diff --git a/.env.example b/.env.example index a67ff8a..9430157 100644 --- a/.env.example +++ b/.env.example @@ -18,7 +18,6 @@ ACME_EMAIL=your@email.com # ProtonVPN WireGuard — main tunnel (NL/CH, P2P) WG_PRIVATE_KEY=your_wireguard_private_key -WG_PUBLIC_KEY=your_wireguard_public_key WIREGUARD_ADDRESSES=10.2.0.2/32 # ProtonVPN credentials (OpenVPN fallback) @@ -32,7 +31,5 @@ MEDIA_TV_DIR=/mnt/user/media/tv MEDIA_MOVIES_DIR=/mnt/user/media/movies # qBittorrent -QB_USERNAME=admin -QB_PASSWORD=change_me BT_PORT=51413 diff --git a/README.md b/README.md index f946b8d..328f26e 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,34 @@ docker compose -f arr/docker-compose.yml up -d # media pipeline (9 container Each compose file declares `env_file: ./.env`, resolved relative to its own directory — so `arr/docker-compose.yml` needs `arr/.env`. Symlinking keeps one source of truth at the repo root. +### Configuring each services +To configure each service, be sure to use docker internal DNS to let services reach each other on the network `arr_internal` : +- http://prowlarr:9696 +- http://radarr:7878 +- http://gluetun:8080 (qbittorrent) +- http://jellyfin:8096 +- http://sonarr:8989 +- http://bazarr:6767 +- http://seerr:5055 + +### Subdomains +This is the list of subdomains for which you must create `A` records pointing to the Tailscale IP of the machine that hosts Traefik: +- traefik +- bazarr +- jellyfin +- prowlarr +- qbit +- radarr +- seerr +- sonarr + +Note: create full FQDNs (e.g., traefik.example.com) in your DNS zone (alternatively, add them to your hosts file), each pointing to your host's Tailscale IP. + +### qBittorrent +The web UI is at `qbit.example.com` and a temporary password for the `admin` user will be printed to the container log on startup. + +You must then change username/password in the web UI section of settings. If you do not change the password a new one will be generated every time the container starts. + ## Networking & Security This is the part that's actually interesting. The services themselves are standard — the value is in how they're wired together. diff --git a/arr/docker-compose.yml b/arr/docker-compose.yml index 7e1bf6c..6ed0e09 100644 --- a/arr/docker-compose.yml +++ b/arr/docker-compose.yml @@ -48,17 +48,16 @@ services: VPN_SERVICE_PROVIDER: protonvpn VPN_TYPE: wireguard WIREGUARD_PRIVATE_KEY: ${WG_PRIVATE_KEY} - WIREGUARD_PUBLIC_KEY: ${WG_PUBLIC_KEY} + OPENVPN_USER: ${PROTONVPN_USERNAME} + OPENVPN_PASSWORD: ${PROTONVPN_PASSWORD} WIREGUARD_ADDRESSES: ${WG_ADDRESSES:-10.2.0.2/32} # Improved stability settings WIREGUARD_PERSISTENT_KEEPALIVE_INTERVAL: 25s # Increased for better stability SERVER_COUNTRIES: Netherlands,Switzerland SERVER_FEATURES: p2p # Port-forwarding - VPN_PORT_FORWARDING: "on" - VPN_PORT_FORWARDING_PROVIDER: protonvpn - VPN_PORT_FORWARD_ONLY: "on" - PORT_FORWARD_ONLY: "on" + VPN_PORT_FORWARDING: on + PORT_FORWARD_ONLY: on FIREWALL_VPN_INPUT_PORTS: "8080,9999" HEALTH_SERVER_ADDRESS: 0.0.0.0:9999 # DNS Configuration for better resolution @@ -100,9 +99,7 @@ services: PGID: ${PGID:-100} TZ: ${TZ:-Europe/Warsaw} WEBUI_PORT: 8080 - WEBUI_USERNAME: ${QB_USERNAME:-admin} - WEBUI_PASSWORD: ${QB_PASSWORD:?Set QB_PASSWORD in .env} - TORRENTING_PORT: 51413 + TORRENTING_PORT: ${BT_PORT} BIND_TO_INTERFACE: tun0 # Bind qBittorrent to the VPN interface volumes: - ${DATA_DIR}/qbittorrent:/config @@ -248,7 +245,7 @@ services: PGID: ${PGID:-1000} TZ: ${TZ:-Europe/Warsaw} volumes: - - ${DATA_DIR}/seerr/config:/config + - ${DATA_DIR}/seerr/config:/app/config restart: unless-stopped healthcheck: test: ["CMD", "wget", "-qO-", "http://localhost:5055/health"] diff --git a/infra/docker-compose.yml b/infra/docker-compose.yml index bb0abe7..aadee86 100644 --- a/infra/docker-compose.yml +++ b/infra/docker-compose.yml @@ -4,7 +4,7 @@ networks: services: traefik: - image: traefik:v2.10.7 + image: traefik:v3.6.13 container_name: traefik restart: unless-stopped env_file: @@ -20,6 +20,7 @@ services: - CF_API_EMAIL=${CF_API_EMAIL} - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} - TZ=${TZ:-Europe/London} + - DOCKER_API_VERSION=1.52 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ${DATA_DIR}/letsencrypt:/letsencrypt @@ -57,4 +58,4 @@ services: - "traefik.http.middlewares.secureHeaders.headers.stsIncludeSubdomains=true" - "traefik.http.middlewares.secureHeaders.headers.stsPreload=true" - "traefik.http.middlewares.secureHeaders.headers.stsSeconds=31536000" - - "traefik.http.routers.dashboard.middlewares=secureHeaders@docker" \ No newline at end of file + - "traefik.http.routers.dashboard.middlewares=secureHeaders@docker"