Building a Dockerised servarr stack

Create a LXC for Docker

I used the Proxmox community helper script to create the container, and install Portainer and Docker Compose v2. I used a custom build and ended up with this config.

Note that some lines have been added after the fact to allow the GlueTUN container to work properly. I'm showing it here in its entirety for posterity.

# Allow nested Docker
# TUN device for VPN
arch: amd64
cores: 8
dev0: /dev/disk/by-label/disk1
features: nesting=1,fuse=1
hostname: docker-servarr-stack
memory: 32768
mp0: /mnt/storage,mp=/mnt/storage,backup=0
nameserver: 10.0.0.254
net0: name=eth0,bridge=vmbr0,gw=10.0.0.254,hwaddr=BC:24:11:F4:C7:7D,ip=10.0.0.100/24,type=veth
onboot: 1
ostype: debian
rootfs: local-lvm:vm-100-disk-0,size=320G
searchdomain: simons.earth
swap: 1024
tags: community-script;docker;tailscale
lxc.cgroup2.devices.allow: a
lxc.cap.drop:
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file

/etc/pve/lxc/100.conf

I then installed my stack using the 'Stacks' tab in Portainer and using the docker-compose scripts mainly from linuxserver.io.

Most of the containers just needed the appdata and data locations updating to suit my usage (/mnt/storage/appdata) and (/mnt/storage/data), etc. The two exceptions were GlueTUN and qBitTorrent. GlueTUN needed a but of fettling to work, and qBitTorrent needed to be configured to run on the GlueTUN network.

Note the ports definitions from the qBitTorrent docker-compose have been moved to the GlueTUN one.
---
services:
  gluetun:
    image: qmcgaw/gluetun
    # container_name: gluetun
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 6881:6881/tcp # qbittorrent
      - 6881:6881/udp # qbittorrent
      - 8080:8080/tcp # qbittorrent
    volumes:
      - /mnt/storage/appdata/gluetun:/gluetun
    environment:
      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=wireguard
      # OpenVPN:
      # - OPENVPN_USER=
      # - OPENVPN_PASSWORD=
      # Wireguard:
      - WIREGUARD_PRIVATE_KEY=[REDACTED]
      - WIREGUARD_ADDRESSES=10.2.0.2/32
      # Timezone for accurate log times
      - TZ=Europe/London
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=

GlueTUN docker-compose.yml

---
services:
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - WEBUI_PORT=8080
      - TORRENTING_PORT=6881
    volumes:
      - /mnt/storage/appdata/qbittorrent:/config
      - /mnt/storage/data/downloads:/downloads #optional
    restart: unless-stopped

qBitTorrent docker-compose.yml

Bada-bing! The hard part out of the way, I now installed Flaresolverr, Prowlarr, SABnzbd (port 8081 as qBitTorrent using 8080), Sonarr, Radarr, Jellyfin, Jellyseerr, Bazarr.