497 lines
14 KiB
YAML
497 lines
14 KiB
YAML
# Arr Suite - Media automation stack
|
|
# Services: Sonarr, Radarr, Prowlarr, Bazarr, Lidarr, Tdarr, LazyLibrarian, Audiobookshelf
|
|
# Manages TV shows, movies, music, books, audiobooks downloads and organization
|
|
# GitOps Test: Stack successfully deployed and auto-updating
|
|
#
|
|
# Storage Configuration (2026-02-01):
|
|
# - Downloads: /volume3/usenet (Synology SNV5420 NVMe RAID1 - 621 MB/s)
|
|
# - Media: /volume1/data (SATA RAID6 - 84TB)
|
|
# - Configs: /volume2/metadata/docker2 (Crucial P310 NVMe RAID1)
|
|
#
|
|
# Volume 3 created for fast download performance using 007revad's Synology_M2_volume script
|
|
#
|
|
# Theming: Self-hosted theme.park (Dracula theme)
|
|
# - TP_DOMAIN uses docker gateway IP to reach host's theme-park container
|
|
# - Deploy theme-park stack first: Atlantis/theme-park/theme-park.yaml
|
|
version: "3.8"
|
|
|
|
x-themepark: &themepark
|
|
TP_SCHEME: "http"
|
|
TP_DOMAIN: "192.168.0.200:8580"
|
|
TP_THEME: "dracula"
|
|
|
|
networks:
|
|
media2_net:
|
|
driver: bridge
|
|
name: media2_net
|
|
ipam:
|
|
config:
|
|
- subnet: 172.24.0.0/24
|
|
gateway: 172.24.0.1
|
|
|
|
services:
|
|
|
|
wizarr:
|
|
image: ghcr.io/wizarrrr/wizarr:latest
|
|
container_name: wizarr
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- DISABLE_BUILTIN_AUTH=true
|
|
volumes:
|
|
- /volume2/metadata/docker2/wizarr:/data/database
|
|
ports:
|
|
- "5690:5690"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.2
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
tautulli:
|
|
image: lscr.io/linuxserver/tautulli:latest
|
|
container_name: tautulli
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:tautulli
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/tautulli:/config
|
|
ports:
|
|
- "8181:8181"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.12
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
prowlarr:
|
|
image: lscr.io/linuxserver/prowlarr:latest
|
|
container_name: prowlarr
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:prowlarr
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/prowlarr:/config
|
|
ports:
|
|
- "9696:9696"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.6
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
flaresolverr:
|
|
image: flaresolverr/flaresolverr:latest
|
|
container_name: flaresolverr
|
|
environment:
|
|
- TZ=America/Los_Angeles
|
|
ports:
|
|
- "8191:8191"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.4
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
sabnzbd:
|
|
image: lscr.io/linuxserver/sabnzbd:latest
|
|
container_name: sabnzbd
|
|
network_mode: host
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sabnzbd
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/sabnzbd:/config
|
|
- /volume3/usenet/incomplete:/data/incomplete
|
|
- /volume3/usenet/complete:/data/complete
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
jackett:
|
|
image: lscr.io/linuxserver/jackett:latest
|
|
container_name: jackett
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:jackett
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/jackett:/config
|
|
- /volume1/data:/downloads
|
|
ports:
|
|
- "9117:9117"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.11
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
sonarr:
|
|
image: lscr.io/linuxserver/sonarr:latest
|
|
container_name: sonarr
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:sonarr
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/sonarr:/config
|
|
- /volume1/data:/data
|
|
- /volume3/usenet:/sab
|
|
- /volume2/torrents:/downloads # Deluge download dir — required for torrent import
|
|
ports:
|
|
- "8989:8989"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.7
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
lidarr:
|
|
image: lscr.io/linuxserver/lidarr:latest
|
|
container_name: lidarr
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:lidarr
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/lidarr:/config
|
|
- /volume1/data:/data
|
|
- /volume3/usenet:/sab
|
|
# arr-scripts: custom init scripts for Deezer integration via deemix
|
|
# Config: /volume2/metadata/docker2/lidarr/extended.conf (contains ARL token, not in git)
|
|
# Setup: https://github.com/RandomNinjaAtk/arr-scripts
|
|
- /volume2/metadata/docker2/lidarr-scripts/custom-services.d:/custom-services.d
|
|
- /volume2/metadata/docker2/lidarr-scripts/custom-cont-init.d:/custom-cont-init.d
|
|
ports:
|
|
- "8686:8686"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.9
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
radarr:
|
|
image: lscr.io/linuxserver/radarr:latest
|
|
container_name: radarr
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:radarr
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/radarr:/config
|
|
- /volume1/data:/data
|
|
- /volume3/usenet:/sab
|
|
- /volume2/torrents:/downloads # Deluge download dir — required for torrent import
|
|
ports:
|
|
- "7878:7878"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.8
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
# Readarr retired - replaced with LazyLibrarian + Audiobookshelf
|
|
|
|
lazylibrarian:
|
|
image: lscr.io/linuxserver/lazylibrarian:latest
|
|
container_name: lazylibrarian
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:lazylibrarian|ghcr.io/linuxserver/mods:lazylibrarian-calibre
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/lazylibrarian:/config
|
|
- /volume1/data:/data
|
|
- /volume3/usenet:/sab
|
|
- /volume2/torrents:/downloads # Deluge download dir — required for torrent import
|
|
- /volume2/metadata/docker2/lazylibrarian-scripts/custom-cont-init.d:/custom-cont-init.d # patch tracker-less torrent handling
|
|
ports:
|
|
- "5299:5299"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.5
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
audiobookshelf:
|
|
image: ghcr.io/advplyr/audiobookshelf:latest
|
|
container_name: audiobookshelf
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
volumes:
|
|
- /volume2/metadata/docker2/audiobookshelf:/config
|
|
- /volume1/data/media/audiobooks:/audiobooks
|
|
- /volume1/data/media/podcasts:/podcasts
|
|
- /volume1/data/media/ebooks:/ebooks
|
|
ports:
|
|
- "13378:80"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.16
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
# Bazarr - subtitle management for Sonarr and Radarr
|
|
# Web UI: http://192.168.0.200:6767
|
|
# Language profile: English (profile ID 1), no mustContain filter
|
|
# Providers: REDACTED_APP_PASSWORD (vishinator), podnapisi, yifysubtitles, subf2m, subsource, subdl, animetosho
|
|
# NOTE: OpenSubtitles.com may be IP-blocked — submit unblock request at opensubtitles.com/support
|
|
# Notifications: Signal API via homelab-vm:8080 → REDACTED_PHONE_NUMBER
|
|
# API keys stored in: /volume2/metadata/docker2/bazarr/config/config.yaml (not in repo)
|
|
bazarr:
|
|
image: lscr.io/linuxserver/bazarr:latest
|
|
container_name: bazarr
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:bazarr
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/bazarr:/config
|
|
- /volume1/data:/data
|
|
- /volume3/usenet:/sab
|
|
ports:
|
|
- "6767:6767"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.10
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
whisparr:
|
|
image: ghcr.io/hotio/whisparr:nightly
|
|
container_name: whisparr
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- TP_HOTIO=true
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/whisparr:/config
|
|
- /volume1/data:/data
|
|
- /volume3/usenet/complete:/sab/complete
|
|
- /volume3/usenet/incomplete:/sab/incomplete
|
|
ports:
|
|
- "6969:6969"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.3
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
plex:
|
|
image: lscr.io/linuxserver/plex:latest
|
|
container_name: plex
|
|
network_mode: host
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- VERSION=docker
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:plex
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/plex:/config
|
|
- /volume1/data/media:/data/media
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
jellyseerr:
|
|
image: fallenbagel/jellyseerr:latest
|
|
container_name: jellyseerr
|
|
user: "1029:100"
|
|
environment:
|
|
- TZ=America/Los_Angeles
|
|
# Note: Jellyseerr theming requires CSS injection via reverse proxy or browser extension
|
|
# theme.park doesn't support DOCKER_MODS for non-linuxserver images
|
|
volumes:
|
|
- /volume2/metadata/docker2/jellyseerr:/app/config
|
|
ports:
|
|
- "5055:5055"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.14
|
|
dns:
|
|
- 9.9.9.9
|
|
- 1.1.1.1
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
gluetun:
|
|
image: qmcgaw/gluetun:v3.38.0
|
|
container_name: gluetun
|
|
privileged: true
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
|
|
labels:
|
|
- com.centurylinklabs.watchtower.enable=false
|
|
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
|
|
# --- WireGuard ---
|
|
- VPN_SERVICE_PROVIDER=custom
|
|
- VPN_TYPE=wireguard
|
|
|
|
- WIREGUARD_PRIVATE_KEY=aAavqcZ6sx3IlgiH5Q8m/6w33mBu4M23JBM8N6cBKEU= # pragma: allowlist secret
|
|
- WIREGUARD_ADDRESSES=10.2.0.2/32
|
|
- WIREGUARD_DNS=10.2.0.1
|
|
|
|
- WIREGUARD_PUBLIC_KEY=FrVOQ+Dy0StjfwNtbJygJCkwSJt6ynlGbQwZBZWYfhc=
|
|
- WIREGUARD_ALLOWED_IPS=0.0.0.0/0,::/0
|
|
|
|
- WIREGUARD_ENDPOINT_IP=79.127.185.193
|
|
- WIREGUARD_ENDPOINT_PORT=51820
|
|
|
|
volumes:
|
|
- /volume2/metadata/docker2/gluetun:/gluetun
|
|
|
|
ports:
|
|
- "8112:8112" # Deluge WebUI
|
|
- "58946:58946" # Torrent TCP
|
|
- "58946:58946/udp" # Torrent UDP
|
|
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.20
|
|
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "wget -qO /dev/null http://127.0.0.1:9999 2>/dev/null || exit 1"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 6
|
|
start_period: 30s
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
|
|
deluge:
|
|
image: lscr.io/linuxserver/deluge:latest
|
|
container_name: deluge
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:deluge
|
|
- TP_SCHEME=http
|
|
- TP_DOMAIN=192.168.0.200:8580
|
|
- TP_THEME=dracula
|
|
volumes:
|
|
- /volume2/metadata/docker2/deluge:/config
|
|
- /volume2/torrents:/downloads
|
|
network_mode: "service:gluetun"
|
|
depends_on:
|
|
gluetun:
|
|
condition: service_healthy
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|
|
|
|
tdarr:
|
|
image: ghcr.io/haveagitgat/tdarr:latest
|
|
container_name: tdarr
|
|
environment:
|
|
- PUID=1029
|
|
- PGID=100
|
|
- TZ=America/Los_Angeles
|
|
- UMASK=022
|
|
- serverIP=0.0.0.0
|
|
- serverPort=8266
|
|
- webUIPort=8265
|
|
- internalNode=true
|
|
- inContainer=true
|
|
- ffmpegVersion=6
|
|
- nodeName=Atlantis
|
|
volumes:
|
|
- /volume2/metadata/docker2/tdarr/server:/app/server
|
|
- /volume2/metadata/docker2/tdarr/configs:/app/configs
|
|
- /volume2/metadata/docker2/tdarr/logs:/app/logs
|
|
- /volume1/data/media:/media
|
|
- /volume3/usenet/tdarr_cache:/temp
|
|
- /volume3/usenet/tdarr_cache:/cache # Fix: internal node uses /cache path
|
|
ports:
|
|
- "8265:8265"
|
|
- "8266:8266"
|
|
networks:
|
|
media2_net:
|
|
ipv4_address: 172.24.0.15
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: unless-stopped
|