From 7ca240981b589750f2c6f967f13d39ae3fd78780 Mon Sep 17 00:00:00 2001
From: wompmacho <michael@wompmacho.com>
Date: Tue, 28 Apr 2026 00:47:59 +0000
Subject: [PATCH] adding projects for gluetun, lidar notes, navidrome, nicotine
 and qtorrent changes, also updating the homelab infra doc

---
 projects/gluetun/index.md            | 60 ++++++++++++++++++++++++++++
 projects/homelab/homelab_Infra.md    | 12 ++++--
 projects/lidarr/index.md             | 24 +++++++++++
 projects/musicbrainz-picard/index.md | 23 +++++++++++
 projects/navidrome/index.md          | 26 ++++++++++++
 projects/nicotine/index.md           | 29 ++++++++++++++
 projects/qbittorent/index.md         | 12 ++++--
 7 files changed, 179 insertions(+), 7 deletions(-)
 create mode 100644 projects/gluetun/index.md
 create mode 100644 projects/lidarr/index.md
 create mode 100644 projects/musicbrainz-picard/index.md
 create mode 100644 projects/navidrome/index.md
 create mode 100644 projects/nicotine/index.md

diff --git a/projects/gluetun/index.md b/projects/gluetun/index.md
new file mode 100644
index 0000000..5b7083d
--- /dev/null
+++ b/projects/gluetun/index.md
@@ -0,0 +1,60 @@
+---
+title: Gluetun
+description: VPN client in a Docker container
+showHero: false
+author: wompmacho
+date: '2026-04-27'
+lastmod: '2026-04-27'
+tags: ['vpn', 'gluetun', 'networking', 'self-hosted']
+---
+
+## What is Gluetun?
+
+`Gluetun` is a lightweight Swiss-army-knife Docker container to connect to VPN servers. I use it as a central VPN gateway for other containers like qBittorrent and Nicotine. By routing other containers through Gluetun, they share its VPN connection and benefit from its killswitch, ensuring no traffic leaks if the VPN drops.
+
+## Docker Compose Example
+
+```yaml
+{{% include "/srv/configs/docker_compose/gluetun/docker-compose.yaml" %}}
+```
+
+## Utilizing Ports in Docker Compose
+
+When using Gluetun as a network stack for other containers (via `network_mode: "container:gluetun"`), all port mappings must be defined in the **Gluetun service itself**, not in the service being routed.
+
+### Why define ports in Gluetun?
+Containers sharing Gluetun's network namespace effectively share its "localhost." Since the routed container has no network stack of its own, Docker cannot map ports directly to it. Gluetun must listen on those ports and pass the traffic through to the shared network namespace.
+
+### How to add a new port:
+1.  **Define the mapping in Gluetun**: Add the desired port to the `ports` section of the `gluetun` service.
+    ```yaml
+    services:
+      gluetun:
+        ports:
+          - '8080:8080' # Example: Web UI for a routed app
+    ```
+2.  **Use Variables**: It is recommended to use variables in a `.env` file for cleaner management, as seen in my setup:
+    ```yaml
+    ports:
+      - '${TORRENT_WEBUI_PORT}'
+    ```
+3.  **No ports in routed containers**: Ensure the container using `network_mode: "container:gluetun"` does **not** have a `ports` section, as it will cause an error or be ignored.
+
+### Local Network Access (Firewall)
+By default, Gluetun's killswitch might block access to the container's Web UI from your local network. To fix this, you must define your local subnet in the environment:
+
+```yaml
+environment:
+  - FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/24 # Adjust to match your LAN
+```
+
+This allows traffic from your local network to bypass the VPN tunnel, enabling you to access Web interfaces (like qBittorrent) while the VPN is active.
+
+## Routing other containers
+To route a container through Gluetun, add the following to its `docker-compose.yaml`:
+
+```yaml
+services:
+  my-app:
+    network_mode: "container:gluetun"
+```
diff --git a/projects/homelab/homelab_Infra.md b/projects/homelab/homelab_Infra.md
index 1213da3..5a73fc3 100644
--- a/projects/homelab/homelab_Infra.md
+++ b/projects/homelab/homelab_Infra.md
@@ -81,10 +81,11 @@ This document outlines the internal infrastructure of the **wompmacho** homelab.
 *   **Default Gateway**: `10.0.0.1` (OPNsense)
 *   **Primary DNS**: `10.0.0.11` (Pi-hole)
 
-### VPN
+### VPN and Proxy
 
 *   **Tunnel Subnet**: `10.10.10.0/24`
 *   **Phone Peer**: `10.10.10.3/32`
+*   **Gluetun (Container VPN)**: Lightweight VPN gateway for p2p and sensitive services. It provides a container-level killswitch and manages shared network namespaces.
 
 ## Storage infrastructure
 
@@ -114,6 +115,7 @@ These services run on the main Docker Host VM (`10.0.0.190`) and are proxied via
 | Container Name          | Mapped Ports           | Access       | Description / Role                                                        |
 | ----------------------- | ---------------------- | ------------ | ------------------------------------------------------------------------- |
 | **nginx-proxy-manager** | 80, 81, 443            | Internal/VPN | Reverse proxy for all internal and external domains                       |
+| **gluetun**             | 8181, 6565, 6881, etc. | Internal/VPN | VPN Gateway for other containers (`http://torrent/`, `http://nicotine/`)  |
 | **portainer**           | 8000, 9000, 9001, 9443 | Internal/VPN | Docker container management GUI                                           |
 | **cloudflare-ddns**     | -                      | Internal/VPN | Automatically updates dynamic IP to Cloudflare DNS                        |
 | **immich_server**       | 2283                   | Public       | Photo/Video backup and gallery (`immich.wompmacho.com`)                   |
@@ -133,8 +135,11 @@ These services run on the main Docker Host VM (`10.0.0.190`) and are proxied via
 | **webtop**              | 7978, 7979             | Public       | Browser-based desktop environment (`webtop.wompmacho.com`)                |
 | **open-webui**          | 3007                   | Internal/VPN | ChatGPT-like web interface connected to Ollama LLMs (`http://gemma/`)     |
 | **linkstack**           | 80, 8190               | Public       | Personal link landing page                                                |
-| **torrent**             | 8181, 8999             | Internal/VPN | Internal/VPN (`http://torrent/`)                                          |
-| **dozzle**              | 4343                   | Internal/VPN | Internal/VPN (`http://dozzle/`)                                           |
+| **torrent**             | (via Gluetun)          | Internal/VPN | qBittorrent routed through VPN (`http://torrent/`)                        |
+| **nicotine**            | (via Gluetun)          | Internal/VPN | Soulseek client routed through VPN (`http://nicotine/`)                   |
+| **navidrome**           | 4533                   | Internal/VPN | Personal music streaming server (`http://music/`)                         |
+| **picard**              | 5800                   | Internal/VPN | MusicBrainz Picard tagger GUI (`http://picard/`)                          |
+| **dozzle**              | 4343                   | Internal/VPN | Real-time Docker log viewer (`http://dozzle/`)                            |
 
 ## Media stack
 
@@ -144,7 +149,6 @@ These services are hosted on the TrueNAS node (`truenas`) and proxied via the Do
 | -------------- | ------------- | ------------------------------------------ |
 | **Sonarr**     | 30027         | TV Show Management                         |
 | **Radarr**     | 30025         | Movie Management                           |
-| **Lidarr**     | 30014         | Music Management                           |
 | **Readarr**    | 30045         | Book Management                            |
 | **Prowlarr**   | 30050         | Indexer Management                         |
 | **Bazarr**     | 30046         | Subtitle Management                        |
diff --git a/projects/lidarr/index.md b/projects/lidarr/index.md
new file mode 100644
index 0000000..f5c574b
--- /dev/null
+++ b/projects/lidarr/index.md
@@ -0,0 +1,24 @@
+---
+title: Lidarr (Decommissioned)
+description: Music collection manager
+showHero: false
+author: wompmacho
+date: '2026-04-28'
+lastmod: '2026-04-28'
+tags: ['music', 'automation', 'deprecated']
+---
+
+## What is Lidarr?
+
+`Lidarr` is a music collection manager for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new tracks from your favorite artists and will grab, sort, and rename them. It also allows you to automatically upgrade the quality of files already in your library when a better format becomes available.
+
+Lidarr is part of the "Arr" suite of applications (like Sonarr and Radarr) and integrates deeply with indexers and download clients to automate the entire music acquisition process.
+
+## Status: Decommissioned
+
+I am no longer actively using `Lidarr` in my homelab. While the automation features are powerful, I found that music torrent indexers are increasingly unreliable or inconsistent compared to other media types (Movies/TV). The difficulty in consistently finding high-quality or niche music through torrent sites made automation via Lidarr more trouble than it was worth.
+
+> [!tip] Recommendation: Nicotine+ / Soulseek
+> If you are looking for a more reliable way to source music, I highly recommend using **Nicotine+** (Soulseek). It is a peer-to-peer network dedicated to music sharing where it is significantly easier to find high-quality (FLAC/320kbps), rare, or niche albums that rarely surface on public or private torrent trackers.
+
+For my current workflow, I use [Nicotine+](../nicotine) for downloads, [MusicBrainz Picard](../musicbrainz-picard) for tagging, and [Navidrome](../navidrome) for streaming.
diff --git a/projects/musicbrainz-picard/index.md b/projects/musicbrainz-picard/index.md
new file mode 100644
index 0000000..f834ec8
--- /dev/null
+++ b/projects/musicbrainz-picard/index.md
@@ -0,0 +1,23 @@
+---
+title: MusicBrainz Picard
+description: Music tagger and organizer
+showHero: false
+author: wompmacho
+date: '2026-04-28'
+lastmod: '2026-04-28'
+tags: ['music', 'metadata', 'tags', 'organizer']
+---
+
+## What is MusicBrainz Picard?
+
+`MusicBrainz Picard` is a cross-platform music tagger written in Python. It uses the MusicBrainz database to identify and tag your audio files accurately. Using the `jlesage/musicbrainz-picard` Docker image allows me to use the full GUI via a web browser.
+
+## Docker Compose Example
+
+```yaml
+{{% include "/srv/configs/docker_compose/musicbrainz-picard/docker-compose.yaml" %}}
+```
+
+## How I use it
+
+I use Picard to clean up the metadata of music downloaded via Nicotine+ before it gets added to my Navidrome library. The Docker version is especially useful as it has direct access to my NFS music share.
diff --git a/projects/navidrome/index.md b/projects/navidrome/index.md
new file mode 100644
index 0000000..af2739a
--- /dev/null
+++ b/projects/navidrome/index.md
@@ -0,0 +1,26 @@
+---
+title: Navidrome
+description: Personal music streaming server
+showHero: false
+author: wompmacho
+date: '2026-04-28'
+lastmod: '2026-04-28'
+tags: ['music', 'streaming', 'self-hosted', 'audio']
+---
+
+## What is Navidrome?
+
+`Navidrome` is an open-source web-based music collection manager and streamer. It is compatible with Subsonic/Madsonic/Airsonic clients and allows you to enjoy your music collection from anywhere.
+
+## Docker Compose Example
+
+```yaml
+{{% include "/srv/configs/docker_compose/navidrome/docker-compose.yaml" %}}
+```
+
+## Features
+
+- Streams to nearly any device.
+- Compatible with all Subsonic clients.
+- Very lightweight, runs well even on older hardware.
+- Automatically handles huge music collections.
diff --git a/projects/nicotine/index.md b/projects/nicotine/index.md
new file mode 100644
index 0000000..3267dc7
--- /dev/null
+++ b/projects/nicotine/index.md
@@ -0,0 +1,29 @@
+---
+title: Nicotine+
+description: Soulseek client
+showHero: false
+author: wompmacho
+date: '2026-04-28'
+lastmod: '2026-04-28'
+tags: ['soulseek', 'music', 'downloads', 'p2p']
+---
+
+## What is Nicotine+?
+
+`Nicotine+` is a graphical client for the Soulseek peer-to-peer network. It's a great way to find high-quality music files and share your own collection with others.
+
+## Docker Compose Example
+
+```yaml
+{{% include "/srv/configs/docker_compose/nicotine/docker-compose.yaml" %}}
+```
+
+## VPN Integration
+
+Like qBittorrent, I route Nicotine+ through Gluetun to ensure all p2p traffic is encrypted and protected by a killswitch.
+
+```yaml
+network_mode: "container:gluetun"
+```
+
+Remember to map the necessary ports in your Gluetun configuration if you want to be "connectable" on the Soulseek network.
diff --git a/projects/qbittorent/index.md b/projects/qbittorent/index.md
index cc8345e..2be09c8 100644
--- a/projects/qbittorent/index.md
+++ b/projects/qbittorent/index.md
@@ -22,14 +22,20 @@ will automatically stop the network if the VPN is not functioning correctly.
 {{% include "/srv/configs/docker_compose/qbittorrentvpn/docker-compose.yaml" %}}
 ```
 
+## Gluetun Networking
+
+To ensure qBittorrent traffic is always protected by a VPN, I route its network through the `gluetun` container.
+
+### Enabling Gluetun Routing
+1.  **Set Network Mode**: In the qBittorrent service definition, add `network_mode: "container:gluetun"`.
+2.  **Remove Ports**: You must remove the `ports` section from the qBittorrent service. All port mappings (like `8080` for the WebUI) must instead be defined in the `gluetun` container's `ports` section.
+3.  **Local Access**: Since the container is now in Gluetun's network namespace, use Gluetun's IP or the host's IP to access the WebUI.
+
 To set up the VPN you will need to have an existing account with a VPN service.
 Username & Password for the vpn will be provided as a key by your vpn service.
 In my case I use Surfshark and have to go log into my account, navigate to the
 linux setup page and grab my generated Username key and Password key there.
 
-A credentials file on my docker host was generated by QBittorrent when running
-the first time.
-
 ```
 ## download all availble server conf
 sudo wget https://my.surfshark.com/vpn/api/v1/server/configurations