Skip to content

feat: Optimize and Secure Media Server Stack#143

Merged
Cylae merged 2 commits intoserver-setup-scriptfrom
server-manager-optimization-security-6921601956873240170
Jan 28, 2026
Merged

feat: Optimize and Secure Media Server Stack#143
Cylae merged 2 commits intoserver-setup-scriptfrom
server-manager-optimization-security-6921601956873240170

Conversation

@Cylae
Copy link
Owner

@Cylae Cylae commented Jan 28, 2026

This PR implements the "Ultimate Optimized Media Server Stack" requirements.
It significantly enhances security by binding management UIs to localhost and removing external access to databases.
It also implements dynamic MariaDB tuning and kernel optimizations for better performance.
Integration tests have been updated and verified.


PR created automatically by Jules for task 6921601956873240170 started by @Cylae

- Restrict sensitive web UIs (Arr, Tautulli, Overseerr, Portainer, etc.) to bind to 127.0.0.1.
- Remove host port exposure for internal services (MariaDB, Redis).
- Implement dynamic `custom.cnf` generation for MariaDB based on hardware profile.
- Add system-level optimizations (sysctl): `vm.max_map_count`, network buffers.
- Fix integration tests and add new security binding verification test.

Co-authored-by: Cylae <13425054+Cylae@users.noreply.github.com>
@google-labs-jules
Copy link
Contributor

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

- Fix GitHub Actions workflow to run cargo in `server_manager` dir.
- Fix integration tests compilation by adding missing fields.
- Bind sensitive web UIs to 127.0.0.1.
- Optimize system parameters (vm.max_map_count).
- Dynamic MariaDB configuration generation.

Co-authored-by: Cylae <13425054+Cylae@users.noreply.github.com>
@Cylae Cylae merged commit f8b6f03 into server-setup-script Jan 28, 2026
1 check passed
@Cylae Cylae deleted the server-manager-optimization-security-6921601956873240170 branch January 28, 2026 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant