Skip to content

Mediabot — Runbook

Routine Tasks

Check MediaManager health

curl http://192.168.1.113:8000/api/v1/health

Restart the stack

Trigger the Deploy Mediabot workflow in Forgejo. To restart a single container:

ssh [email protected] "pct exec 113 -- docker restart mediamanager"

Adding / Removing trackers via Prowlarr

  1. Open Prowlarr at http://192.168.1.113:9696 (internal only)
  2. Go to Indexers → Add Indexer
  3. Search for the tracker and configure credentials if needed
  4. Prowlarr syncs indexers to MediaManager automatically

To remove a tracker, delete it from the Prowlarr indexer list.

Currently active trackers: Nyaa.si, YTS.

Credential rotation

Rotate database credentials

  1. Store new values via vault-write workflow: path mediabot, patch true, data {"db_user": "<new>", "db_password": "<new>"}
  2. Trigger Deploy Mediabot workflow to redeploy (Ansible re-templates config with new secrets)

Rotate qBittorrent credentials

  1. Store via vault-write workflow: path mediabot, patch true, data {"qbit_username": "<new>", "qbit_password": "<new>"}
  2. Trigger Deploy Mediabot workflow to redeploy

Rotate auth token secret

  1. Store via vault-write workflow: path mediabot, patch true, data {"auth_token_secret": "<new>"}
  2. Trigger Deploy Mediabot workflow to redeploy

Rotate Prowlarr API key

  1. Regenerate the key in Prowlarr UI (Settings → General → API Key)
  2. Store via vault-write workflow: path mediabot, patch true, data {"prowlarr_api_key": "<new>"}
  3. Trigger Deploy Mediabot workflow to redeploy

Logs

Log Contents Location Loki query Format
MediaManager API requests, download orchestration, search results, errors Docker (LXC 113) stdout {job="mediabot", container="mediamanager"} Plain text
PostgreSQL DB connections, queries, startup, errors Docker (LXC 113) stdout {job="mediabot", container="mediamanager_db"} Plain text
qBittorrent Torrent events, peer connections, download progress Docker (LXC 113) stdout {job="mediabot", container="qbittorrent"} Plain text
Prowlarr Indexer queries, sync events, tracker responses Docker (LXC 113) stdout {job="mediabot", container="prowlarr"} Plain text
OAuth2 Proxy Auth events for MediaManager web UI Docker (LXC 119) stdout {job="infra-apps", container="oauth2-proxy-mediamanager"} Plain text

Notes: - The OAuth2 proxy runs on LXC 119 (job=infra-apps), the other 4 containers run on LXC 113 (job=mediabot) - SSH fallback: ssh [email protected] "docker logs mediamanager" (or mediamanager_db, qbittorrent, prowlarr)

Troubleshooting

MediaManager not starting

  1. Check health endpoint: curl http://192.168.1.113:8000/api/v1/health
  2. Check logs: {container="mediamanager"} |= "error" in Loki
  3. Verify PostgreSQL is running: {container="mediamanager_db"} |= "ready to accept connections"
  4. Confirm config was templated correctly — redeploy via Forgejo workflow to regenerate from Vault secrets

Prowlarr can't reach trackers

  1. Check Prowlarr logs: {container="prowlarr"} |= "error" in Loki
  2. Verify DNS resolution from the LXC: ssh [email protected] "pct exec 113 -- docker exec prowlarr ping -c 1 nyaa.si"
  3. Check if the tracker is down externally
  4. If using a VPN proxy, verify Gluetun is running (see Gluetun runbook)

qBittorrent not downloading

  1. Check logs: {container="qbittorrent"} |= "error" in Loki
  2. Verify qBittorrent WebUI is accessible: curl -s -o /dev/null -w "%{http_code}" http://192.168.1.113:8080
  3. Check disk space on LXC 113: ssh [email protected] "pct exec 113 -- df -h /data"
  4. Verify credentials match Vault: redeploy via Forgejo workflow if credentials were recently rotated

Database connection issues

  1. Check PostgreSQL logs: {container="mediamanager_db"} in Loki
  2. Verify the database container is running: ssh [email protected] "pct exec 113 -- docker ps -f name=mediamanager_db"
  3. If the database won't start, check disk space and PostgreSQL data directory permissions