The stack consists of:

- [Radarr](https://radarr.video) — movies

- [Sonarr](https://sonarr.tv) — TV series

- [Prowlarr](https://prowlarr.com) — indexers

- [qBittorrent](https://www.qbittorrent.org) — downloads

- [Jellyseerr](https://docs.seerr.dev) — request UI!


Single data root in container: `/data`

Config isolation in container: `/config`

UID/GID consistency: `1000:1000`

No `user:` overrides in containers

Each service maintains isolated configuration directories:

The docker-compose.yml file and all persistent configurations are co-located in this structure for maintainability and portability.

Only one service is intended for external access:

[Jellyseerr](seerr.lucjans26.com) (user-facing interface)

All other services are restricted to internal network access only:

- Radarr (administration only)

- Sonarr (administration only)

- Prowlarr (administration only)

- qBittorrent (administration only)

This reduces attack surface and prevents unintended external exposure of management tools.

---

Start stack

Stop stack

Restart a service

View logs

---

To ensure container access consistency across all services:

These commands ensure all containers can properly read and write to both configuration and media directories.

This is used to verify:

- volume mappings

- environment variables

- network configuration

- runtime state

This stack is designed for:

- full automation of media acquisition

- strict separation between configuration and media

- consistent permission handling via UID/GID alignment

- minimal external exposure for security

- predictable and reproducible container behavior

Once correctly configured, the system operates without manual intervention, automatically managing download, import, and organization workflows across both movies and TV series.