Tachiyomi (Suwayomi)
A self-hosted manga server and reader based on the Tachiyomi Android app.
Suwayomi (deployed here as tachiyomi) is a self-hosted server that runs the Tachiyomi manga reader backend with web UI access. It supports the full Tachiyomi extension ecosystem for reading manga from various sources. Self-hosting keeps your reading history private and provides a web interface independent of Android.
Alternatives considered
Cloud Hosted
| Tool | Open Source | Free Tier | Monthly Cost |
|---|---|---|---|
| MangaDex | No | Yes | Free |
Self Hosted
| Tool | Open Source | Full Features | Notes |
|---|---|---|---|
| Komga | Yes | Yes | Local CBZ/CBR collections; no extension system |
Installation
Architecture
- Deployment: Single
tachiyomideployment in thetachiyominamespace - Image:
ghcr.io/suwayomi/tachidesk:v2.1.2087(digest-pinned) - Storage: NFS PV from TrueNAS for manga storage; no PVC
- Networking: ClusterIP service on port 4567, HTTPRoute via internal gateway
Security
- Runs as
runAsUser: 1000,runAsNonRoot: true,allowPrivilegeEscalation: false, capabilities dropped - Basic auth credentials from SOPS-encrypted secret
Updates
Managed by Renovate. Image is digest-pinned.
Data Management
No PVCs. Manga files reside on the TrueNAS NFS share managed by TrueNAS. App settings and reading progress stored in the container's internal SQLite database (on the NFS share).
User Management
Basic authentication via authsecret (username/password from SOPS secret). No OIDC.
Configuration Management
- Basic auth credentials from SOPS-encrypted secret
Administration
Usage
Access the web UI to install Tachiyomi extensions and browse manga from configured sources. Downloaded manga is stored on the NFS share. Reading progress syncs in the server database. Tachiyomi Android app can connect to this server as a remote source.
Cluster-specific deviations from the above live in the per-cluster README — see k8s/apps/talos/tachiyomi/README.md.
Cluster Deployment
Tachiyomi (Suwayomi) — Talos cluster
Cluster-specific notes only. General product info, "why we use it", and alternatives live in docusaurus/docs/apps/tachiyomi.mdx.
Deviations from defaults
Defaults live in docusaurus/docs/apps/tachiyomi.mdx — document anything this cluster does differently here, with a one-line reason.
- Image:
ghcr.io/suwayomi/tachidesk:v2.2.2196@sha256:f08888559fd74e91c2dfad9b0a77449338a4bbed86a7fe66aa2dc90bc5f724ab
Rendered manifests (kustomize build)
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kustomize.toolkit.fluxcd.io/force: enabled
labels:
app.kubernetes.io/instance: tachiyomi
app.kubernetes.io/name: tachiyomi
name: tachiyomi
namespace: tachiyomi
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: tachiyomi
app.kubernetes.io/name: tachiyomi
homepage: active
ingress: internal
strategy:
rollingUpdate: null
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: tachiyomi
app.kubernetes.io/name: tachiyomi
homepage: active
ingress: internal
spec:
containers:
- image: ghcr.io/suwayomi/tachidesk:v2.2.2196@sha256:f08888559fd74e91c2dfad9b0a77449338a4bbed86a7fe66aa2dc90bc5f724ab
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: 4567
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
name: tachiyomi
ports:
- containerPort: 4567
name: web
protocol: TCP
readinessProbe:
failureThreshold: 1
httpGet:
path: /
port: 4567
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
volumeMounts:
- mountPath: /home/suwayomi/.local/share/Tachidesk
name: tachiyomi-nfs
subPath: tachiyomi
- mountPath: /downloads
name: tachiyomi-nfs
subPath: manga/tachiyomi
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumes:
- name: tachiyomi-nfs
persistentVolumeClaim:
claimName: tachiyomi-truenas-nfs-reading