I used to think running each Arr app in its own LXC was a smart move. Felt clean. Minimal. Efficient. But if you’ve ever tried to juggle Sonarr, Radarr, SABnzbd, and the rest across a handful of Proxmox containers, you know the cracks show up fast. Trust me. I’ve been there, and it’s not worth the pain.
If you’re serious about your media setup, move the Arr stack into a Docker environment inside a single VM. Here’s why it matters.
Points That I’m Willing to Concede
You can run the Arr suite in its own unprivileged LXCs. I did it. It worked. I didn’t like managing it.
I know some of you run Docker inside an LXC. That’s a special kind of headache I want nothing to do with, and it isn’t officially supported by Proxmox.
What We’re Working With
Proxmox is a virtualization platform that runs multiple operating systems on a single physical box. Perfect for a homelab or media hoarders consolidating services onto one machine.
LXC containers are lightweight virtualized environments that share the host’s kernel. Think isolated spaces that use fewer resources than full virtual machines.
Virtual machines (VMs) are complete, isolated operating systems that share nothing with the host.
The Arr suite is Sonarr (TV automation), Radarr (movie automation), Lidarr (music automation), and SABnzbd (download client). They work together to find, download, and organize your media library automatically.
LXC Containers Look Great on Paper, But They Trip You Up Fast
LXCs are lightweight. They share the Proxmox host’s kernel and don’t suck up much in the way of resources. Sounds ideal, right? Until you realize how tightly integrated the Arr apps actually are.
Too Many Moving Parts: Seven LXCs means seven operating systems, seven update schedules, seven IP addresses, and seven things that can break. Docker bundles everything together. Less patching. Fewer surprises.
Networking Gets Messy: Sonarr and Radarr need to talk to Prowlarr and your downloader constantly. Getting that cross-talk working between LXCs means manually configuring IP addresses, firewall rules, and routing between containers. Here’s where Docker shines. It creates an internal network where services find each other by name automatically. Instead of remembering that Sonarr lives at 192.168.1.100:8989, you point it at sonarr:8989 and Docker handles the rest.
Storage and Permissions Are a Nightmare: When multiple LXCs try to access the same media folders, you’ll run into UID and GID issues. One container creates files another can’t read or modify. With Docker, you map your storage once to the VM, and all containers share the same user context. Permission headaches gone.
Unprivileged Containers Make Network Storage a Pain: If you’re running unprivileged LXCs (which you should, for security), accessing NFS or SMB shares becomes a special kind of hell. Unprivileged containers map user IDs differently than the host, so your media files might show up as owned by nobody or become completely inaccessible. You’ll burn hours tweaking UID maps, CIFS mount options, and NFS export settings to get basic file access working. Meanwhile, a VM with Docker mounts your network shares normally and passes them through to containers without the mapping headaches.
Config Drift Is Real: One LXC gets updated while another doesn’t. Suddenly an app fails and you’re hunting down why a version mismatch is breaking API calls between services. Docker Compose gives you a single source of truth: a YAML file that pins your entire stack to specific versions.
Docker in a VM: The Sweet Spot for Media Automation
Here’s where things get easier.
One VM to Rule Them All: Instead of babysitting a small army of containers, you manage one Debian or Ubuntu VM. Update once. Patch once. Reboot once.
Docker Compose = Sanity: Everything lives in a single docker-compose.yml file. It handles every Arr app you need (Sonarr, Radarr, Lidarr, SABnzbd, etc.), their connections, volumes, ports, environment variables, user IDs, and timezones, all centralized and clean. Spin up the stack with docker compose up -d. Shut it down with docker compose down. Pull updates with docker compose pull without touching the rest of the system.
True Isolation: VMs are fully fenced off from your Proxmox host. If something breaks, it won’t leak into your main system. Need to move the stack? Back up the VM and drop it in the new location.
Less Headache When Things Break: One place to look for problems. Run docker logs <container> and get answers fast. No jumping between LXCs hunting through logs scattered across the host.
Better Community Support: Most media server guides today assume you’re running Docker. That means more tutorials, more troubleshooting help, and fewer dead ends.
Sensible Use of Resources: A single VM with Docker uses slightly more memory than a pile of LXCs up front. Long term, it’s more stable, more predictable, and easier to maintain. The small resource overhead is worth the massive reduction in complexity.
Stop Fighting. Start Watching.
LXCs are great for simple, fire-and-forget services that don’t need to talk to each other. The Arr suite is the opposite. These apps need to work together without friction, and they need consistency across your entire stack.
Docker inside a VM gives you that consistency. You get the benefits of isolation and virtualization with the simplicity of containerized apps that find each other on a shared network without fuss.
So skip the mess. Build your media automation stack inside a VM. Use Docker Compose. Spend less time debugging networking and permissions, and more time enjoying your perfectly organized media library.
Set it up once. Watch it work. Enjoy your media.
ASROCK Mini-Desktop Computer
The DeskMini B760 is a compact but capable barebone system perfect for homelab use. It supports up to 14th Gen Intel CPUs (65W), dual DDR4 RAM up to 64GB, and fast storage via both Gen5 and Gen4 M.2 slots plus dual 2.5" drive bays. Ideal for running lightweight VMs and containers in a tiny footprint.
Contains affiliate links. I may earn a commission at no cost to you.