diff --git a/index.xml b/index.xml
index 22297f4..0124156 100644
--- a/index.xml
+++ b/index.xml
@@ -10,25 +10,25 @@
Resize Ubuntu VM Disk in Proxmox
- https://mafyuh.github.io/post/resize-ubuntu-vm-disk/
+ https://mafyuh.github.io/posts/resize-ubuntu-vm-disk/
Tue, 06 Feb 2024 02:58:07 +0000
- https://mafyuh.github.io/post/resize-ubuntu-vm-disk/
+ https://mafyuh.github.io/posts/resize-ubuntu-vm-disk/1st step: Increase/resize disk from GUI console 2nd step: Extend physical drive partition and check free space with: sudo growpart /dev/sda 3 sudo pvdisplay sudo pvresize /dev/sda3 sudo pvdisplay 3rd step: Extend Logical volume sudo lvdisplay sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv sudo lvdisplay 4th step: Resize Filesystem sudo resize2fs /dev/ubuntu-vg/ubuntu-lv sudo fdisk -l Proton Mail - SimpleLogin authentik Social Login Setup
- https://mafyuh.github.io/post/proton-mail-authentik-social-login-setup/
+ https://mafyuh.github.io/posts/proton-mail-authentik-social-login-setup/
Sun, 12 Nov 2023 16:20:00 +0000
- https://mafyuh.github.io/post/proton-mail-authentik-social-login-setup/
+ https://mafyuh.github.io/posts/proton-mail-authentik-social-login-setup/This is just a quick guide on how to authenticate your authentik users with Proton using SimpleLogin OIDC.
To accomplish this, first create a SimpleLogin acct by logging in with Proton. Once thats done go to https://app.simplelogin.io/developer and create a website. Give it your authentik URL.
Then go to Oauth Settings and copy your client ID and secret for next step. add your authentik URL in redirect URL like this https://auth.How To Automate Jellyfin Issue Handling
- https://mafyuh.github.io/post/how-to-automate-jellyfin-issue-handling/
+ https://mafyuh.github.io/posts/how-to-automate-jellyfin-issue-handling/
Sat, 11 Nov 2023 16:20:00 +0000
- https://mafyuh.github.io/post/how-to-automate-jellyfin-issue-handling/
+ https://mafyuh.github.io/posts/how-to-automate-jellyfin-issue-handling/I wanted a way to automate when users tell me a video on my Jellyfin server has an issue. After alot of trial and error, ChatGPT, Bard and I came up with this automation.
Requirements My only requirements when making this was that it was free and self-hostable. Not even any NPM extensions are required in AP. Actual Software requirements are:
Sonarr Radarr Overseerr/Jellyseerr Optional
@@ -36,35 +36,35 @@ SMTP server or ability to send SMTP messages (can also use discord) ActivePieces
How to authenticate Guacamole via authentik with Cloudflare and Nginx Proxy Manager
- https://mafyuh.github.io/post/how-to-authenticate-guacamole-authentik-nginxproxymanager/
+ https://mafyuh.github.io/posts/how-to-authenticate-guacamole-authentik-nginxproxymanager/
Sun, 29 Oct 2023 16:20:00 +0000
- https://mafyuh.github.io/post/how-to-authenticate-guacamole-authentik-nginxproxymanager/
+ https://mafyuh.github.io/posts/how-to-authenticate-guacamole-authentik-nginxproxymanager/authentik’s docs have a guide already for Guacamole. You can find that here. Follow all the instructions there, (especially the part where you create a user in Guacamole with the USERNAME of your email. not just filling in the email), but if you are using Cloudflare as our DNS you may run into problems. Such as infinite redirect loop.
Error 403 Forbidden While it was looping, I checked my Guacamole docker container logs in Portainer, and found the 403 Forbidden error.How to authenticate Zammad via SAML with Nginx Proxy Manager
- https://mafyuh.github.io/post/how-to-authenticate-zammad-via-saml-with-nginx-proxy-manager/
+ https://mafyuh.github.io/posts/how-to-authenticate-zammad-via-saml-with-nginx-proxy-manager/
Sun, 29 Oct 2023 16:20:00 +0000
- https://mafyuh.github.io/post/how-to-authenticate-zammad-via-saml-with-nginx-proxy-manager/
+ https://mafyuh.github.io/posts/how-to-authenticate-zammad-via-saml-with-nginx-proxy-manager/If you are getting error messages like:
422: the change you wanted was rejected. message from saml: actioncontroller::invalidauthenticitytoken Just make sure you set these in your Nginx Proxy Manager hosts Advanced field:
location / { proxy_pass http://zammad:8080; # Replace proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Host $host; } I spent way too long trying to figure this out, reading through Github issues, breaking my SAML provider and Zammad configs, starting over, when the whole time it was just good old nginx header issues.How To Authenticate KASM via authentik
- https://mafyuh.github.io/post/how-to-authenticate-kasm-via-authentik/
+ https://mafyuh.github.io/posts/how-to-authenticate-kasm-via-authentik/
Sat, 30 Sep 2023 16:20:00 +0000
- https://mafyuh.github.io/post/how-to-authenticate-kasm-via-authentik/
+ https://mafyuh.github.io/posts/how-to-authenticate-kasm-via-authentik/You could do this with OpenID as well but this method is using SAML. This guide assumes you already have running instances of Kasm Workspaces and authentik.
The official authentik docs dont have a Kasm Integration listed at the time. So I thought I would help out anyone who is trying to integrate these services via SAML. authentik’s SAML docs can be found here.
Setting up Kasm In the Kasm Workspaces admin, click Access Management - Authentication - SAML and create a new configuration.Software
- https://mafyuh.github.io/post/software/
+ https://mafyuh.github.io/posts/software/
Sat, 26 Aug 2023 00:13:40 +0000
- https://mafyuh.github.io/post/software/
+ https://mafyuh.github.io/posts/software/Just a straight forward list of pretty much everything that makes up my homelab. Or systems I’ve ran in the past.
Operating Systems
Ubuntu 23.04 Ubuntu 22.04 (primary on most systems) CentOS/Fedora 38 (only when Ubuntu doesnt play nice) Debian 11 Proxmox 8 Windows 10/11 TrueNAS Scale (virtualized) CasaOS (zimaboard) pfSense Applications/Containers
diff --git a/post/how-to-authenticate-guacamole-authentik-nginxproxymanager/index.html b/post/how-to-authenticate-guacamole-authentik-nginxproxymanager/index.html
index bdcdae9..c8fbfec 100644
--- a/post/how-to-authenticate-guacamole-authentik-nginxproxymanager/index.html
+++ b/post/how-to-authenticate-guacamole-authentik-nginxproxymanager/index.html
@@ -1,7 +1,7 @@
-
+
@@ -10,16 +10,16 @@
-
+
-
-
-
-
-
+
+
+
+
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ How to authenticate Guacamole via authentik with Cloudflare and Nginx Proxy Manager
+
+
October 29, 2023 · 2 min · 344 words · Mafyuh
+
+
+
+
+
+ Table of Contents
+
+
+
+
+
+
+
+
authentik’s docs have a guide already for Guacamole. You can find that here. Follow all the instructions there, (especially the part where you create a user in Guacamole with the USERNAME of your email. not just filling in the email), but if you are using Cloudflare as our DNS you may run into problems. Such as infinite redirect loop.
While it was looping, I checked my Guacamole docker container logs in Portainer, and found the 403 Forbidden error.
+
22:03:59.418 [http-nio-8080-exec-2] INFO o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"alg":"RS256","kid":"xxx","typ":"JWT"} due to an unexpected exception (java.io.IOException: Non 200 status code (403 Forbidden) returned from https://example.com/application/o/guacamole/jwks/?exclude_x5)while obtaining or using keys from JWKS endpoint at https://example.com/application/o/guacamole/jwks/?exclude_x5): JsonWebSignature{"alg":"RS256","kid":"xxx","typ":"JWT"}
+
I assumed it had something to do with my Nginx Proxy Manager and the way I was proxying Guacamole, I do have WebSocket support and block common exploits enabled, their docs give a nginx config that I added under advanced.
I messed around with settings individually for hours, reading their docs, tried oznu’s Guacamole image as well, this time with errors about the postgres version being incompatible. Figured it could be something with Cloudflare so turned down my HTTPS settings. Nada. Tried SAML, more errors. Finally found this github issue and thanks to Fma965 for finding the solution.
+
Go to your Cloudflare Dashboard. Click on your domains summary and then on the left tab find Rules.
+
Under Page Rules - Create a New Page Rule, set the URL as your jwks URL from authentik’s provider summary. Under pick a setting, choose Browser Integrity Check and make sure its unchecked. Save.
+
+
+
This finally got me authenticated into my Guacamole instance via authentik. I spent way too much time on this integration. Anyways, hope this guide helps someone who may be in my shoes.
September 30, 2023 · 2 min · 393 words · Mafyuh
+
+
+
+
+
+ Table of Contents
+
+
+
+
+
+
+
+
You could do this with OpenID as well but this method is using SAML. This guide assumes you already have running instances of Kasm Workspaces and authentik.
+
The official authentik docs dont have a Kasm Integration listed at the time. So I thought I would help out anyone who is trying to integrate these services via SAML. authentik’s SAML docs can be found here.
In the Kasm Workspaces admin, click Access Management - Authentication - SAML and create a new configuration. Make sure you enable and make default after testing. You will probably find yourself switching between tabs alot, its best to start creating them both at the same time as you need links from each.
X509 Certificate: Skip to authentik setup first, then come back here. In authentik admin, go to your newly created SAML provider, when you click the provider and are brought to its details, you should have the option to Download signing certificate. Download it and paste the files contents here.
In the authentik admin, under Applications, create a new SAML provider. Once you created a provider, create an Application and set its provider to the newly created kasm provider. For simplicity sake, the provider and application name is kasm. (kasms pictured)
Under Advanced, choose a signing certificate, default is authentik.
+
Go back to Kasm x509 Certificate.
+
+
Make sure you save you changes. You should now be able to test SAML at the bottom of the page, once tested, I recommend opening a incognito tab and loading your KASM website.
+
+
+
You should now be able to authenticate yourself using SAML via authentik. I recommend going back to your admin session and adding your newly created user to the admin group. Also if it should only be you accessing this via authentik, I would change the kasm Application in authentik and bind it to your user.
+
Thank you to u/agent-squirrel and this subreddit post on helping me with the NameID Attribute part!
I spent way too long trying to figure this out, reading through Github issues, breaking my SAML provider and Zammad configs, starting over, when the whole time it was just good old nginx header issues.
+
Hope this helps someone out. Fix was found on this rails github issue.
November 11, 2023 · 19 min · 3952 words · Mafyuh
+
+
+
+
+
+ Table of Contents
+
+
+
+
+
+
+
+
I wanted a way to automate when users tell me a video on my Jellyfin server has an issue. After alot of trial and error, ChatGPT, Bard and I came up with this automation.
My only requirements when making this was that it was free and self-hostable. Not even any NPM extensions are required in AP.
+Actual Software requirements are:
+
+
Sonarr
+
Radarr
+
Overseerr/Jellyseerr
+
+
Optional
+
+
SMTP server or ability to send SMTP messages (can also use discord)
+
ActivePieces or any other automation platform that supports TS. (Zapier, n8n, etc)
+
+
Here’s a great AP setup and how-to video:
+
+
+
+
+
+
Note: I didn’t do any of the ngrok stuff. I just have Nginx Proxy manager setup with a wildcard certificate. Then just give a domain name and point and its ip:8080. No special Nginx config needed. Make sure you set AP_FRONTEND_URL in .env
+
This blog post is rather long, if you prefer to see the code on git you can find all this code here.
Whenever a user Reports an Issue in Jellyseerr, a webhook is sent to activepieces (AP) with the Issue data, this triggers the automation to mark as failed, delete file, re-search, refresh Jellyfin Libraries and Resolve the original issue with comment. There is an optional feature to approve or deny the automation.
+
Works across Radarr and Sonarr, as the issue reported can be either Movie or TV show.
+
Only caveat is if the issue is an entire Season , we just mark the issue as resolved and leave a comment saying to submit an issue for each episode individually
+
Works on my Jellyfin, Jellyseer, Radarr and Sonarr setup. I dont use Plex but all you would have to change is the Jellyfin Refresh Library Request to match Plex’s equivalent.
+
Here is a pic of the full automation.
+
+
+
Everything of value is logged to the console so check there for errors. Lets start breaking it down.
First thing is create a flow in AP, select a trigger, and search for webhook. This will give you the webhook URL for Jellyseerr.
+Next, in Jellyseerr, under Settings - Users - Default Permissions make sure Report Issues is checked and save changes.
+Then under Settings - Notifications - Webhook make a webhook notification, with the URL from AP, and just enabling Issue Reported and Issue Reopened.
+This should look as follows (dont worry about my payload showing mediaId, this has since been deleted)
You should be able to Report an issue on a random movie in Jellyseerr and then go to the webhook trigger and choose Generate sample data, and you should be able to see the data from the request. I recommend doing this and creating an issue for an example movie, TV series( All Seasons) and a TV Series (1 Season)
This is so I can either approve or deny the file from being deleted. Maybe it’s a client issue and I know for a fact my file is good and I dont want deleted. Thus the links are sent to me along with the some data from the request, so I know what I am approving/denying.
+
You can use the core SMTP feature but its limited to text. I wanted some more customizability so I chose Resend (supports html) and set up an acct there with one of my extra domains.
+
You don’t have to use email, you can use Discord, SMS, any generic http request or whatever you want. I just use email since I pay for my domains and pay Proton Mail for emails so might as well use em.
+
Not gonna get too into this, I dont care too much about it atm, customize your email to your liking, but I’ll post my somewhat working HTML body here. I literally just copied what Bard gave me, added in data from response and tested and said looks good enough, glitches on my mobile too.
As stated previously, I wanted this to work regardless if Movie or TV show. So using the core Branch feature we just say that if the media_type value from the issue contains the text movie, its true.
All I do here is the Code function with 1 input which is the whole body message of the request, this is assigned to inputs.issue in the code (CASE SENSITIVE)
+
+
+
Here is the code. Just replace api key and base url:
+
exportconstcode=async(inputs)=>{
+constissueSubject=inputs.issue.subject;
+constmovieNameRegex=/(.*)\s\((\d{4})\)/;
+constmatch=movieNameRegex.exec(issueSubject);
+
+if(match){
+constmovieName=match[1];
+constyear=match[2];
+consttmdbId=inputs.issue.media.tmdbId;
+
+console.log(`Movie name: ${movieName}`);
+console.log(`Year: ${year}`);
+console.log(`TMDB ID: ${tmdbId}`);
+
+// Define your Radarr API key and base URL
+constradarrApiKey='your-api-key';// Replace with your Radarr API key
+constradarrBaseUrl='https://radarr.example.com/api/v3/';
+
+// Define a function to make API requests to Radarr
+constmakeRadarrRequest=async(endpoint,method='GET')=>{
+constapiUrl=radarrBaseUrl+endpoint;
+console.log(`Calling Radarr API: ${apiUrl}`);
+
+constresponse=awaitfetch(apiUrl,{
+method,
+headers:{
+'X-Api-Key':radarrApiKey,
+},
+});
+
+if(response.ok){
+returnawaitresponse.json();
+}else{
+console.error(`Radarr API request failed: ${response.statusText}`);
+returnnull;
+}
+};
+
+// Use Radarr's API to look up the movie by TMDB ID
+constradarrApiResponseData=awaitmakeRadarrRequest(`movie?tmdbId=${tmdbId}`);
+
+if(radarrApiResponseData&&radarrApiResponseData.length>0){
+constmovieId=radarrApiResponseData[0].id;// Get the Radarr ID of the first movie
+console.log('Radarr Movie ID:',movieId);
+
+// Use the Radarr movie ID to get the history of the movie
+consthistoryApiResponseData=awaitmakeRadarrRequest(`history/movie?movieId=${movieId}`);
+
+if(historyApiResponseData&&historyApiResponseData.length>0){
+consthistoryId=historyApiResponseData[0].id;// Get the history ID
+console.log('History ID:',historyId);
+
+// Use the history ID to mark the movie as failed
+constmarkFailedResponse=awaitmakeRadarrRequest(`history/failed/${historyId}`,'POST');
+
+if(markFailedResponse){
+console.log('Movie successfully marked as failed.');
+}else{
+console.error('Failed to mark movie as failed');
+}
+}else{
+console.error('No history found for movie ID:',movieId);
+}
+}else{
+console.error('No movies found for TMDB ID:',tmdbId);
+}
+}
+};
+
I didn’t want to delete the actual movie from Radarr, but just the file itself, thus alot of trial and error, but a working script.
+All I do here is the Code function with 1 input which is the whole body message of the request, this is assigned to inputs.issue in the code
+
exportconstcode=async(inputs)=>{
+constissueSubject=inputs.issue.subject;
+constmovieNameRegex=/(.*)\s\((\d{4})\)/;
+constmatch=movieNameRegex.exec(issueSubject);
+
+if(match){
+constmovieName=match[1];
+constyear=match[2];
+consttmdbId=inputs.issue.media.tmdbId;
+
+console.log(`Movie name: ${movieName}`);
+console.log(`Year: ${year}`);
+console.log(`TMDB ID: ${tmdbId}`);
+
+// Define your Radarr API key
+constradarrApiKey='your-api-key';// Replace with your Radarr API key
+constradarrBaseUrl='https://radarr.example.com/api/v3';
+
+// Use Radarr's API to look up the movie by TMDB ID and get the Radarr ID
+constradarrApiUrl=`${radarrBaseUrl}/movie?tmdbId=${tmdbId}`;
+console.log('Calling Radarr API to look up the movie...');
+
+constradarrApiResponse=awaitfetch(radarrApiUrl,{
+method:'GET',
+headers:{
+'X-Api-Key':radarrApiKey,
+},
+});
+
+if(radarrApiResponse.ok){
+console.log('Radarr API lookup successful.');
+constradarrApiResponseData=awaitradarrApiResponse.json();
+
+if(radarrApiResponseData.length>0){
+// If the response is an array, you should loop through the results
+// and access the Radarr ID for each movie.
+for(constmovieofradarrApiResponseData){
+constradarrMovieId=movie.movieFile.id;
+console.log('Radarr Movie ID:',radarrMovieId);
+
+// Use the Radarr movie ID to delete the corresponding movie file
+constdeleteMovieFileUrl=`${radarrBaseUrl}/movieFile/${radarrMovieId}`;
+console.log(`Calling Radarr API to delete movie file: ${deleteMovieFileUrl}`);
+
+constdeleteMovieFileResponse=awaitfetch(deleteMovieFileUrl,{
+method:'DELETE',
+headers:{
+'X-Api-Key':radarrApiKey,
+},
+});
+
+if(deleteMovieFileResponse.ok){
+console.log(`Movie file successfully deleted.`);
+}else{
+console.error(`Failed to delete movie file: ${deleteMovieFileResponse.statusText}`);
+}
+}
+}else{
+console.error('No movies found for TMDB ID:',tmdbId);
+}
+}else{
+console.error('Radarr API lookup failed:',radarrApiResponse.statusText);
+}
+}
+};
+
All I do here is the Code function with 1 input which is the whole body message of the request, this is assigned to inputs.issue in the code
+
exportconstcode=async(inputs)=>{
+constissueSubject=inputs.issue.subject;
+constmovieNameRegex=/(.*)\s\((\d{4})\)/;
+constmatch=movieNameRegex.exec(issueSubject);
+
+if(match){
+constmovieName=match[1];
+constyear=match[2];
+consttmdbId=inputs.issue.media.tmdbId;
+
+console.log(`Movie name: ${movieName}`);
+console.log(`Year: ${year}`);
+console.log(`TMDB ID: ${tmdbId}`);
+
+// Define your Radarr API key
+constradarrApiKey='your-api-key';// Replace with your Radarr API key
+constradarrBaseUrl='https://radarr.example.com/api/v3'
+
+// Use Radarr's API to look up the movie by TMDB ID and get the Radarr ID
+constradarrApiUrl=`${radarrBaseUrl}/movie?tmdbId=${tmdbId}`;
+console.log('Calling Radarr API to look up the movie...');
+
+constradarrApiResponse=awaitfetch(radarrApiUrl,{
+method:'GET',
+headers:{
+'X-Api-Key':radarrApiKey,
+},
+});
+
+if(radarrApiResponse.ok){
+console.log('Radarr API lookup successful.');
+constradarrApiResponseData=awaitradarrApiResponse.json();
+
+if(radarrApiResponseData.length>0){
+constmovieId=radarrApiResponseData[0].id;// Get the Radarr ID of the first movie
+console.log('Radarr Movie ID:',movieId);
+
+// Trigger Radarr to search for the movie and download
+constsearchUrl=`${radarrBaseUrl}/command`;
+console.log(`Calling Radarr API to search for the movie: ${searchUrl}`);
+
+constsearchRequestBody={
+name:'MoviesSearch',
+movieIds:[movieId],
+};
+
+constsearchResponse=awaitfetch(searchUrl,{
+method:'POST',
+headers:{
+'X-Api-Key':radarrApiKey,
+'Content-Type':'application/json',
+},
+body: JSON.stringify(searchRequestBody),
+});
+
+if(searchResponse.ok){
+console.log('Radarr movie search initiated.');
+}else{
+console.error(`Failed to initiate movie search: ${searchResponse.statusText}`);
+}
+}else{
+console.error('No movies found for TMDB ID:',tmdbId);
+}
+}else{
+console.error('Radarr API lookup failed:',radarrApiResponse.statusText);
+}
+}
+};
+
This gives your download client time to download and transfer file to mapped directory. I have Gig+ internet and 99% of the time everything is done in 4 minutes.
This just automatically resolves the issue in Jellyseerr and adds a comment letting the user know action was taken.
+
All I do here is the Code function with 1 input which is the whole body message of the request, this is assigned to inputs.issue in the code
+
exportconstcode=async(inputs)=>{
+constissueId=inputs.issue.issue_id;
+constapiKey='your-api-key';// Replace with your actual API key
+constbaseURL='https://jellyseerr.example.com/api/v1'
+
+constcommentApiUrl=`${baseURL}/issue/${issueId}/comment`;
+conststatusApiUrl=`${baseURL}/issue/${issueId}/resolved`;
+
+constheaders={
+'Content-Type':'application/json',
+'X-Api-Key':apiKey,
+};
+
+constcommentData={
+message:'Your issue has been approved and a new version of the content has been automatically downloaded and updated in Jellyfin. Your issue has been set to Resolved. If you are still experiencing problems, re-open your issue.',
+};
+
+constcommentRequestOptions={
+method:'POST',
+headers: headers,
+body: JSON.stringify(commentData),
+};
+
+try{
+// Post comment
+constcommentResponse=awaitfetch(commentApiUrl,commentRequestOptions);
+constcommentData=awaitcommentResponse.json();
+console.log(commentData);
+
+// Update status
+conststatusRequestOptions={
+method:'POST',// or PUT depending on your API
+headers: headers,
+// Add any additional data required to update the status
+};
+
+conststatusResponse=awaitfetch(statusApiUrl,statusRequestOptions);
+conststatusData=awaitstatusResponse.json();
+console.log(statusData);
+
+returntrue;
+}catch(error){
+console.error(error);
+returnfalse;
+}
+};
+
We are now done with the Radarr flow. Moving onto Sonarr.
With the issue data, we also get an “extra” field which is where the requests Affected Episode Number and Affected Season Number are. What this branch does is see if there is an affected Episode Number by seeing if that field in the data exists. You will have to create an issue for a TV show and say an entire season is affected. Then use that sample data, go back to this branch and add the value
+
+
Jellyseerr Issue Reported body extra 1 as pictured
+
+
This path meant the user reported an issue on an entire season and basically sends a response to them telling them to do it individually. I probably could have gotten a script working for this but I spent a few hours on it and frustratingly gave up. Maybe I will update this in the future but for now idrc.
+
Again, all I do here is the code function with 1 input which is the whole body message of the request, this is assigned to inputs.issue in the code
+
exportconstcode=async(inputs)=>{
+constissueId=inputs.issue.issue_id;
+constapiKey='your-api-key';// Replace with your actual API key
+constbaseURL='https://jellyseerr.example.com/api/v1'
+
+constcommentApiUrl=`${baseURL}/issue/${issueId}/comment`;
+conststatusApiUrl=`${baseURL}/issue/${issueId}/resolved`;
+
+constheaders={
+'Content-Type':'application/json',
+'X-Api-Key':apiKey,
+};
+
+constcommentData={
+message:'Please do not report an entire season as the issue. Specify each Episode number. Please delete this issue and resubmit. Your issue has been automatically marked as Resolved.',
+};
+
+constcommentRequestOptions={
+method:'POST',
+headers: headers,
+body: JSON.stringify(commentData),
+};
+
+try{
+// Post comment
+constcommentResponse=awaitfetch(commentApiUrl,commentRequestOptions);
+constcommentData=awaitcommentResponse.json();
+console.log(commentData);
+
+// Update status
+conststatusRequestOptions={
+method:'POST',
+headers: headers,
+};
+
+conststatusResponse=awaitfetch(statusApiUrl,statusRequestOptions);
+conststatusData=awaitstatusResponse.json();
+console.log(statusData);
+
+returntrue;
+}catch(error){
+console.error(error);
+returnfalse;
+}
+};
+
Again, all I do here is the code function with 1 input which is the whole body message of the request, this is assigned to inputs.issue in the code
+
exportconstcode=async(inputs)=>{
+constissueSubject=inputs.issue.subject;
+consttvShowNameRegex=/(.*)\s\((\d{4})\)/;
+constmatch=tvShowNameRegex.exec(issueSubject);
+
+if(match){
+consttvShowName=match[1];
+constyear=match[2];
+consttvdbId=inputs.issue.media.tvdbId;// Using TVDB ID for TV shows
+
+console.log(`TV Show name: ${tvShowName}`);
+console.log(`Year: ${year}`);
+console.log(`TVDB ID: ${tvdbId}`);
+
+// Define your Sonarr API key and base URL
+constsonarrApiKey='your-api-key';// Replace with your Sonarr API key
+constsonarrBaseUrl='https://sonarr.example.com/api/v3';
+
+// Use Sonarr's API to look up the series by TVDB ID and get the Sonarr ID
+constseriesResponse=awaitfetch(`${sonarrBaseUrl}/series/lookup?term=tvdb:${tvdbId}`,{
+method:'GET',
+headers:{
+'X-Api-Key':sonarrApiKey,
+},
+});
+
+if(seriesResponse.ok){
+constseriesData=awaitseriesResponse.json();
+
+if(seriesData.length>0){
+constseriesId=seriesData[0].id;
+
+// Find the affected season and episode numbers
+constaffectedSeason=parseInt(inputs.issue.extra.find(item=>item.name==='Affected Season')?.value);
+constaffectedEpisode=parseInt(inputs.issue.extra.find(item=>item.name==='Affected Episode')?.value);
+console.log("Season ID = "+affectedSeason);
+console.log("Episode ID = "+affectedEpisode);
+
+// Get the history of the series
+consthistoryResponse=awaitfetch(`${sonarrBaseUrl}/history/series?seriesId=${seriesId}`,{
+method:'GET',
+headers:{
+'X-Api-Key':sonarrApiKey,
+},
+});
+
+if(historyResponse.ok){
+consthistoryData=awaithistoryResponse.json();
+
+// Find the most recent entry that matches the affected season and episode
+constrecentEntry=historyData.find(entry=>{
+constsourceTitleMatch=/S(\d+)E(\d+)/.exec(entry.sourceTitle);
+if(sourceTitleMatch){
+constsourceSeason=parseInt(sourceTitleMatch[1]);
+constsourceEpisode=parseInt(sourceTitleMatch[2]);
+returnsourceSeason===affectedSeason&&sourceEpisode===affectedEpisode;
+}
+returnfalse;
+});
+
+if(recentEntry){
+constepisodeId=recentEntry.episodeId;
+constid=recentEntry.id;// This is the ID you need for marking as failed
+console.log("Found Episode ID = "+episodeId);
+console.log("Found Most Recent Download ID = "+id);
+
+// Use the episode ID to mark the episode as failed
+constmarkFailedUrl=`${sonarrBaseUrl}/history/failed/${id}`;
+console.log(`Calling Sonarr API to mark episode as failed: ${markFailedUrl}`);
+
+constmarkFailedResponse=awaitfetch(markFailedUrl,{
+method:'POST',
+headers:{
+'X-Api-Key':sonarrApiKey,
+},
+body: JSON.stringify({status:'failed'}),
+});
+
+if(markFailedResponse.ok){
+console.log('Episode successfully marked as failed in Sonarr.');
+}else{
+console.error(`Failed to mark episode as failed in Sonarr: ${markFailedResponse.statusText}`);
+}
+}else{
+console.error('No matching entry found in the series history for the affected episode.');
+}
+}else{
+console.error('Failed to fetch series history:',historyResponse.statusText);
+}
+}else{
+console.error('No series found for the provided TVDB ID:',tvdbId);
+}
+}else{
+console.error('Failed to fetch series data:',seriesResponse.statusText);
+}
+}
+};
+
You may have to play around a bit and see if when you run this it auto searches for the file. My Sonarr does but my Radarr doesn’t, couldnt find any setting. Regardless I include a search command and even if Sonarr searches 2 times it appears 1 will cancel out. This is why no time delay between this code and file deletion.
Again, all I do here is the code function with 1 input which is the whole body message of the request, this is assigned to inputs.issue in the code
+
exportconstcode=async(inputs)=>{
+constissueId=inputs.issue.issue_id;
+constapiKey='your-api-key';// Replace with your actual API key
+constbaseURL='https://jellyseerr.example.com/api/v1'
+
+constcommentApiUrl=`${baseURL}/issue/${issueId}/comment`;
+conststatusApiUrl=`${baseURL}/issue/${issueId}/resolved`;
+
+constheaders={
+'Content-Type':'application/json',
+'X-Api-Key':apiKey,
+};
+
+constcommentData={
+message:'Your issue has been approved and a new version of the content has been automatically downloaded and updated in Jellyfin. Your issue has been set to Resolved. If you are still experiencing problems, re-open your issue.',
+};
+
+constcommentRequestOptions={
+method:'POST',
+headers: headers,
+body: JSON.stringify(commentData),
+};
+
+try{
+// Post comment
+constcommentResponse=awaitfetch(commentApiUrl,commentRequestOptions);
+constcommentData=awaitcommentResponse.json();
+console.log(commentData);
+
+// Update status
+conststatusRequestOptions={
+method:'POST',
+headers: headers,
+};
+
+conststatusResponse=awaitfetch(statusApiUrl,statusRequestOptions);
+conststatusData=awaitstatusResponse.json();
+console.log(statusData);
+
+returntrue;
+}catch(error){
+console.error(error);
+returnfalse;
+}
+};
+
Proton Mail - SimpleLogin authentik Social Login Setup
+
+
+
+
This is just a quick guide on how to authenticate your authentik users with Proton using SimpleLogin OIDC.
+To accomplish this, first create a SimpleLogin acct by logging in with Proton. Once thats done go to https://app.simplelogin.io/developer and create a website. Give it your authentik URL.
+Then go to Oauth Settings and copy your client ID and secret for next step. add your authentik URL in redirect URL like this https://auth....
+
+
+
+
+
+
+
+
How To Automate Jellyfin Issue Handling
+
+
+
+
I wanted a way to automate when users tell me a video on my Jellyfin server has an issue. After alot of trial and error, ChatGPT, Bard and I came up with this automation.
+Requirements My only requirements when making this was that it was free and self-hostable. Not even any NPM extensions are required in AP. Actual Software requirements are:
+Sonarr Radarr Overseerr/Jellyseerr Optional
+SMTP server or ability to send SMTP messages (can also use discord) ActivePieces or any other automation platform that supports TS....
+
+
+
+
+
+
+
+
How to authenticate Guacamole via authentik with Cloudflare and Nginx Proxy Manager
+
+
+
+
authentik’s docs have a guide already for Guacamole. You can find that here. Follow all the instructions there, (especially the part where you create a user in Guacamole with the USERNAME of your email. not just filling in the email), but if you are using Cloudflare as our DNS you may run into problems. Such as infinite redirect loop.
+Error 403 Forbidden While it was looping, I checked my Guacamole docker container logs in Portainer, and found the 403 Forbidden error....
+
+
+
+
+
+
+
+
How to authenticate Zammad via SAML with Nginx Proxy Manager
+
+
+
+
If you are getting error messages like:
+422: the change you wanted was rejected. message from saml: actioncontroller::invalidauthenticitytoken Just make sure you set these in your Nginx Proxy Manager hosts Advanced field:
+location / { proxy_pass http://zammad:8080; # Replace proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Host $host; } I spent way too long trying to figure this out, reading through Github issues, breaking my SAML provider and Zammad configs, starting over, when the whole time it was just good old nginx header issues....
+
+
+
+
+
+
+
+
How To Authenticate KASM via authentik
+
+
+
+
You could do this with OpenID as well but this method is using SAML. This guide assumes you already have running instances of Kasm Workspaces and authentik.
+The official authentik docs dont have a Kasm Integration listed at the time. So I thought I would help out anyone who is trying to integrate these services via SAML. authentik’s SAML docs can be found here.
+Setting up Kasm In the Kasm Workspaces admin, click Access Management - Authentication - SAML and create a new configuration....
+
+
+
+
+
+
+
+
Software
+
+
+
+
Just a straight forward list of pretty much everything that makes up my homelab. Or systems I’ve ran in the past.
+Operating Systems
+Ubuntu 23.04 Ubuntu 22.04 (primary on most systems) CentOS/Fedora 38 (only when Ubuntu doesnt play nice) Debian 11 Proxmox 8 Windows 10/11 TrueNAS Scale (virtualized) CasaOS (zimaboard) pfSense Applications/Containers
+Nginx Proxy Manager Nginx Apache2 Traefik Authentik Portainer Yacht AdGuardHome Pihole Wazuh Zabbix Uptime Kuma Ghost (this blog) Wordpress Hydroxide (proton mail bridge) Calibre Smokeping Openspeedtest Grafana Prometheus InfluxDB PostgresSQL MySQL Watchtower Apache Guacamole Ansible Terraform Packer Vaultwarden Kasm Workspaces Jellyfin Plex Twingate Tailscale Headscale Wireguard LinkStack N8N Gotify Nextcloud Immich AI...
+
+
+
+
+
+
+
+
Archives
+
+
+
+
archives
+
+
+
+
+
+
+
+
Search
+
+
+
+
search
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/posts/index.xml b/posts/index.xml
new file mode 100644
index 0000000..28eae1d
--- /dev/null
+++ b/posts/index.xml
@@ -0,0 +1,74 @@
+
+
+
+ Posts on Mafyuh's Blog
+ https://mafyuh.github.io/posts/
+ Recent content in Posts on Mafyuh's Blog
+ Hugo -- gohugo.io
+ en
+ Tue, 06 Feb 2024 02:58:07 +0000
+
+
+ Resize Ubuntu VM Disk in Proxmox
+ https://mafyuh.github.io/posts/resize-ubuntu-vm-disk/
+ Tue, 06 Feb 2024 02:58:07 +0000
+ https://mafyuh.github.io/posts/resize-ubuntu-vm-disk/
+ 1st step: Increase/resize disk from GUI console 2nd step: Extend physical drive partition and check free space with: sudo growpart /dev/sda 3 sudo pvdisplay sudo pvresize /dev/sda3 sudo pvdisplay 3rd step: Extend Logical volume sudo lvdisplay sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv sudo lvdisplay 4th step: Resize Filesystem sudo resize2fs /dev/ubuntu-vg/ubuntu-lv sudo fdisk -l
+
+
+ Proton Mail - SimpleLogin authentik Social Login Setup
+ https://mafyuh.github.io/posts/proton-mail-authentik-social-login-setup/
+ Sun, 12 Nov 2023 16:20:00 +0000
+ https://mafyuh.github.io/posts/proton-mail-authentik-social-login-setup/
+ This is just a quick guide on how to authenticate your authentik users with Proton using SimpleLogin OIDC.
+To accomplish this, first create a SimpleLogin acct by logging in with Proton. Once thats done go to https://app.simplelogin.io/developer and create a website. Give it your authentik URL.
+Then go to Oauth Settings and copy your client ID and secret for next step. add your authentik URL in redirect URL like this https://auth.
+
+
+ How To Automate Jellyfin Issue Handling
+ https://mafyuh.github.io/posts/how-to-automate-jellyfin-issue-handling/
+ Sat, 11 Nov 2023 16:20:00 +0000
+ https://mafyuh.github.io/posts/how-to-automate-jellyfin-issue-handling/
+ I wanted a way to automate when users tell me a video on my Jellyfin server has an issue. After alot of trial and error, ChatGPT, Bard and I came up with this automation.
+Requirements My only requirements when making this was that it was free and self-hostable. Not even any NPM extensions are required in AP. Actual Software requirements are:
+Sonarr Radarr Overseerr/Jellyseerr Optional
+SMTP server or ability to send SMTP messages (can also use discord) ActivePieces or any other automation platform that supports TS.
+
+
+ How to authenticate Guacamole via authentik with Cloudflare and Nginx Proxy Manager
+ https://mafyuh.github.io/posts/how-to-authenticate-guacamole-authentik-nginxproxymanager/
+ Sun, 29 Oct 2023 16:20:00 +0000
+ https://mafyuh.github.io/posts/how-to-authenticate-guacamole-authentik-nginxproxymanager/
+ authentik’s docs have a guide already for Guacamole. You can find that here. Follow all the instructions there, (especially the part where you create a user in Guacamole with the USERNAME of your email. not just filling in the email), but if you are using Cloudflare as our DNS you may run into problems. Such as infinite redirect loop.
+Error 403 Forbidden While it was looping, I checked my Guacamole docker container logs in Portainer, and found the 403 Forbidden error.
+
+
+ How to authenticate Zammad via SAML with Nginx Proxy Manager
+ https://mafyuh.github.io/posts/how-to-authenticate-zammad-via-saml-with-nginx-proxy-manager/
+ Sun, 29 Oct 2023 16:20:00 +0000
+ https://mafyuh.github.io/posts/how-to-authenticate-zammad-via-saml-with-nginx-proxy-manager/
+ If you are getting error messages like:
+422: the change you wanted was rejected. message from saml: actioncontroller::invalidauthenticitytoken Just make sure you set these in your Nginx Proxy Manager hosts Advanced field:
+location / { proxy_pass http://zammad:8080; # Replace proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Host $host; } I spent way too long trying to figure this out, reading through Github issues, breaking my SAML provider and Zammad configs, starting over, when the whole time it was just good old nginx header issues.
+
+
+ How To Authenticate KASM via authentik
+ https://mafyuh.github.io/posts/how-to-authenticate-kasm-via-authentik/
+ Sat, 30 Sep 2023 16:20:00 +0000
+ https://mafyuh.github.io/posts/how-to-authenticate-kasm-via-authentik/
+ You could do this with OpenID as well but this method is using SAML. This guide assumes you already have running instances of Kasm Workspaces and authentik.
+The official authentik docs dont have a Kasm Integration listed at the time. So I thought I would help out anyone who is trying to integrate these services via SAML. authentik’s SAML docs can be found here.
+Setting up Kasm In the Kasm Workspaces admin, click Access Management - Authentication - SAML and create a new configuration.
+
+
+ Software
+ https://mafyuh.github.io/posts/software/
+ Sat, 26 Aug 2023 00:13:40 +0000
+ https://mafyuh.github.io/posts/software/
+ Just a straight forward list of pretty much everything that makes up my homelab. Or systems I’ve ran in the past.
+Operating Systems
+Ubuntu 23.04 Ubuntu 22.04 (primary on most systems) CentOS/Fedora 38 (only when Ubuntu doesnt play nice) Debian 11 Proxmox 8 Windows 10/11 TrueNAS Scale (virtualized) CasaOS (zimaboard) pfSense Applications/Containers
+Nginx Proxy Manager Nginx Apache2 Traefik Authentik Portainer Yacht AdGuardHome Pihole Wazuh Zabbix Uptime Kuma Ghost (this blog) Wordpress Hydroxide (proton mail bridge) Calibre Smokeping Openspeedtest Grafana Prometheus InfluxDB PostgresSQL MySQL Watchtower Apache Guacamole Ansible Terraform Packer Vaultwarden Kasm Workspaces Jellyfin Plex Twingate Tailscale Headscale Wireguard LinkStack N8N Gotify Nextcloud Immich AI
+
+
+
diff --git a/posts/page/1/index.html b/posts/page/1/index.html
new file mode 100644
index 0000000..34c4fcd
--- /dev/null
+++ b/posts/page/1/index.html
@@ -0,0 +1,10 @@
+
+
+
+ https://mafyuh.github.io/posts/
+
+
+
+
+
+
diff --git a/posts/proton-mail-authentik-social-login-setup/index.html b/posts/proton-mail-authentik-social-login-setup/index.html
new file mode 100644
index 0000000..933fd8c
--- /dev/null
+++ b/posts/proton-mail-authentik-social-login-setup/index.html
@@ -0,0 +1,369 @@
+
+
+
+
+
+
+
+Proton Mail - SimpleLogin authentik Social Login Setup | Mafyuh's Blog
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
For logo, it appears authenik inverts your image, I dont know if its dark mode or bug but regardless here’s the regular and inverted image I used. Just right click and save image:
+
+
+
+
+
Now go to Flows and Stages - Flows - choose your default authentication stage - click it then click stage bindings - Click edit stage to the right of your identification stage - expand Source settings and make sure you CTL + click your newly created SimpleLogin source.
+
You should be able to logout and try to to login with your Proton account!