diff --git a/.gitignore b/.gitignore
old mode 100644
new mode 100755
diff --git a/.gitmodules b/.gitmodules
old mode 100644
new mode 100755
diff --git a/_share/data/docker/calibre-compose.yml b/_share/data/docker/calibre-compose.yml
old mode 100644
new mode 100755
diff --git a/_share/data/docker/forgejo-compose.yml b/_share/data/docker/forgejo-compose.yml
old mode 100644
new mode 100755
diff --git a/_share/data/docker/jellyfin-compose.yml b/_share/data/docker/jellyfin-compose.yml
new file mode 100755
index 0000000..5e01f21
--- /dev/null
+++ b/_share/data/docker/jellyfin-compose.yml
@@ -0,0 +1,23 @@
+version: "3.8"
+
+services:
+ jellyfin:
+ image: jellyfin/jellyfin:latest
+ container_name: jellyfin
+
+ user: "1004:1004" # Adjust to match your user/group ID (or use the media group ID)
+
+ ports:
+ - "127.0.0.1:8096:8096"
+
+ volumes:
+ - /srv/jellyfin/config:/config
+ - /srv/jellyfin/cache:/cache
+ - /home/ftpuser/ftp/media/video:/media/video
+ - /home/ftpuser/ftp/media/audio:/media/audio
+ - /home/ftpuser/ftp/media/books:/media/books
+
+ environment:
+ - TZ=Asia/Jerusalem
+
+ restart: unless-stopped
diff --git a/_share/data/docker/n8n-compose.yml b/_share/data/docker/n8n-compose.yml
old mode 100644
new mode 100755
diff --git a/_share/data/forgejo/tokens.org b/_share/data/forgejo/tokens.org
old mode 100644
new mode 100755
diff --git a/_share/data/nginx/calibre/gaming.conf b/_share/data/nginx/calibre/gaming.conf
old mode 100644
new mode 100755
diff --git a/_share/data/nginx/calibre/public-ssl.conf b/_share/data/nginx/calibre/public-ssl.conf
old mode 100644
new mode 100755
diff --git a/_share/data/nginx/calibre/public.conf b/_share/data/nginx/calibre/public.conf
old mode 100644
new mode 100755
diff --git a/_share/data/nginx/forgejo-ssl.conf b/_share/data/nginx/forgejo-ssl.conf
old mode 100644
new mode 100755
diff --git a/_share/data/nginx/forgejo.conf b/_share/data/nginx/forgejo.conf
old mode 100644
new mode 100755
diff --git a/_share/data/nginx/jellyfin-ssl.conf b/_share/data/nginx/jellyfin-ssl.conf
new file mode 100755
index 0000000..e6bb9ae
--- /dev/null
+++ b/_share/data/nginx/jellyfin-ssl.conf
@@ -0,0 +1,37 @@
+server {
+ server_name jellyfin.ronnyabraham.com;
+
+ location / {
+ proxy_pass http://localhost:8096;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ # WebSocket support
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $http_connection;
+ }
+
+ listen 443 ssl; # managed by Certbot
+ ssl_certificate /etc/letsencrypt/live/jellyfin.ronnyabraham.com/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /etc/letsencrypt/live/jellyfin.ronnyabraham.com/privkey.pem; # managed by Certbot
+ include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+ ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+
+server {
+ if ($host = jellyfin.ronnyabraham.com) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+
+ listen 80;
+ server_name jellyfin.ronnyabraham.com;
+ return 404; # managed by Certbot
+
+
+}
\ No newline at end of file
diff --git a/_share/data/nginx/jellyfin.conf b/_share/data/nginx/jellyfin.conf
new file mode 100755
index 0000000..b440ea7
--- /dev/null
+++ b/_share/data/nginx/jellyfin.conf
@@ -0,0 +1,18 @@
+server {
+ listen 80;
+ server_name jellyfin.ronnyabraham.com;
+
+ location / {
+ proxy_pass http://localhost:8096;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ # WebSocket support
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $http_connection;
+ }
+}
+
diff --git a/_share/data/nginx/n8n-ssl.conf b/_share/data/nginx/n8n-ssl.conf
old mode 100644
new mode 100755
diff --git a/_share/data/nginx/n8n.conf b/_share/data/nginx/n8n.conf
old mode 100644
new mode 100755
diff --git a/_share/media/css/computer.css.map b/_share/media/css/computer.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/.config.css.map b/_share/media/css/org-media-sass/.config.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/categories/business.css.map b/_share/media/css/org-media-sass/categories/business.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/categories/graphics.css.map b/_share/media/css/org-media-sass/categories/graphics.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/categories/music.css.map b/_share/media/css/org-media-sass/categories/music.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/categories/social.css.map b/_share/media/css/org-media-sass/categories/social.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/collapsible.css.map b/_share/media/css/org-media-sass/collapsible.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/content-overview.css.map b/_share/media/css/org-media-sass/content-overview.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/course_listings.css.map b/_share/media/css/org-media-sass/course_listings.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/org-base.css.map b/_share/media/css/org-media-sass/org-base.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/org-mode.css.map b/_share/media/css/org-media-sass/org-mode.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/themes/chroma-sepia.css.map b/_share/media/css/org-media-sass/themes/chroma-sepia.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/themes/cosmic-notes.css.map b/_share/media/css/org-media-sass/themes/cosmic-notes.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/themes/desert-oasis.css.map b/_share/media/css/org-media-sass/themes/desert-oasis.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/themes/golden-ledger.css.map b/_share/media/css/org-media-sass/themes/golden-ledger.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/themes/mint-chockolate.css.map b/_share/media/css/org-media-sass/themes/mint-chockolate.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/themes/modern-slate.css.map b/_share/media/css/org-media-sass/themes/modern-slate.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/themes/neon-noir.css.map b/_share/media/css/org-media-sass/themes/neon-noir.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/themes/sandy-peach.css.map b/_share/media/css/org-media-sass/themes/sandy-peach.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/css/org-media-sass/themes/sienna-elegance.css.map b/_share/media/css/org-media-sass/themes/sienna-elegance.css.map
old mode 100644
new mode 100755
diff --git a/_share/media/img/docker-layout.png b/_share/media/img/docker-layout.png
old mode 100644
new mode 100755
diff --git a/_share/media/img/ghibli-me1.png b/_share/media/img/ghibli-me1.png
new file mode 100755
index 0000000..043bcb3
Binary files /dev/null and b/_share/media/img/ghibli-me1.png differ
diff --git a/_share/media/img/n8n-diagram.png b/_share/media/img/n8n-diagram.png
old mode 100644
new mode 100755
diff --git a/_share/media/sass/computer.sass b/_share/media/sass/computer.sass
old mode 100644
new mode 100755
diff --git a/calibre.org b/calibre.org
old mode 100644
new mode 100755
diff --git a/docker-layout.png b/docker-layout.png
old mode 100644
new mode 100755
diff --git a/docker-tree.png b/docker-tree.png
old mode 100644
new mode 100755
diff --git a/docker.org b/docker.org
old mode 100644
new mode 100755
index ae67941..d656a52
--- a/docker.org
+++ b/docker.org
@@ -26,6 +26,7 @@
│ │ └── data/
│ ├── forgejo/
│ └── n8n/
+│ └── jellyfin/
#+end_example
**** storage layout table
@@ -38,6 +39,7 @@
| /mnt/storage/docker/compose/calibre/data | Calibre persistent volume |
| /mnt/storage/docker/compose/forgejo | Forgejo compose setup |
| /mnt/storage/docker/compose/n8n | N8N compose setup |
+| /mnt/storage/docker/compose/jellyfin | Jellyfin compose setup |
*** commands
@@ -70,3 +72,9 @@ nvim daemon.json
:CUSTOM_ID: docker-n8n
:END:
#+include: "_share/data/docker/n8n-compose.yml" src yaml
+
+** Jellyfin
+:PROPERTIES:
+:CUSTOM_ID: docker-jellyfin
+:END:
+#+include: "_share/data/docker/jellyfin-compose.yml" src yaml
diff --git a/forgejo.org b/forgejo.org
old mode 100644
new mode 100755
index 8ec6971..4fbc8c5
--- a/forgejo.org
+++ b/forgejo.org
@@ -19,10 +19,12 @@
| Docker User | git |
*** Users
-| Role | Username | Password | Email |
-|------------+------------+--------------+-------------------------|
-| Admin | git-admin | 2reishit2ara | ronny.abraham@ymail.com |
-| Developer | ronnygit | 2reishit2ara | ronny.coder@gmail.com |
+| Role | Username | Password | Email |
+|--------------+---------------+--------------+--------------------------|
+| Admin | git-admin | 2reishit2ara | ronny.abraham@ymail.com |
+| Developer | ronnygit | 2reishit2ara | ronny.coder@gmail.com |
+| notes admin | scribe | 2reishit2ara | scribe@ronnyabraham.com |
+| website user | website-ronny | 2reishit2ara | website@ronnyabraham.com |
*** token access
#+INCLUDE: "./_share/data/forgejo/tokens.org::#token-api-debug" :only-contents t
diff --git a/home-computer.org b/home-computer.org
old mode 100644
new mode 100755
diff --git a/installed-apps.org b/installed-apps.org
old mode 100644
new mode 100755
diff --git a/jellyfin.org b/jellyfin.org
new file mode 100755
index 0000000..f0b8595
--- /dev/null
+++ b/jellyfin.org
@@ -0,0 +1,71 @@
+#+title: Jellyfin
+#+HTML_HEAD:
+#+HTML_HEAD:
+#+OPTIONS: H:6
+
+* links
+- [[./toc.org][TOC - Home System]]
+
+
+* Jellyfin Basic Info
+
+url: video.ronnyabraham.com
+
+nginx conf: /etc/nginx/sites-available/video.ronnyabraham.com
+
+username: jellyfin-admin
+password: 2reishit2ara
+
+* setup Jellyfin
+
+** install Jellyfin
+#+begin_src
+curl -fsSL https://repo.jellyfin.org/debian/jellyfin_team.gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/jellyfin.gpg
+
+echo "deb [signed-by=/usr/share/keyrings/jellyfin.gpg] https://repo.jellyfin.org/debian bookworm main" | sudo tee /etc/apt/sources.list.d/jellyfin.list
+
+sudo apt update
+sudo apt install jellyfin -y
+#+end_src
+
+** start and enable Jellyfin
+#+begin_src
+sudo systemctl enable jellyfin
+sudo systemctl start jellyfin
+#+end_src
+
+** access Jellyfin
+
+access the setup wizard
+
+*** Open:
+#+begin_src
+http://:8096
+#+end_src
+
+*** If you're on the Pi itself:
+#+begin_src
+http://localhost:8096
+#+end_src
+
+* nginx setup
+
+** Site Configuration
+
+
+#+INCLUDE: "nginx.org::#jellyfin-conf" :only-contents t
+
+** Enable Site & Restart
+#+begin_src bash
+sudo ln -s /etc/nginx/sites-available/forgejo /etc/nginx/sites-enabled/
+sudo nginx -t && sudo systemctl reload nginx
+#+end_src
+
+** Enable HTTPS with Certbot
+#+begin_src bash
+sudo certbot --nginx -d git.ronnyabraham.com
+#+end_src
+
+** First-Time Setup
+- Visit: https://forgejo.ronnyabraham.com
+- Create the `git-admin` user and initialize your first repository.
diff --git a/n8n-setup.org b/n8n-setup.org
old mode 100644
new mode 100755
diff --git a/network-info.org b/network-info.org
old mode 100644
new mode 100755
index 09cc845..72a8477
--- a/network-info.org
+++ b/network-info.org
@@ -34,6 +34,83 @@
| DHCP Server | Enabled |
| IP Address Pool | 192.168.0.2 - 192.168.0.253 |
+** Open Ports
+These are the active port forwarding rules configured on the router for local devices. All are currently marked as open and mapped directly from external to internal ports on the same device.
+
+*** Current Port Forwards
+| Service Name | Device IP | External Port | Internal Port | Protocol | Status |
+|-----------------------------+--------------+---------------+---------------+----------+--------|
+| GIT | 192.168.0.63 | 222 | 222 | TCP | Open |
+| SSH | 192.168.0.63 | 22 | 22 | TCP | Open |
+| HTTPS | 192.168.0.63 | 443 | 443 | TCP | Open |
+| FTP | 192.168.0.63 | 21 | 21 | TCP | Open |
+| HTTP | 192.168.0.63 | 80 | 80 | TCP | Open |
+| Postgres - stg.ronnyabraham | 192.168.0.63 | 5433 | 5433 | TCP | Open |
+
+* FTP
+** FTP Server Configuration Overview
+
+| Setting | Value | Notes |
+|--------------------------+-------------------------------+----------------------------------------------------------|
+| Server IP (LAN) | 192.168.0.63 | Your Raspberry Pi's local IP |
+| Domain (optional) | ftp.ronnyabraham.com | Public address (requires DNS pointing to your home IP) |
+| FTP Username | ftpuser | Restricted to chroot jail: /home/ftpuser/ftp |
+| FTP Password | [your-password] | Chosen during user setup |
+| Login Port | 21 (TCP) | Already forwarded |
+| Passive Port Range | 30000–31000 (TCP) | Must be forwarded in router for PASV mode |
+| FTP Root Dir | /mnt/storage/srv/ftp | Physical storage location |
+| FTP Mount (seen by user) | /home/ftpuser/ftp | Bind-mounted for vsftpd |
+| Passive Mode Enabled | YES | Required for most clients like FileZilla, ncftp |
+| Encrypted FTP (FTPS) | NO | Not yet set up — optional for secure external access |
+| Firewall | None or default iptables | UFW not installed |
+| External Access Ready? | YES, if passive ports forwarded| Port forwarding must include 21 + 30000–31000 |
+
+** vsftpd.conf Configuration
+
+Location: `/etc/vsftpd.conf`
+
+Add or ensure the following lines are present to enable passive mode:
+#+begin_src conf
+pasv_enable=YES
+pasv_min_port=30000
+pasv_max_port=31000
+pasv_address=ftp.ronnyabraham.com
+#+end_src
+
+After changes, restart the service:
+#+begin_src bash
+sudo systemctl restart vsftpd
+#+end_src
+
+** Optional To-Do
+*** DONE Forward passive ports in router (30000–31000)
+*** TODO Enable TLS (FTPS) for secure login & transfer
+Enabling TLS (also known as FTPS) encrypts both the FTP login credentials and file transfers, protecting them from interception over the internet.
+
+This is especially important if you plan to access your FTP server remotely from public networks.
+
+Steps to enable:
+1. Generate or obtain an SSL certificate and key (self-signed or from a trusted CA)
+2. Edit `/etc/vsftpd.conf` to enable SSL:
+#+begin_src conf
+ ssl_enable=YES
+ rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+ rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+ force_local_data_ssl=YES
+ force_local_logins_ssl=YES
+ ssl_tlsv1=YES
+ ssl_sslv2=NO
+ ssl_sslv3=NO
+ require_ssl_reuse=NO
+ ssl_ciphers=HIGH
+ #+end_src
+3. Restart vsftpd:
+ #+begin_src bash
+ sudo systemctl restart vsftpd
+ #+end_src
+4. Configure your FTP client (e.g., FileZilla or ncftp) to use "FTP over TLS"
+
+
* Raspberry Pi Information
#+INCLUDE: "pi-storage.org::*Raspberry Pi Information" :only-contents t
diff --git a/nginx.org b/nginx.org
old mode 100644
new mode 100755
index 0793100..b38dbcc
--- a/nginx.org
+++ b/nginx.org
@@ -48,3 +48,13 @@
:CUSTOM_ID: n8n-conf
:END:
#+INCLUDE: "./_share/data/nginx/n8n-ssl.conf" src nginx
+
+** jellyfin
+*** initial
+#+INCLUDE: "./_share/data/nginx/jellyfin.conf" src nginx
+
+*** with ssl
+:PROPERTIES:
+:CUSTOM_ID: jellyfin-conf
+:END:
+#+INCLUDE: "./_share/data/nginx/jellyfin-ssl.conf" src nginx
diff --git a/pi-storage.org b/pi-storage.org
old mode 100644
new mode 100755
index 0b07fde..0bf3a10
--- a/pi-storage.org
+++ b/pi-storage.org
@@ -27,6 +27,7 @@ ping ronberrypi.local
| website | 2reishit2ara | www-data, sudo | /var/www, /home/website |
| ftpuser | 2reishit2ara | www-data, sudo | /home/ftpuser |
| librarian | 2reishit2ara | | librarian |
+| scribe | 2reishit2ara | | /home/scribe |
* connect with a vnc
- [[https://www.youtube.com/watch?v=9fEnvDgxwbI][Raspberry Pi Headless Setup]]
diff --git a/tigervn.org b/tigervn.org
old mode 100644
new mode 100755
diff --git a/toc.org b/toc.org
old mode 100644
new mode 100755
index 97f3008..0d42341
--- a/toc.org
+++ b/toc.org
@@ -18,3 +18,4 @@
- [[./forgejo.org][forgejo]]
- [[./n8n-setup.org][n8n setup]]
- [[./calibre.org][calibre]]
+- [[./jellyfin.org][jellyfin]]