TrueNAS Home Lab Apps¶
Docker Compose stacks for a TrueNAS home lab server, managed with SOPS, Renovate, and GitOps.
Overview¶
Each app lives under services/ with its own compose.yaml, environment files, and SOPS-encrypted
secrets. A cron-driven continuous deployment script pulls changes from this repo and redeploys apps
automatically.
The setup follows Techno Tim's guide on running Docker on TrueNAS like a pro.
Benefits¶
- GitOps without Kubernetes — Git-driven, automated deployments without the operational overhead of running a Kubernetes cluster. Compose definitions stay in git, not buried in the TrueNAS UI.
- Secrets & automated updates — SOPS + Age encrypts secrets at rest; Renovate automatically opens PRs for new image digests, keeping maintenance low.
- TrueNAS-native storage — Containers bind-mount ZFS datasets directly — no NFS in the data path, avoiding latency and corruption risks for stateful apps like databases. Each app gets its own dataset for independent snapshots and rollback.
- Managed platform — TrueNAS maintains the host OS and provides built-in container views, removing the need to manage the underlying system or add extra monitoring tooling.
- Flexibility — Standard Docker Compose means the setup works with tools like Portainer or Dockge without significant rework.
Apps¶
| App | Purpose |
|---|---|
| AdGuard Home | DNS filtering and ad blocking with Unbound resolver |
| Bazarr | Subtitle manager for Sonarr and Radarr |
| Dozzle | Real-time container log viewer |
| Draw.io | Flowchart and diagram maker |
| Echo Server | HTTP echo server for testing Traefik routing |
| Gatus | Uptime monitoring with alerting and a status page |
| hadiscover API | Home Assistant device discovery API backend |
| Home Assistant | Open source home automation platform |
| Homepage | Customizable dashboard for home lab services |
| Immich | Self-hosted photo and video management |
| Lidarr | Music collection manager and download automation |
| MeTube | YouTube downloader via yt-dlp with a web UI |
| Outline | Knowledge base and wiki with Azure AD authentication |
| Plex | Media server with hardware transcoding |
| Prowlarr | Indexer manager for the arr stack |
| qBittorrent | BitTorrent client with web interface |
| Radarr | Movie collection manager and download automation |
| SABnzbd | Usenet download client |
| Sonarr | TV series collection manager and download automation |
| Spottarr | Spotnet Usenet indexer |
| Traefik | Reverse proxy with automatic SSL via Cloudflare DNS |
| Traefik Forward Auth | SSO authentication via Microsoft Entra ID |
| TubeSync | YouTube channel and playlist synchronisation |
| Unifi | Ubiquiti network controller with MongoDB backend |
Documentation¶
| Page | Description |
|---|---|
| Architecture | Conventions, commit policy, release process |
| Database Upgrades | PostgreSQL major version upgrade procedures |
| Disaster Recovery | Full rebuild procedures for a fresh TrueNAS |
| Troubleshooting | Docker, DNS, and permissions diagnostics |
| Retired Services | Log of retired services and last active state |