re looking to do is route using IPTables. I’ve achieved a similar setup with this guide, just not using a mail server. With this setup the DNS can actually be taken care of by docker. With my phone on wireguard I can resolve by the container name on my VPS, internal server docker container, internal lan, and everything else goes out to Mullvad (direct too thanks to split tunneling). Very slick setup.
Unencrypted HTTP can mean that anyone can see your traffic as it passes through their network. Your ISP will see that traffic. If you’re streaming pirated music and you’re in a country that cares about those things, might not go very well. From a security stand point though, you still wouldn’t want to trust the authentication on the open port. A vulnerability may exist that you don’t know about. It’s always better to keep them closed and add another layer or two between your home computer and the public.
Tailscale let’s you tunnel into your home network without opening any ports, and it encrypts the traffic. Much safer way of doing it.