BT
Back to Journal
March 13, 20263 min read

One Playbook, 22 Containers: My Homelab Automation Stack

homelabansibledockerautomationiacself-hostedopen-source

Why

I got tired of rebuilding my homelab by hand. Every time I nuked a box or spun up a fresh VM, it was the same routine: install Docker, write compose files, configure networks, set up secrets, wire services together, forget something, debug for an hour, repeat.

So I did what any reasonable person would do and turned the whole thing into an Ansible playbook. One command, 22 containers, done.

What It Deploys

The playbook stands up a complete self-hosted stack across three isolated Docker networks:

Infrastructure

  • Nginx Proxy Manager - internal reverse proxy for SSL certs and DNS routing to self-hosted services
  • Portainer - container management UI
  • Glance - dashboard for everything
  • Cloudflare DDNS - dynamic DNS updates so I don't have to think about my IP changing
  • Nebula Sync - Pi-hole v6 config replication across instances

Media Automation

This is the bulk of it. A full media pipeline:

  • Sonarr / Radarr / Bazarr - TV, movies, and subtitles
  • Prowlarr / Jackett / NZBHydra2 / FlareSolverr - indexer management
  • qBittorrent - torrents, routed through Gluetun VPN (never touches my real IP)
  • SABnzbd - Usenet downloads
  • Overseerr - request portal so people can ask for stuff without messaging me
  • Plex - streaming
  • Tdarr - automatic transcoding

Monitoring

  • Dozzle - real-time log viewer across all containers
  • Diun - alerts when container images have updates
  • Monocker - container state notifications (if something goes down, I know)

How It Works

The playbook is idempotent. Run it once, run it ten times, same result. It handles:

  1. Bootstrap - an interactive Python script collects secrets and creates an encrypted Ansible vault
  2. Pre-flight checks - validates prerequisites before touching anything
  3. Network setup - creates three isolated Docker networks (proxy, homelab, media)
  4. Container deployment - pulls images, applies configs from templates, starts services
  5. VPN routing - qBittorrent traffic goes through Gluetun, everything else stays direct

The structure:

JavaScript
homelab-automation/
  bootstrap.py        # Interactive setup, creates vault
  site.yml            # Main playbook
  playbooks/          # Automation routines
  tasks/              # Reusable task definitions
  templates/          # Config templates (Jinja2)
  group_vars/all/     # Shared variables
  docs/               # Documentation

Network Segmentation

Three Docker networks keep things separated:

  • proxy - Nginx Proxy Manager and internal SSL/DNS routing
  • homelab - infrastructure services (Portainer, Glance, monitoring)
  • media - the entire media stack, isolated from everything else

Services that need to talk across networks get explicit access. Everything else stays in its lane.

Requirements

Not much:

  • Ansible 2.17+
  • Python 3.x on the controller
  • SSH access with sudo to an Ubuntu/Debian target
  • That's it

The Repo

It's public: github.com/defconxt/homelab-automation

MIT licensed. If you're running a homelab and tired of doing the same Docker setup dance every time, it might save you a weekend.