kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor: Create downloaders stack for VPN-routed services

Browse Source 
- Created new downloaders stack with Gluetun + qBittorrent unified
- Moved Gluetun from core stack to downloaders stack
- Moved qBittorrent from media-management to downloaders stack
- Uses network_mode: service:gluetun for better maintainability
- Eliminates cross-stack container ID dependencies
- Both services now start/stop together as a logical unit
This commit is contained in:
kelin
2026-01-15 00:53:53 -05:00
parent 14421a8a9e
commit f95275d5c0
3 changed files with 67 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
docker-compose/core.yml
View File

@@ -7,7 +7,6 @@
# - DuckDNS: No web UI (updates IP automatically) # - DuckDNS: No web UI (updates IP automatically)
# - Traefik: https://traefik.${DOMAIN} # - Traefik: https://traefik.${DOMAIN}
# - Authelia: https://auth.${DOMAIN} # - Authelia: https://auth.${DOMAIN}
# - Gluetun: No web UI (VPN client for other services)
services: services:
# DuckDNS - Dynamic DNS updater # DuckDNS - Dynamic DNS updater
@@ -100,45 +99,6 @@ services:
depends_on: depends_on:
- traefik - traefik
# Gluetun - VPN client (Surfshark WireGuard)
# Routes download clients through VPN for security
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
restart: unless-stopped
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
networks:
- homelab-network
- traefik-network
ports:
- "8888:8888/tcp" # HTTP proxy
- "8388:8388/tcp" # Shadowsocks
- "8388:8388/udp" # Shadowsocks
- "8081:8080" # qBittorrent web UI
- "6881:6881" # qBittorrent
- "6881:6881/udp" # qBittorrent
volumes:
- ./gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=surfshark
- VPN_TYPE=openvpn
- OPENVPN_USER=${SURFSHARK_USERNAME}
- OPENVPN_PASSWORD=${SURFSHARK_PASSWORD}
- SERVER_COUNTRIES=${VPN_SERVER_COUNTRIES:-Netherlands}
- TZ=${TZ}
labels:
- "homelab.category=infrastructure"
- "homelab.description=VPN client for secure downloads"
- "traefik.enable=true"
- "traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)"
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
- "traefik.http.routers.qbittorrent.tls=true"
- "traefik.http.routers.qbittorrent.middlewares=authelia@docker"
- "traefik.http.services.qbittorrent.loadbalancer.server.port=8080"
volumes: volumes:
authelia-data: authelia-data:
driver: local driver: local
@@ -146,5 +106,3 @@ volumes:
networks: networks:
traefik-network: traefik-network:
external: true external: true
homelab-network:
external: true

67
docker-compose/downloaders.yml Normal file
View File

@@ -0,0 +1,67 @@
version: "3.9"
services:
# VPN client for routing download client traffic through Surfshark
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
hostname: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- "8081:8080" # qBittorrent WebUI
- "6881:6881" # qBittorrent torrent port
- "6881:6881/udp"
- "8888:8888/tcp" # HTTP proxy
- "8388:8388/tcp" # Shadowsocks
- "8388:8388/udp"
volumes:
- ${STACK_DIR}/gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=surfshark
- VPN_TYPE=openvpn
- OPENVPN_USER=${SURFSHARK_USER}
- OPENVPN_PASSWORD=${SURFSHARK_PASSWORD}
- SERVER_COUNTRIES=${VPN_COUNTRY:-Netherlands}
- FIREWALL_VPN_INPUT_PORTS=6881
- TZ=${TZ}
- UPDATER_PERIOD=24h
networks:
- homelab-network
- traefik-network
labels:
- "traefik.enable=true"
# qBittorrent routing through Gluetun
- "traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)"
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
- "traefik.http.routers.qbittorrent.tls=true"
- "traefik.http.routers.qbittorrent.tls.certresolver=letsencrypt"
- "traefik.http.routers.qbittorrent.middlewares=authelia@docker"
- "traefik.http.services.qbittorrent.loadbalancer.server.port=8080"
restart: unless-stopped
# Torrent client
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
hostname: qbittorrent
network_mode: "service:gluetun" # Route through VPN
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- WEBUI_PORT=8080
volumes:
- ${STACK_DIR}/qbittorrent/config:/config
- ${MEDIA_DIR}/downloads:/downloads
depends_on:
- gluetun
restart: unless-stopped
networks:
homelab-network:
external: true
traefik-network:
external: true

17
docker-compose/media-management.yml
View File

@@ -15,23 +15,6 @@
# - Unmanic: https://unmanic.${DOMAIN} # - Unmanic: https://unmanic.${DOMAIN}
services: services:
# qBittorrent - Torrent client
# Access at: https://qbit.${DOMAIN}
# Routes through Gluetun VPN in core stack
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
restart: unless-stopped
network_mode: "container:gluetun" # Routes through VPN (gluetun container in core stack)
volumes:
- ./qbittorrent/config:/config
- /mnt/downloads:/downloads
environment:
- PUID=${PUID:-1000}
- PGID=${PGID:-1000}
- TZ=${TZ:-America/New_York}
- WEBUI_PORT=8080
# Sonarr - TV show automation # Sonarr - TV show automation
# Access at: https://sonarr.yourdomain.duckdns.org # Access at: https://sonarr.yourdomain.duckdns.org
sonarr: sonarr: