RomM

A self-hosted ROM manager with metadata enrichment and a clean web UI.

RomM is an open-source ROM manager that scans your game collection, enriches it with metadata from IGDB and MobyGames, and provides a clean web interface to browse and download ROMs. It supports multiple platforms and naming schemes. Self-hosting avoids cloud ROM storage services and keeps your game collection organized and accessible.

Alternatives considered

Self Hosted

Tool	Open Source	Full Features	Notes
LaunchBox	No	Limited	Windows desktop only; no web UI
Playnite	Yes	Yes	Local game library manager; no web access

Installation

Architecture

Deployment: Single romm-deploy deployment in the romm namespace
Image: rommapp/romm:4.8.1 (digest-pinned)
Database: MariaDB StatefulSet with Longhorn-encrypted PVC (data-mariadb-0-longhorn)
Storage: Longhorn PVCs for assets and config; NFS PV from TrueNAS for ROM library
Networking: ClusterIP service, HTTPRoute via internal gateway

Security

Runs as runAsUser: 0, runAsNonRoot: false
Longhorn PVCs encrypted at rest via SOPS-managed keys

Updates

Managed by Renovate. Image is digest-pinned.

Data Management

Database: MariaDB StatefulSet (Longhorn-encrypted PVC data-mariadb-0-longhorn)
PVCs: assets and config (Longhorn-encrypted, k8up.io/backup: "true")
NFS: TrueNAS NFS PV for ROM library storage
Backups: k8up Schedule backs up MariaDB Longhorn PVC and app data to Hetzner S3. MariaDB annotated with k8up.io/backupcommand: pg_dump equivalent.

User Management

OIDC configured — OIDC_ENABLED, OIDC_PROVIDER, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_REDIRECT_URI all from SOPS-encrypted secret. Provider is PocketID.

Configuration Management

OIDC credentials and database credentials from SOPS-encrypted secret
Longhorn encryption keys from SOPS-encrypted secrets

Administration

Usage

Browse your ROM collection by platform in the web UI. RomM automatically matches ROMs to metadata from IGDB for cover art and descriptions. Download ROMs directly from the browser or connect emulators via the API. OIDC SSO is configured for single sign-on authentication.

Cluster-specific deviations from the above live in the per-cluster README — see k8s/apps/talos/romm/README.md.

Cluster Deployment

App URLs

romm.web.kueber.eu

Depends on

RomM — Talos cluster

Cluster-specific notes only. General product info, "why we use it", and alternatives live in docusaurus/docs/apps/romm.mdx.

Deviations from defaults

Defaults live in docusaurus/docs/apps/romm.mdx — document anything this cluster does differently here, with a one-line reason.

Kubernetes Metadata

Image: rommapp/romm:4.9.0@sha256:fa9a412dd2881472ef85aa9b268a84ae6d149b865fddd50df2b72749ce8a480e

Rendered manifests (kustomize build)

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kustomize.toolkit.fluxcd.io/force: enabled
  labels:
    app.kubernetes.io/instance: romm
    app.kubernetes.io/name: romm
  name: romm-deploy
  namespace: romm
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/instance: romm
      app.kubernetes.io/name: romm
      homepage: active
      ingress: public
  strategy:
    rollingUpdate: null
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: romm
        app.kubernetes.io/name: romm
        homepage: active
        ingress: public
    spec:
      containers:
        - env:
            - name: ROMM_DB_DRIVER
              value: postgresql
            - name: DB_HOST
              valueFrom:
                secretKeyRef:
                  key: host
                  name: cnpg-app
            - name: DB_PORT
              valueFrom:
                secretKeyRef:
                  key: port
                  name: cnpg-app
            - name: DB_NAME
              valueFrom:
                secretKeyRef:
                  key: dbname
                  name: cnpg-app
            - name: DB_USER
              valueFrom:
                secretKeyRef:
                  key: user
                  name: cnpg-app
            - name: DB_PASSWD
              valueFrom:
                secretKeyRef:
                  key: password
                  name: cnpg-app
          envFrom:
            - secretRef:
                name: romm
          image: rommapp/romm:4.9.0@sha256:fa9a412dd2881472ef85aa9b268a84ae6d149b865fddd50df2b72749ce8a480e
          name: romm
          ports:
            - containerPort: 8080
              name: web
              protocol: TCP
          readinessProbe:
            failureThreshold: 1
            httpGet:
              path: /
              port: 8080
            initialDelaySeconds: 10
            periodSeconds: 3
            successThreshold: 1
            timeoutSeconds: 2
          volumeMounts:
            - mountPath: /romm/library/roms
              name: roms
              subPath: roms
            - mountPath: /romm/library/bios
              name: roms
              subPath: bios
            - mountPath: /romm/assets
              name: assets
            - mountPath: /romm/config
              name: config
            - mountPath: /romm/resources
              name: resources
      volumes:
        - name: roms
          persistentVolumeClaim:
            claimName: romm-truenas-nfs-gaming
        - name: config
          persistentVolumeClaim:
            claimName: config
        - name: assets
          persistentVolumeClaim:
            claimName: assets
        - name: resources
          persistentVolumeClaim:
            claimName: resources

Alternatives considered​

Installation​

Architecture​

Security​

Updates​

Data Management​

User Management​

Configuration Management​

Administration​

Usage​

Cluster Deployment​

Deviations from defaults​