https://github.com/spatteriight/ansible-role-sonarr
An Ansible role for installing Sonarr, the smart PVR for newsgroup and bittorrent users
https://github.com/spatteriight/ansible-role-sonarr
ansible sonarr
Last synced: 9 months ago
JSON representation
An Ansible role for installing Sonarr, the smart PVR for newsgroup and bittorrent users
- Host: GitHub
- URL: https://github.com/spatteriight/ansible-role-sonarr
- Owner: spatterIight
- License: agpl-3.0
- Created: 2025-02-04T04:24:53.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-18T16:47:42.000Z (over 1 year ago)
- Last Synced: 2025-03-18T17:46:52.916Z (over 1 year ago)
- Topics: ansible, sonarr
- Language: Jinja
- Homepage: https://sonarr.tv/
- Size: 44.9 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Sonarr Ansible role
This is an [Ansible](https://www.ansible.com/) role which installs [Sonarr](https://sonarr.tv/) to run as a [Docker](https://www.docker.com/) container wrapped in a systemd service.
This role *implicitly* depends on:
- [`com.devture.ansible.role.playbook_help`](https://github.com/devture/com.devture.ansible.role.playbook_help)
- [`com.devture.ansible.role.systemd_docker_base`](https://github.com/devture/com.devture.ansible.role.systemd_docker_base)
Check [defaults/main.yml](defaults/main.yml) for the full list of supported options.
For an Ansible playbook which integrates this role and makes it easier to use, see the [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook).
# Limitations
This role configures Sonarr with security in mind by doing the following:
1. Running the container as a non-root user
2. Making the filesystem read-only
3. Dropping most capabilities
Unfortunately, due to upstream requirements, some admissions had to be made:
1. Several capabilities related to permissions are added to the container
- SETUID
- SETGID
- CHOWN
- FOWNER
- DAC_OVERRIDE
2. A `tmpfs` volume is mounted with `exec` permissions
You can read more about these upstream requirements in the documentation:
1. https://docs.linuxserver.io/misc/non-root/
2. https://docs.linuxserver.io/misc/read-only/