My latest project was transforming an old ass AMD Phenom workstation into a home NAS. FreeNAS is stupid simple to get up and running (if you do the prerequisite reading on ZFS) so this post is not about how I got that set up. Instead, this post is a general document of the steps I took after the initial NAS setup to get some extra functionality out of the machine in the form of jails (BSD-flavored containerization). Again, no one reads this so don’t expect a guide, this is just incase the box explodes and I have to set everything up again!
The FreeNAS box itself is at 10.0.0.52
- deluge @ 10.0.0.228:8112
- plex @ 10.0.0.231:32400
- radarr @ 10.0.0.52:7878 (NAT)
- sonarr @ 10.0.0.52:8989 (NAT)
- jackett @ 10.0.0.98:9117
DHCP server will nuke these.
The jackett plugin fails for one reason or another, so it’s a standard jail now.
pkg update pkg upgrade pkg install jackett sysrc "jackett_enable=YES" service jackett start
Deluge was having DNS problems as a plugin. Either way, I rebuilt it by hand.
pkg update pkg upgrade pkg install deluge vim sysrc "deluged_enable=YES" "deluged_user=nobody" "deluged_confdir=/usr/local/etc/deluge" "deluge_web_enable=YES" "deluge_web_user=nobody" "deluge_web_confdir=/usr/local/etc/deluge" mkdir /usr/local/etc/deluge chown nobody:nobody /usr/local/etc/deluge
nobody is the generic unprivileged system account. However, the more services that use nobody, the more files and processes that user will become associated with, and hence the more privileged that user becomes.
pkg info deluge reveals that we are now running 2.0.3, compared to to the plugion which was severely unmaintaned at 1.5 or so if memory serves. Hopefully this resolves the networking issues.
Setting up openVPN inside a jail is as simple as it would be on a linux box..
jls # list jails jexec $jailnumber tcsh # open a shell in the jail pkg update pkg upgrade pkg install openvpn wget mkdir /usr/local/etc/openvpn cd !$ vim ./auth.txt # username on line 1 pw on line 2 chmod 600 !$ mkdir ./download # we will pull pia's ovpn list here and unzip it cd !$ wget https://www.privateinternetaccess.com/openvpn/openvpn.zip --no-check-certificate unzip openvpn.zip cp $chosen-server-ovpn-conf ../openvpn.conf cd .. vim openvpn.conf # add absolute path to auth.txt as value after auth-user-pass sysrc "openvpn_enable=YES" "openvpn_if=tun" # must set allow_tun for this jail for this to work.
wget -qO - http://wtfismyip.com/text to check external IP.
Shutdown jail, mount datasets, restart and connect to the web interface.
Start and stop openvpn with
service openvpn start/stop/status respectively.