The *arr Stack, series intro

Posted on Feb 3, 2026
tl;dr:

The Plan

Terraform with Linode VMs to set up an *arr stack

This is mostly for my own sanity rather than “omg I am now properly publishing blogs again” so it comes across as disjoined and messy, well that is how my mind works. This is a short series about turning manual clicking around cloud stuff into something and can stand up and tear down, aka repeatable infrastructure.

The dream is to be able to write Terraform in a coherent way and then hit apply and it stands up a nice infrastructure on Linode (and eventually Proxmox) of *arr containers.

While it is nice to just set up and go, I want to treat this as if it were enterprise. This means maintaining good practices and security & deployment hygiene, and it also needs to be documented properly.

The Build

My the end of this series I will have written several articles and theory on the following subjects:

  • Deploying Linode Compute Instances (VMs) on Linode, using only Terraform.
  • Securing the perimeter using a combination of Linode firewall rules, and in-VM firewall rules.
  • Utilising cloud-init to bootstrap the VM with users, updates, a baseline Docker configuration, and folder directories).
  • Maintaing peristent storage using Linode s3 buckets.
  • Connecting the whole thing to a VPN maintained by myself.
  • Dipping a lil bit into CI/CD and alerts & all that cool stuff.

Architecture

Internet | | 443/80 v [Reverse Proxy] —> [App containers: arr + supporting services] | +—> Persistent storage (/srv/appdata, /srv/downloads, /srv/media)

*Media storage will be mounted s3 buckets. I’ll cover options later without making Part 1 too heavy on storage.

Why I’m using Terraform and not Ansible for this

Actually I am, just not to set up the VMs. I consider Terraform to be a way to set up the initial infrastructure and machines, but detailed configuration is maintained with Ansible. I won’t be using Ansible here, just wanted to clarify this point.

The finished product

At the end, the environment will be similar to this:

  1. code terraform apply
  2. VM boots, cloud-init runs, Docker is installed.
  3. A compose file is deployed.
  4. Services are reached via internal HTTPS
  5. Not exposed to the internet.