feat(seedbox): Docker + Tailscale sidecar architecture #1

Damien · 2026-01-04T12:30:42Z

Damien commented

2026-01-04 12:30:42 +00:00

Summary

Complete rewrite of the seedbox infrastructure using Docker containers with Tailscale sidecars for secure access.

Changes

Architecture

Each service runs in its own Docker container with a Tailscale sidecar
Services are accessible only via Tailscale (HTTPS)
BitTorrent peer port (51413) remains publicly exposed for seeding
Deployment via Gitea Actions pipeline

New Structure

seedbox/
├── install.sh                    # Server preparation only
├── .env.example                  # Secrets documentation
├── .gitea/workflows/deploy.yml   # Deployment pipeline
├── stacks/
│   ├── transmission/             # BitTorrent client
│   ├── portainer/                # Docker management UI
│   ├── prowlarr/                 # Indexer manager
│   └── sonarr/                   # TV series manager
└── README.md                     # Complete documentation

Services

Service	URL	Description
Transmission	`transmission.taila5ad8.ts.net`	BitTorrent client
Portainer	`portainer.taila5ad8.ts.net`	Docker UI
Prowlarr	`prowlarr.taila5ad8.ts.net`	Indexer manager
Sonarr	`sonarr.taila5ad8.ts.net`	TV series

Gitea Secrets Required

TS_AUTHKEY - Tailscale OAuth client secret
SEEDBOX_SSH_KEY - SSH deploy key
TRANSMISSION_USER - Transmission username
TRANSMISSION_PASS - Transmission password

Breaking Changes

⚠️ This replaces the previous single-container Transmission setup with a multi-service architecture.

Deployment Steps

Configure Gitea secrets
Run install.sh on a fresh server
Merge this PR to trigger deployment

Checklist

install.sh - Server preparation
Gitea Actions pipeline
Transmission stack
Portainer stack
Prowlarr stack
Sonarr stack
Documentation (README.md)
Stack-specific READMEs

## Summary Complete rewrite of the seedbox infrastructure using Docker containers with Tailscale sidecars for secure access. ## Changes ### Architecture - Each service runs in its own Docker container with a Tailscale sidecar - Services are accessible only via Tailscale (HTTPS) - BitTorrent peer port (51413) remains publicly exposed for seeding - Deployment via Gitea Actions pipeline ### New Structure ``` seedbox/ ├── install.sh # Server preparation only ├── .env.example # Secrets documentation ├── .gitea/workflows/deploy.yml # Deployment pipeline ├── stacks/ │ ├── transmission/ # BitTorrent client │ ├── portainer/ # Docker management UI │ ├── prowlarr/ # Indexer manager │ └── sonarr/ # TV series manager └── README.md # Complete documentation ``` ### Services | Service | URL | Description | |---------|-----|-------------| | Transmission | `transmission.taila5ad8.ts.net` | BitTorrent client | | Portainer | `portainer.taila5ad8.ts.net` | Docker UI | | Prowlarr | `prowlarr.taila5ad8.ts.net` | Indexer manager | | Sonarr | `sonarr.taila5ad8.ts.net` | TV series | ### Gitea Secrets Required - `TS_AUTHKEY` - Tailscale OAuth client secret - `SEEDBOX_SSH_KEY` - SSH deploy key - `TRANSMISSION_USER` - Transmission username - `TRANSMISSION_PASS` - Transmission password ## Breaking Changes ⚠️ This replaces the previous single-container Transmission setup with a multi-service architecture. ## Deployment Steps 1. Configure Gitea secrets 2. Run `install.sh` on a fresh server 3. Merge this PR to trigger deployment ## Checklist - [x] install.sh - Server preparation - [x] Gitea Actions pipeline - [x] Transmission stack - [x] Portainer stack - [x] Prowlarr stack - [x] Sonarr stack - [x] Documentation (README.md) - [x] Stack-specific READMEs

Damien added 15 commits 2026-01-04 12:30:42 +00:00

refactor(seedbox): rewrite install.sh for Docker + Tailscale architecture d137383936

- Remove Transmission deployment (now via Gitea Actions)
- Add git clone for repo structure
- Simplify to server preparation only
- Keep NFS mount configuration
- Update MOTD for new architecture

docs(seedbox): add .env.example with secrets documentation c601e35930

ci(seedbox): add Gitea Actions deployment pipeline 9afaf880a9

- Deploy on push to main and PR validation
- SSH deployment to seedbox via Tailscale
- Inject secrets from Gitea
- Deploy all stacks in stacks/ directory

feat(seedbox): add Transmission stack with Tailscale sidecar 86441327b9

- WebUI accessible via transmission.taila5ad8.ts.net (HTTPS)
- Peer port 51413 exposed publicly for seeding
- Local downloads + NFS media mount

feat(seedbox): add Tailscale Serve config for Transmission 333aa103c2

feat(seedbox): add Portainer stack with Tailscale sidecar 4473779d55

- Accessible via portainer.taila5ad8.ts.net (HTTPS only)
- Docker socket mounted for container management

feat(seedbox): add Tailscale Serve config for Portainer 4fe08a130b

feat(seedbox): add Prowlarr stack with Tailscale sidecar 5928b5e990

- Indexer manager for *arr apps
- Accessible via prowlarr.taila5ad8.ts.net (HTTPS only)

feat(seedbox): add Tailscale Serve config for Prowlarr 6e13516d71

feat(seedbox): add Sonarr stack with Tailscale sidecar 1935d7fc99

- TV series management
- Accessible via sonarr.taila5ad8.ts.net (HTTPS only)
- Mounts downloads and media volumes

docs(seedbox): complete README rewrite for new architecture 979040a4c7

- Document Docker + Tailscale sidecar architecture
- Add Gitea secrets configuration guide
- Add service management (add/remove/update)
- Add troubleshooting section
- Add Tailscale ACL configuration

docs(seedbox): add README for Transmission stack be0f6abaa2

docs(seedbox): add README for Portainer stack 90dfc9ec8a

docs(seedbox): add README for Prowlarr stack 5f13ee47df

docs(seedbox): add README for Sonarr stack 3a39b7c4f2

Damien merged commit 49d16f886e into main

2026-01-04 13:29:48 +00:00

Damien referenced this issue from a commit

2026-01-04 13:29:50 +00:00

Merge pull request 'feat(seedbox): Docker + Tailscale sidecar architecture' (#1) from feature/seedbox-docker-tailscale into main

Damien deleted branch feature/seedbox-docker-tailscale

2026-01-04 13:29:54 +00:00

Sign in to join this conversation.