Show HN: Uncompressed. Media stack with VPN namespace isolation, no public ports

Category: infrastructure

Tags: docker-compose, media-server, vpn-isolation, tailscale, self-hosted

Score: 7.0/10 (Innovation: 7, Technical: 7, Documentation: 8, Utility: 6)

A hardened Docker Compose stack for a personal media server (Jellyfin, Sonarr/Radarr, qBittorrent) that enforces security through VPN namespace isolation, Tailscale-only ingress, and no public ports. It's interesting because it implements a zero-trust, network-namespace based architecture for container isolation, going beyond typical firewall rules to provide kernel-level security boundaries.

Target audience: devops, self-hosting enthusiasts, media server administrators

Repository: https://github.com/Lackoftactics/uncompressed · Shell · MIT · 172 stars

View on Hacker News