AI Generated readme, it should cover everyone need to know.
Recommend to follow trash guide.
This repository contains a modern, "Fedora-native" configuration for the "Arr" stack (Radarr, Sonarr, Prowlarr, etc.) using Rootless Podman and Systemd Quadlets.
Unlike standard Docker Compose setups, this approach integrates directly with Fedora's systemd and respects SELinux and User Namespacing out of the box.
- Native Systemd Integration: Containers are managed as standard systemd services (no more
podman-composehacks). - Rootless Security: Containers run entirely within the user's namespace, significantly reducing the attack surface.
- Samba Compatibility: Configured to allow a specific host user (e.g.,
webuser) to own the files, making it perfect for NAS setups. - SELinux Aware: Uses proper volume labeling (
:zand:Z) to prevent "Permission Denied" errors without disabling security.
Before deploying, ensure your host directories are organized. This setup assumes a unified data structure to support Atomic Moves and Hardlinks.
mkdir -p ~/arr-stack/{config/{radarr,sonarr,prowlarr},data/{downloads,media/{movies,tv}}}For rootless containers to start automatically on boot (without you being logged in), you must enable lingering for your user:
sudo loginctl enable-linger $USERPlace the .container and .network files into the Quadlet directory:
mkdir -p ~/.config/containers/systemd/
cp ./containers/*.container ~/.config/containers/systemd/
cp ./networks/*.network ~/.config/containers/systemd/Tell systemd to "compile" the Quadlets into services:
systemctl --user daemon-reload
systemctl --user start radarr.service sonarr.service prowlarr.serviceFedora's firewalld is strict. Open the necessary ports:
sudo firewall-cmd --permanent --add-port={7878,8989,9696}/tcp
sudo firewall-cmd --reloadIn most Docker guides, you see PUID=1000. In Rootless Podman, we use PUID=0.
- The Logic: Inside the rootless namespace, "Root" (UID 0) is your host user.
- The Benefit: This allows the container's internal initialization scripts to have the "permissions" they need to set up the
/configfolder while physically writing files as your standard host user.
:Z: Used for private folders (like/config). No other container can touch these.:z: Used for shared folders (like/data). This allows Radarr and Sonarr to access the same movie library without conflicts.
To ensure instant file moves and zero disk overhead, ensure both your downloads and your media library reside on the same filesystem and are mapped under the same root volume (e.g., /data).
- Check Status:
systemctl --user status radarr.service - View Logs:
journalctl --user -u radarr.service -f - Syntax Check: If a service doesn't appear, check for syntax errors:
/usr/libexec/podman/quadlet -dryrun -user