jsbeckr/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
homelab/docs/rrr.md
Jens fe6ce5249e add knecht
2026-04-04 14:34:22 +02:00

85 lines
4.7 KiB
Markdown
Raw Permalink Blame History

# rrr — Media Automation Stack
**Purpose:** Automated media acquisition pipeline (TV + movies) routed entirely through MullvadVPN.
| Service | Image | Web UI |
| --------- | -------------------------------------- | ---------------------------------------- |
| gluetun | `qmcgaw/gluetun:latest` | — |
| Sonarr | `lscr.io/linuxserver/sonarr:latest` | <https://sonarr.home.jens.pub> |
| Radarr | `lscr.io/linuxserver/radarr:latest` | <https://radarr.home.jens.pub> |
| Prowlarr | `lscr.io/linuxserver/prowlarr:latest> | <https://prowlarr.home.jens.pub> |
| SABnzbd | `lscr.io/linuxserver/sabnzbd:latest` | <https://sabnzbd.home.jens.pub> |
| Compose | [`../services/rrr/docker-compose.yml`](../services/rrr/docker-compose.yml) | |
---
## Architecture
All traffic from this stack is forced through MullvadVPN via **gluetun**. Sonarr, Radarr, Prowlarr, and NZBGet all set `network_mode: service:gluetun`, which means they share gluetun's network namespace. Any outbound connection from these containers exits through the WireGuard tunnel — they have no direct internet access.
```
Traefik (proxy network)
└── gluetun (proxy network + WireGuard tunnel to Mullvad)
│ (shared network namespace via network_mode: service:gluetun)
├── sonarr :8989 — TV show management
├── radarr :7878 — Movie management
├── prowlarr :9696 — Indexer management (feeds Sonarr + Radarr)
└── sabnzbd :8080 — Usenet downloader
```
Since all four containers share one network namespace, they communicate with each other via `localhost:<port>`. Use these addresses when configuring integrations:
| Connection | Address |
| ------------------- | ------------------------- |
| Prowlarr → Sonarr | `http://localhost:8989` |
| Prowlarr → Radarr | `http://localhost:7878` |
| Sonarr → SABnzbd | `http://localhost:8080` |
| Radarr → SABnzbd | `http://localhost:8080` |
Traefik labels live on gluetun (not the individual apps) because gluetun is the only container attached to the `proxy` network. Each router explicitly references its service with the correct backend port.
Sonarr, Radarr, and NZBGet all mount the same `DOWNLOADS_PATH` so completed downloads are immediately available for import.
---
## Environment Variables
Set these in Portainer's stack environment variables when deploying.
| Variable | Description |
| ---------------------- | ------------------------------------------------------------- |
| `WIREGUARD_PRIVATE_KEY` | WireGuard private key from Mullvad account |
| `WIREGUARD_ADDRESSES` | WireGuard IP assigned by Mullvad (e.g. `10.66.109.243/32`) |
| `SERVER_CITIES` | Optional preferred cities (e.g. `Gothenburg,Stockholm`) |
| `PUID` | Host user ID for volume file ownership (`id -u`) |
| `PGID` | Host group ID for volume file ownership (`id -g`) |
| `TZ` | Timezone (e.g. `Europe/Berlin`) |
| `TV_PATH` | Host path to TV library |
| `MOVIES_PATH` | Host path to movies library |
| `DOWNLOADS_PATH` | Host path to NZBGet downloads directory |
To get the WireGuard credentials: log in to mullvad.net → Account → WireGuard configuration → Generate key → download the config file. Copy `PrivateKey` and `Address` from that file.
---
## Volumes
| Volume | Mount | Purpose |
| ---------------- | -------------------- | ------------------------------ |
| `gluetun_data` | `/gluetun` | gluetun state and cert cache |
| `sonarr_config` | `/config` | Sonarr database and settings |
| `radarr_config` | `/config` | Radarr database and settings |
| `prowlarr_config`| `/config` | Prowlarr database and settings |
| `sabnzbd_config` | `/config` | SABnzbd config and scripts |
| `${TV_PATH}` | `/tv` | TV library (Sonarr) |
| `${MOVIES_PATH}` | `/movies` | Movies library (Radarr) |
| `${DOWNLOADS_PATH}` | `/downloads` | Shared download dir (all) |
---
## Networks
- **gluetun**: `proxy` (external) — only container Traefik can reach
- **sonarr / radarr / prowlarr / nzbget**: `network_mode: service:gluetun` — no independent network attachment
Reference in New Issue View Git Blame Copy Permalink