move images to different location

14 files changed, 169 insertions, 12 deletions

diff --git a/live/static/images/b/jack/jack_configured_indexers.png b/live/static/images/b/jack/jack_configured_indexers.png
new file mode 100755
index 0000000..b40742f
--- /dev/null
+++ b/live/static/images/b/jack/jack_configured_indexers.png
diff --git a/live/static/images/b/jack/jack_example_search.png b/live/static/images/b/jack/jack_example_search.png
new file mode 100755
index 0000000..cbecb5d
--- /dev/null
+++ b/live/static/images/b/jack/jack_example_search.png
diff --git a/live/static/images/b/notes/mail/dkim_test_successful.png b/live/static/images/b/mail/dkim_test_successful.png
index d762550..d762550 100644
--- a/live/static/images/b/notes/mail/dkim_test_successful.png
+++ b/live/static/images/b/mail/dkim_test_successful.png
diff --git a/live/static/images/b/notes/nginx/nginx_404_page.png b/live/static/images/b/nginx/nginx_404_page.png
index e420588..e420588 100644
--- a/live/static/images/b/notes/nginx/nginx_404_page.png
+++ b/live/static/images/b/nginx/nginx_404_page.png
diff --git a/live/static/images/b/notes/nginx/nginx_welcome_page.png b/live/static/images/b/nginx/nginx_welcome_page.png
index c98cc4d..c98cc4d 100644
--- a/live/static/images/b/notes/nginx/nginx_welcome_page.png
+++ b/live/static/images/b/nginx/nginx_welcome_page.png
diff --git a/live/static/images/b/notes/sql/erd_example.png b/live/static/images/b/sql/erd_example.png
index 2c73cbd..2c73cbd 100644
--- a/live/static/images/b/notes/sql/erd_example.png
+++ b/live/static/images/b/sql/erd_example.png
diff --git a/live/static/images/b/notes/sql/erd_example_wikipedia.png b/live/static/images/b/sql/erd_example_wikipedia.png
index 4f40194..4f40194 100644
--- a/live/static/images/b/notes/sql/erd_example_wikipedia.png
+++ b/live/static/images/b/sql/erd_example_wikipedia.png
diff --git a/live/static/images/b/notes/sql/img_fulljoin.gif b/live/static/images/b/sql/img_fulljoin.gif
index ace249e..ace249e 100644
--- a/live/static/images/b/notes/sql/img_fulljoin.gif
+++ b/live/static/images/b/sql/img_fulljoin.gif
diff --git a/live/static/images/b/notes/sql/img_innerjoin.gif b/live/static/images/b/sql/img_innerjoin.gif
index db00126..db00126 100644
--- a/live/static/images/b/notes/sql/img_innerjoin.gif
+++ b/live/static/images/b/sql/img_innerjoin.gif
diff --git a/live/static/images/b/notes/sql/img_leftjoin.gif b/live/static/images/b/sql/img_leftjoin.gif
index f205846..f205846 100644
--- a/live/static/images/b/notes/sql/img_leftjoin.gif
+++ b/live/static/images/b/sql/img_leftjoin.gif
diff --git a/live/static/images/b/notes/sql/img_rightjoin.gif b/live/static/images/b/sql/img_rightjoin.gif
index f34c021..f34c021 100644
--- a/live/static/images/b/notes/sql/img_rightjoin.gif
+++ b/live/static/images/b/sql/img_rightjoin.gif
diff --git a/src/blog/a/mail_server_with_postfix.md b/src/blog/a/mail_server_with_postfix.md
index de658c1..3df9826 100644
--- a/src/blog/a/mail_server_with_postfix.md
+++ b/src/blog/a/mail_server_with_postfix.md
@@ -519,4 +519,4 @@ Next, to actually login into a mail app/program, you will use the following sett
 
 All that's left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to [DKIM Test](https://www.appmaildev.com/en/dkim) and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:
 
-![DKIM Test successful](${SURL}/images/b/notes/mail/dkim_test_successful.png "DKIM Test successful")
+![DKIM Test successful](${SURL}/images/b/mail/dkim_test_successful.png "DKIM Test successful")
diff --git a/src/blog/a/website_with_nginx.md b/src/blog/a/website_with_nginx.md
index d4a5402..e3846cf 100644
--- a/src/blog/a/website_with_nginx.md
+++ b/src/blog/a/website_with_nginx.md
@@ -41,7 +41,7 @@ systemctl start nginx.service
 
 And that's it, at this point you can already look at the default initial page of Nginx if you enter the IP of your server in a web browser. You should see something like this:
 
-![Nginx welcome page](${SURL}/images/b/notes/nginx/nginx_welcome_page.png "Nginx welcome page")
+![Nginx welcome page](${SURL}/images/b/nginx/nginx_welcome_page.png "Nginx welcome page")
 
 As stated in the welcome page, configuration is needed, head to the directory of Nginx:
 
@@ -126,7 +126,7 @@ systemctl restart nginx
 
 If everything goes correctly, you can now go to your website by typing `domain.name` on a web browser. But you will see a "404 Not Found" page like the following (maybe with different Nginx version):
 
-![Nginx 404 Not Found page](${SURL}/images/b/notes/nginx/nginx_404_page.png "Nginx 404 Not Found page")
+![Nginx 404 Not Found page](${SURL}/images/b/nginx/nginx_404_page.png "Nginx 404 Not Found page")
 
 That's no problem, because it means that the web server it's actually working. Just add an `index.html` file with something simple to see it in action (in the `/var/www/some_folder` that you decided upon). If you keep seeing the 404 page make sure your `root` line is correct and that the directory/index file exists.
 
diff --git a/src/blog/temp/jellyfin_server_with_sonarr_radarr.md b/src/blog/temp/jellyfin_server_with_sonarr_radarr.md
index bc453d8..07a8439 100644
--- a/src/blog/temp/jellyfin_server_with_sonarr_radarr.md
+++ b/src/blog/temp/jellyfin_server_with_sonarr_radarr.md
@@ -8,9 +8,13 @@ tags: server
 	tutorial
 	english
 
-Riding on my excitement of having a good internet connection and having setup my *home server* now it's time to self host a media server for movies, series and anime. Everything here is performed in ==Arch Linux btw== and all commands should be run as root unless stated otherwise, as always.
+Riding on my excitement of having a good internet connection and having setup my *home server* now it's time to self host a media server for movies, series and anime. I'll be exposing my stuff on a personal (in the sense that I own it and it's going to be used for that only) subdomain, but that's optional depending on your setup.
 
-I'll be exposing my stuff on a personal subdomain, but that's optional depending on your setup.
+Most of my config is based on [TRaSH-Guides](https://trash-guides.info/) (I'll only mention it as "TRaSH", without the "-Guides") and will be mentioned when needed; I just mention it here in case I forget to give credit on the respective areas. Specially have a read at the [TRaSH: Native folder structure](https://trash-guides.info/Hardlinks/How-to-setup-for/Native/) as it is a very good setup along with the [TRaSH: Hardlinks and instant moves](https://trash-guides.info/Hardlinks/Hardlinks-and-Instant-Moves/).
+
+Everything here is performed in ==Arch Linux btw== and all commands should be run as root unless stated otherwise, as always.
+
+==Also kindly note that I do not condone the use of BitTorrent for illegal activities. I take no responsibility for what you do when setting up anything shown here. It is for you to check your local laws before using automated downloaders such as Sonarr and Radarr.==
 
 # Table of contents
 
@@ -28,9 +32,64 @@ Similar to my early [tutorial](https://blog.luevano.xyz/tag/@tutorial.html) entr
     - Optionally, another one for all *iso downloading software* (wink).
 - An SSL certificate, if you're following the other entries (specially the [website](https://blog.luevano.xyz/a/website_with_nginx.html) entry), add a `jellyfin.conf` (and optionally the *isos* subdomain config) and run `certbot --nginx` (or similar) to extend/create the certificate.
 
+## Create directory structure
+
+This is just the creation of the basic directory structure, as mentioned in [TRaSH: Native folder structure](https://trash-guides.info/Hardlinks/How-to-setup-for/Native/). I'll be using my steps to create default directory permissions on the directories as shown in my [Komga setup guide](https://blog.luevano.xyz/a/manga_server_with_komga#set-default-directory-permissions.html).
+
+First of all, create a service user called `servarr` that all services will use the group of:
+
+```sh
+useradd -r -s /usr/bin/nologin -M -c "Servarr applications" servarr
+```
+
+Then the desired behaviour is: set `servarr` as group ownership, set write access to group and whenever a new directory/file is created, inherit these permission settings.
+
+Create the `jellyfin` directory (this might come back and bite me in the ass later because of the `qbittorrent` download path) default permissions:
+
+```sh
+# some of these commands depend on which user created the directory
+mkdir /mnt/a/jellyfin
+chown servarr:servarr /mnt/a/jellyfin
+chmod g+w /mnt/a/jellyfin
+chmod g+s /mnt/a/jellyfin
+setfacl -d -m g::rwx /mnt/a/jellyfin
+setfacl -d -m o::rx /mnt/a/jellyfin
+```
+
+Then check that the permissions are set correctly (`getfacl /mnt/a/jellyfin`)
+
+```
+getfacl: Removing leading '/' from absolute path names
+# file: mnt/a/jellyfin
+# owner: servarr
+# group: servarr
+# flags: -s-
+user::rwx
+group::rwx
+other::r-x
+default:user::rwx
+default:group::rwx
+default:other::r-x
+```
+
+Then the subdirectories can be created using any user (the group permissions should be set automatically) then you can change the owner to `servarr` if you want:
+
+```sh
+cd /mnt/a/jellyfin
+mkdir torrents/{tv,movies,anime}
+mkdir media/{tv,movies,anime}
+chown -R servarr: /mnt/a/jellyfin
+```
+
+Later, add any user to the `servarr` grup if it needs access to write. These should be `qbittorrent`, `sonarr`, `radarr` and `jellyfin`, for example by running:
+
+```sh
+gpasswd -a <USER> servarr
+```
+
 # Jackett
 
-[Jackett](https://github.com/Jackett/Jackett) is a "proxy server" (or "middle-ware") which translates queries from apps (such as Sonarr and Radarr in this entry) into tracker-specific http queries.
+[Jackett](https://github.com/Jackett/Jackett) is a "proxy server" (or "middle-ware") which translates queries from apps (such as Sonarr and Radarr in this entry) into tracker-specific http queries. Note that there is an alternative called [Prowlarr](https://github.com/Prowlarr/Prowlarr) that it's actually better integrated with Sonarr and Radarr, requiring less maintenance; I'll still be using Jackett.
 
 Install from the AUR with `yay`:
 
@@ -61,7 +120,7 @@ server {
 }
 ```
 
-This is the basic reverse proxy config as shown in [Jackett: Running Jackett behgind a reverse proxy](https://github.com/Jackett/Jackett#running-jackett-behind-a-reverse-proxy). The rest of the services will be added under different `location` directives on their respective steps.
+This is the basic reverse proxy config as shown in [Jackett: Running Jackett behgind a reverse proxy](https://github.com/Jackett/Jackett#running-jackett-behind-a-reverse-proxy). The rest of the services will be added under different `location` block on their respective steps.
 
 ### SSL certificate
 
@@ -105,6 +164,20 @@ systemctl restart jackett.service
 
 And it should now be available at `https://isos.yourdomain.com/jack`. Right away go ahead and scroll down and add an admin password, because it is unprotected by default. You can change any other config you want from the Web UI, too.
 
+### Indexers
+
+For Jackett, an indexer is just a jackett configured tracker for some of the commonly known trackers/torrent sites, it comes pre-configured and you can select different indexer URL, useful when the site is down and you need to use a mirror. Some indexers come with extra features/configuration depending on what the site specializes on, for example the `Nyaa.si` indexer has options to provide better season information to Sonarr, and options for filter, category, etc..
+
+To add an indexer click on the "+ Add Indexer" at the top of the Web UI and look for indexers you know, for example *The Pirate Bay*, *Nyaa*, *1337x*, etc., then click on the "+" icon on the far-most right (or select the ones you want and scroll all the way to the bottom to add all selected) for each indexer you want. They then will show as a list with some available actions such as "Copy RSS Feed", "Copy Torznab Feed", "Copy Potato Feed", a button to search, configure, delete and test the indexer, as shown below:
+
+![Jacket: configured indexers](${SURL}/images/b/jack/jack_configured_indexers.png "Jackett: configured indexers")
+
+You can manually test the indexers by doing a basic search, in case you don't trust the "Test" button. For example:
+
+![Jacket: example search on tpb](${SURL}/images/b/jack/jack_example_search.png "Jackett: example search on tpb")
+
+We'll come back to Jackett to continue setting up Sonarr/Radarr with some indexers at their respective moments.
+
 # qBitTorrent
 
 [qBitTorrent](https://wiki.archlinux.org/title/QBittorrent) is a fast, stable and light BitTorrent client that comes with many features and in my opinion it's a really user friendly client and my personal choice for years now. But you can choose whatever client you want, there are more lightweight alternatives such as [Transmission](https://wiki.archlinux.org/title/transmission).
@@ -125,9 +198,11 @@ useradd -r -m qbittorrent
 
 And decide a port number you're going to run the service on for the next steps, the default is `8080` but I'll use `30000`; it doesn't matter much, as long as it matches for all the config.
 
+==Don't forget to add the `qbittorrent` user to the `servarr` group.==
+
 ## Reverse proxy
 
-Add the following `location` directive into the `isos.conf` with whatever subdirectory name you want, I'll call it `qbt`:
+Add the following `location` block into the `isos.conf` with whatever subdirectory name you want, I'll call it `qbt`:
 
 ```nginx
 location /qbt/ {
@@ -144,7 +219,7 @@ location /qbt/ {
 }
 ```
 
-This is basically taken from [qBitTorrent: NGINX Revers Proxy for Web UI](https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI). Restart the `nginx` service for the changes to take effect:
+This is taken from [qBitTorrent: NGINX Revers Proxy for Web UI](https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI). Restart the `nginx` service for the changes to take effect:
 
 ```sh
 systemctl restart nginx
@@ -182,7 +257,87 @@ systemctl restart `qbittorrent-nox@qbittorrent.service
 
 You can now head to `https://isos.yourdomain.com/qbt/` and login with user `admin` and password `adminadmin` (by default). First thing is that you should go and change the password in the config. The Web UI is basically the same as the normal desktop UI so if you've used it it will feel familiar. From here you can threat it as a normal torrent client and even start using it raw to download your Linux isos already.
 
-Finish configuring whatever defaults you want such as default download location, ports to use, etc.. We're really not going to use this Web UI, but the credentials are needed for the next couple of software.
+### Configuration
+
+It should be usable already but we can go further and fine tune it, specially to some kind of "convention" as shown in [TRaSH: qBitTorrent basic setup](https://trash-guides.info/Downloaders/qBittorrent/Basic-Setup/) and subsequent `qbittorrent` guides.
+
+I use all the suggested settings, where the only "changes" are for personal paths, ports, and in general connection settings that depend on my set up. The only super important setting I noticed that can affect our setup (meaning what is described in this entry) is the *Web UI -> Authentication* for the "Bypass authentication for cliens on localhost". This will be an issue because the reverse proxy is accessing `qbittorrent` via the localhost, so this will make the service open to the world, experiment at your own risk.
+
+Finally, add categories by following [TRaSH: qBitTorrent how to add categories](https://trash-guides.info/Downloaders/qBittorrent/How-to-add-categories/). I added 3: `tv`, `movies` and `anime`.
+
+# Radarr
+
+[Radarr](https://radarr.video/) is a movie collection manager that can be used to download movies via torrents. This is actually a fork of Sonarr, but Sonarr is harder to set up in my opinion so I'm starting with this one.
+
+Install from the AUR with `yay`:
+
+```sh
+yay -S radarr
+```
+
+The default port that Radarr uses is `7878` for http (the one we need for our reverse proxy).
+
+==Don't forget to add the `radarr` user to the `servarr` group.==
+
+## Reverse proxy
+
+Add the following `location` block into the `isos.conf` with whatever subdirectory name you want, I'll leave it as `radarr` as stated in the official documentation:
+
+```nginx
+location /radarr {
+    proxy_pass http://localhost:7878; # change port if needed, this is the default
+    proxy_http_version 1.1;
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+
+    proxy_redirect off;
+}
+# Allow the API External Access via NGINX
+location /radarr/api {
+    auth_basic off;
+    proxy_pass http://localhost:7878; # change port if needed, this is the default
+}
+```
+
+This is taken from [Radarr Installation: Reverse Proxy Configuration: NGINX](https://wiki.servarr.com/radarr/installation#nginx). Restart the `nginx` service for the changes to take effect:
+
+```sh
+systemctl restart nginx
+```
+
+## Start using Radarr
+
+You can now `start`/`enable` the `radarr.service`:
+
+```sh
+systemctl enable radarr.service
+systemctl start radarr.service
+```
+
+This will start the service and create the default configs under `/var/lib/radarr`, but we need to change the `URLBase` as we're running the reverse proxy under a subdirectory (`/radarr`). Edit `/var/lib/radarr/config.xml` and change the `URLBase` config:
+
+```xml
+...
+<UrlBase>/radarr</UrlBase>
+...
+```
+
+Then restart the service:
+
+```sh
+systemctl restart radarr.service
+```
+
+And head to `https://isos.yourdomain.com/radarr` and again go straight to secure the instance by adding authentication under *Settings -> General -> Security*. I added the "Forms" option, just fill in the username, password and click on save changes on the top left of the page. You can restart the service again and check that it asks for login credentials.
+
+### Configuration
+
+Now, this is the most tedious part, and I'm going to go for all of the defaults plus recommended configs (for the [TRaSH-Guides](https://trash-guides.info/), for example) according to the official [Radarr: Quick Start Guide](https://wiki.servarr.com/radarr/quick-start-guide). I'll be adding anything that is either not mentioned in the guide, or that is specific to how I'm setting up stuff in this entry.
 
 # Jellyfin
 
@@ -191,13 +346,15 @@ Finish configuring whatever defaults you want such as default download location,
 Install from the AUR with `yay`:
 
 ```sh
-pacman -S jellyfin-bin
+yay -S jellyfin-bin
 ```
 
 Similar to `jackett` this is a pre-built binary, but you can build from source with `yay` by installing `jellyfin` (or from the latest `git` commit with `jellyfin-git`).
 
 You can already `start`/`enable` the `jellyfin.service` which will start at `http://localhost:8096/` by default where you need to complete the initial set up. You can either allow through `ufw` and finish the setup, or create the reverse proxy through `nginx`.
 
+==Don't forget to add the `jellyfin` user to the `servarr` group.==
+
 ## Reverse proxy
 
 I'm going to have my `jellyfin` instance under a subdomain with an `nginx` reverse proxy as shown in the [Arch wiki](https://wiki.archlinux.org/title/Jellyfin#Nginx_reverse_proxy). For that, create a `jellyfin.conf` at the usual `sites-available/enabled` path for `nginx`:
@@ -288,4 +445,4 @@ systemctl enable jellyfin.service
 systemctl start jellyfin.service
 ```
 
-Then navigate to `https://jellyfin.yourdomain.com` and either continue with the set up wizard if you didn't already or continue with the next steps to configure your libraries.
\ No newline at end of file
+Then navigate to `https://jellyfin.yourdomain.com` and either continue with the set up wizard if you didn't already or continue with the next steps to configure your libraries.