back to projects

PRJ-01

media-server-iac

Infrastructure-as-code for a self-hosted media stack. Bash and Docker Compose, ten services wired together from a single parameter file.

STACKBash · Docker Compose · Gluetun · the *arr suite · Recyclarr / TRaSH Guides REPO ↗

Started after streaming services kept adding ads. Self-hosting was the answer, and automating the stack (VPN, download clients, the *arr suite, TRaSH Guides quality profiles) was where the engineering interest kicked in. This was the first proper infrastructure work.

One YAML parameter file drives a compose-per-service topology. Each service lives in its own compose file on a shared bridge network, so any can be enabled or disabled without touching the rest. Bash scripts handle deployment order, API-key extraction and service wiring, and the full lifecycle: setup, deploy, health-check, backup, restore, teardown. Health-check gates sit between phases so nothing starts before its dependencies are ready. Secrets stay out of the parameter files, in an uncommitted .env.

The VPN kill-switch is declarative. It’s expressed as firewall configuration in the Gluetun compose file rather than added as an iptables script afterwards. Every download container routes through the VPN with network_mode: "service:gluetun", so they all inherit the same firewall boundary automatically.

Built as a repeatable pattern rather than a production deployment.