Sanitized mirror from private repository - 2026-04-20 01:32:01 UTC

2026-04-20 01:32:01 +00:00
commit e7652c8dab
1445 changed files with 364095 additions and 0 deletions
--- a/hosts/synology/atlantis/arr-suite/docker-compose.yml
+++ b/hosts/synology/atlantis/arr-suite/docker-compose.yml
@@ -0,0 +1,498 @@
+# Arr Suite - Media automation stack
+# Services: Sonarr, Radarr, Prowlarr, Bazarr, Lidarr, Tdarr, LazyLibrarian, Audiobookshelf
+# Manages TV shows, movies, music, books, audiobooks downloads and organization
+# GitOps Test: Stack successfully deployed and auto-updating
+#
+# Storage Configuration (2026-02-01):
+#   - Downloads: /volume3/usenet (Synology SNV5420 NVMe RAID1 - 621 MB/s)
+#   - Media:     /volume1/data (SATA RAID6 - 84TB)
+#   - Configs:   /volume2/metadata/docker2 (Crucial P310 NVMe RAID1)
+#
+# Volume 3 created for fast download performance using 007revad's Synology_M2_volume script
+#
+# Theming: Self-hosted theme.park (Dracula theme)
+#   - TP_DOMAIN uses docker gateway IP to reach host's theme-park container
+#   - Deploy theme-park stack first: Atlantis/theme-park/theme-park.yaml
+version: "3.8"
+
+x-themepark: &themepark
+  TP_SCHEME: "http"
+  TP_DOMAIN: "192.168.0.200:8580"
+  TP_THEME: "dracula"
+
+networks:
+  media2_net:
+    driver: bridge
+    name: media2_net
+    ipam:
+      config:
+        - subnet: 172.24.0.0/24
+          gateway: 172.24.0.1
+
+services:
+
+  wizarr:
+    image: ghcr.io/wizarrrr/wizarr:latest
+    container_name: wizarr
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - DISABLE_BUILTIN_AUTH=true
+    volumes:
+      - /volume2/metadata/docker2/wizarr:/data/database
+    ports:
+      - "5690:5690"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.2
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  tautulli:
+    image: lscr.io/linuxserver/tautulli:latest
+    container_name: tautulli
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:tautulli
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/tautulli:/config
+    ports:
+      - "8181:8181"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.12
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  prowlarr:
+    image: lscr.io/linuxserver/prowlarr:latest
+    container_name: prowlarr
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:prowlarr
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/prowlarr:/config
+    ports:
+      - "9696:9696"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.6
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  flaresolverr:
+    image: flaresolverr/flaresolverr:latest
+    container_name: flaresolverr
+    environment:
+      - TZ=America/Los_Angeles
+    ports:
+      - "8191:8191"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.4
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  sabnzbd:
+    image: lscr.io/linuxserver/sabnzbd:latest
+    container_name: sabnzbd
+    network_mode: host
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sabnzbd
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/sabnzbd:/config
+      - /volume3/usenet/incomplete:/data/incomplete
+      - /volume3/usenet/complete:/data/complete
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  jackett:
+    image: lscr.io/linuxserver/jackett:latest
+    container_name: jackett
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:jackett
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/jackett:/config
+      - /volume1/data:/downloads
+    ports:
+      - "9117:9117"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.11
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  sonarr:
+    image: lscr.io/linuxserver/sonarr:latest
+    container_name: sonarr
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sonarr
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/sonarr:/config
+      - /volume1/data:/data
+      - /volume3/usenet:/sab
+      - /volume2/torrents:/downloads  # Deluge download dir — required for torrent import
+    ports:
+      - "8989:8989"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.7
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  lidarr:
+    image: lscr.io/linuxserver/lidarr:latest
+    container_name: lidarr
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:lidarr
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/lidarr:/config
+      - /volume1/data:/data
+      - /volume3/usenet:/sab
+      # arr-scripts: custom init scripts for Deezer integration via deemix
+      # Config: /volume2/metadata/docker2/lidarr/extended.conf (contains ARL token, not in git)
+      # Setup: https://github.com/RandomNinjaAtk/arr-scripts
+      - /volume2/metadata/docker2/lidarr-scripts/custom-services.d:/custom-services.d
+      - /volume2/metadata/docker2/lidarr-scripts/custom-cont-init.d:/custom-cont-init.d
+    ports:
+      - "8686:8686"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.9
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  radarr:
+    image: lscr.io/linuxserver/radarr:latest
+    container_name: radarr
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:radarr
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/radarr:/config
+      - /volume1/data:/data
+      - /volume3/usenet:/sab
+      - /volume2/torrents:/downloads  # Deluge download dir — required for torrent import
+    ports:
+      - "7878:7878"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.8
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  # Readarr retired - replaced with LazyLibrarian + Audiobookshelf
+
+  lazylibrarian:
+    image: lscr.io/linuxserver/lazylibrarian:latest
+    container_name: lazylibrarian
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:lazylibrarian|ghcr.io/linuxserver/mods:lazylibrarian-calibre
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/lazylibrarian:/config
+      - /volume1/data:/data
+      - /volume3/usenet:/sab
+      - /volume2/torrents:/downloads  # Deluge download dir — required for torrent import
+      - /volume2/metadata/docker2/lazylibrarian-scripts/custom-cont-init.d:/custom-cont-init.d  # patch tracker-less torrent handling
+    ports:
+      - "5299:5299"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.5
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  audiobookshelf:
+    image: ghcr.io/advplyr/audiobookshelf:latest
+    container_name: audiobookshelf
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+    volumes:
+      - /volume2/metadata/docker2/audiobookshelf:/config
+      - /volume1/data/media/audiobooks:/audiobooks
+      - /volume1/data/media/podcasts:/podcasts
+      - /volume1/data/media/ebooks:/ebooks
+    ports:
+      - "13378:80"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.16
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  # Bazarr - subtitle management for Sonarr and Radarr
+  # Web UI: http://192.168.0.200:6767
+  # Language profile: English (profile ID 1), no mustContain filter
+  # Providers: REDACTED_APP_PASSWORD (vishinator), podnapisi, yifysubtitles, subf2m, subsource, subdl, animetosho
+  # NOTE: OpenSubtitles.com may be IP-blocked — submit unblock request at opensubtitles.com/support
+  # Notifications: Signal API via homelab-vm:8080 → REDACTED_PHONE_NUMBER
+  # API keys stored in: /volume2/metadata/docker2/bazarr/config/config.yaml (not in repo)
+  bazarr:
+    image: lscr.io/linuxserver/bazarr:latest
+    container_name: bazarr
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:bazarr
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/bazarr:/config
+      - /volume1/data:/data
+      - /volume3/usenet:/sab
+    ports:
+      - "6767:6767"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.10
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  whisparr:
+    image: ghcr.io/hotio/whisparr:nightly
+    container_name: whisparr
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - TP_HOTIO=true
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/whisparr:/config
+      - /volume1/data:/data
+      - /volume3/usenet/complete:/sab/complete
+      - /volume3/usenet/incomplete:/sab/incomplete
+    ports:
+      - "6969:6969"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.3
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  plex:
+    image: lscr.io/linuxserver/plex:latest
+    container_name: plex
+    network_mode: host
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - VERSION=docker
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:plex
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/plex:/config
+      - /volume1/data/media:/data/media
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  jellyseerr:
+    image: fallenbagel/jellyseerr:latest
+    container_name: jellyseerr
+    user: "1029:100"
+    environment:
+      - TZ=America/Los_Angeles
+      # Note: Jellyseerr theming requires CSS injection via reverse proxy or browser extension
+      # theme.park doesn't support DOCKER_MODS for non-linuxserver images
+    volumes:
+      - /volume2/metadata/docker2/jellyseerr:/app/config
+    ports:
+      - "5055:5055"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.14
+    dns:
+      - 9.9.9.9
+      - 1.1.1.1
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  gluetun:
+    image: qmcgaw/gluetun:v3.38.0
+    container_name: gluetun
+    privileged: true
+    devices:
+      - /dev/net/tun:/dev/net/tun
+
+    labels:
+      - com.centurylinklabs.watchtower.enable=false
+
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+
+      # --- WireGuard ---
+      - VPN_SERVICE_PROVIDER=custom
+      - VPN_TYPE=wireguard
+
+      - WIREGUARD_PRIVATE_KEY=aAavqcZ6sx3IlgiH5Q8m/6w33mBu4M23JBM8N6cBKEU=  # pragma: allowlist secret
+      - WIREGUARD_ADDRESSES=10.2.0.2/32
+      - WIREGUARD_DNS=10.2.0.1
+
+      - WIREGUARD_PUBLIC_KEY=FrVOQ+Dy0StjfwNtbJygJCkwSJt6ynlGbQwZBZWYfhc=
+      - WIREGUARD_ALLOWED_IPS=0.0.0.0/0,::/0
+
+      - WIREGUARD_ENDPOINT_IP=79.127.185.193
+      - WIREGUARD_ENDPOINT_PORT=51820
+
+    volumes:
+      - /volume2/metadata/docker2/gluetun:/gluetun
+
+    ports:
+      - "8112:8112"        # Deluge WebUI
+      - "58946:58946"      # Torrent TCP
+      - "58946:58946/udp"  # Torrent UDP
+
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.20
+
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO /dev/null http://127.0.0.1:9999 2>/dev/null || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 6
+      start_period: 30s
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+
+  deluge:
+    image: lscr.io/linuxserver/deluge:latest
+    container_name: deluge
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:deluge
+      - TP_SCHEME=http
+      - TP_DOMAIN=192.168.0.200:8580
+      - TP_THEME=dracula
+    volumes:
+      - /volume2/metadata/docker2/deluge:/config
+      - /volume2/torrents:/downloads
+    network_mode: "service:gluetun"
+    depends_on:
+      gluetun:
+        condition: service_healthy
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+
+  tdarr:
+    image: ghcr.io/haveagitgat/tdarr@sha256:048ae8ed4de8e9f0de51ad73REDACTED_GITEA_TOKEN  # v2.67.01 - pinned to keep all nodes in sync
+    container_name: tdarr
+    labels:
+      - com.centurylinklabs.watchtower.enable=false
+    environment:
+      - PUID=1029
+      - PGID=100
+      - TZ=America/Los_Angeles
+      - UMASK=022
+      - serverIP=0.0.0.0
+      - serverPort=8266
+      - webUIPort=8265
+      - internalNode=true
+      - inContainer=true
+      - ffmpegVersion=6
+      - nodeName=Atlantis
+    volumes:
+      - /volume2/metadata/docker2/tdarr/server:/app/server
+      - /volume2/metadata/docker2/tdarr/configs:/app/configs
+      - /volume2/metadata/docker2/tdarr/logs:/app/logs
+      - /volume1/data/media:/media
+      - /volume3/usenet/tdarr_cache:/temp
+      - /volume3/usenet/tdarr_cache:/cache  # Fix: internal node uses /cache path
+    ports:
+      - "8265:8265"
+      - "8266:8266"
+    networks:
+      media2_net:
+        ipv4_address: 172.24.0.15
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped