Sharing The Media Directory
Space on my hardware is limited, and as such, I opted (not optimal I suppose) for a 12TB HDD mounted in Proxmox as a "directory". This is accessible at /mnt/media and is used for all sorts of things, including PM backups, CT templates and other things. It's basically a catch all.
For another project, I had established a SAMBA share, which is also on this HDD. I have another share set up specifically for the *arr stack too.
Here is what I did to allow RWX on the directory from the containers. I'm probably doing this all wrong, but so far, it's working:
- Create the mount on the PM host
- Add PM GUI for visibility (optional)
- Bind-Mount into containers that need access
- Change ownership of the mount point to match container UID/GID
- Support other app users by adding them to container's root group
1. Create the Mount on the PM Host
If not done already, you need to add your stuff to the Proxmox host. I had done this by attaching the HDD, cleaning it, setting up the partitions, and setting file system to ext4 - this will all depend on you and your preferences!
mkdir -p /mnt/media
# fstab entry or manual mount, e.g.:
UUID=<your-UUID> /mnt/media ext4 defaults 0 22. Add the Mount to the PM GUI
This is optional, but I am also using that mount point as container backup and container template storage, so I wanted to see it in the GUI for visibility. This is entirely optional.
From the GUI Datacenter → Storage → Add → Directory and then select what you want to use it for
3. Bind-Mount Into Containers That Need Access
For the containers in your stack that will need access to the mount point, you'll want to edit the container's config file form the host:
# Be sure to change your container ID
nano /etc/pve/lxc/123.confAdd the mount point:
mp0: /mnt/media,mp=/mnt/mediaChange mp0 to whatever other number you want if you already have a 0, and obviously update the path too. Then save and close it, probably wanna reboot the container. Sometimes I had to stop the container before making the edits to the conf, but not always. YMMV... Repeat this for each container that needs access.
4. Change Ownership of the Mount Point to Match Container's UID/GID
The issue here is that inside the container, root UID and GID is 0, but since I am running all unprivileged containers, the root account and group does not match the host. When a container does something on the host, it's given an entirely different UID and GID. On mine it looks like this:
| Root | PM Host | Container |
| User ID | 100000 | 0 |
| Group ID | 100000 | 0 |
Knowing that, I elected to chown and chmod the whole ass /mnt/media/ directory to match what the host sees the container's users and groups as so this way, ownership doesn't look like nobody and the containers can actually get RWX. Be sure to check this information, as yours may be different!
On the host:
# Remember to alter the path to match yours!
chown -R 100000:100000 /mnt/media
chmod -R 2775 /mnt/mediachmod 2775 ensures new files inherit the group and stay writeable by all in that group
5. Support Other App Users by Adding them to Container's root Group
This is where you have to know who is doing what inside the containers! Some *arrs run as root, others with their own user, so what I did was check for a user other than root, and found that everyone uses root except Jellyfin and NZBGet - both had users with those names. With that, I figured the best option (not the safest!) was to add those users to the root group:
# For Jellyfin - Inside the Jellyfin CT
usermod -aG root jellyfin
# For NZBGet - Inside the NZBGet CT
usermod -aG root nzbgetONLY DO THIS IF YOU TRUST THOSE APPS! Adding a user to the root group gives a lot of power!