From 84dcba657135abf21592d49f0dc72425cc4dc970 Mon Sep 17 00:00:00 2001
From: karmacoma <karmacoma@karmacoma.dev>
Date: Wed, 26 Nov 2025 00:07:03 +0000
Subject: [PATCH] Add sonarr.docker-compose.yml

Signed-off-by: karmacoma <karmacoma@karmacoma.dev>
---
 sonarr.docker-compose.yml | 59 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 sonarr.docker-compose.yml

diff --git a/sonarr.docker-compose.yml b/sonarr.docker-compose.yml
new file mode 100644
index 0000000..e78bc14
--- /dev/null
+++ b/sonarr.docker-compose.yml
@@ -0,0 +1,59 @@
+services:
+  sonarr:
+    image: lscr.io/linuxserver/sonarr:latest
+    container_name: sonarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=${TZ:-Europe/Berlin}
+      # Make sure these variables are defined in your .env file or host system
+      # otherwise they will be empty inside the container.
+      - SERVICE_URL_sonarr_8989
+      - _APP_URL=$SERVICE_URL_sonarr
+    volumes:
+      # Option A: Named Volume (Managed by Docker, harder to backup manually)
+      - sonarr-config:/config
+      # Option B: Bind Mount (Easier to backup, stores files on your host folder)
+      # - ./config/sonarr:/config  <-- I usually recommend this for "arr" apps
+      
+      # YOUR STORAGE BOX
+      - /mnt/osirisbox:/data
+
+    # FIX: This was indented inside 'volumes' in your snippet. 
+    # It must be at the same level as 'volumes' and 'environment'.
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8989/ping"]
+      interval: 30s # 2s is very aggressive, 30s is standard
+      timeout: 10s
+      retries: 3
+
+    labels:
+      - "traefik.enable=true"
+      # Define a custom service pointing to port 8989 (sonarr WebUI)
+      - "traefik.http.services.sonarr-svc.loadbalancer.server.port=8989"
+
+      # --- SECURE ROUTER (HTTPS) ---
+      # 1. Match the domain
+      - "traefik.http.routers.sonarr-secure.rule=Host(`sonarr.karmacoma.dev`)"
+      # 2. Use HTTPS entrypoint
+      - "traefik.http.routers.sonarr-secure.entrypoints=https"
+      # 3. Enable TLS (SSL) using LetsEncrypt
+      - "traefik.http.routers.sonarr-secure.tls=true"
+      - "traefik.http.routers.sonarr-secure.tls.certresolver=letsencrypt"
+      # 4. Apply the Authentik Middleware (Check the name matches your dynamic config)
+      - "traefik.http.routers.sonarr-secure.middlewares=authentik-auth@file"
+      # 5. Point to the service we defined above
+      - "traefik.http.routers.sonarr-secure.service=sonarr-svc"
+      # 6. PRIORITY: This is the fix. Higher number wins over Coolify defaults.
+      - "traefik.http.routers.sonarr-secure.priority=100"
+
+      # --- OPTIONAL: HTTP REDIRECT (Standard Coolify behavior) ---
+      - "traefik.http.routers.gluetun-http.rule=Host(`qbittorrent.karmacoma.dev`)"
+      - "traefik.http.routers.gluetun-http.entrypoints=http"
+      - "traefik.http.routers.gluetun-http.middlewares=redirect-to-https"
+      - "traefik.http.routers.gluetun-http.priority=100"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+# If you stick with Option A (sonarr-config), you must declare it here:
+volumes:
+  sonarr-config:
\ No newline at end of file