Initial template repository

🎬 ARR Suite Template Bootstrap - Complete Media Automation Stack

Features:
- 16 production services (Prowlarr, Sonarr, Radarr, Plex, etc.)
- One-command Ansible deployment
- VPN-protected downloads via Gluetun
- Tailscale secure access
- Production-ready security (UFW, Fail2Ban)
- Automated backups and monitoring
- Comprehensive documentation

Ready for customization and deployment to any VPS.

Co-authored-by: openhands <openhands@all-hands.dev>

templates/security-audit.sh.j2

@@ -0,0 +1,60 @@
+#!/bin/bash
+# Security audit script for Arrs Media Stack
+
+echo "=== Security Audit Report - $(date) ==="
+echo
+
+echo "1. System Information:"
+hostname
+uname -a
+uptime
+echo
+
+echo "2. User and Group Information:"
+whoami
+id docker 2>/dev/null || echo "Docker user not found"
+getent group docker
+echo
+
+echo "3. SSH Configuration:"
+systemctl is-active ssh
+grep "^PermitRootLogin" /etc/ssh/sshd_config || echo "PermitRootLogin not configured"
+grep "^PasswordAuthentication" /etc/ssh/sshd_config || echo "PasswordAuthentication not configured"
+echo
+
+echo "4. Firewall Status:"
+ufw status
+echo
+
+echo "5. Fail2ban Status:"
+systemctl is-active fail2ban
+fail2ban-client status sshd 2>/dev/null || echo "Fail2ban sshd jail not active"
+echo
+
+echo "6. Docker Security:"
+systemctl is-active docker
+docker --version 2>/dev/null || echo "Docker not available"
+docker ps 2>/dev/null || echo "Cannot access Docker"
+echo
+
+echo "7. File Permissions:"
+ls -l /etc/ssh/sshd_config
+ls -l /etc/fail2ban/jail.local 2>/dev/null || echo "jail.local not found"
+ls -ld {{ docker_root }}
+ls -ld {{ media_root }}
+echo
+
+echo "8. System Resources:"
+free -h
+df -h /
+echo
+
+echo "9. Network Connections:"
+netstat -tlnp 2>/dev/null | grep -E ":(8989|7878|8686|6767|9696)" || echo "No Arrs ports found"
+echo
+
+echo "10. Recent Security Events:"
+tail -10 /var/log/auth.log 2>/dev/null | grep sshd || echo "No SSH logs found"
+echo
+
+echo "=== End of Security Audit ==="