HotaruBlaze/homelab-opentofu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add media server

Browse Source
This commit is contained in:
Yuris Cakranegara
2025-08-21 17:42:48 +10:00
parent 60e3a41ac5
commit bce43c4a71
15 changed files with 1239 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
modules/20-services-apps/arr/.env.example Normal file
View File

@@ -0,0 +1,34 @@
# Example secrets for the *arr stack (used via terraform-provider-dotenv)
# Copy to .env in this same directory and fill in values.
# Required keys for helpers
SONARR_API_KEY=
RADARR_API_KEY=
LIDARR_API_KEY=
QBITTORRENT_USERNAME=
QBITTORRENT_PASSWORD=
# Optional keys for Flaresolverr
LOG_LEVEL=info
LOG_HTML=false
CAPTCHA_SOLVER=none
# Optional keys for Decluttarr
# Uncomment and adjust as needed. Defaults shown here align with the README.
#DECLUTTARR_LOG_LEVEL=INFO
#DECLUTTARR_TEST_RUN=False
#DECLUTTARR_REMOVE_TIMER=10
#DECLUTTARR_REMOVE_FAILED=True
#DECLUTTARR_REMOVE_FAILED_IMPORTS=True
#DECLUTTARR_REMOVE_METADATA_MISSING=True
#DECLUTTARR_REMOVE_MISSING_FILES=True
#DECLUTTARR_REMOVE_ORPHANS=True
#DECLUTTARR_REMOVE_SLOW=True
#DECLUTTARR_REMOVE_STALLED=True
#DECLUTTARR_REMOVE_UNMONITORED=True
#DECLUTTARR_RUN_PERIODIC_RESCANS=
#DECLUTTARR_PERMITTED_ATTEMPTS=3
#DECLUTTARR_REMOVAL_QBIT_TAG=stalled
#DECLUTTARR_MIN_DOWNLOAD_SPEED=100
#DECLUTTARR_FAILED_IMPORT_MESSAGE_PATTERNS=
#DECLUTTARR_IGNORED_DOWNLOAD_CLIENTS=

140
modules/20-services-apps/arr/README.md Normal file
View File

@@ -0,0 +1,140 @@
# *arr Stack Module
This module deploys the *arr media stack components as Docker containers and provides a service definition for Jellyseerr to be published via your reverse proxy.
## Overview
The module includes the following containers:
- Sonarr (TV)
- Radarr (Movies)
- Lidarr (Music)
- Bazarr (Subtitles)
- Prowlarr (Indexers)
- Jellyseerr (Requests) — published via reverse proxy
- Flaresolverr (optional helper)
- Unpackerr (post-processing)
- Cleanuparr (cleanup helpers)
- Decluttarr (torrent queue cleanup helper)
All containers share a common `/data` mount (media root) and are attached to the media Docker network. Only Jellyseerr is also attached to the proxy network for reachability by Caddy.
## Usage
```hcl
module "arr" {
source = "./modules/20-services-apps/arr"
volume_path = "/srv/appdata/arr" # host path for config directories
data_path = "/srv/data" # host media root, mounted as /data in containers
downloads_path = "/srv/data/torrents" # host downloads dir, mounted for unpackerr
networks = [module.media_docker_network.name]
proxy_networks = [module.homelab_docker_network.name] # so Jellyseerr is reachable by Caddy
}
```
## Variables
| Variable | Description | Type | Default |
| ------------------ | ------------------------------------------------------------------------------- | -------------- | --------------- |
| `volume_path` | Base directory for config volumes for the *arr stack | `string` | - |
| `data_path` | Base directory for media/data mounted at `/data` | `string` | - |
| `downloads_path` | Directory for downloads mounted at `/data/torrents` (Unpackerr) | `string` | - |
| `networks` | Networks to attach all containers to | `list(string)` | `[]` |
| `proxy_networks` | Extra networks attached only to published services (Jellyseerr) | `list(string)` | `[]` |
| `qbittorrent_host` | Hostname to reach qBittorrent (use `gluetun` when qBittorrent shares Gluetun) | `string` | `"qbittorrent"` |
## Outputs
| Output | Description |
| -------------------- | --------------------------------------------------------------------- |
| `service_definition` | Service definition for integration with networking modules |
## Service Definition
This module outputs a service definition that is used by the networking modules to expose the service.
```hcl
{
name = "jellyseerr"
primary_port = 5055
endpoint = "http://jellyseerr:5055"
subdomains = ["req"]
publish_via = "reverse_proxy"
proxied = false
}
```
## Environment Variables (.env)
This module reads secrets via the `dotenv` provider from a `.env` file located in this module directory. Use `.env.example` as a template.
Required/used keys:
- `SONARR_API_KEY` — for Unpackerr, Cleanuparr, Decluttarr
- `RADARR_API_KEY` — for Unpackerr, Cleanuparr, Decluttarr
- `LIDARR_API_KEY` — for Decluttarr
- `QBITTORRENT_USERNAME` — for Decluttarr
- `QBITTORRENT_PASSWORD` — for Cleanuparr and Decluttarr
- `LOG_LEVEL` — for Flaresolverr (optional)
- `LOG_HTML` — for Flaresolverr (optional)
- `CAPTCHA_SOLVER` — for Flaresolverr (optional)
Optional Decluttarr keys (override defaults as needed):
- `DECLUTTARR_LOG_LEVEL` (default: `INFO`)
- `DECLUTTARR_TEST_RUN` (default: `False`)
- `DECLUTTARR_REMOVE_TIMER` (default: `10`)
- `DECLUTTARR_REMOVE_FAILED` (default: `True`)
- `DECLUTTARR_REMOVE_FAILED_IMPORTS` (default: `True`)
- `DECLUTTARR_REMOVE_METADATA_MISSING` (default: `True`)
- `DECLUTTARR_REMOVE_MISSING_FILES` (default: `True`)
- `DECLUTTARR_REMOVE_ORPHANS` (default: `True`)
- `DECLUTTARR_REMOVE_SLOW` (default: `True`)
- `DECLUTTARR_REMOVE_STALLED` (default: `True`)
- `DECLUTTARR_REMOVE_UNMONITORED` (default: `True`)
- `DECLUTTARR_RUN_PERIODIC_RESCANS` (default: empty)
- `DECLUTTARR_PERMITTED_ATTEMPTS` (default: `3`)
- `DECLUTTARR_REMOVAL_QBIT_TAG` (default: `stalled`)
- `DECLUTTARR_MIN_DOWNLOAD_SPEED` (default: `100`)
- `DECLUTTARR_FAILED_IMPORT_MESSAGE_PATTERNS` (default: empty)
- `DECLUTTARR_IGNORED_DOWNLOAD_CLIENTS` (default: empty)
Note: `TZ`, `PUID`, `PGID` are injected automatically by the generic docker-service module from `modules/00-globals/system` and do not need to be in this `.env`.
## Data Persistence
- Each app stores configuration under `${volume_path}/<app>/...` mounted to `/config` (or as noted by the specific app).
- Media library and downloads are accessed under `/data` inside containers, pointing to `data_path` on the host.
- Unpackerr mounts `downloads_path` to `/data/torrents`.
## Networking
- All containers join `networks` (media network).
- Jellyseerr additionally joins `proxy_networks` for reverse proxy reachability.
## Dependencies
- No explicit inter-container dependencies are defined. Healthchecks are provided for stable orchestration.
- Decluttarr expects to reach `sonarr`, `radarr`, and `lidarr` via internal DNS and qBittorrent at `http://<qbittorrent_host>:8080`. When qBittorrent is routed via Gluetun using `network_mode=container:gluetun`, set `qbittorrent_host = "gluetun"`. Ensure they share the same Docker network.
## Integration with Networking Modules
This service is configured to be exposed through the Caddy reverse proxy, set by `publish_via = "reverse_proxy"`.
## Example Integration in Main Configuration
```hcl
# In services/main.tf
module "arr" {
source = "${local.module_dir}/20-services-apps/arr"
volume_path = "${local.volume_host}/arr"
data_path = local.data_host
downloads_path = "${local.data_host}/torrents"
networks = [module.media_docker_network.name]
proxy_networks = [module.homelab_docker_network.name]
# If qBittorrent shares Gluetun's network namespace, arr should reach it via 'gluetun'
qbittorrent_host = "gluetun"
}
```
The service definition is exported by the `services` module as `module.services.service_definitions` and consumed by networking modules in the root `main.tf`.

280
modules/20-services-apps/arr/main.tf Normal file
View File

@@ -0,0 +1,280 @@
terraform {
required_providers {
dotenv = { source = "germanbrew/dotenv" }
}
}
variable "volume_path" {
description = "Base directory for config volumes for *arr stack"
type = string
}
variable "data_path" {
description = "Base directory for media/data mounted at /data"
type = string
}
variable "downloads_path" {
description = "Directory for downloads mounted at /data/torrents"
type = string
}
variable "networks" {
description = "Networks to attach all containers to"
type = list(string)
default = []
}
variable "proxy_networks" {
description = "Extra networks to attach only to published services (e.g., Jellyseerr)"
type = list(string)
default = []
}
variable "qbittorrent_host" {
description = "Hostname to reach qBittorrent (use 'qbittorrent' normally, 'gluetun' when qBittorrent shares Gluetun network)"
type = string
default = "qbittorrent"
}
locals {
env_file = "${path.module}/.env"
monitoring = true
sonarr_name = "sonarr"
radarr_name = "radarr"
lidarr_name = "lidarr"
bazarr_name = "bazarr"
prowlarr_name = "prowlarr"
jellyseerr_name = "jellyseerr"
flaresolverr_name = "flaresolverr"
unpackerr_name = "unpackerr"
cleanuparr_name = "cleanuparr"
decluttarr_name = "decluttarr"
sonarr_image = "lscr.io/linuxserver/sonarr"
radarr_image = "lscr.io/linuxserver/radarr"
lidarr_image = "lscr.io/linuxserver/lidarr"
bazarr_image = "lscr.io/linuxserver/bazarr"
prowlarr_image = "lscr.io/linuxserver/prowlarr"
jellyseerr_image = "ghcr.io/fallenbagel/jellyseerr"
flaresolverr_image = "21hsmw/flaresolverr"
unpackerr_image = "ghcr.io/unpackerr/unpackerr"
cleanuparr_image = "ghcr.io/cleanuparr/cleanuparr"
decluttarr_image = "ghcr.io/manimatter/decluttarr"
sonarr_port = 8989
radarr_port = 7878
lidarr_port = 8686
bazarr_port = 6767
prowlarr_port = 9696
jellyseerr_port = 5055
flaresolverr_port = 8191
lidarr_healthcheck = { test = ["CMD", "curl", "--fail", "http://127.0.0.1:${local.lidarr_port}/lidarr/ping"], interval = "60s", timeout = "5s", retries = 10 }
bazarr_healthcheck = { test = ["CMD", "curl", "--fail", "http://127.0.0.1:${local.bazarr_port}/bazarr/ping"], interval = "60s", timeout = "5s", retries = 10 }
jellyseerr_healthcheck = { test = ["CMD", "wget", "http://127.0.0.1:${local.jellyseerr_port}/api/v1/status", "-qO", "/dev/null"], interval = "60s", timeout = "5s", retries = 10 }
jellyseerr_env = { LOG_LEVEL = "debug" }
flaresolverr_env = {
LOG_LEVEL = try(provider::dotenv::get_by_key("LOG_LEVEL", local.env_file), "")
LOG_HTML = try(provider::dotenv::get_by_key("LOG_HTML", local.env_file), "")
CAPTCHA_SOLVER = try(provider::dotenv::get_by_key("CAPTCHA_SOLVER", local.env_file), "")
}
unpackerr_env = {
UN_SONARR_0_URL = "http://${local.sonarr_name}:${local.sonarr_port}/sonarr"
UN_SONARR_0_API_KEY = provider::dotenv::get_by_key("SONARR_API_KEY", local.env_file)
UN_RADARR_0_URL = "http://${local.radarr_name}:${local.radarr_port}/radarr"
UN_RADARR_0_API_KEY = provider::dotenv::get_by_key("RADARR_API_KEY", local.env_file)
}
cleanuparr_env = {
QUEUECLEANER__ENABLED = true
QUEUECLEANER__IMPORT_FAILED_MAX_STRIKES = 3
QUEUECLEANER__STALLED_MAX_STRIKES = 3
QUEUECLEANER__DOWNLOADING_METADATA_MAX_STRIKES = 3
QUEUECLEANER__STALLED_RESET_STRIKES_ON_PROGRESS = true
TRIGGERS__QUEUECLEANER = "0 0 0/1 * * ?"
CONTENTBLOCKER__ENABLED = true
CONTENTBLOCKER__IGNORED_DOWNLOADS_PATH = "/usr/ignored.txt"
TRIGGERS__CONTENTBLOCKER = "0 0 0/1 * * ?"
DOWNLOAD_CLIENT = "qBittorrent"
QBITTORRENT__URL = "http://${var.qbittorrent_host}:8080"
QBITTORRENT__PASSWORD = provider::dotenv::get_by_key("QBITTORRENT_PASSWORD", local.env_file)
SONARR__ENABLED = true
SONARR__BLOCK__PATH = "/usr/blacklist.json"
SONARR__INSTANCES__0__URL = "http://${local.sonarr_name}:${local.sonarr_port}/sonarr"
SONARR__INSTANCES__0__APIKEY = provider::dotenv::get_by_key("SONARR_API_KEY", local.env_file)
RADARR__ENABLED = true
RADARR__BLOCK__PATH = "/usr/blacklist.json"
RADARR__INSTANCES__0__URL = "http://${local.radarr_name}:${local.radarr_port}/radarr"
RADARR__INSTANCES__0__APIKEY = provider::dotenv::get_by_key("RADARR_API_KEY", local.env_file)
}
decluttarr_env = {
RADARR_URL = "http://${local.radarr_name}:${local.radarr_port}/radarr"
RADARR_KEY = provider::dotenv::get_by_key("RADARR_API_KEY", local.env_file)
SONARR_URL = "http://${local.sonarr_name}:${local.sonarr_port}/sonarr"
SONARR_KEY = provider::dotenv::get_by_key("SONARR_API_KEY", local.env_file)
LIDARR_URL = "http://${local.lidarr_name}:${local.lidarr_port}/lidarr"
LIDARR_KEY = provider::dotenv::get_by_key("LIDARR_API_KEY", local.env_file)
QBITTORRENT_URL = "http://${var.qbittorrent_host}:8080"
QBITTORRENT_USERNAME = provider::dotenv::get_by_key("QBITTORRENT_USERNAME", local.env_file)
QBITTORRENT_PASSWORD = provider::dotenv::get_by_key("QBITTORRENT_PASSWORD", local.env_file)
LOG_LEVEL = try(provider::dotenv::get_by_key("DECLUTTARR_LOG_LEVEL", local.env_file), "")
TEST_RUN = try(provider::dotenv::get_by_key("DECLUTTARR_TEST_RUN", local.env_file), "")
REMOVE_TIMER = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVE_TIMER", local.env_file), "")
REMOVE_FAILED = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVE_FAILED", local.env_file), "")
REMOVE_FAILED_IMPORTS = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVE_FAILED_IMPORTS", local.env_file), "")
REMOVE_METADATA_MISSING = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVE_METADATA_MISSING", local.env_file), "")
REMOVE_MISSING_FILES = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVE_MISSING_FILES", local.env_file), "")
REMOVE_ORPHANS = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVE_ORPHANS", local.env_file), "")
REMOVE_SLOW = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVE_SLOW", local.env_file), "")
REMOVE_STALLED = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVE_STALLED", local.env_file), "")
REMOVE_UNMONITORED = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVE_UNMONITORED", local.env_file), "")
RUN_PERIODIC_RESCANS = try(provider::dotenv::get_by_key("DECLUTTARR_RUN_PERIODIC_RESCANS", local.env_file), "")
PERMITTED_ATTEMPTS = try(provider::dotenv::get_by_key("DECLUTTARR_PERMITTED_ATTEMPTS", local.env_file), "")
NO_STALLED_REMOVAL_QBIT_TAG = try(provider::dotenv::get_by_key("DECLUTTARR_REMOVAL_QBIT_TAG", local.env_file), "")
MIN_DOWNLOAD_SPEED = try(provider::dotenv::get_by_key("DECLUTTARR_MIN_DOWNLOAD_SPEED", local.env_file), "")
FAILED_IMPORT_MESSAGE_PATTERNS = try(provider::dotenv::get_by_key("DECLUTTARR_FAILED_IMPORT_MESSAGE_PATTERNS", local.env_file), "")
IGNORED_DOWNLOAD_CLIENTS = try(provider::dotenv::get_by_key("DECLUTTARR_IGNORED_DOWNLOAD_CLIENTS", local.env_file), "")
}
}
# Sonarr
module "sonarr" {
source = "../../10-services-generic/docker-service"
container_name = local.sonarr_name
image = local.sonarr_image
volumes = [
{ host_path = "${var.volume_path}/sonarr", container_path = "/config", read_only = false },
{ host_path = var.data_path, container_path = "/data", read_only = false }
]
networks = var.networks
monitoring = local.monitoring
ports = [{ internal = local.sonarr_port, external = local.sonarr_port, protocol = "tcp" }]
}
# Radarr
module "radarr" {
source = "../../10-services-generic/docker-service"
container_name = local.radarr_name
image = local.radarr_image
volumes = [
{ host_path = "${var.volume_path}/radarr", container_path = "/config", read_only = false },
{ host_path = var.data_path, container_path = "/data", read_only = false }
]
networks = var.networks
monitoring = local.monitoring
ports = [{ internal = local.radarr_port, external = local.radarr_port, protocol = "tcp" }]
}
# Lidarr
module "lidarr" {
source = "../../10-services-generic/docker-service"
container_name = local.lidarr_name
image = local.lidarr_image
volumes = [
{ host_path = "${var.volume_path}/lidarr", container_path = "/config", read_only = false },
{ host_path = var.data_path, container_path = "/data", read_only = false }
]
networks = var.networks
monitoring = local.monitoring
healthcheck = local.lidarr_healthcheck
ports = [{ internal = local.lidarr_port, external = local.lidarr_port, protocol = "tcp" }]
}
# Bazarr
module "bazarr" {
source = "../../10-services-generic/docker-service"
container_name = local.bazarr_name
image = local.bazarr_image
volumes = [
{ host_path = "${var.volume_path}/bazarr/config", container_path = "/config", read_only = false },
{ host_path = var.data_path, container_path = "/data", read_only = false }
]
networks = var.networks
monitoring = local.monitoring
healthcheck = local.bazarr_healthcheck
ports = [{ internal = local.bazarr_port, external = local.bazarr_port, protocol = "tcp" }]
}
# Prowlarr
module "prowlarr" {
source = "../../10-services-generic/docker-service"
container_name = local.prowlarr_name
image = local.prowlarr_image
volumes = [
{ host_path = "${var.volume_path}/prowlarr", container_path = "/config", read_only = false }
]
networks = var.networks
monitoring = local.monitoring
ports = [{ internal = local.prowlarr_port, external = local.prowlarr_port, protocol = "tcp" }]
}
# Jellyseerr (published via reverse proxy)
module "jellyseerr" {
source = "../../10-services-generic/docker-service"
container_name = local.jellyseerr_name
image = local.jellyseerr_image
volumes = [{ host_path = "${var.volume_path}/jellyseerr", container_path = "/app/config", read_only = false }]
env_vars = local.jellyseerr_env
networks = concat(var.networks, var.proxy_networks)
monitoring = local.monitoring
healthcheck = local.jellyseerr_healthcheck
ports = [{ internal = local.jellyseerr_port, external = local.jellyseerr_port, protocol = "tcp" }]
}
# Flaresolverr
module "flaresolverr" {
source = "../../10-services-generic/docker-service"
container_name = local.flaresolverr_name
image = local.flaresolverr_image
tag = "nodriver"
env_vars = local.flaresolverr_env
networks = var.networks
monitoring = local.monitoring
ports = [{ internal = local.flaresolverr_port, external = local.flaresolverr_port, protocol = "tcp" }]
}
# Unpackerr
module "unpackerr" {
source = "../../10-services-generic/docker-service"
container_name = local.unpackerr_name
image = local.unpackerr_image
env_vars = local.unpackerr_env
volumes = [{ host_path = var.downloads_path, container_path = "/data/torrents", read_only = false }]
networks = var.networks
monitoring = local.monitoring
}
# Cleanuparr
module "cleanuparr" {
source = "../../10-services-generic/docker-service"
container_name = local.cleanuparr_name
image = local.cleanuparr_image
env_vars = local.cleanuparr_env
volumes = [
{ host_path = "${var.volume_path}/cleanuparr/logs", container_path = "/var/logs", read_only = false },
{ host_path = "${var.volume_path}/cleanuparr/ignored.txt", container_path = "/usr/ignored.txt", read_only = false },
{ host_path = "${var.volume_path}/cleanuparr/blacklist.json", container_path = "/usr/blacklist.json", read_only = false }
]
networks = var.networks
monitoring = local.monitoring
}
module "decluttarr" {
source = "../../10-services-generic/docker-service"
container_name = local.decluttarr_name
image = local.decluttarr_image
env_vars = local.decluttarr_env
networks = var.networks
monitoring = local.monitoring
}
output "service_definition" {
description = "Service definition for Jellyseerr (reverse proxy)"
value = {
name = local.jellyseerr_name
primary_port = local.jellyseerr_port
endpoint = "http://${local.jellyseerr_name}:${local.jellyseerr_port}"
subdomains = ["req"]
publish_via = "reverse_proxy"
proxied = true
}
}