# Arr Suite - Media automation stack # Services: Sonarr, Radarr, Prowlarr, Bazarr, Lidarr, Tdarr, LazyLibrarian, Audiobookshelf # Manages TV shows, movies, music, books, audiobooks downloads and organization # GitOps Test: Stack successfully deployed and auto-updating # # Storage Configuration (2026-02-01): # - Downloads: /volume3/usenet (Synology SNV5420 NVMe RAID1 - 621 MB/s) # - Media: /volume1/data (SATA RAID6 - 84TB) # - Configs: /volume2/metadata/docker2 (Crucial P310 NVMe RAID1) # # Volume 3 created for fast download performance using 007revad's Synology_M2_volume script # # Theming: Self-hosted theme.park (Dracula theme) # - TP_DOMAIN uses docker gateway IP to reach host's theme-park container # - Deploy theme-park stack first: Atlantis/theme-park/theme-park.yaml version: "3.8" x-themepark: &themepark TP_SCHEME: "http" TP_DOMAIN: "192.168.0.200:8580" TP_THEME: "dracula" networks: media2_net: driver: bridge name: media2_net ipam: config: - subnet: 172.24.0.0/24 gateway: 172.24.0.1 services: wizarr: image: ghcr.io/wizarrrr/wizarr:latest container_name: wizarr environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - DISABLE_BUILTIN_AUTH=true volumes: - /volume2/metadata/docker2/wizarr:/data/database ports: - "5690:5690" networks: media2_net: ipv4_address: 172.24.0.2 security_opt: - no-new-privileges:true restart: unless-stopped tautulli: image: lscr.io/linuxserver/tautulli:latest container_name: tautulli environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:tautulli - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/tautulli:/config ports: - "8181:8181" networks: media2_net: ipv4_address: 172.24.0.12 security_opt: - no-new-privileges:true restart: unless-stopped prowlarr: image: lscr.io/linuxserver/prowlarr:latest container_name: prowlarr environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:prowlarr - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/prowlarr:/config ports: - "9696:9696" networks: media2_net: ipv4_address: 172.24.0.6 security_opt: - no-new-privileges:true restart: unless-stopped flaresolverr: image: flaresolverr/flaresolverr:latest container_name: flaresolverr environment: - TZ=America/Los_Angeles ports: - "8191:8191" networks: media2_net: ipv4_address: 172.24.0.4 security_opt: - no-new-privileges:true restart: unless-stopped sabnzbd: image: lscr.io/linuxserver/sabnzbd:latest container_name: sabnzbd network_mode: host environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sabnzbd - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/sabnzbd:/config - /volume3/usenet/incomplete:/data/incomplete - /volume3/usenet/complete:/data/complete security_opt: - no-new-privileges:true restart: unless-stopped jackett: image: lscr.io/linuxserver/jackett:latest container_name: jackett environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:jackett - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/jackett:/config - /volume1/data:/downloads ports: - "9117:9117" networks: media2_net: ipv4_address: 172.24.0.11 security_opt: - no-new-privileges:true restart: unless-stopped sonarr: image: lscr.io/linuxserver/sonarr:latest container_name: sonarr environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sonarr - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/sonarr:/config - /volume1/data:/data - /volume3/usenet:/sab - /volume2/torrents:/downloads # Deluge download dir — required for torrent import ports: - "8989:8989" networks: media2_net: ipv4_address: 172.24.0.7 security_opt: - no-new-privileges:true restart: unless-stopped lidarr: image: lscr.io/linuxserver/lidarr:latest container_name: lidarr environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:lidarr - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/lidarr:/config - /volume1/data:/data - /volume3/usenet:/sab # arr-scripts: custom init scripts for Deezer integration via deemix # Config: /volume2/metadata/docker2/lidarr/extended.conf (contains ARL token, not in git) # Setup: https://github.com/RandomNinjaAtk/arr-scripts - /volume2/metadata/docker2/lidarr-scripts/custom-services.d:/custom-services.d - /volume2/metadata/docker2/lidarr-scripts/custom-cont-init.d:/custom-cont-init.d ports: - "8686:8686" networks: media2_net: ipv4_address: 172.24.0.9 security_opt: - no-new-privileges:true restart: unless-stopped radarr: image: lscr.io/linuxserver/radarr:latest container_name: radarr environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:radarr - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/radarr:/config - /volume1/data:/data - /volume3/usenet:/sab - /volume2/torrents:/downloads # Deluge download dir — required for torrent import ports: - "7878:7878" networks: media2_net: ipv4_address: 172.24.0.8 security_opt: - no-new-privileges:true restart: unless-stopped # Readarr retired - replaced with LazyLibrarian + Audiobookshelf lazylibrarian: image: lscr.io/linuxserver/lazylibrarian:latest container_name: lazylibrarian environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:lazylibrarian|ghcr.io/linuxserver/mods:lazylibrarian-calibre - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/lazylibrarian:/config - /volume1/data:/data - /volume3/usenet:/sab - /volume2/torrents:/downloads # Deluge download dir — required for torrent import - /volume2/metadata/docker2/lazylibrarian-scripts/custom-cont-init.d:/custom-cont-init.d # patch tracker-less torrent handling ports: - "5299:5299" networks: media2_net: ipv4_address: 172.24.0.5 security_opt: - no-new-privileges:true restart: unless-stopped audiobookshelf: image: ghcr.io/advplyr/audiobookshelf:latest container_name: audiobookshelf environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles volumes: - /volume2/metadata/docker2/audiobookshelf:/config - /volume1/data/media/audiobooks:/audiobooks - /volume1/data/media/podcasts:/podcasts - /volume1/data/media/ebooks:/ebooks ports: - "13378:80" networks: media2_net: ipv4_address: 172.24.0.16 security_opt: - no-new-privileges:true restart: unless-stopped # Bazarr - subtitle management for Sonarr and Radarr # Web UI: http://192.168.0.200:6767 # Language profile: English (profile ID 1), no mustContain filter # Providers: REDACTED_APP_PASSWORD (vishinator), podnapisi, yifysubtitles, subf2m, subsource, subdl, animetosho # NOTE: OpenSubtitles.com may be IP-blocked — submit unblock request at opensubtitles.com/support # Notifications: Signal API via homelab-vm:8080 → REDACTED_PHONE_NUMBER # API keys stored in: /volume2/metadata/docker2/bazarr/config/config.yaml (not in repo) bazarr: image: lscr.io/linuxserver/bazarr:latest container_name: bazarr environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:bazarr - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/bazarr:/config - /volume1/data:/data - /volume3/usenet:/sab ports: - "6767:6767" networks: media2_net: ipv4_address: 172.24.0.10 security_opt: - no-new-privileges:true restart: unless-stopped whisparr: image: ghcr.io/hotio/whisparr:nightly container_name: whisparr environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - TP_HOTIO=true - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/whisparr:/config - /volume1/data:/data - /volume3/usenet/complete:/sab/complete - /volume3/usenet/incomplete:/sab/incomplete ports: - "6969:6969" networks: media2_net: ipv4_address: 172.24.0.3 security_opt: - no-new-privileges:true restart: unless-stopped plex: image: lscr.io/linuxserver/plex:latest container_name: plex network_mode: host environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - VERSION=docker - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:plex - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/plex:/config - /volume1/data/media:/data/media security_opt: - no-new-privileges:true restart: unless-stopped jellyseerr: image: fallenbagel/jellyseerr:latest container_name: jellyseerr user: "1029:100" environment: - TZ=America/Los_Angeles # Note: Jellyseerr theming requires CSS injection via reverse proxy or browser extension # theme.park doesn't support DOCKER_MODS for non-linuxserver images volumes: - /volume2/metadata/docker2/jellyseerr:/app/config ports: - "5055:5055" networks: media2_net: ipv4_address: 172.24.0.14 dns: - 9.9.9.9 - 1.1.1.1 security_opt: - no-new-privileges:true restart: unless-stopped gluetun: image: qmcgaw/gluetun:v3.38.0 container_name: gluetun privileged: true devices: - /dev/net/tun:/dev/net/tun labels: - com.centurylinklabs.watchtower.enable=false environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles # --- WireGuard --- - VPN_SERVICE_PROVIDER=custom - VPN_TYPE=wireguard - WIREGUARD_PRIVATE_KEY=aAavqcZ6sx3IlgiH5Q8m/6w33mBu4M23JBM8N6cBKEU= # pragma: allowlist secret - WIREGUARD_ADDRESSES=10.2.0.2/32 - WIREGUARD_DNS=10.2.0.1 - WIREGUARD_PUBLIC_KEY=FrVOQ+Dy0StjfwNtbJygJCkwSJt6ynlGbQwZBZWYfhc= - WIREGUARD_ALLOWED_IPS=0.0.0.0/0,::/0 - WIREGUARD_ENDPOINT_IP=79.127.185.193 - WIREGUARD_ENDPOINT_PORT=51820 volumes: - /volume2/metadata/docker2/gluetun:/gluetun ports: - "8112:8112" # Deluge WebUI - "58946:58946" # Torrent TCP - "58946:58946/udp" # Torrent UDP networks: media2_net: ipv4_address: 172.24.0.20 healthcheck: test: ["CMD-SHELL", "wget -qO /dev/null http://127.0.0.1:9999 2>/dev/null || exit 1"] interval: 10s timeout: 5s retries: 6 start_period: 30s security_opt: - no-new-privileges:true restart: unless-stopped deluge: image: lscr.io/linuxserver/deluge:latest container_name: deluge environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:deluge - TP_SCHEME=http - TP_DOMAIN=192.168.0.200:8580 - TP_THEME=dracula volumes: - /volume2/metadata/docker2/deluge:/config - /volume2/torrents:/downloads network_mode: "service:gluetun" depends_on: gluetun: condition: service_healthy security_opt: - no-new-privileges:true restart: unless-stopped tdarr: image: ghcr.io/haveagitgat/tdarr@sha256:048ae8ed4de8e9f0de51ad73REDACTED_GITEA_TOKEN # v2.67.01 - pinned to keep all nodes in sync container_name: tdarr labels: - com.centurylinklabs.watchtower.enable=false environment: - PUID=1029 - PGID=100 - TZ=America/Los_Angeles - UMASK=022 - serverIP=0.0.0.0 - serverPort=8266 - webUIPort=8265 - internalNode=true - inContainer=true - ffmpegVersion=6 - nodeName=Atlantis volumes: - /volume2/metadata/docker2/tdarr/server:/app/server - /volume2/metadata/docker2/tdarr/configs:/app/configs - /volume2/metadata/docker2/tdarr/logs:/app/logs - /volume1/data/media:/media - /volume3/usenet/tdarr_cache:/temp - /volume3/usenet/tdarr_cache:/cache # Fix: internal node uses /cache path ports: - "8265:8265" - "8266:8266" networks: media2_net: ipv4_address: 172.24.0.15 security_opt: - no-new-privileges:true restart: unless-stopped