← posts

My Homeserver Setup

April 27, 2026 · 3 min read · homelab, self-hosted, docker

I run a homeserver out of my house — a regular PC that handles all my media, monitoring, and a few side projects. Everything runs in Docker. Here's what it looks like.

Why

Streaming services are fragmented and expensive. I wanted one place for all my media — movies, shows, anime — that I actually control. No subscriptions, no region locks, no content disappearing overnight.

Hardware

The machine is a standard desktop with a GTX 1050 Ti. I have two external drives:

  • 1TB HDD — all media lives here, mounted at /mnt/hdd
  • 476GB SSD — used purely for config backups, mounted at /mnt/ssd

The GPU handles hardware transcoding in Jellyfin via NVENC, so the CPU doesn't break a sweat when streaming.

The Media Stack

The core is a group of containers that talk to each other over an internal Docker network:

  • Jellyfin — the media server. Streams everything to any device on the network.
  • qBittorrent — the download client. Radarr and Sonarr send it jobs, it handles the rest.
  • Radarr — manages movies. Monitors for releases, grabs the best quality, moves files into place.
  • Sonarr — same as Radarr but for TV shows and anime. Anime gets its own quality profile and root folder.
  • Prowlarr — manages torrent indexers centrally and syncs them to Radarr and Sonarr automatically.
  • Bazarr — pulls subtitles automatically for everything in the library.
  • Jellyseerr — a request interface. Anyone in the house can search for something, request it, and it flows straight into Radarr or Sonarr without me doing anything.
  • FlareSolverr — a headless browser container that sits in front of Prowlarr to bypass Cloudflare protection on indexers that need it.

The flow for a movie request looks like this: Jellyseerr → Radarr → Prowlarr finds a release → qBittorrent downloads it → Radarr renames and moves it → Jellyfin picks it up.

Hardware Transcoding Caveat

The GTX 1050 Ti does not support AV1 decoding. Newer releases use AV1 a lot. To avoid buffering, I have a custom format in Radarr and Sonarr that scores AV1 releases at -1000, so they're always avoided unless there's no alternative.

Monitoring

Three containers keep an eye on things:

  • Uptime Kuma — pings every service on an interval and sends a Telegram alert if something goes down.
  • Scrutiny — reads S.M.A.R.T. data from the drives and flags anything concerning before a disk actually fails.
  • Watchtower — checks for updated Docker images nightly and redeploys containers automatically.

Backups

A bash script runs every night at 3AM via a systemd timer. It rsyncs all Docker config directories to the SSD and creates a hard-linked dated snapshot. I keep 14 days of history. Because of hard links the snapshots use almost no extra space — only the diffs.

Security

A few things I keep locked down:

  • All arr apps (Radarr, Sonarr, Prowlarr, Bazarr) have authentication enabled.
  • Portainer and Ollama are bound to 127.0.0.1 — not reachable on the LAN.
  • Secrets live in a .env file with 600 permissions.
  • UFW firewall is active with only the necessary ports open.

What's Missing

  • Authelia for SSO across all services so I'm not logging in separately everywhere.
  • Subtitle provider credentials for Bazarr — it's wired up but not pulling anything yet.

It's low maintenance once it's running. Things download themselves, subtitles appear, and I get a Telegram ping when something breaks.