Code/storage

storage

Ansible role that provisions my storage server.

yannick

README

Storage Services Role

Comprehensive media automation and backup services role for homelab environments.

Overview

This role deploys a complete media automation and backup stack including:

  • Jellyfin: Media server for streaming movies, TV shows, music
  • Arr Stack: Automated media acquisition (Sonarr, Radarr, Prowlarr, LazyLibrarian)
  • Gluetun VPN: Secure VPN container for Arr stack traffic
  • Calibre Stack: Ebook management (Calibre + Calibre-Web)
  • Restic Server: Self-hosted backup solution

Services Included

Media Server

  • Jellyfin (Port 8096): Media streaming server with transcoding support

Media Automation (Arr Stack)

  • Sonarr (Port 8989): TV show automation
  • Radarr (Port 7878): Movie automation
  • Prowlarr (Port 9696): Indexer management
  • LazyLibrarian (Port 5299): Ebook/audiobook automation
  • Flaresolverr (Port 8191): Cloudflare bypass for protected indexers
  • Gluetun: VPN container for secure traffic routing

Ebook Management

  • Calibre Server (Port 8083): Full-featured ebook management
  • Calibre-Web (Port 8084): Web interface for library access

Backup Solution

  • Restic Server (Port 8000): REST-based backup repository server

Requirements

  • Docker and Docker Compose installed
  • Sufficient storage space mounted at /mnt/rstorage (default)
  • Network access for media downloads (if using Arr stack)
  • VPN credentials if using Gluetun for secure downloads

Usage

Basic Deployment

# In your host variables
storage_enabled: true
jellyfin_enabled: true
arr_stack_enabled: true
calibre_enabled: true
restic_backup_server_enabled: true

Deploy to Storage Servers

# Deploy all storage services
ansible-playbook -i inventory/hosts site.yml --limit storage_servers --tags "core,storage"

# Deploy only specific services
ansible-playbook -i inventory/hosts site.yml --limit storage_servers --tags "jellyfin"
ansible-playbook -i inventory/hosts site.yml --limit storage_servers --tags "arr-stack"

Configuration

Required Vault Variables

For secure operation, configure these encrypted variables:

# VPN Configuration (for Gluetun)
vpn_service_provider: "nordvpn"  # or "surfshark", "expressvpn", etc.
wireguard_private_key: "your_wireguard_private_key"
wireguard_addresses: "10.x.x.x/32"

# Alternative OpenVPN credentials
openvpn_user: "your_vpn_username"
openvpn_password: "your_vpn_password"

# Backup Authentication
restic_backup_username: "backup_user"
restic_backup_password: "secure_backup_password"

# Optional: Service admin credentials
jellyfin_admin_username: "admin"
jellyfin_admin_password: "secure_password"
calibre_web_admin_username: "admin"
calibre_web_admin_password: "secure_password"

Storage Configuration

# Storage paths (customize as needed)
storage_base_path: "/mnt/rstorage"
storage_docker_dir: "/docker"

# Media directories will be created automatically:
# - /mnt/rstorage/media/movies
# - /mnt/rstorage/media/shows  
# - /mnt/rstorage/media/books
# - /mnt/rstorage/downloads
# - /mnt/rstorage/backups

Service Customization

# Port configuration
jellyfin_host_port: 8096
sonarr_host_port: 8989
radarr_host_port: 7878
prowlarr_host_port: 9696
lazylibrarian_host_port: 5299
calibre_web_host_port: 8084
restic_backup_host_port: 8000

# Resource limits
jellyfin_memory_limit: "4g"
jellyfin_cpu_limit: "4"
arr_memory_limit: "1g"
arr_cpu_limit: "1"

# VPN settings
arr_vpn_enabled: true
vpn_server_countries: "Netherlands,Switzerland"

Access URLs

After deployment, services are accessible at:

  • Jellyfin: http://your-server:8096
  • Sonarr: http://your-server:8989
  • Radarr: http://your-server:7878
  • Prowlarr: http://your-server:9696
  • LazyLibrarian: http://your-server:5299
  • Flaresolverr: http://your-server:8191
  • Calibre-Web: http://your-server:8084
  • Restic Server: http://your-server:8000

Post-Deployment Setup

1. Arr Stack Configuration

  1. Prowlarr First: Configure indexers and connect to other Arr apps
  2. Quality Profiles: Set up quality preferences in each Arr app
  3. Root Folders: Add media directories (already mounted)
  4. Download Client: Configure your preferred download client

2. Jellyfin Setup

  1. Complete the initial setup wizard
  2. Add media libraries pointing to /media/movies, /media/shows, etc.
  3. Configure transcoding settings based on your hardware
  4. Set up user accounts and permissions

3. Calibre Configuration

  1. Access Calibre-Web and complete initial setup
  2. Point to the Calibre library at /books
  3. Import existing ebook collection if available
  4. Configure metadata sources and preferences

4. Backup Setup

  1. Install restic on client machines
  2. Use the generated client script: /docker/restic-server/client-setup-example.sh
  3. Initialize repositories and set up automated backups

Directory Structure

/docker/                          # Docker configurations
├── jellyfin/
│   ├── config/                  # Jellyfin configuration
│   ├── cache/                   # Transcoding cache
│   └── docker-compose.yml
├── arr-stack/
│   ├── sonarr/config/          # Sonarr configuration
│   ├── radarr/config/          # Radarr configuration
│   ├── prowlarr/config/        # Prowlarr configuration
│   ├── lazylibrarian/config/    # LazyLibrarian configuration
│   └── docker-compose.yml
├── calibre/
│   ├── server/config/          # Calibre server config
│   ├── web/config/             # Calibre-Web config
│   └── docker-compose.yml
└── restic-server/
    ├── config/                 # Restic configuration
    └── docker-compose.yml

/mnt/rstorage/                   # Media and data storage
├── media/
│   ├── movies/                 # Movie files
│   ├── tv/                     # TV show files
│   ├── books/                  # Ebook library
│   └── music/                  # Music files
├── downloads/
│   ├── complete/               # Completed downloads
│   └── incomplete/             # In-progress downloads
└── backups/                    # Restic backup data

Security Considerations

  • All sensitive credentials are stored in encrypted vault variables
  • VPN routing protects download traffic when enabled
  • Backup server requires authentication
  • Services run with non-root user permissions
  • Docker network isolation between services

Troubleshooting

Health Monitoring

Health monitoring will be provided by netdata (to be deployed separately)

Common Issues

VPN Not Working: Check Gluetun logs and VPN credentials

docker logs gluetun

Services Not Accessible: Verify Docker network and port mappings

docker network ls
docker compose ps

Permission Issues: Check directory ownership

ls -la /docker/
ls -la /mnt/rstorage/

Storage Full: Monitor disk usage

df -h /mnt/rstorage/

Tags

Use these tags for targeted deployment:

  • storage - All storage services
  • jellyfin - Jellyfin media server only
  • arr-stack - All Arr services + VPN
  • calibre - Calibre ebook services
  • restic - Backup server only
  • validation - Health checks and validation

Dependencies

  • geerlingguy.docker - Docker installation
  • community.docker - Docker Ansible modules

License

MIT License - See project root for details.

Quick Actions

Browse FilesView Commits
git clone https://rakys.xyz/git/storage.git

Repository Statistics

0
Stars
0
Forks
1
Watchers
0
Issues
Default Branch:main
Primary Language:Jinja
Created:August 31, 2025
Last Updated:October 1, 2025
Repository Size:0.09 KB