Skip to content

Mealie

Self-hosted recipe manager + meal planner + shopping list, running as a Docker stack on the arrstack VM. Chosen over the heavier Grocy and the lighter KitchenOwl on two specific axes:

The KitchenOwl pantry-tracking story is stronger; that gap is the accepted trade-off and a re-evaluate trigger if pantry accounting becomes a real workflow.

Live since 2026-05-06

Compose pushed to homelab-ansible/stacks/mealie/, reconciled by Dockhand same-day, first admin login confirmed clean — no execution-time surprises. Update with a "Lessons from the YYYY-MM-DD ..." section if anything notable surfaces in operation.

LAN URL: http://192.168.1.252:9000 until edge wiring lands.

Service details

Property Value
Host arrstack VM (192.168.1.252) — see arrstack service page
Image ghcr.io/mealie-recipes/mealie:latest (upstream)
Database SQLite (Mealie default) under named volume mealie_data
Compose stacks/mealie/docker-compose.yml
Management Dockhand (Git-backed Docker Compose) — controller is local on arrstack
Host port 9000 → container 9000 (free on arrstack — see arrstack services table for the full port inventory)
Reverse proxy deferred — see Reverse-proxy & TLS below
Backup Captured by pbs-daily (named volume sits under /var/lib/docker/volumes/mealie_data/_data, part of the VM's vzdump snapshot)

Resource tuning

The compose pins MAX_WORKERS=1 and WEB_CONCURRENCY=1. Mealie's backend config docs flag these as the right values for low-traffic single-household deploys — the default of CPU-count workers is wasteful on the 2-core arrstack VM and inflates idle RAM.

ALLOW_SIGNUP=false keeps the front door locked. Initial admin user is created via the changeme@example.com / MyPassword flow on first login.

Database — SQLite (initial baseline)

Mealie's bundled SQLite is sufficient for single-household use. Migration trigger to PostgreSQL: only if multiple households are added or HA polling-load gets observable. Matches the same SQLite-first stance as n8n.

If/when migration is needed, Mealie ships migration tooling that takes a SQLite DB and a Postgres connection string; see upstream docs.

Deployment flow

  1. Compose lives in homelab-ansible/stacks/mealie/ — not edited on the host.
  2. Dockhand (on arrstack) reads the compose from git on its sync schedule.
  3. Dockhand dispatches docker compose up against the local Docker daemon (no Hawser hop — same host).
  4. Mealie container starts, binds 0.0.0.0:9000 inside the container, host exposes :9000, persists state to the mealie_data named volume.

The named volume sits under /var/lib/docker/volumes/mealie_data/_data on arrstack, part of the VM's vzdump rootfs snapshot. PBS backup is automatic.

Reverse-proxy & TLS

Deferred. When mealie.rampancy.cloud is wired up:

  1. Add the vhost to host_vars/edge.yml on the edge LXC, pointing at http://192.168.1.252:9000. Caddy terminates TLS with the LE wildcard *.rampancy.cloud issued via Cloudflare DNS-01.
  2. Uncomment BASE_URL=https://mealie.rampancy.cloud in the compose so Mealie generates correct callback / share URLs.
  3. CrowdSec coverage is automatic via the existing wildcard handler on the edge.

Until then this is LAN-only HTTP — fine for the Home Assistant integration (HA polls on the LAN) but not for off-LAN access.

Home Assistant integration

Reserved for Phase 6B once HAOS is up. The Mealie HA integration is part of HA core in 2026; setup is config-flow only (host URL + API token from Mealie's user profile). Once configured it creates a to-do entity per Mealie shopping list, polls every 5 minutes, and supports two-way edits.

OIDC SSO

Reserved for Phase 7E. Mealie supports OIDC v2 with group-based admin mapping and an ALLOW_PASSWORD_LOGIN=false flag once the IdP relationship is solid. Defer enabling until Pocket-ID lands.