Fix homepage Traefik network routing and update configurations

- Add traefik.docker.network=traefik-network label to homepage service
- Prevent Traefik from using wrong IP from homelab-network
- Resolve 504 Gateway Timeout issues after authentication
- Update various docker-compose configurations and templates
- Clean up unused configuration files

docker-compose/vpn/docker-compose.yml.template

@@ -0,0 +1,96 @@
+# VPN Stack
+# VPN client and VPN-routed download clients
+# Place in /opt/stacks/vpn/docker-compose.yml
+
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
+services:
+  # Gluetun - VPN client (Surfshark)
+  # Routes download clients through VPN for security
+  # VPN service should always run to maintain secure connections
+  gluetun:
+    image: qmcgaw/gluetun:latest
+    container_name: gluetun
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    networks:
+      - homelab-network
+      - traefik-network
+    ports:
+      - "8888:8888/tcp"  # HTTP proxy
+      - "8388:8388/tcp"  # Shadowsocks
+      - "8388:8388/udp"  # Shadowsocks
+      - "8081:8080"      # qBittorrent web UI
+      - "6881:6881"      # qBittorrent
+      - "6881:6881/udp"  # qBittorrent
+    volumes:
+      - ./gluetun:/gluetun
+    environment:
+      - VPN_SERVICE_PROVIDER=surfshark
+      - VPN_TYPE=openvpn
+      - OPENVPN_USER=${SURFSHARK_USERNAME}
+      - OPENVPN_PASSWORD=${SURFSHARK_PASSWORD}
+      - SERVER_COUNTRIES=${VPN_SERVER_COUNTRIES}
+      - TZ=${TZ}
+    # TRAEFIK CONFIGURATION
+    labels:
+      # Service metadata
+      - "com.centurylinklabs.watchtower.enable=true"
+      - "homelab.category=downloaders"
+      - "homelab.description=VPN client for secure downloads"
+      - "traefik.enable=true"
+      # Router configuration
+      - "traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)"
+      - "traefik.http.routers.qbittorrent.entrypoints=websecure"
+      - "traefik.http.routers.qbittorrent.tls=true"
+      - "traefik.http.routers.qbittorrent.middlewares=authelia@docker"
+      # Service configuration
+      - "traefik.http.services.qbittorrent.loadbalancer.server.port=8081"
+      # Sablier configuration
+      - "sablier.enable=true"
+      - "sablier.group=${SERVER_HOSTNAME}-qbittorrent"
+      - "sablier.sessionDuration=1h"
+
+  # qBittorrent - Torrent client
+  # Routes through Gluetun VPN
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    deploy:
+      resources:
+        limits:
+          cpus: '1.0'
+          memory: 512M
+          pids: 1024
+        reservations:
+          cpus: '0.50'
+          memory: 256M
+    container_name: qbittorrent
+    restart: unless-stopped
+    network_mode: "service:gluetun"  # Routes through VPN in same compose file
+    volumes:
+      - ./qbittorrent/config:/config
+      - /mnt/downloads:/downloads
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+      - WEBUI_PORT=8080
+    depends_on:
+      - gluetun
+
+networks:
+  homelab-network:
+    external: true
+  traefik-network:
+    external: true
+
+x-dockge:
+  urls:
+    - https://qbit.${DOMAIN}
+    - https://${SERVER_IP}:8081