IaC v2.0 Deployed

Deploy CineVault

CI Status License

The complete self-hosted hub to automatically retrieve, manage, and stream your favorite movies and TV shows.

deploy-cinevault.sh
$ git clone https://github.com/MelvinLoos/cinevault.git $ cd cinevault $ cp .env.example .env && nano .env # Set TZ and Tunnel Token $ nano ansible/inventory/hosts.ini # Define your host IP & Drive $ ansible-playbook -i ansible/inventory/hosts.ini ansible/playbooks/provision_host.yml -K

Dashboard Screenshot Placeholder

Engineering Principles

Built on strict DevOps constitutions for maximum reliability and security.

Zero-Trust Segmentation

Three isolated bridge networks. No service communicates across a boundary unless explicitly attached. All external access is gated by Cloudflare Tunnels.

State vs. Compute

Strict separation between stateless compute (Docker) and stateful data. All configuration resides in `/appdata/` to enable instantaneous disaster recovery.

Atomic Hardlinks

A unified filesystem hierarchy allows media to move from download scratchpads to final library destinations instantly, using zero extra disk I/O.

The Software Stack

A modular ecosystem of best-in-class open-source tools working in perfect harmony.

Jellyfin

The core media server. Delivers your content to any device with hardware-accelerated transcoding.

Radarr

Movie collection manager. Monitors feeds and completely automates movie acquisition.

Sonarr

TV show manager. Automatically tracks, downloads, and organizes episodes as they air.

SABnzbd

Resource-constrained Usenet download client. Securely unpacks media without starving the host.

Prowlarr

Indexer proxy. Translates tracker APIs and syncs them directly to your acquisition apps.

Seerr

Media discovery UI. Allows end-users to securely request new content without accessing the backend.

Wizarr

Advanced user onboarding. Automates Jellyfin account creation via secure invite links.

Homepage

Centralized administrative dashboard aggregating APIs, metrics, and quick-links across the stack.

Cloudflared

Zero-trust ingress tunnel. Exposes public-facing services securely without port forwarding.

Recyclarr

Automated configuration sync. Keeps Radarr and Sonarr quality profiles aligned with TRaSH Guides.

Watchtower

Automated dependency lifecycle management. Safely updates Docker images during maintenance windows.

Docker Proxy

Socket security abstraction. Prevents user-facing containers from gaining root host access.

Bazarr

Subtitle management. Automatically downloads and syncs perfectly timed subtitles in your preferred languages.

Gluetun

VPN Gateway. Enforces a strict network kill-switch for processing traffic to ensure absolute privacy.

qBittorrent

Secure torrent fallback client. Acquires secondary media through peer-to-peer networks via the VPN.

Tdarr

Automated transcoding pipeline. Re-encodes library media using Intel QuickSync to maximize storage efficiency.

CineVault
Deployed via Ansible Powered by Docker