Initial template repository

🎬 ARR Suite Template Bootstrap - Complete Media Automation Stack

Features:
- 16 production services (Prowlarr, Sonarr, Radarr, Plex, etc.)
- One-command Ansible deployment
- VPN-protected downloads via Gluetun
- Tailscale secure access
- Production-ready security (UFW, Fail2Ban)
- Automated backups and monitoring
- Comprehensive documentation

Ready for customization and deployment to any VPS.

Co-authored-by: openhands <openhands@all-hands.dev>

compose/docker-compose-vpn.yml

@@ -0,0 +1,152 @@
+version: '3.8'
+
+services:
+  sonarr:
+    image: linuxserver/sonarr:latest
+    container_name: sonarr
+    environment:
+      - PUID=${PUID:-1234}
+      - PGID=${PGID:-65432}
+      - TZ=${TZ:-Europe/London}
+      - UMASK=022
+    volumes:
+      - ${CONFIG_ROOT:-/volume1/docker}/sonarr:/config
+      - ${DATA_ROOT:-/volume1/data}:/data
+    ports:
+      - ${SONARR_PORT:-8989}:8989/tcp
+    network_mode: ${NETWORK_MODE:-synobridge}
+    security_opt:
+      - no-new-privileges:true
+    restart: always
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8989/ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+
+  radarr:
+    image: linuxserver/radarr:latest
+    container_name: radarr
+    environment:
+      - PUID=${PUID:-1234}
+      - PGID=${PGID:-65432}
+      - TZ=${TZ:-Europe/London}
+      - UMASK=022
+    volumes:
+      - ${CONFIG_ROOT:-/volume1/docker}/radarr:/config
+      - ${DATA_ROOT:-/volume1/data}:/data
+    ports:
+      - ${RADARR_PORT:-7878}:7878/tcp
+    network_mode: ${NETWORK_MODE:-synobridge}
+    security_opt:
+      - no-new-privileges:true
+    restart: always
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:7878/ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+
+  lidarr:
+    image: linuxserver/lidarr:latest
+    container_name: lidarr
+    environment:
+      - PUID=${PUID:-1234}
+      - PGID=${PGID:-65432}
+      - TZ=${TZ:-Europe/London}
+      - UMASK=022
+    volumes:
+      - ${CONFIG_ROOT:-/volume1/docker}/lidarr:/config
+      - ${DATA_ROOT:-/volume1/data}:/data
+    ports:
+      - ${LIDARR_PORT:-8686}:8686/tcp
+    network_mode: ${NETWORK_MODE:-synobridge}
+    security_opt:
+      - no-new-privileges:true
+    restart: always
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8686/ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+
+  bazarr:
+    image: linuxserver/bazarr:latest
+    container_name: bazarr
+    environment:
+      - PUID=${PUID:-1234}
+      - PGID=${PGID:-65432}
+      - TZ=${TZ:-Europe/London}
+      - UMASK=022
+    volumes:
+      - ${CONFIG_ROOT:-/volume1/docker}/bazarr:/config
+      - ${DATA_ROOT:-/volume1/data}:/data
+    ports:
+      - ${BAZARR_PORT:-6767}:6767/tcp
+    network_mode: ${NETWORK_MODE:-synobridge}
+    security_opt:
+      - no-new-privileges:true
+    restart: always
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:6767/ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+
+  # VPN Container (GlueTUN example)
+  gluetun:
+    image: qmcgaw/gluetun:latest
+    container_name: gluetun
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - VPN_SERVICE_PROVIDER=${VPN_PROVIDER:-nordvpn}
+      - VPN_TYPE=${VPN_TYPE:-openvpn}
+      - OPENVPN_USER=${VPN_USER}
+      - OPENVPN_PASSWORD=${VPN_PASSWORD}
+      - SERVER_COUNTRIES=${VPN_COUNTRIES:-Netherlands}
+      - PUID=${PUID:-1234}
+      - PGID=${PGID:-65432}
+      - TZ=${TZ:-Europe/London}
+    volumes:
+      - ${CONFIG_ROOT:-/volume1/docker}/gluetun:/gluetun
+    ports:
+      - ${PROWLARR_PORT:-9696}:9696/tcp  # Prowlarr through VPN
+    network_mode: ${NETWORK_MODE:-synobridge}
+    security_opt:
+      - no-new-privileges:true
+    restart: always
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://www.google.com/"]
+      interval: 60s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+  # Prowlarr running through VPN
+  prowlarr:
+    image: linuxserver/prowlarr:latest
+    container_name: prowlarr
+    environment:
+      - PUID=${PUID:-1234}
+      - PGID=${PGID:-65432}
+      - TZ=${TZ:-Europe/London}
+      - UMASK=022
+    volumes:
+      - ${CONFIG_ROOT:-/volume1/docker}/prowlarr:/config
+    network_mode: "container:gluetun"  # Use VPN container's network
+    security_opt:
+      - no-new-privileges:true
+    restart: always
+    depends_on:
+      - gluetun
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9696/ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s