Deployment Checklist - Print This!¶
Quick reference checklist for deploying the Home Media Server stack.
PRE-DEPLOYMENT (Fresh Linux Server)¶
System Preparation¶
- [ ] Ubuntu 20.04+ installed
- [ ] SSH access configured
- [ ] 4GB+ RAM available
- [ ] 20GB+ disk space available
Package Installation¶
- [ ] System updatedDocker Installation¶
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER
newgrp docker
docker ps # Should work without sudo
Tailscale Installation¶
- [ ] Tailscale installed - [ ] Tailscale authenticated - [ ] Tailscale IP noted:_____________ (from tailscale ip -4)
UFW Firewall¶
- [ ] UFW enabled - [ ] SSH access allowedData Directories¶
sudo mkdir -p /data/media/{movies,tv,music,books}
sudo mkdir -p /data/torrents/{movies,tv,music,books}
sudo chown -R 1000:1000 /data
sudo chmod -R 755 /data
REPOSITORY SETUP¶
Clone Repository¶
cd ~
wget https://github.com/YOUR_USERNAME/home_media/archive/main.zip
unzip main.zip
mv home_media-main home_media
cd home_media
Configure Environment¶
Required Values to Set:
- [ ] PUID = _ (from id -u)
- [ ] PGID = _ (from id -g)
- [ ] TZ = _ (your timezone)
- [ ] TSDPROXY_AUTHKEY = _ (from https://login.tailscale.com/admin/settings/keys)
- [ ] TSDPROXY_HOSTNAME = _ (your Tailscale IP)
- [ ] PLEX_CLAIM_TOKEN = _ (from https://www.plex.tv/claim/, optional)
Note: Save the .env file. This is CRITICAL - never commit to git!
Prepare Application Data¶
cd ent/
mkdir -p appdata/{radarr,sonarr,lidarr,readarr,prowlarr,qbittorrent,jellyfin,jellyseerr,bazarr,plex,dockhand,termix}
chmod -R 775 appdata/
LAUNCH STACK¶
Start Services¶
- [ ] All containers started - [ ] All showing "Up" statusVerify Tailscale Connection¶
- [ ] TSDProxy connected message visibleQuick Health Check¶
- [ ] Health check passes - [ ] Containers responsiveSECURITY SETUP (Follow in Order)¶
1. qBittorrent (CRITICAL - Do First!)¶
- [ ] Logged in with default credentials - [ ] Changed username and password - Tools → Options → Web UI → Authentication - "Require authentication" enabled - [ ] Container restarted:docker compose restart qbittorrent
2. Jellyfin (Setup User Account)¶
- [ ] Initial setup wizard completed - [ ] Admin account created - [ ] Library paths configured - [ ] Test: Can access and play media?3. Jellyseerr (Request Interface)¶
- [ ] Setup wizard completed - [ ] Jellyfin linked - [ ] Radarr linked - [ ] Sonarr linked - [ ] User account created - [ ] Test: Requested a movie?4. Plex (If Using)¶
- [ ] Method A: Claim token in .env (recommended)
- [ ] Plex account linked
- [ ] Libraries visible
- [ ] OR Method B: Manual setup
- [ ] Accessed via Tailscale
- [ ] Account linked
- [ ] Libraries configured
5. Radarr/Sonarr/Lidarr/Readarr (Optional Passwords)¶
- [ ] Radarr secured (optional but recommended) - [ ] Sonarr secured (optional but recommended) - [ ] Lidarr secured (optional but recommended) - [ ] Readarr secured (optional but recommended)6. Prowlarr (Indexers)¶
- [ ] Indexers added - [ ] API key noted7. Bazarr (Subtitles)¶
- [ ] Configured (if using)
- [ ] Linked to Radarr/Sonarr
FINAL VERIFICATION¶
Service Access Test¶
- [ ] Jellyseerr accessible via Tailscale
- [ ] Jellyfin accessible and can play video
- [ ] Radarr accessible
- [ ] Sonarr accessible
- [ ] Can request movie in Jellyseerr
- [ ] Radarr picked up request
- [ ] No "Port already in use" errors
Network Security¶
- [ ] NO services exposed to internet - [ ] Only SSH (port 22) accessibleHealth Check¶
- [ ] All containers running - [ ] All connectivity tests pass - [ ] Tailscale connected - [ ] Disk space OKDOCUMENTATION¶
Bookmark These¶
- [ ] INDEX.md - Documentation hub
- [ ] COMMANDS.md - Docker commands
- [ ] SECURITY.md - Full security setup
Regular Maintenance¶
- [ ] Weekly: Run
./health_check.sh - [ ] Monthly: Update images (
docker compose pull && docker compose up -d) - [ ] Quarterly: Backup appdata and .env
TROUBLESHOOTING¶
Container Won't Start¶
- Check logs:
docker compose logs service_name - Verify permissions:
ls -la ent/appdata/ - Check disk space:
df -h /data
Services Can't Talk¶
- Verify running:
docker compose ps - Test ping:
docker compose exec radarr ping sonarr - Check network:
docker network inspect arr_network
Tailscale Issues¶
- Verify running:
sudo tailscale status - Check TSDProxy:
docker compose logs tsdproxy - Regenerate auth key at: https://login.tailscale.com/admin/settings/keys
Disk Space¶
- Check usage:
du -sh /data/* | sort -rh - Remove old torrents:
find /data/torrents -type f -mtime +30 -delete
MAINTENANCE NOTES¶
Things That Should NOT Be Exposed¶
- qBittorrent (Tailscale only)
- Jellyfin (Tailscale only)
- Radarr (Tailscale only)
- Sonarr (Tailscale only)
- Termix (Tailscale only)
- Dockhand (Tailscale only)
Critical Files¶
.env- NEVER commit to git (in .gitignore)appdata/- Contains configurations (in .gitignore).env.example- Safe to commit- Docker compose files - Safe to commit
Emergency Contacts¶
- Servarr Discord: https://discord.gg/servarr
- Jellyfin Forums: https://jellyfin.org/
- Tailscale Support: https://support.tailscale.com/
DEPLOYMENT DATE¶
Date Started: ___ Date Completed: __ System: __ (Ubuntu version) Tailscale IP: ___ Disk Capacity: _______
Print this checklist and keep it handy during deployment!
For detailed information, see INDEX.md