adding projects for gluetun, lidar notes, navidrome, nicotine and qtorrent changes, also updating the homelab infra doc

2026-04-28 00:47:59 +00:00
parent f6c56a4457
commit 7ca240981b
7 changed files with 179 additions and 7 deletions
--- a/projects/gluetun/index.md
+++ b/projects/gluetun/index.md
@@ -0,0 +1,60 @@
 ---
 title: Gluetun
 description: VPN client in a Docker container
 showHero: false
 author: wompmacho
 date: '2026-04-27'
 lastmod: '2026-04-27'
 tags: ['vpn', 'gluetun', 'networking', 'self-hosted']
 ---
 ## What is Gluetun?
 `Gluetun` is a lightweight Swiss-army-knife Docker container to connect to VPN servers. I use it as a central VPN gateway for other containers like qBittorrent and Nicotine. By routing other containers through Gluetun, they share its VPN connection and benefit from its killswitch, ensuring no traffic leaks if the VPN drops.
 ## Docker Compose Example
 ```yaml
 {{% include "/srv/configs/docker_compose/gluetun/docker-compose.yaml" %}}
 ```
 ## Utilizing Ports in Docker Compose
 When using Gluetun as a network stack for other containers (via `network_mode: "container:gluetun"`), all port mappings must be defined in the **Gluetun service itself**, not in the service being routed.
 ### Why define ports in Gluetun?
 Containers sharing Gluetun's network namespace effectively share its "localhost." Since the routed container has no network stack of its own, Docker cannot map ports directly to it. Gluetun must listen on those ports and pass the traffic through to the shared network namespace.
 ### How to add a new port:
 1.  **Define the mapping in Gluetun**: Add the desired port to the `ports` section of the `gluetun` service.
    ```yaml
    services:
      gluetun:
        ports:
          - '8080:8080' # Example: Web UI for a routed app
    ```
 2.  **Use Variables**: It is recommended to use variables in a `.env` file for cleaner management, as seen in my setup:
    ```yaml
    ports:
      - '${TORRENT_WEBUI_PORT}'
    ```
 3.  **No ports in routed containers**: Ensure the container using `network_mode: "container:gluetun"` does **not** have a `ports` section, as it will cause an error or be ignored.
 ### Local Network Access (Firewall)
 By default, Gluetun's killswitch might block access to the container's Web UI from your local network. To fix this, you must define your local subnet in the environment:
 ```yaml
 environment:
  - FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/24 # Adjust to match your LAN
 ```
 This allows traffic from your local network to bypass the VPN tunnel, enabling you to access Web interfaces (like qBittorrent) while the VPN is active.
 ## Routing other containers
 To route a container through Gluetun, add the following to its `docker-compose.yaml`:
 ```yaml
 services:
  my-app:
    network_mode: "container:gluetun"
 ```
--- a/projects/homelab/homelab_Infra.md
+++ b/projects/homelab/homelab_Infra.md
@@ -81,10 +81,11 @@ This document outlines the internal infrastructure of the **wompmacho** homelab.
 *   **Default Gateway**: `10.0.0.1` (OPNsense)
 *   **Primary DNS**: `10.0.0.11` (Pi-hole)
-### VPN
+### VPN and Proxy
 *   **Tunnel Subnet**: `10.10.10.0/24`
 *   **Phone Peer**: `10.10.10.3/32`
 *   **Gluetun (Container VPN)**: Lightweight VPN gateway for p2p and sensitive services. It provides a container-level killswitch and manages shared network namespaces.
 ## Storage infrastructure
@@ -114,6 +115,7 @@ These services run on the main Docker Host VM (`10.0.0.190`) and are proxied via
 | Container Name          | Mapped Ports           | Access       | Description / Role                                                        |
 | ----------------------- | ---------------------- | ------------ | ------------------------------------------------------------------------- |
 | **nginx-proxy-manager** | 80, 81, 443            | Internal/VPN | Reverse proxy for all internal and external domains                       |
 | **gluetun**             | 8181, 6565, 6881, etc. | Internal/VPN | VPN Gateway for other containers (`http://torrent/`, `http://nicotine/`)  |
 | **portainer**           | 8000, 9000, 9001, 9443 | Internal/VPN | Docker container management GUI                                           |
 | **cloudflare-ddns**     | -                      | Internal/VPN | Automatically updates dynamic IP to Cloudflare DNS                        |
 | **immich_server**       | 2283                   | Public       | Photo/Video backup and gallery (`immich.wompmacho.com`)                   |
@@ -133,8 +135,11 @@ These services run on the main Docker Host VM (`10.0.0.190`) and are proxied via
 | **webtop**              | 7978, 7979             | Public       | Browser-based desktop environment (`webtop.wompmacho.com`)                |
 | **open-webui**          | 3007                   | Internal/VPN | ChatGPT-like web interface connected to Ollama LLMs (`http://gemma/`)     |
 | **linkstack**           | 80, 8190               | Public       | Personal link landing page                                                |
-| **torrent**             | 8181, 8999             | Internal/VPN | Internal/VPN (`http://torrent/`)                                          |
+| **torrent**             | (via Gluetun)          | Internal/VPN | qBittorrent routed through VPN (`http://torrent/`)                        |
-| **dozzle**              | 4343                   | Internal/VPN | Internal/VPN (`http://dozzle/`)                                           |
+| **nicotine**            | (via Gluetun)          | Internal/VPN | Soulseek client routed through VPN (`http://nicotine/`)                   |
 | **navidrome**           | 4533                   | Internal/VPN | Personal music streaming server (`http://music/`)                         |
 | **picard**              | 5800                   | Internal/VPN | MusicBrainz Picard tagger GUI (`http://picard/`)                          |
 | **dozzle**              | 4343                   | Internal/VPN | Real-time Docker log viewer (`http://dozzle/`)                            |
 ## Media stack
@@ -144,7 +149,6 @@ These services are hosted on the TrueNAS node (`truenas`) and proxied via the Do
 | -------------- | ------------- | ------------------------------------------ |
 | **Sonarr**     | 30027         | TV Show Management                         |
 | **Radarr**     | 30025         | Movie Management                           |
 | **Lidarr**     | 30014         | Music Management                           |
 | **Readarr**    | 30045         | Book Management                            |
 | **Prowlarr**   | 30050         | Indexer Management                         |
 | **Bazarr**     | 30046         | Subtitle Management                        |
--- a/projects/lidarr/index.md
+++ b/projects/lidarr/index.md
@@ -0,0 +1,24 @@
 ---
 title: Lidarr (Decommissioned)
 description: Music collection manager
 showHero: false
 author: wompmacho
 date: '2026-04-28'
 lastmod: '2026-04-28'
 tags: ['music', 'automation', 'deprecated']
 ---
 ## What is Lidarr?
 `Lidarr` is a music collection manager for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new tracks from your favorite artists and will grab, sort, and rename them. It also allows you to automatically upgrade the quality of files already in your library when a better format becomes available.
 Lidarr is part of the "Arr" suite of applications (like Sonarr and Radarr) and integrates deeply with indexers and download clients to automate the entire music acquisition process.
 ## Status: Decommissioned
 I am no longer actively using `Lidarr` in my homelab. While the automation features are powerful, I found that music torrent indexers are increasingly unreliable or inconsistent compared to other media types (Movies/TV). The difficulty in consistently finding high-quality or niche music through torrent sites made automation via Lidarr more trouble than it was worth.
 > [!tip] Recommendation: Nicotine+ / Soulseek
 > If you are looking for a more reliable way to source music, I highly recommend using **Nicotine+** (Soulseek). It is a peer-to-peer network dedicated to music sharing where it is significantly easier to find high-quality (FLAC/320kbps), rare, or niche albums that rarely surface on public or private torrent trackers.
 For my current workflow, I use [Nicotine+](../nicotine) for downloads, [MusicBrainz Picard](../musicbrainz-picard) for tagging, and [Navidrome](../navidrome) for streaming.
--- a/projects/musicbrainz-picard/index.md
+++ b/projects/musicbrainz-picard/index.md
@@ -0,0 +1,23 @@
 ---
 title: MusicBrainz Picard
 description: Music tagger and organizer
 showHero: false
 author: wompmacho
 date: '2026-04-28'
 lastmod: '2026-04-28'
 tags: ['music', 'metadata', 'tags', 'organizer']
 ---
 ## What is MusicBrainz Picard?
 `MusicBrainz Picard` is a cross-platform music tagger written in Python. It uses the MusicBrainz database to identify and tag your audio files accurately. Using the `jlesage/musicbrainz-picard` Docker image allows me to use the full GUI via a web browser.
 ## Docker Compose Example
 ```yaml
 {{% include "/srv/configs/docker_compose/musicbrainz-picard/docker-compose.yaml" %}}
 ```
 ## How I use it
 I use Picard to clean up the metadata of music downloaded via Nicotine+ before it gets added to my Navidrome library. The Docker version is especially useful as it has direct access to my NFS music share.
--- a/projects/navidrome/index.md
+++ b/projects/navidrome/index.md
@@ -0,0 +1,26 @@
 ---
 title: Navidrome
 description: Personal music streaming server
 showHero: false
 author: wompmacho
 date: '2026-04-28'
 lastmod: '2026-04-28'
 tags: ['music', 'streaming', 'self-hosted', 'audio']
 ---
 ## What is Navidrome?
 `Navidrome` is an open-source web-based music collection manager and streamer. It is compatible with Subsonic/Madsonic/Airsonic clients and allows you to enjoy your music collection from anywhere.
 ## Docker Compose Example
 ```yaml
 {{% include "/srv/configs/docker_compose/navidrome/docker-compose.yaml" %}}
 ```
 ## Features
 - Streams to nearly any device.
 - Compatible with all Subsonic clients.
 - Very lightweight, runs well even on older hardware.
 - Automatically handles huge music collections.
--- a/projects/nicotine/index.md
+++ b/projects/nicotine/index.md
@@ -0,0 +1,29 @@
 ---
 title: Nicotine+
 description: Soulseek client
 showHero: false
 author: wompmacho
 date: '2026-04-28'
 lastmod: '2026-04-28'
 tags: ['soulseek', 'music', 'downloads', 'p2p']
 ---
 ## What is Nicotine+?
 `Nicotine+` is a graphical client for the Soulseek peer-to-peer network. It's a great way to find high-quality music files and share your own collection with others.
 ## Docker Compose Example
 ```yaml
 {{% include "/srv/configs/docker_compose/nicotine/docker-compose.yaml" %}}
 ```
 ## VPN Integration
 Like qBittorrent, I route Nicotine+ through Gluetun to ensure all p2p traffic is encrypted and protected by a killswitch.
 ```yaml
 network_mode: "container:gluetun"
 ```
 Remember to map the necessary ports in your Gluetun configuration if you want to be "connectable" on the Soulseek network.
--- a/projects/qbittorent/index.md
+++ b/projects/qbittorent/index.md
@@ -22,14 +22,20 @@ will automatically stop the network if the VPN is not functioning correctly.
 {{% include "/srv/configs/docker_compose/qbittorrentvpn/docker-compose.yaml" %}}
 ```
 ## Gluetun Networking
 To ensure qBittorrent traffic is always protected by a VPN, I route its network through the `gluetun` container.
 ### Enabling Gluetun Routing
 1.  **Set Network Mode**: In the qBittorrent service definition, add `network_mode: "container:gluetun"`.
 2.  **Remove Ports**: You must remove the `ports` section from the qBittorrent service. All port mappings (like `8080` for the WebUI) must instead be defined in the `gluetun` container's `ports` section.
 3.  **Local Access**: Since the container is now in Gluetun's network namespace, use Gluetun's IP or the host's IP to access the WebUI.
 To set up the VPN you will need to have an existing account with a VPN service.
 Username & Password for the vpn will be provided as a key by your vpn service.
 In my case I use Surfshark and have to go log into my account, navigate to the
 linux setup page and grab my generated Username key and Password key there.
 A credentials file on my docker host was generated by QBittorrent when running
 the first time.
 ```
 ## download all availble server conf
 sudo wget https://my.surfshark.com/vpn/api/v1/server/configurations