Streaming services compress your 4K to 15 Mbps.
Blu-ray is 60 Mbps.

Self-healing media pipeline with a Netflix-like request interface.VPN-isolated, zero-trust, fully automated.

by Przemek Mroczek from Fogbreak Labs

Get StartedGitHub
Family member opens Overseerr → requests a movie
  Radarr searches Prowlarr for indexers
    qBittorrent downloads through VPN tunnel
      Radarr imports, renames, organizes
        Bazarr fetches subtitles
          Jellyfin serves it — watch via Infuse or any client

How it works

Two apps, one flow. Your family uses Overseerr to request, Jellyfin to watch. Everything in between is automated.

Search & Request

Open Overseerr, find a movie or show, hit request. That's it.

Automatic Download

Radarr/Sonarr finds the best quality, downloads through VPN, organizes files.

Subtitles & Metadata

Bazarr fetches subtitles. Jellyfin pulls artwork, ratings, and descriptions.

Watch

Open Jellyfin, Infuse, or any client on your TV, phone, or tablet. Press play.

Jellyfin library view showing movies, collections, and continue watching

Your Jellyfin library — movies, collections, and continue watching. All served at full Blu-ray quality.

10

Containers

2

Compose stacks

1

.env file

Why build your own

Quality

Streaming services compress 4K to 15–25 Mbps. Blu-ray remuxes are 60–80 Mbps. You paid for the TV — use it.

Licensing

Content disappears when licensing deals expire. Your library shouldn't vanish because a contract changed.

Control

No algorithmic recommendations, no ads, no tracking. Your catalog, your rules, your playback preferences.

Features

Self-Healing

Endpoint-specific health checks every 3060s, autoheal restarts failures, dependency ordering prevents cascading issues. Three independent layers, zero manual intervention.

Leak-Proof

qBittorrent runs inside Gluetuns network namespace. Not a firewall rule — a kernel-level boundary. If the tunnel drops, there is no network path.

Zero-Trust

No ports open to the internet. Traefik binds to Tailscale IP only. HTTPS with auto-renewed certs via Cloudflare DNS challenge. You must be on the mesh to reach any service.

Hardware Transcoding

Intel Quick Sync via /dev/dri for real-time transcoding. Jellyfin direct-plays for capable devices, automatic fallback for phones and tablets.

Network Segmentation

Three isolated Docker networks: traefik_proxy for ingress, arr_internal as an internal-only bridge, vpn_network for P2P. Gluetun provides the WireGuard tunnel.

What's in the box

ServiceRole
JellyfinMedia server with hardware transcoding
OverseerrNetflix-like request UI for family members
SonarrTV show automation
RadarrMovie automation
ProwlarrIndexer aggregation
BazarrSubtitle management
qBittorrentTorrent client, isolated inside VPN namespace
GluetunVPN tunnel provider (WireGuard / ProtonVPN)
TraefikReverse proxy with automatic HTTPS
AutohealContainer health monitoring and auto-restart

Watch on any device

Overseerr is where you request. These apps are where you watch. Point any of them at your Jellyfin server URL.

Apple TV / iOS

Infuse or Swiftfin

Android / Android TV

Jellyfin for Android

Web Browser

Built-in Jellyfin web UI

Desktop

Jellyfin Media Player

Hardware requirements

ComponentMinimumRecommended
CPUx86_64 quad-coreIntel with Quick Sync (7th gen+)
RAM8 GB16 GB
StorageSSD for configs + HDD for mediaNVMe for configs + large HDD array
OSAny Linux with DockerUnraid

Not compatible with Raspberry Pi or ARM devices. Hardware transcoding requires Intel Quick Sync (iGPU).

Quick Start

Before you begin, make sure you have Docker and Docker Compose installed, a Tailscale account, a ProtonVPN subscription with WireGuard keys, and a domain managed by Cloudflare DNS.

1. Clone the repository

$ git clone https://github.com/Lackoftactics/uncompressed.git
$ cd uncompressed

2. Configure your environment (see .env.example)

$ cp .env.example .env
$ nano .env  # add your Tailscale IP, WireGuard keys, Cloudflare token, domain

3. Create the shared Docker network

$ docker network create traefik_proxy

4. Start the stacks

$ cd infra && docker compose up -d  # Traefik reverse proxy
$ cd ../arr && docker compose up -d  # media pipeline (9 containers)

Full setup guide on GitHub →

Architecture

                       ┌────────────┐
                       │ Cloudflare │
                       │    DNS     │
                       └─────┬──────┘
                             │
                       ┌─────┴──────┐
                       │ Tailscale  │
                       │   Mesh     │
                       └─────┬──────┘
                             │
                ┌────────────┴────────────┐
                │      Traefik v2.10      │
                │   Let's Encrypt (ACME)  │
                │  bound to Tailscale IP  │
                └──┬─────┬─────┬──────┬───┘
                   │     │     │      │
       ┌───────────┘     │     │      └───────────┐
       ▼                 ▼     ▼                  ▼
  ┌─────────┐    ┌─────────────────┐
  │Jellyfin │    │   *arr suite    │
  │         │    │ Sonarr  Radarr  │
  │         │    │Prowlarr Bazarr  │
  │         │    │   Overseerr     │
  └─────────┘    └────────┬────────┘
                          │
                 ┌────────┴────────┐
                 │   qBittorrent   │
                 │  bound to tun0  │
                 └─────────────────┘