Initial commit: homelab infrastructure wiki

- Full Obsidian vault content - Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte) - Media stack documentation - Traefik HA setup - Automation scripts - Bachelor party planning
2026-05-24 16:08:40 -07:00
parent d132442429
commit e4d91aadf9
285 changed files with 30018 additions and 0 deletions
--- a/homelab/entities/nordvpn.md
+++ b/homelab/entities/nordvpn.md
@@ -0,0 +1,42 @@
+---
+title: NordVPN
+created: 2026-05-24
+updated: 2026-05-24
+type: entity
+tags: [services, networking, vpn, media]
+sources: [homelab/architecture.md]
+confidence: high
+---
+
+# NordVPN
+
+## Overview
+
+Commercial VPN (WireGuard protocol) used to tunnel all media automation traffic through Gluetun. Provides exit IPs for accessing geo-restricted content and obscures download source IPs from ISPs.
+
+## Key Facts
+
+- **Protocol**: WireGuard (via Gluetun container)
+- **Provider**: NordVPN
+- **Purpose**: All media stack downloads (Sonarr, Radarr, Lidarr, Prowlarr, qBittorrent) route through VPN
+- **Container**: `gluetun` on ubuntu — acts as VPN gateway for media-net
+- **Exit IPs**: Shared NordVPN exit pool; not dedicated IP
+- **Cost**: ~$12/mo
+
+## Architecture
+
+```
+Media containers (media-net)
+    ↓
+Gluetun (WireGuard → NordVPN)
+    ↓
+Internet (geo-restricted content)
+```
+
+All media automation sits behind Gluetun via Docker network `media-net`. Jellyfin (direct play) does NOT use VPN.
+
+## Related
+
+- [[media-stack]] — all containers using Gluetun
+- [[docker-traefik-stack]] — Gluetun network configuration
+- [[truenas]] — stores media on NFS mounts