daviestechlabs/homelab-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
homelab-design/decisions/0048-entertainment-media-stack.md
Billy D. 5846d0dc16
All checks were successful
Update README with ADR Index / update-readme (push) Successful in 6s
Details
docs: add ADRs 0043-0053 covering remaining architecture gaps 
New ADRs:
- 0043: Cilium CNI and Network Fabric
- 0044: DNS and External Access Architecture
- 0045: TLS Certificate Strategy (cert-manager)
- 0046: Companions Frontend Architecture
- 0047: MLflow Experiment Tracking and Model Registry
- 0048: Entertainment and Media Stack
- 0049: Self-Hosted Productivity Suite
- 0050: Argo Rollouts Progressive Delivery
- 0051: KEDA Event-Driven Autoscaling
- 0052: Cluster Utilities (Spegel, Descheduler, Reloader, CSI-NFS)
- 0053: Vaultwarden Password Management

README updated with table entries and badge count (53 total).
2026-02-09 18:37:14 -05:00

100 lines
5.2 KiB
Markdown
Raw Permalink Blame History

# Entertainment and Media Stack
* Status: accepted
* Date: 2026-02-09
* Deciders: Billy
* Technical Story: Deploy a self-hosted media automation and streaming platform for the homelab
## Context and Problem Statement
Self-hosting media services provides control over content libraries, avoids subscription costs for multiple streaming services, and integrates with the homelab's storage and networking infrastructure.
How do we deploy a complete media management pipeline — from content acquisition to streaming — with minimal manual intervention?
## Decision Drivers
* Automated content discovery, download, and organization
* Single media library shared across all services
* Internal-only access (no public exposure)
* Minimal resource footprint per service
* Integration with NFS storage for large media libraries
## Decision Outcome
Deploy the *arr stack (Sonarr, Radarr, Prowlarr, Bazarr) for automated media management plus Jellyfin for streaming, all sharing a single NFS-backed media volume.
## Architecture
```
┌──────────────────────────────────────────────────────────────┐
│ DISCOVERY & INDEXING │
│ │
│ Prowlarr (indexer manager) │
│ ↓ syncs indexers to │
│ Sonarr (TV) + Radarr (Movies) │
│ ↓ sends requests to │
│ qbittorrent (download client) [suspended — pending VPN] │
│ ↓ downloads to │
│ /media (shared NFS volume) │
│ ↓ organizes into │
│ Sonarr/Radarr import + rename │
│ ↓ subtitle lookup via │
│ Bazarr (subtitle manager) │
└──────────────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────────────┐
│ STREAMING │
│ │
│ Jellyfin (media server) │
│ ← reads from /media (shared NFS volume) │
│ ← transcodes to /config/transcodes (emptyDir) │
│ → streams to LAN clients (web, apps, DLNA) │
└──────────────────────────────────────────────────────────────┘
```
## Components
| Component | Image | Purpose | Resources (req → limit) |
|-----------|-------|---------|------------------------|
| Jellyfin | `jellyfin/jellyfin:10.11.6` | Media server & streaming | 100m/1Gi → —/4Gi |
| Sonarr | `ghcr.io/onedr0p/sonarr:4.0.14.2938` | TV series management | 50m/256Mi → —/1Gi |
| Radarr | `ghcr.io/onedr0p/radarr:5.20.1.9773` | Movie management | 50m/256Mi → —/1Gi |
| Prowlarr | `ghcr.io/onedr0p/prowlarr:1.32.2.4987` | Indexer aggregation | 50m/128Mi → —/512Mi |
| Bazarr | `ghcr.io/onedr0p/bazarr:v1.5.1` | Subtitle management | 50m/256Mi → —/1Gi |
| qbittorrent | `ghcr.io/onedr0p/qbittorrent:5.0.4` | Download client | *Suspended* |
All deployed via bjw-s `app-template` v4.6.2 in the `entertainment` namespace.
## Storage Architecture
| Volume | StorageClass | Size | Access | Mounted By |
|--------|-------------|------|--------|------------|
| `jellyfin-media` | `nfs-slow` | 500Gi | RWX | Jellyfin, Sonarr, Radarr, Bazarr |
| Config PVCs | `longhorn` | 2-10Gi | RWO | One per app |
| Transcodes | `emptyDir` | — | — | Jellyfin only |
The shared `jellyfin-media` NFS volume is the key integration point — *arr apps write organized media files, Jellyfin reads and streams them.
## Network Access
All services are internal-only via `envoy-internal` gateway at `*.lab.daviestechlabs.io`:
| Service | URL |
|---------|-----|
| Jellyfin | `jellyfin.lab.daviestechlabs.io` |
| Sonarr | `sonarr.lab.daviestechlabs.io` |
| Radarr | `radarr.lab.daviestechlabs.io` |
| Prowlarr | `prowlarr.lab.daviestechlabs.io` |
| Bazarr | `bazarr.lab.daviestechlabs.io` |
qbittorrent has a dedicated Cilium LoadBalancer VIP (`10.0.0.210`) for BitTorrent traffic, separate from the HTTP gateway.
## Security
All *arr apps run as non-root (UID 568), with read-only root filesystem and all Linux capabilities dropped. qbittorrent is suspended pending VPN/Multus integration to ensure download traffic is routed through a VPN tunnel.
## Links
* Related to [ADR-0026](0026-storage-strategy.md) (NFS storage for media)
* Related to [ADR-0043](0043-cilium-cni-network-fabric.md) (Multus for qbittorrent VPN)
Reference in New Issue View Git Blame Copy Permalink