commit 9f2c30400d9298243e1e1c99a3a5261ca56f36ec Author: Matthew Avery Date: Fri Feb 20 21:40:30 2026 -0500 arr diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..33a8662 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,252 @@ +services: + flaresolverr: + networks: + - media + image: ghcr.io/flaresolverr/flaresolverr:latest + container_name: flaresolverr + restart: always + user: ${PUID}:${PGID} + volumes: + - /etc/localtime:/etc/localtime:ro + environment: + - TZ=${TZ} + - LOG_LEVEL=${LOG_LEVEL:-info} + - LOG_HTML=${LOG_HTML:-false} + - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} + sonarr: + networks: + - media + - web + depends_on: + - qt + - prowlarr + image: linuxserver/sonarr + container_name: sonarr + restart: always + volumes: + - /etc/localtime:/etc/localtime:ro + - /mnt/data/opt/arr/sonarr/config:/config + - /mnt/data/torrents_complete:/data/torrents_complete + - /mnt/data/shows:/data/shows + - /mnt/data/kids_shows:/data/kids_shows + - /mnt/data/nobackup/sonarr/MediaCover:/config/MediaCover + - /mnt/data/nobackup/sonarr/logs:/config/logs + - /mnt/data/nobackup/sonarr/Backups:/config/Backups + user: ${PUID}:${PGID} + environment: + - TZ=${TZ} + labels: + - "traefik.enable=true" + - "traefik.docker.network=web" + - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN:-averytribe.com}`)" + - "traefik.http.routers.sonarr.entrypoints=websecure" + - "traefik.http.routers.sonarr.tls=true" + - "traefik.http.services.sonarr.loadbalancer.server.port=8989" + - "traefik.http.routers.sonarr.middlewares=authelia@docker" + radarr: + networks: + - media + - web + depends_on: + - qt + - prowlarr + image: linuxserver/radarr + container_name: radarr + user: ${PUID}:${PGID} + environment: + - TZ=${TZ} + volumes: + - /mnt/data/opt/arr/radarr/config:/config + - /mnt/data/movies:/data/movies + - /mnt/data/kids_movies:/data/kids_movies + - /mnt/data/torrents_complete:/data/torrents_complete + - /etc/localtime:/etc/localtime:ro + - /mnt/data/nobackup/radarr/MediaCover:/config/MediaCover + - /mnt/data/nobackup/radarr/logs:/config/logs + - /mnt/data/nobackup/radarr/Backups:/config/Backups + labels: + - "traefik.enable=true" + - "traefik.docker.network=web" + - "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN:-averytribe.com}`)" + - "traefik.http.routers.radarr.entrypoints=websecure" + - "traefik.http.routers.radarr.tls=true" + - "traefik.http.services.radarr.loadbalancer.server.port=7878" + - "traefik.http.routers.radarr.middlewares=authelia@docker" + restart: always + prowlarr: + networks: + - media + - web + image: lscr.io/linuxserver/prowlarr:develop + container_name: prowlarr + restart: always + user: ${PUID}:${PGID} + volumes: + - /etc/localtime:/etc/localtime:ro + - /mnt/data/opt/arr/prowlarr/config:/config + labels: + - "traefik.enable=true" + - "traefik.docker.network=web" + - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN:-averytribe.com}`)" + - "traefik.http.routers.prowlarr.entrypoints=websecure" + - "traefik.http.routers.prowlarr.tls=true" + - "traefik.http.services.prowlarr.loadbalancer.server.port=9696" + - "traefik.http.routers.prowlarr.middlewares=authelia@docker" + qt: + container_name: qt + image: ghcr.io/hotio/qbittorrent + restart: always + environment: + - UMASK=002 + - TZ=${TZ} + - WEBUI_PORTS=8090/tcp,8090/udp + volumes: + - /etc/localtime:/etc/localtime:ro + - /mnt/data/opt/arr/qtorrent/config:/config + - /mnt/data/torrents:/data/torrents + - /mnt/data/torrents_complete:/data/torrents_complete + network_mode: service:gluetun # run on the vpn network + depends_on: + gluetun: + condition: service_healthy + labels: + - "traefik.enable=true" + - "traefik.docker.network=web" + - "traefik.http.routers.qt.rule=Host(`qt.${DOMAIN:-averytribe.com}`)" + - "traefik.http.routers.qt.entrypoints=websecure" + - "traefik.http.routers.qt.tls=true" + - "traefik.http.services.qt.loadbalancer.server.port=8090" + - "traefik.http.routers.qt.middlewares=authelia@docker" + gluetun: + image: qmcgaw/gluetun + container_name: gluetun + restart: always + cap_add: + - NET_ADMIN + volumes: + - /mnt/data/opt/arr/gluetun/config:/gluetun + - /mnt/data/opt/arr/tmp/gluetun:/tmp/gluetun + devices: + - /dev/net/tun:/dev/net/tun + networks: + web: + media: + aliases: + - qt + environment: + - HTTPPROXY=off #change to on if you wish to enable + - SHADOWSOCKS=off #change to on if you wish to enable + - UMASK=002 + - TZ=${TZ} + - VPN_SERVICE_PROVIDER=private internet access + - OPENVPN_USER=${VPN_USER} + - OPENVPN_PASSWORD=${VPN_PASS} + - SERVER_REGIONS=CA Montreal + - PORT_FORWARD_ONLY=true + - VPN_PORT_FORWARDING=on + - FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16 + jellyfin: + image: jellyfin/jellyfin + container_name: jellyfin + user: ${PUID}:${PGID} + devices: + - /dev/bus/usb/002 + ports: + - 8096:8096 + volumes: + - /mnt/data/nobackup/jellyfin/metadata:/metadata + - /mnt/data/opt/arr/jellyfin/config:/config + - /mnt/data/torrents_complete:/mnt/data/torrents_complete + - type: bind + source: /mnt/data/movies + target: /movies + read_only: false + - type: bind + source: /mnt/data/shows + target: /shows + read_only: false + - type: bind + source: /mnt/data/kids_movies + target: /kids_movies + read_only: false + - type: bind + source: /mnt/data/kids_shows + target: /kids_shows + read_only: false + restart: 'unless-stopped' + environment: + - JELLYFIN_PublishedServerUrl=https://media.${DOMAIN:-averytribe.com} + networks: + - web + labels: + - "traefik.enable=true" + - "traefik.http.routers.jellyfin.rule=Host(`media.${DOMAIN:-averytribe.com}`)" + - "traefik.http.routers.jellyfin.entrypoints=websecure" + - "traefik.http.routers.jellyfin.tls=true" + - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" + traefik: + container_name: traefik + image: traefik:v3 + depends_on: + - authelia + - www + command: + - "--api.insecure=false" + - "--api.dashboard=false" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.file.directory=/etc/traefik/dynamic" + - "--providers.file.watch=true" + - "--log.level=WARN" + - "--accesslog=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.websecure.http.tls=true" + - "--entrypoints.websecure.http.tls.certResolver=letsencrypt" + - "--entrypoints.websecure.http.tls.domains[0].main=${DOMAIN:-averytribe.com}" + - "--entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN:-averytribe.com}" + # Let's Encrypt with Cloudflare DNS challenge + - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" + - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" + - "--certificatesresolvers.letsencrypt.acme.email=${EMAIL}" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt-cloudflare/acme.json" + - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53" + ports: + - "80:80" + - "443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./letsencrypt-cloudflare:/letsencrypt-cloudflare + - ./logs:/var/log/traefik + - ./dynamic:/etc/traefik/dynamic + env_file: + - .env + restart: always + networks: + - web + labels: + - "traefik.enable=true" + - "traefik.docker.network=web" + www: + image: nginx:alpine + container_name: www + restart: unless-stopped + volumes: + - ./www:/usr/share/nginx/html:ro + - ./nginx.conf:/etc/nginx/nginx.conf:ro + networks: + - web + labels: + - "traefik.enable=true" + - "traefik.docker.network=web" + - "traefik.http.routers.www.rule=Host(`${DOMAIN:-averytribe.com}`) || Host(`www.${DOMAIN:-averytribe.com}`)" + - "traefik.http.routers.www.entrypoints=websecure" + - "traefik.http.routers.www.tls=true" + - "traefik.http.services.www.loadbalancer.server.port=80" +networks: + media: + name: media + web: + name: web