media-server/docker-compose.yml

# My homelab-media-docker-stack

version: "3"

name: "docker-compose"

services:
  nginx:
    image: "jc21/nginx-proxy-manager:latest"
    container_name: nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "81:81"
    volumes:
      - "${DATA_DIR}/letsencrypt:/etc/letsencrypt"
      - "${DATA_DIR}/nginx:/data"
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
      DISABLE_IPV6: true
    networks:
      default:

  # Downloaders
  sabnzbd:
    image: lscr.io/linuxserver/sabnzbd:latest
    container_name: sabnzbd
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
    volumes:
      - sabnzbd-config:/config
      - ${DATA_DIR}/sabnzbd/downloads:/downloads
      - ${DATA_DIR}/sabnzbd/incomplete:/incomplete
    restart: unless-stopped

  # Indexers
  hydra:
    image: linuxserver/nzbhydra2:latest
    container_name: hydra
    volumes:
      - hydra-config:/config
      - ${DATA_DIR}/sabnzbd/downloads:/downloads
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
    restart: unless-stopped

  # Searchers

  sonarr:
    image: linuxserver/sonarr:latest
    container_name: sonarr
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - sonarr-config:/config
      - ${DATA_DIR}/Media/TV:/tv
      - ${DATA_DIR}/sabnzbd/downloads:/downloads
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
    restart: unless-stopped

  radarr:
    image: linuxserver/radarr:latest
    container_name: radarr
    volumes:
      - radarr-config:/config
      - ${DATA_DIR}/Media/Movies:/movies
      - ${DATA_DIR}/sabnzbd/downloads:/downloads
      - /etc/localtime:/etc/localtime:ro
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
    restart: unless-stopped

  # Plex

  plex:
    image: linuxserver/plex:latest
    container_name: plex
    volumes:
      - plex-config:/config
      - ${DATA_DIR}/Media/TV:/data/tvshows
      - ${DATA_DIR}/Media/Movies:/data/movies
      - ${DATA_DIR}/plex/transcode:/transcode
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
      VERSION: latest
    ports:
      - "32400:32400"
    dns:
      - 8.8.8.8
      - 8.8.4.4
    restart: unless-stopped

  jellyfin:
    image: jellyfin/jellyfin:latest
    container_name: jellyfin
    restart: unless-stopped
    user: ${PUID}:${PGID}
    ports:
      - 8096:8096
    volumes:
      - jellyfin-config:/config
      - jellyfin-cache:/cache
      - ${DATA_DIR}/Media/:/media

  # Library Maintenance
  tdarr:
    image: ghcr.io/haveagitgat/tdarr:2.17.01
    container_name: tdarr
    restart: unless-stopped
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
      internalNode: true
      inContainer: true
    ports:
      - 8266:8266
    volumes:
      - ${DATA_DIR}/tdarr/server:/app/server
      - tdarr-config:/app/configs
      - ${DATA_DIR}/tdarr/logs:/app/logs
      - ${DATA_DIR}/tdarr/transcode_cache:/temp
      - ${DATA_DIR}/Media/:/media
    labels:
      - "com.centurylinklabs.watchtower.enable=false"

  # Heimdall

  heimdall:
    image: linuxserver/heimdall:latest
    container_name: heimdall
    volumes:
      - heimdall-config:/config
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
    restart: unless-stopped

  tautulli:
    image: tautulli/tautulli:latest
    container_name: tautulli
    depends_on:
      - plex
    volumes:
      - tautulli-config:/config
      - ${DATA_DIR}/plex/config/Library/Application\ Support/Plex\ Media\ Server/Logs:/logs:ro
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
    restart: unless-stopped

  overseerr:
    image: linuxserver/overseerr:latest
    container_name: overseerr
    volumes:
      - overseerr-config:/config
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    restart: unless-stopped

  # Updates
  watchtower:
    image: containrrr/watchtower:latest
    container_name: watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  # DNS Ad Blocking
  unbound:
    image: mvance/unbound:latest
    container_name: unbound
    restart: unless-stopped
    volumes:
      - unbound-config:/opt/unbound/etc/unbound
    networks:
      adblocking_vpn:
        ipv4_address: 172.30.0.250

  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    depends_on: [unbound]
    restart: unless-stopped
    hostname: pihole
    dns:
      - 127.0.0.1
      - 10.2.0.200
    environment:
      TZ: ${TZ}
      WEBPASSWORD: ${PIHOLE_PASSWORD}
      PIHOLE_DNS_: 172.30.0.250
      VIRTUAL_HOST: pihole.${DOMAIN}
      WEB_PORT: 53215
    volumes:
      - pihole-config:/etc/pihole/
      - pihole-dnsmasq:/etc/dnsmasq.d/
    cap_add:
      - NET_ADMIN
    networks:
      default:
      adblocking_vpn:
        ipv4_address: 172.30.0.245
    labels:
      - "com.centurylinklabs.watchtower.enable=false"

  tailscale:
    image: "tailscale/tailscale:stable"
    container_name: tailscale
    hostname: tailscale
    volumes:
      - tailscale-config:/var/lib/
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    command: tailscaled
    privileged: true
    restart: unless-stopped
    networks:
      adblocking_vpn:
      default:

  #   wg-easy:
  #     image: weejewel/wg-easy
  #     container_name: wg-easy
  #     depends_on: [unbound, pihole]
  #     ports:
  #       - 51820:51820/udp
  #     cap_add:
  #       - NET_ADMIN
  #       - SYS_MODULE
  #     sysctls:
  #       - net.ipv4.conf.all.src_valid_mark=1
  #       - net.ipv4.ip_forward=1
  #     volumes:
  #       - ${DATA_DIR}/wg-easy:/etc/wireguard
  #     environment:
  #       WG_HOST: vpn.${DOMAIN}
  #       WG_DEFAULT_DNS: 172.30.0.245
  #       WG_ALLOWED_IPS: 10.0.0.0/16,172.30.0.0/24
  #       PASSWORD: ${WG_UI_PASSWORD}
  #     networks:
  #       adblocking_vpn:
  #       default:

  # Cloudflare DDNS
  cloudflare-ddns:
    image: timothyjmiller/cloudflare-ddns:latest
    container_name: cloudflare-ddns
    restart: unless-stopped
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
    security_opt:
      - no-new-privileges:true
    volumes:
      - /etc/cloudflare-ddns/config.json:/config.json

volumes:
  plex-config:
  sonarr-config:
  radarr-config:
  sabnzbd-config:
  hydra-config:
  heimdall-config:
  tautulli-config:
  overseerr-config:
  tdarr-config:
  pihole-config:
  pihole-dnsmasq:
  unbound-config:
  jellyfin-config:
  jellyfin-cache:
  tailscale-config:

networks:
  default:
    external: true
    name: private
  adblocking_vpn:
    ipam:
      driver: default
      config:
        - subnet: 172.30.0.0/24