http://trashpanda.fisherflix.com/ 2026-06-19T07:31:08+00:00 http://trashpanda.fisherflix.com/ http://trashpanda.fisherflix.com/_media/wiki/dokuwiki.svg text/html 2026-06-17T15:09:52+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/sidebar?rev=1781708992&do=diff Navigation 🚀 Quick Reference * Ecosystem Architecture * Deployment Sequence * IP, Port & VLAN Matrix * Troubleshooting Hub 🏗️ Infrastructure * Network Topology * Hardware Allocation Matrix * Omada SDN Implementation * Firewall ACLs 🖥️ Compute & Storage * Universal Linux Baselines * Hypervisor Host Deployment * Media Server Engine * Edge Proxy Node * NAS Array Initialization * NFS Fabric & Endpoints ⚙️ Core Services * NordVPN Tunnel * qBittorrent-nox * Pr… text/html 2026-06-17T14:57:21+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/start?rev=1781708241&do=diff TRaSH Panda Guides: Building a Fully Automated Home Media Ecosystem Welcome to the TRaSH Panda Guides—the definitive implementation blueprint for designing, securing, and deploying an enterprise-grade home media ecosystem. While the legendary TRaSH Guides taught the community how to perfectly tune applications for the highest quality media, the TRaSH Panda takes a step back to engineer the forest they live in. This guide isn't just about configuring the ARR stack; it is about building the dec… text/html 2026-06-17T14:39:39+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/integrations/ota_broadcast?rev=1781707179&do=diff OTA Broadcast & HDHomeRun Integration To integrate live, uncompressed local broadcast television (sports, local news) directly into the Plex Media Server interface, this expansion utilizes a SiliconDust HDHomeRun networked tuner and a physical Yagi antenna. text/html 2026-06-17T14:39:20+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/monolithic/synology_hyperconverged?rev=1781707160&do=diff The Synology Hyperconverged Build (Monolithic Fallback) <note warning> ARCHITECTURAL DISCLAIMER This configuration directly contradicts the elite, multi-homed, hardware-isolated philosophy established in the primary guide. Grouping public-facing ingestion tools on the exact same physical text/html 2026-06-17T14:35:54+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/reference/glossary?rev=1781706954&do=diff Ecosystem Glossary Due to the convergence of networking, storage, and application engineering, this architecture utilizes highly specific terminology. * API (Application Programming Interface): The 32-character hex strings that allow separated applications (like Overseerr and Sonarr) to communicate and send commands across VLAN boundaries. text/html 2026-06-17T14:35:37+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/reference/scripts?rev=1781706937&do=diff Core Automation Scripts This repository centralizes all bash scripts utilized for Day-2 background operations and Disaster Recovery orchestration. These scripts should be saved locally on the respective Linux hosts and made executable using `chmod +x <filename>`. text/html 2026-06-17T14:35:14+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/reference/testing_framework?rev=1781706914&do=diff Performance Testing & Verification Framework While the troubleshooting hub handles broken components, this framework is used during initial deployment (or after major hardware upgrades) to validate that the ecosystem can handle peak concurrent loads without dropping network packets or stalling disk I/O. text/html 2026-06-17T14:35:01+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/reference/iam_matrix?rev=1781706901&do=diff IAM & Permissions Matrix Because this ecosystem relies on a distributed NFS fabric (VLAN 50), mismatched User IDs (UIDs) or Group IDs (GIDs) between the compute nodes and the Synology NAS will result in catastrophic “Access Denied” or “Stale File Handle text/html 2026-06-17T14:31:12+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/reference/ip_port_matrix?rev=1781706672&do=diff IP, Port & VLAN Master Matrix This data dictionary centralizes all networking variables utilized across the decoupled ecosystem. Use this matrix when configuring firewall ACLs, NGINX reverse proxy blocks, or API handshakes between applications. Network Subnet Boundaries text/html 2026-06-17T14:30:43+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/operations/lifecycle_management?rev=1781706643&do=diff Application Lifecycle Management (Updates) While the base operating systems handle their own security patches via the configurations in Unattended Upgrades, the application layer requires manual, sequenced updates to prevent breaking API dependencies between Prowlarr, Sonarr, and Overseerr. text/html 2026-06-17T14:30:26+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/operations/power_states?rev=1781706626&do=diff Emergency Power States & Cold Boot Sequence In a highly interdependent architecture, powering on hosts in the incorrect order will result in cascading failures. Specifically, if the ARR stack boots before the NFS storage fabric is accessible, databases can corrupt, and download paths will fail over to the local text/html 2026-06-17T14:30:10+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/operations/troubleshooting?rev=1781706610&do=diff Troubleshooting & Health Diagnostics Due to the highly segmented nature of this architecture, standard single-host troubleshooting logic does not apply. When an application fails, the fault could lie at the container, host OS, hypervisor, or firewall gateway layer. text/html 2026-06-17T14:26:10+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/operations/automated_maintenance?rev=1781706370&do=diff Automated Maintenance & Watchdogs To truly achieve a zero-touch architecture, the ecosystem must be capable of self-healing from minor software hangs, VPN disconnections, or out-of-memory container crashes without requiring manual administrator intervention. text/html 2026-06-17T14:25:57+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/operations/veeam_dr?rev=1781706357&do=diff Veeam CE Disaster Recovery Orchestration Raid is not a backup. To protect the hypervisor configurations, Docker states, and critical application databases (Prowlarr, Sonarr, Plex), we utilize Veeam Backup & Replication Community Edition running on VM-C (Windows Server 2022) text/html 2026-06-17T14:25:42+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/operations/logging_telemetry?rev=1781706342&do=diff Centralized Event Logging (Telemetry) In a decoupled architecture, logging into five separate servers to parse application logs during an outage is highly inefficient. This section configures RSYSLOG on your Linux hosts to forward all system events over the network to the Synology NAS (The Vault) running LogCenter. text/html 2026-06-17T14:25:21+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/security/certbot_automation?rev=1781706321&do=diff Certbot TLS Lifecycle Orchestration Certbot automates the generation and renewal of Let's Encrypt SSL/TLS certificates. By integrating it with your NGINX proxy, your public-facing traffic becomes fully encrypted, and your web browser will display the trusted padlock icon. text/html 2026-06-17T14:25:02+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/security/nginx_edge?rev=1781706302&do=diff NGINX Edge Reverse Proxy (The Guard) Rather than punching dozens of port forwarding holes through your firewall for individual applications, this architecture utilizes a single, hardened entry point. The NGINX reverse proxy resides on Physical Host 4 (Raspberry Pi Edge Proxy) text/html 2026-06-17T14:20:26+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/services/unmanic?rev=1781706026&do=diff Unmanic Optimization Engine Unmanic runs alongside Plex on Physical Host 2 (The Brawn). It operates as a background worker, automatically scanning your NFS library and utilizing the NVIDIA GPU to transcode bloated legacy files (H.264, MPEG2) into high-efficiency H.265 (HEVC). This drastically reduces storage footprint and normalizes the media format for direct-play delivery. text/html 2026-06-17T14:20:11+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/services/plex_engine?rev=1781706011&do=diff Plex Media Server (Bare-Metal Engine) The Plex Media Server is the core delivery application. It is installed directly onto Physical Host 2 (The Brawn) to ensure it has unfettered, un-virtualized access to the discrete NVIDIA GPU for hardware-accelerated transcoding. text/html 2026-06-17T14:19:53+00:00 privacyl0st (privacyl0st@undisclosed.example.com) http://trashpanda.fisherflix.com/services/media_requests?rev=1781705993&do=diff Overseerr (Media Request Server) Overseerr acts as the public-facing dashboard. Family and friends will log into this web portal to request movies and television shows. Architectural Guardrail: Overseerr resides on VM-B (The Front-End Boundary) inside the