s8n/media-acquisition
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2026-05-20. You can view files and clone it, but cannot push or open issues or pull requests.
media-acquisition/.gitleaksignore
obsidian-ai d300d83ce1 init: media-acquisition pipeline scaffold 
Self-hosted BitTorrent + arr-stack + catalog-update pipeline targeting
nullstone (Debian 13). Replaces the legacy onyx -> rsync -> import
round-trip.

Contents:
- README.md          headline + ASCII architecture diagram + quickstart
- CLAUDE.md          project rules (mirrors beta-flix style)
- .gitignore         secrets dirs (.env, gluetun, qbt config, ssh keys)
- .gitleaksignore    allowlist nullstone LAN addr + Tailscale CGNAT
- docs/architecture.md   the plan in detail (gluetun + qbt + arr + catalog)
- docs/migration.md  onyx-qbt -> nullstone-qbt runbook (3 phases)
- docs/trackers.md   tracker schema + IP-pinning + ratio notes (user-curated)
- compose/docker-compose.yml  gluetun v3.40 + qbt 5.0.5 (netns=gluetun) +
                              sonarr/radarr/prowlarr (hotio) + betaflix-catalog
- compose/.env.example       documented env-var template (no secrets)
- compose/traefik/arr.yml    file-provider for qbt/sonarr/radarr/prowlarr
                             .s8n.ru subdomains, LAN+TS only via
                             trusted-only@file + authentik-forwardauth@file
- catalog/catalog.py         Flask service, ~340 LoC, /sonarr + /radarr +
                             /healthz; pulls beta-flix, inserts alphabetic
                             row into MEDIA-LIST.md, writes run log, commits
                             + pushes as obsidian-ai. Idempotent via
                             payload-hash cache.
- catalog/Dockerfile         python:3.12-slim + git + tini
- catalog/requirements.txt   flask + jinja2 + requests + gitpython + pyyaml (pinned)
- catalog/templates/*.j2     run log + catalog row Jinja templates
- catalog/README.md          service docs
- scripts/migrate-onyx.sh    phase-2 helper (rsync + .torrent ship, dry-run by default)
- scripts/add-tracker.sh     Prowlarr API helper
- scripts/killswitch-test.sh gluetun kill-switch verification (3 steps)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-20 01:15:43 +01:00

27 lines
1.2 KiB
Text
Raw Permalink Blame History

# Allowlist false-positive LAN-IP / tailnet-IP hits in docs + compose.
# These are the documented nullstone LAN address, the LAN/CGNAT
# allowed-egress subnets baked into gluetun config, and Proton WG client
# addresses — all infrastructure facts, not credentials.
# The lan-ip-rfc1918 rule is low-confidence by design — see ~/.config/git/.gitleaks.toml
# CLAUDE.md — header references nullstone LAN IP.
CLAUDE.md:lan-ip-rfc1918:9
# docs/architecture.md — header + § "Current State" reference live nullstone host.
docs/architecture.md:lan-ip-rfc1918:3
docs/architecture.md:lan-ip-rfc1918:30
# docs/migration.md — ssh + rsync targets to nullstone.
docs/migration.md:lan-ip-rfc1918:22
docs/migration.md:lan-ip-rfc1918:32
docs/migration.md:lan-ip-rfc1918:81
# scripts/migrate-onyx.sh — default NULLSTONE_SSH and ssh target.
scripts/migrate-onyx.sh:lan-ip-rfc1918:27
scripts/migrate-onyx.sh:lan-ip-rfc1918:35
# compose/docker-compose.yml — FIREWALL_OUTBOUND_SUBNETS allows LAN +
# RFC1918 + the Tailscale CGNAT range for webui reachability from
# trusted networks. These are public, well-known subnet constants.
compose/docker-compose.yml:lan-ip-rfc1918:26
compose/docker-compose.yml:tailnet-ip:26
Reference in a new issue View git blame Copy permalink