Untitled

#--------------------------------------------------------------------------------------------------
#
# tl;dr -
#    - all services (besides plex) share a docker network, with qbittorent and prowlarr networking
#      configured thru the vpn (gluetun).
#    - non-VPN services like sonarr/radarr have static IPs set with hostnames mapped in the vpn service
#      this way all services can talk to each other via hostname. services behind vpn use `vpn` for hostanme
#    - services behind the vpn automatically restart after it reconnects
#      (fixed issues with qbittorrent not working until restarted)
#    - per-service settings documented below, ones that were configure or changed from their default
#    - create a .env file in the same directory as this yml file with the variables below
#
#
# ENV VARS:
#    BASE_DIR=/media/data # path to root of main storage, where downloads and media libraries are stored
#    CFG_DIR=/media/data/config  # root path to where configs are stored
#    PUID=1000  # user id that services to run as non-root for written file ownership
#    PGID=1000  # group id that services to run as non-root for written file ownership
#    TZ=America/Chicago  # timezone for containers, e.g. log timestamps
#    VPN_FORWARDED_PORT=35111 # port-forward configured in AirVPN
#
# Other misc settings:
#   - host firewall: allow port 32400 (plex)
#   - static host ip reservation in dhcp server (pihole)
#   - router firewall: allow 1637/udp to host internal ip (AirVPN)
#
#--------------------------------------------------------------------------------------------------

name: servarr

# common envvars for most services
x-base-env: &base-env
  TZ: ${TZ}
  PUID: ${PUID}
  PGID: ${PGID}


# common config for any services using the vpn
x-vpn-service: &vpn-service
  network_mode: service:vpn  # implies depends_on for vpn
  restart: always
  healthcheck:
    # appears that services behind the vpn lose access to the network after it reconnects
    # if we can't ping the vpn, then it probably restarted/reconnected
    # exit the container and let it restart.
    test: ping -c 2 vpn || kill 1
    interval: 30s
    timeout: 2s
    retries: 1
    start_period: 10s  # wait a little for the vpn to reconnect first

# common config for the non-vpn'd *arr servicers
x-arr-service: &arr-service
  environment:
    <<: *base-env
  restart: unless-stopped


networks:
  # network for all services
  arr-net:
    ipam:
      config:
       - subnet: 172.0.0.0/16


services:
  #----------------------------------------------------------------------------
  # VPN - gluetun + AirVPN
  #----------------------------------------------------------------------------
  vpn:
    image: qmcgaw/gluetun:v3.39
    container_name: vpn
    hostname: vpn
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      TZ: ${TZ}
      VPN_SERVICE_PROVIDER: airvpn
      VPN_TYPE: wireguard
      FIREWALL_VPN_INPUT_PORTS: ${VPN_FORWARDED_PORT}
      HEALTH_VPN_DURATION_INITIAL: 30s  # slow down healthchecks
      HEALTH_SUCCESS_WAIT_DURATION: 30s
      DOT: 'off'  # disable DNS over TLS - caused a bunch of timeouts, leading to restarts
    volumes:
      - ${BASE_DIR}/config/wireguard/config:/config
      # uses conf file from airvpn over envvars (removed ipv6 addrs tho)
      - ${BASE_DIR}/config/wireguard/airvpn.conf:/gluetun/wireguard/wg0.conf
    ports:
      # expose ports for services behind vpn
      - 8090:8090 # qbittorrent ui
      - 9696:9696 # prowlarr ui
    networks:
      - arr-net
    extra_hosts:
      # use static ips for non-vpn'd services, map hostnames here (e.g. for prowlarr)
      - sonarr=172.0.0.11
      - radarr=172.0.0.12
    restart: always

  #----------------------------------------------------------------------------
  # QBittorrent
  #----------------------------------------------------------------------------
  #  Options:
  #    Downloads:
  #      [x] Use subcategories
  #    Connection:
  #      Peer connection protocol: TCP
  #      [ ] Use UPnP / NAT-PMP port forwarding from my router
  #    Advanced:
  #      Network interface: tun0
  #      Reannounce to all trackers when IP or port changed: [x]
  #      μTP-TCP mixed mode algorithm: Prefer TCP
  #
  #----------------------------------------------------------------------------
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    <<: *vpn-service
    environment:
      <<: *base-env
      UMASK_SET: 022
      WEBUI_PORT: 8090
      TORRENTING_PORT: ${VPN_FORWARDED_PORT}
    volumes:
        - ${CFG_DIR}/qbt:/config
        - ${BASE_DIR}:/data
  #----------------------------------------------------------------------------
  # Prowlarr
  #----------------------------------------------------------------------------
  #  Settings > Apps:
  #    Radarr:
  #      Prowlarr server: http://vpn:9696
  #      Radarr server: http://radarr:7878
  #      API Key: {from Radarr: Settings > General}
  #    Sonarr:
  #      Prowlarr server: http://vpn:9696
  #      Sonarr server: http://sonarr:7878
  #      API Key: {from Radarr: Settings > General}
  #----------------------------------------------------------------------------
  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: prowlarr
    <<: *vpn-service
    environment:
      <<: *base-env
    volumes:
      - ${CFG_DIR}/prowlarr:/config

  #----------------------------------------------------------------------------
  # Sonarr
  #----------------------------------------------------------------------------
  #  Settings:
  #    Media Management:
  #      RootFolders: /data/video/tv
  #      Use Hardlinks instead of Copy [x]
  #    Download Clients:
  #      QBittorrent:
  #        Host: vpn
  #        Port: 8090
  #        Username: admin
  #        Password: <todo>
  #        Category: tv
  #----------------------------------------------------------------------------
  sonarr:
    image: lscr.io/linuxserver/sonarr:latest
    container_name: sonarr
    hostname: sonarr
    <<: *arr-service
    volumes:
      - ${CFG_DIR}/sonarr:/config
      - ${BASE_DIR}:/data
    networks:
      arr-net:
        ipv4_address: 172.0.0.11
    ports:
      - 8989:8989  # web ui port

  #----------------------------------------------------------------------------
  # Radarr
  #----------------------------------------------------------------------------
  #  Settings:
  #    Media Management:
  #      RootFolders: /data/video/movies
  #      Use Hardlinks instead of Copy [x]
  #    Download Clients:
  #      QBittorrent:
  #        Host: vpn
  #        Port: 8090
  #        Username: admin
  #        Password: <todo>
  #        Category: movies
  #----------------------------------------------------------------------------
  radarr:
    image: lscr.io/linuxserver/radarr:latest
    container_name: radarr
    hostname: radarr
    <<: *arr-service
    volumes:
      - ${CFG_DIR}/radarr:/config
      - ${BASE_DIR}:/data
    networks:
      arr-net:
        ipv4_address: 172.0.0.12
    ports:
      - 7878:7878 # web ui port

  #----------------------------------------------------------------------------
  # Plex
  #----------------------------------------------------------------------------
  #  Uses host networking, accessible from anything on the network (e.g. tv)
  #----------------------------------------------------------------------------
  plex:
    image: lscr.io/linuxserver/plex:latest
    container_name: plex
    network_mode: host
    devices:
      - /dev/dri:/dev/dri  # for intel graphics
    environment:
      <<: *base-env
      VERSION: docker
      PLEX_CLAIM: <todo>
    volumes:
      - ${CFG_DIR}/plex:/config
      # library directories:
      - ${BASE_DIR}/video/tv:/tv
      - ${BASE_DIR}/video/movies:/movies
    restart: unless-stopped