├── LICENSE ├── README.md ├── arr-compose.yml ├── bittorrent-compose.yml ├── docker-compose.yml ├── env ├── arr.env ├── bittorrent.env ├── gluetun.env ├── jellyfin.env ├── plex.env ├── traefik.env └── watchtower.env ├── jellyfin-compose.yml ├── plex-compose.yml └── secrets ├── bittorrent-password.secret ├── bittorrent-user.secret ├── cloudflare-email.secret ├── cloudflare-token.secret ├── openvpn_password.secret ├── openvpn_user.secret ├── plex-claim.secret ├── radarr-api.secret └── sonarr-api.secret /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 pvd-nerd 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Automated Media Management Setup 2 | 3 | After years of trial, error, and endless Reddit dives, I built the guide I wish I had from the start—a clear, step-by-step walkthrough to fully automate your seedbox in a secure, reliable way. Whether you're new or a seasoned tweaker, this will streamline your media setup from start to finish. 4 | 5 | Below is a quick overview of the Docker containers used and what each one does. 6 | 7 | - 🔒 Gluetun: A sleek, all-in-one VPN client supporting multiple providers—your digital Swiss Army knife, ensuring your privacy remains rock-solid while torrenting and streaming. 8 | - 🌐 Traefik: A modern, lightweight reverse proxy and load balancer—your traffic’s front door with smart routing, automatic HTTPS via Let's Encrypt, and seamless Docker integration. Simple to use, powerful to scale. 9 | - ⬇️ qBittorrent: The reliable, open-source alternative to µTorrent, built on Qt and libtorrent-rasterbar, providing a lightweight yet robust solution for downloading torrents with ease. 10 | - 🔄 qBittorrent Port Forwarder: Automatically syncs qBittorrent's ports through Gluetun, ensuring maximum connectivity and optimal speeds without manual port configuration headaches. 11 | - 🎬 Radarr: Automates movie downloads and management—think CouchPotato, but smarter, slicker, and fully integrated into your workflow, making movie management a breeze. 12 | - 📺 Sonarr: Your personal TV assistant, automatically fetching, sorting, renaming, and even upgrading episodes. It monitors RSS feeds and ensures your TV shows are always ready and waiting. 13 | - 🔍 Prowlarr: Centralized management for torrent and Usenet indexers—effortlessly integrated across Sonarr, Radarr, Lidarr, and Readarr, eliminating the hassle of configuring indexers individually for each app. 14 | - 📦 Unpackerr: Watches completed downloads, swiftly unpacking files so they're instantly ready for import by your media apps, removing yet another manual step from your workflow. 15 | - 📝 Overseerr & Jellyseerr: Easy, user-friendly media request tools for Sonarr, Radarr, Plex, and Jellyfin—making content requests and approvals a breeze. 16 | - 📡 Plex & Jellyfin: Stream and organize your media anywhere. Plex offers sleek, remote access; Jellyfin is open-source and privacy-focused—both keep your library beautifully managed. 17 | - 🚢 Watchtower: Automatically keeps your Docker containers up to date with the latest images—set it and forget it for a smoother, more secure stack. 18 | 19 | By the end of this guide, you'll have a powerful, fully-automated media system that's secure, efficient, and hassle-free. 20 | 21 | Check out the full guide here: https://passthebits.com/ 22 | 23 | ## Quick Start 24 | Carefully read the entire compose file before deploying. Comments are included with details and additional supported variables. Confirm that all uncommented service variables and volumes are correctly configured before deploying. The compose file is available on GitHub. 25 | ``` 26 | git clone https://github.com/pvd-nerd/docker-arr-suite $HOME/media_stack 27 | cd $HOME/media_stack 28 | chmod +x media.sh 29 | 30 | # Pull all container images before launch. 31 | sudo docker compose pull 32 | 33 | # Start stack services. Initial startup may take a while. 34 | # If startup fails, consider increasing the `start_period` in the compose file. 35 | sudo docker compose up -d 36 | ``` 37 | 38 | Some containers won't start until environment variables are set. Allow them to restart continuously initially. -------------------------------------------------------------------------------- /arr-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | secrets: 4 | radarr-api: 5 | file: ./secrets/radarr-api.secret 6 | sonarr-api: 7 | file: ./secrets/sonarr-api.secret 8 | 9 | services: 10 | sonarr: 11 | # See more: https://docs.linuxserver.io/images/docker-sonarr 12 | image: lscr.io/linuxserver/sonarr:latest 13 | container_name: sonarr 14 | restart: always 15 | network_mode: service:gluetun 16 | env_file: ./env/arr.env 17 | volumes: 18 | - sonarr:/config 19 | - data:/media 20 | healthcheck: 21 | test: curl -f http://localhost:8989/ping || exit 1 22 | interval: 10s 23 | timeout: 3s 24 | start_period: 60s 25 | labels: 26 | - traefik.enable=true 27 | - traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`) 28 | - traefik.http.routers.sonarr.entrypoints=websecure 29 | - traefik.http.services.sonarr.loadbalancer.server.port=8989 30 | depends_on: 31 | gluetun: 32 | condition: service_healthy 33 | restart: true 34 | traefik: 35 | condition: service_healthy 36 | restart: true 37 | bittorrent: 38 | condition: service_healthy 39 | restart: true 40 | 41 | 42 | radarr: 43 | # See more: https://docs.linuxserver.io/images/docker-radarr 44 | image: lscr.io/linuxserver/radarr:latest 45 | container_name: radarr 46 | restart: always 47 | network_mode: service:gluetun 48 | env_file: ./env/arr.env 49 | volumes: 50 | - radarr:/config 51 | - data:/media 52 | healthcheck: 53 | test: curl -f http://localhost:7878/ping || exit 1 54 | interval: 10s 55 | timeout: 3s 56 | start_period: 60s 57 | labels: 58 | - traefik.enable=true 59 | - traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`) 60 | - traefik.http.routers.radarr.entrypoints=websecure 61 | - traefik.http.services.radarr.loadbalancer.server.port=7878 62 | depends_on: 63 | gluetun: 64 | condition: service_healthy 65 | restart: true 66 | traefik: 67 | condition: service_healthy 68 | restart: true 69 | bittorrent: 70 | condition: service_healthy 71 | restart: true 72 | 73 | prowlarr: 74 | # See more: https://docs.linuxserver.io/images/docker-prowlarr 75 | image: lscr.io/linuxserver/prowlarr:latest 76 | container_name: prowlarr 77 | restart: always 78 | network_mode: service:gluetun 79 | env_file: ./env/arr.env 80 | volumes: 81 | - prowlarr:/config 82 | - data:/media 83 | healthcheck: 84 | test: curl -f http://localhost:9696/ping || exit 1 85 | interval: 10s 86 | timeout: 3s 87 | start_period: 60s 88 | labels: 89 | - traefik.enable=true 90 | - traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`) 91 | - traefik.http.routers.prowlarr.entrypoints=websecure 92 | - traefik.http.services.prowlarr.loadbalancer.server.port=9696 93 | depends_on: 94 | gluetun: 95 | condition: service_healthy 96 | restart: true 97 | traefik: 98 | condition: service_healthy 99 | restart: true 100 | bittorrent: 101 | condition: service_healthy 102 | restart: true 103 | sonarr: 104 | condition: service_healthy 105 | restart: true 106 | radarr: 107 | condition: service_healthy 108 | restart: true 109 | 110 | unpackerr: 111 | # See more: https://unpackerr.zip/docs/install/compose 112 | image: golift/unpackerr 113 | container_name: unpackerr 114 | restart: always 115 | secrets: 116 | - radarr-api 117 | - sonarr-api 118 | env_file: ./env/arr.env 119 | volumes: 120 | - data:/media 121 | - unpackerr:/config 122 | depends_on: 123 | sonarr: 124 | condition: service_healthy 125 | restart: true 126 | radarr: 127 | condition: service_healthy 128 | restart: true 129 | 130 | networks: 131 | default: 132 | name: media_network 133 | driver: bridge 134 | attachable: true 135 | 136 | volumes: 137 | data: # Sonarr, Radarr, Prowlarr, and Unpackerr data mount 138 | driver: local 139 | driver_opts: 140 | type: "nfs" 141 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 142 | device: ":${NFS_VOLUME}/data" 143 | 144 | sonarr: # Sonarr app data. 145 | driver: local 146 | driver_opts: 147 | type: "nfs" 148 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 149 | device: ":${NFS_VOLUME}/docker_data/sonarr" 150 | 151 | radarr: # Radarr app data. 152 | driver: local 153 | driver_opts: 154 | type: "nfs" 155 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 156 | device: ":${NFS_VOLUME}/docker_data/radarr" 157 | 158 | prowlarr: # Prowlarr app data. 159 | driver: local 160 | driver_opts: 161 | type: "nfs" 162 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 163 | device: ":${NFS_VOLUME}/docker_data/prowlarr" 164 | 165 | unpackerr: # unPackerr app data. 166 | driver: local 167 | driver_opts: 168 | type: "nfs" 169 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 170 | device: ":${NFS_VOLUME}/docker_data/unpackerr" -------------------------------------------------------------------------------- /bittorrent-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | secrets: 4 | bittorrent-user: 5 | file: ./secrets/bittorrent-user.secret 6 | bittorrent-password: 7 | file: ./secrets/bittorrent-password.secret 8 | 9 | services: 10 | bittorrent: 11 | # See more: https://docs.linuxserver.io/images/docker-qbittorrent 12 | image: lscr.io/linuxserver/qbittorrent:latest 13 | container_name: bittorrent 14 | restart: always 15 | network_mode: service:gluetun 16 | env_file: ./env/bittorrent.env 17 | volumes: 18 | - bittorrent:/config 19 | - torrent:/media 20 | healthcheck: 21 | test: curl -f http://localhost:8088 || exit 1 22 | interval: 10s 23 | timeout: 3s 24 | start_period: 60s 25 | labels: 26 | - traefik.enable=true 27 | - traefik.http.routers.bittorrent.rule=Host(`bittorrent.${DOMAIN}`) 28 | - traefik.http.routers.bittorrent.entrypoints=websecure 29 | - traefik.http.services.bittorrent.loadbalancer.server.port=8088 30 | depends_on: 31 | gluetun: 32 | condition: service_healthy 33 | restart: true 34 | traefik: 35 | condition: service_healthy 36 | restart: true 37 | 38 | bittorrent_port_forwarder: 39 | # See more: https://github.com/mjmeli/qbittorrent-port-forward-gluetun-server 40 | image: mjmeli/qbittorrent-port-forward-gluetun-server 41 | container_name: bittorrent_port_forwarder 42 | restart: always 43 | secrets: 44 | - bittorrent-user 45 | - bittorrent-password 46 | env_file: ./env/bittorrent.env 47 | depends_on: 48 | bittorrent: 49 | condition: service_healthy 50 | restart: true 51 | 52 | networks: 53 | default: 54 | name: media_network 55 | driver: bridge 56 | attachable: true 57 | 58 | volumes: 59 | torrent: # torrent data mount 60 | driver: local 61 | driver_opts: 62 | type: "nfs" 63 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 64 | device: ":${NFS_VOLUME}/data/torrents" 65 | 66 | bittorrent: # qBittorrent app data. 67 | driver: local 68 | driver_opts: 69 | type: "nfs" 70 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 71 | device: ":${NFS_VOLUME}/docker_data/bittorrent" -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | secrets: 4 | cloudflare-token: 5 | file: ./secrets/cloudflare-token.secret 6 | cloudflare-email: 7 | file: ./secrets/cloudflare-email.secret 8 | openvpn_user: 9 | file: ./secrets/openvpn_user.secret 10 | openvpn_password: 11 | file: ./secrets/openvpn_password.secret 12 | 13 | services: 14 | traefik: 15 | image: traefik 16 | container_name: traefik 17 | restart: always 18 | command: 19 | - --log.level=DEBUG 20 | - --providers.docker=true 21 | - --providers.docker.exposedbydefault=false 22 | - --api.dashboard=false 23 | - --serversTransport.insecureSkipVerify=true 24 | # Set up LetsEncrypt certificate resolver 25 | - --certificatesresolvers.letsencrypt.acme.dnschallenge=true 26 | - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare 27 | - --certificatesResolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53 28 | - --certificatesResolvers.letsencrypt.acme.dnschallenge.delayBeforeCheck=20 29 | - --certificatesresolvers.letsencrypt.acme.email=${EMAIL_ADDRESS} 30 | - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json 31 | # Set up an insecure listener that redirects all traffic to TLS 32 | - --entrypoints.web.address=:80 33 | - --entrypoints.websecure.address=:443 34 | - --entrypoints.web.http.redirections.entrypoint.to=websecure 35 | - --entrypoints.web.http.redirections.entrypoint.scheme=https 36 | # Set up the TLS configuration for our websecure listener 37 | - --entrypoints.websecure.http.tls=true 38 | - --entrypoints.websecure.http.tls.certResolver=letsencrypt 39 | - --entrypoints.websecure.http.tls.domains[0].main=${DOMAIN} 40 | - --entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN} 41 | secrets: 42 | - cloudflare-token 43 | - cloudflare-email 44 | env_file: ./env/traefik.env 45 | ports: 46 | - 80:80 47 | - 443:443 48 | volumes: 49 | - /var/run/docker.sock:/var/run/docker.sock:ro 50 | - letsencrypt:/letsencrypt 51 | healthcheck: 52 | test: netstat -ptan | grep -E "443.*LISTEN" || exit 1 53 | interval: 10s 54 | timeout: 3s 55 | start_period: 60s 56 | 57 | gluetun: 58 | # See more: https://github.com/qdm12/gluetun-wiki 59 | image: qmcgaw/gluetun 60 | container_name: gluetun 61 | restart: always 62 | cap_add: 63 | - NET_ADMIN 64 | devices: 65 | - /dev/net/tun:/dev/net/tun 66 | secrets: 67 | - openvpn_user 68 | - openvpn_password 69 | env_file: ./env/gluetun.env 70 | volumes: 71 | - gluetun:/gluetun 72 | 73 | watchtower: 74 | # See more: https://github.com/containrrr/watchtower 75 | image: containrrr/watchtower 76 | container_name: watchtower 77 | env_file: ./env/watchtower.env 78 | volumes: 79 | - /var/run/docker.sock:/var/run/docker.sock 80 | 81 | include: 82 | - bittorrent-compose.yml 83 | - arr-compose.yml 84 | # - plex-compose.yml 85 | # - jellyfin-compose.yml 86 | 87 | networks: 88 | default: 89 | name: media_network 90 | driver: bridge 91 | attachable: true 92 | 93 | volumes: 94 | letsencrypt: # Traefik Lets Encrypt certs. 95 | driver: local 96 | driver_opts: 97 | type: "nfs" 98 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 99 | device: ":${NFS_VOLUME}/docker_data/letsencrypt" 100 | 101 | gluetun: # Gluetun app data. 102 | driver: local 103 | driver_opts: 104 | type: "nfs" 105 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 106 | device: ":${NFS_VOLUME}/docker_data/gluetun" -------------------------------------------------------------------------------- /env/arr.env: -------------------------------------------------------------------------------- 1 | # arr.env 2 | PUID: 1000 3 | PGID: 1000 4 | TZ: Etc/UTC 5 | # unpackerr.env 6 | UN_LOG_FILE: /config/unpackerr.log 7 | UN_SONARR_0_URL: http://gluetun:8989 8 | # Update with Sonarr API key 9 | UN_SONARR_0_API_KEY: /run/secrets/sonarr-api 10 | UN_RADARR_0_URL: http://gluetun:7878 11 | # Update with Radarr API key 12 | UN_RADARR_0_API_KEY: /run/secrets/radarr-api -------------------------------------------------------------------------------- /env/bittorrent.env: -------------------------------------------------------------------------------- 1 | # qBittorrent 2 | PUID: 1000 3 | PGID: 1000 4 | TZ: Etc/UTC 5 | WEBUI_PORT: 8088 6 | # Bittorrent Port Forwarder 7 | QBT_USERNAME: /run/secrets/bittorrent-user 8 | QBT_PASSWORD: /run/secrets/bittorrent-passowrd 9 | QBT_ADDR: http://gluetun:8088 10 | GTN_ADDR: http://gluetun:8000 -------------------------------------------------------------------------------- /env/gluetun.env: -------------------------------------------------------------------------------- 1 | # gluetun.env 2 | VPN_SERVICE_PROVIDER: private internet access 3 | VPN_TYPE: openvpn 4 | TZ: Etc/UTC 5 | # OpenVPN Settings: 6 | OPENVPN_USER: /run/secrets/openvpn_user 7 | OPENVPN_PASSWORD: /run/secrets/openvpn_password 8 | VPN_PORT_FORWARDING: on 9 | UPDATER_PERIOD: 24h -------------------------------------------------------------------------------- /env/jellyfin.env: -------------------------------------------------------------------------------- 1 | # jellyfin.env 2 | JELLYFIN_PublishedServerUrl: https://jellyfin.${DOMAIN} 3 | # jellyseerr.env 4 | LOG_LEVEL: debug 5 | TZ: Etc/UTC -------------------------------------------------------------------------------- /env/plex.env: -------------------------------------------------------------------------------- 1 | # plex.env 2 | PUID: 1000 3 | PGID: 1000 4 | TZ: Etc/UTC 5 | VERSION: docker 6 | # Get claim from https://account.plex.tv/en/claim 7 | PLEX_CLAIM: /run/secrets/plex-claim 8 | LOG_LEVEL: debug 9 | PORT: 5055 -------------------------------------------------------------------------------- /env/traefik.env: -------------------------------------------------------------------------------- 1 | # traefik.env 2 | CF_DNS_API_TOKEN_FILE: /run/secrets/cloudflare-token 3 | CF_API_EMAIL_FILE: /run/secrets/cloudflare-email -------------------------------------------------------------------------------- /env/watchtower.env: -------------------------------------------------------------------------------- 1 | # watchtower.env 2 | WATCHTOWER_CLEANUP: true 3 | WATCHTOWER_INCLUDE_RESTARTING: true 4 | WATCHTOWER_POLL_INTERVAL: 86400 -------------------------------------------------------------------------------- /jellyfin-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | services: 4 | jellyfin: 5 | image: jellyfin/jellyfin 6 | container_name: jellyfin 7 | restart: always 8 | user: 1000:1000 9 | # Network mode of 'host' exposes the ports on the host. This is needed for DLNA access. 10 | # network_mode: 'host' 11 | volumes: 12 | - jellyfin:/config 13 | - cache:/cache 14 | - media:/media 15 | env_file: ./env/jellyfin.env 16 | labels: 17 | - traefik.enable=true 18 | - traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`) 19 | - traefik.http.routers.jellyfin.entrypoints=websecure 20 | - traefik.http.services.jellyfin.loadbalancer.server.port=8096 21 | depends_on: 22 | traefik: 23 | condition: service_healthy 24 | restart: true 25 | 26 | jellyseerr: 27 | image: fallenbagel/jellyseerr:latest 28 | container_name: jellyseerr 29 | restart: always 30 | env_file: ./env/jellyfin.env 31 | volumes: 32 | - jellyseerr:/app/config 33 | labels: 34 | - traefik.enable=true 35 | - traefik.http.routers.jellyseerr.rule=Host(`jellyseerr.${DOMAIN}`) 36 | - traefik.http.routers.jellyseerr.entrypoints=websecure 37 | - traefik.http.services.jellyseerr.loadbalancer.server.port=5055 38 | depends_on: 39 | traefik: 40 | condition: service_healthy 41 | restart: true 42 | jellyfin: 43 | condition: service_healthy 44 | restart: true 45 | 46 | networks: 47 | default: 48 | name: media_network 49 | driver: bridge 50 | attachable: true 51 | 52 | volumes: 53 | media: # Media library 54 | driver: local 55 | driver_opts: 56 | type: "nfs" 57 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 58 | device: ":${NFS_VOLUME}/data/media" 59 | 60 | jellyseerr: # Jellyseerr app data. 61 | driver: local 62 | driver_opts: 63 | type: "nfs" 64 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 65 | device: ":${NFS_VOLUME}/docker_data/jellyseerr" 66 | 67 | jellyfin: # Jellyfin app data. 68 | driver: local 69 | driver_opts: 70 | type: "nfs" 71 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 72 | device: ":${NFS_VOLUME}/docker_data/jellyfin" 73 | 74 | cache: # Jellyfin cache data. 75 | driver: local 76 | driver_opts: 77 | type: "nfs" 78 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 79 | device: ":${NFS_VOLUME}/docker_data/jellyfin_cache" -------------------------------------------------------------------------------- /plex-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | secrets: 4 | plex-claim: 5 | file: ./secrets/plex-claim.secret 6 | 7 | services: 8 | overseerr: 9 | # See more: https://docs.overseerr.dev/getting-started/installation 10 | image: sctx/overseerr:latest 11 | container_name: overseerr 12 | restart: always 13 | env_file: ./env/plex.env 14 | volumes: 15 | - overseerr:/app/config 16 | healthcheck: 17 | test: wget http://localhost:5055/api/v1/status -qO /dev/null || exit 1 18 | interval: 10s 19 | timeout: 3s 20 | start_period: 60s 21 | labels: 22 | - traefik.enable=true 23 | - traefik.http.routers.overseerr.rule=Host(`overseerr.${DOMAIN}`) 24 | - traefik.http.routers.overseerr.entrypoints=websecure 25 | - traefik.http.services.overseerr.loadbalancer.server.port=5055 26 | depends_on: 27 | traefik: 28 | condition: service_healthy 29 | restart: true 30 | plex: 31 | condition: service_healthy 32 | restart: true 33 | 34 | plex: 35 | # See more: https://docs.linuxserver.io/images/docker-plex/ 36 | image: lscr.io/linuxserver/plex:latest 37 | container_name: plex 38 | restart: always 39 | secrets: 40 | - plex-claim 41 | env_file: ./env/plex.env 42 | volumes: 43 | - plex:/config 44 | - media:/media 45 | healthcheck: 46 | test: curl -f http://localhost:32400/identity || exit 1 47 | interval: 10s 48 | timeout: 3s 49 | start_period: 60s 50 | labels: 51 | - traefik.enable=true 52 | - traefik.http.routers.plex.rule=Host(`plex.${DOMAIN}`) 53 | - traefik.http.routers.plex.entrypoints=websecure 54 | - traefik.http.services.plex.loadbalancer.server.port=32400 55 | depends_on: 56 | traefik: 57 | condition: service_healthy 58 | restart: true 59 | 60 | networks: 61 | default: 62 | name: media_network 63 | driver: bridge 64 | attachable: true 65 | 66 | volumes: 67 | media: # Media library 68 | driver: local 69 | driver_opts: 70 | type: "nfs" 71 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 72 | device: ":${NFS_VOLUME}/data/media" 73 | 74 | overseerr: # Overseerr app data. 75 | driver: local 76 | driver_opts: 77 | type: "nfs" 78 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 79 | device: ":${NFS_VOLUME}/docker_data/overseerr" 80 | 81 | plex: # Plex app data. 82 | driver: local 83 | driver_opts: 84 | type: "nfs" 85 | o: "addr=${NFS_SERVER},rw,tcp,nolock,hard,wsize=65536,rsize=65536" 86 | device: ":${NFS_VOLUME}/docker_data/plex" -------------------------------------------------------------------------------- /secrets/bittorrent-password.secret: -------------------------------------------------------------------------------- 1 | BITTORRENTPASS -------------------------------------------------------------------------------- /secrets/bittorrent-user.secret: -------------------------------------------------------------------------------- 1 | BITTORRENTUSER -------------------------------------------------------------------------------- /secrets/cloudflare-email.secret: -------------------------------------------------------------------------------- 1 | CLOUDFLAREEMAIL -------------------------------------------------------------------------------- /secrets/cloudflare-token.secret: -------------------------------------------------------------------------------- 1 | CLOUDFLAREAPI -------------------------------------------------------------------------------- /secrets/openvpn_password.secret: -------------------------------------------------------------------------------- 1 | OPENVPNPASS -------------------------------------------------------------------------------- /secrets/openvpn_user.secret: -------------------------------------------------------------------------------- 1 | OPENVPNUSER -------------------------------------------------------------------------------- /secrets/plex-claim.secret: -------------------------------------------------------------------------------- 1 | PLEXCLAIM -------------------------------------------------------------------------------- /secrets/radarr-api.secret: -------------------------------------------------------------------------------- 1 | RADARRAPI -------------------------------------------------------------------------------- /secrets/sonarr-api.secret: -------------------------------------------------------------------------------- 1 | SONARRAPI --------------------------------------------------------------------------------