TrueNAS Home Lab Apps¶
Docker Compose stacks for a TrueNAS home lab server, managed with SOPS, Renovate, and GitOps.
Overview¶
Each app lives under services/ with its own compose.yaml, environment files, and SOPS-encrypted
secrets. A cron-driven continuous deployment script pulls changes from this repo and redeploys apps
automatically — on TrueNAS and a handful of VMs (see servers.yaml).
The setup follows Techno Tim's guide on running Docker on TrueNAS like a pro.
Benefits¶
- GitOps without Kubernetes — Git-driven, automated deployments without the operational overhead of running a Kubernetes cluster. Compose definitions stay in git, not buried in the TrueNAS UI.
- Secrets & automated updates — SOPS + Age encrypts secrets at rest; Renovate automatically opens PRs for new image digests, keeping maintenance low.
- TrueNAS-native storage — Containers bind-mount ZFS datasets directly — no NFS in the data path, avoiding latency and corruption risks for stateful apps like databases. Each app gets its own dataset for independent snapshots and rollback.
- Managed platform — TrueNAS maintains the host OS and provides built-in container views, removing the need to manage the underlying system or add extra monitoring tooling.
- Flexibility — Standard Docker Compose means the setup works with tools like Portainer or Dockge without significant rework.
Apps¶
| App | Purpose |
|---|---|
| AdGuard Home | DNS filtering and ad blocking with Unbound resolver |
| Bazarr | Subtitle manager for Sonarr and Radarr |
| Bitwarden Lite | Self-hosted password manager (SQLite-backed, single container) |
| Cloudflared | Cloudflare Tunnel agent for exposing services via edge network |
| Dozzle | Real-time container log viewer |
| Draw.io | Flowchart and diagram maker |
| Echo Server | HTTP echo server for testing Traefik routing |
| ESPHome | ESP device management and firmware builder |
| Frigate | NVR with real-time AI object detection |
| Gatus | Uptime monitoring with alerting and a status page |
| Home Assistant | Open source home automation platform |
| Homepage | Customizable dashboard for home lab services |
| Immich | Self-hosted photo and video management |
| Lidarr | Music collection manager and download automation |
| Matter Server | Matter/Thread smart home device bridge |
| MeTube | YouTube downloader via yt-dlp with a web UI |
| Mosquitto | MQTT broker for IoT device communication |
| OpenClaw | Self-hosted personal AI assistant and gateway |
| Outline | Knowledge base and wiki with Azure AD authentication |
| Plex | Media server with hardware transcoding |
| Prowlarr | Indexer manager for the arr stack |
| qBittorrent | BitTorrent client with web interface |
| Radarr | Movie collection manager and download automation |
| SABnzbd | Usenet download client |
| Sonarr | TV series collection manager and download automation |
| Spottarr | Spotnet Usenet indexer |
| SQLite Web | SQLite database browser for Home Assistant |
| Traefik | Reverse proxy with automatic SSL via Cloudflare DNS |
| Traefik Forward Auth | SSO authentication via Microsoft Entra ID |
| TubeSync | YouTube channel and playlist synchronisation |
| Unifi | Ubiquiti network controller with MongoDB backend |
| wmbusmeters | Wireless M-Bus smart meter reader (water/gas/heat) |
Documentation¶
| Page | Description |
|---|---|
| Architecture | Compose patterns, container security, networking |
| Infrastructure | UID/GID allocation, storage, multi-server deployment |
| Contributing | Renovate, commit conventions, release process |
| Database Upgrades | PostgreSQL major version upgrade procedures |
| Disaster Recovery | Full rebuild procedures for a fresh TrueNAS |
| Troubleshooting | Docker, DNS, and permissions diagnostics |
| Retired Services | Log of retired services and last active state |
Development¶
This repo uses go-task as a task runner (managed by mise). List all available commands:
Common workflows:
task test # Run the BATS test suite (unit + integration)
task lint # Run all linters
task format # Auto-format all files
task ci:local # Run the full CI pipeline locally
See Contributing for testing details, commit conventions, and the release process.