Application Topology

Last updated: 2026-06-21

Source notes:

synology/HANDOFF.md
synology/docker/README.md
synology/docker/OVERSEERR_REVIEW.md
synology/docker/VPN_QBIT_NZBHYDRA_REVIEW.md
synology/docker/tdarr/README.md
synology/docker/projects/observability-compose/CURRENT_STATE.md
pihole/HANDOFF.md
google-cloud-dns/README.md

Media And Request Stack

flowchart TB Users["Internal users\nExternal request users"] PlexClients["Plex clients\nlocal/remote"] PublicDNS["Google Cloud DNS\nravick5.com"] UDM["UDM SE\nport forwards"] Pi4Obs["PiHolePi4\n10.0.0.195"] Pi4BObs["PiHole4B\n10.0.0.132"] subgraph Synology["Synology NAS 10.0.0.119"] subgraph Docker["Docker / Container Manager"] Plex["Plex\nappdata on Volume 3"] Caddy["Caddy reverse proxy\nVolume 5 appdata\n80/443 public -> 8088/8443 host"] Seerr["Seerr\nrequests and Plex watchlist\nport 5055"] OverseerrLegacy["Overseerr legacy\nstopped / retained for rollback"] Tautulli["Tautulli\nPlex monitoring"] Sonarr["Sonarr\nTV / Anime / Kids TV / Reality"] Radarr["Radarr\nMovies / Kids Movies"] Lidarr["Lidarr\nMusic"] Prowlarr["Prowlarr\nindexer management"] NZBHydra["NZBHydra2\nmeta-search\nLAN only"] NZBGet["NZBGet\nUsenet downloader"] Gluetun["Gluetun\nProtonVPN WireGuard"] Qbit["qBittorrent\nnetwork namespace via Gluetun"] TdarrServer["Tdarr Server/UI\nVolume 5 config/cache\nmain rollout complete; finish-out queue monitored"] Homepage["Homepage\ninternal VHNIC portal\nVolume 5 config"] Audiobookshelf["Audiobookshelf\naudiobook library/player\nVolume 5 appdata"] ReadAIrr["ReadAIrr\nretired 2026-06-14\nhistorical only"] ReadAIrrDb["ReadAIrr Postgres\nretired with ReadAIrr"] Kavita["Kavita\nebook/comic/manhwa reader\nVolume 5 appdata\nVolume 1 media mount"] Mylar3["Mylar3\ncomic/manhwa management\nVolume 5 appdata"] Grafana["Grafana\nobservability UI\nVolume 5 appdata"] Prometheus["Prometheus\nmetrics and alert rules\nVolume 5 appdata"] Exporters["Blackbox / Node / cAdvisor\nTdarr / Tautulli / UniFi exporters"] Minecraft["Minecraft Bedrock servers\nmultiple projects"] end Media["Media library\n/volume1/data/media"] MigrationV4["Temporary Volume 4 evacuation\n/volume4/migration-from-volume1"] AudiobookMedia["Audiobooks\n/volume1/data/media/audiobooks/books"] EbookMedia["Ebooks\n/volume1/data/media/books"] ReadingMedia["Reading libraries\n/volume1/data/media/books\nbooks/comics\nbooks/manhwa"] Torrents["Torrent data\n/volume1/data/torrents"] AppdataV1["Most appdata\n/volume1/docker"] AppdataV2["Retained old SSD appdata\n/volume2/VM Storage\nrollback only"] AppdataV3["Plex/Tautulli appdata\n/volume3/docker"] AppdataV5["Volume5 role container appdata/projects/secrets\n/volume2/docker-v5"] ReadingV5["Possible future reading-media root\npath needs verification"] end subgraph Desktop["Desktop PC"] TdarrNode["Tdarr native node\nGPU transcodes"] MappedMedia["P: mapped to\n\\\\10.0.0.119\\data"] MappedCache["T: mapped to Tdarr cache\nwhen configured"] end Users --> Seerr PublicDNS --> UDM --> Caddy --> Seerr PlexClients --> Plex Seerr --> Plex Seerr --> Sonarr Seerr --> Radarr OverseerrLegacy -. "no active public route" .-> Plex Sonarr --> Prowlarr Radarr --> Prowlarr Lidarr --> Prowlarr Prowlarr --> NZBHydra Sonarr --> NZBGet Radarr --> NZBGet Lidarr --> NZBGet Sonarr --> Qbit Radarr --> Qbit Lidarr --> Qbit Qbit --> Gluetun NZBGet --> Media Qbit --> Torrents Sonarr --> Media Radarr --> Media Lidarr --> Media Plex --> Media Media -. "active evacuation / true-up" .-> MigrationV4 Tautulli --> Plex TdarrServer --> Media TdarrNode --> TdarrServer TdarrNode --> MappedMedia TdarrNode --> MappedCache Audiobookshelf --> AudiobookMedia Kavita --> ReadingMedia Mylar3 --> ReadingMedia Users --> Homepage Homepage --> Plex Homepage --> Seerr Homepage --> Sonarr Homepage --> Radarr Homepage --> Audiobookshelf Homepage --> Kavita Homepage --> Mylar3 Homepage --> Grafana Homepage --> Pi4Obs Homepage --> Pi4BObs Homepage --> UDM Grafana --> Prometheus Prometheus --> Exporters Exporters --> Plex Exporters --> Tautulli Exporters --> TdarrServer Exporters --> Pi4Obs Exporters --> Pi4BObs Exporters --> UDM Plex --> AppdataV3 Tautulli --> AppdataV3 Caddy --> AppdataV5 TdarrServer --> AppdataV5 Grafana --> AppdataV5 Prometheus --> AppdataV5 Homepage --> AppdataV5 Seerr --> AppdataV1 OverseerrLegacy --> AppdataV1 Sonarr --> AppdataV1 Radarr --> AppdataV1 Lidarr --> AppdataV1 Prowlarr --> AppdataV1 NZBHydra --> AppdataV1 Audiobookshelf --> AppdataV5 Kavita --> AppdataV5 Mylar3 --> AppdataV5 ReadingMedia -. "future optional one-way migration" .-> ReadingV5

Key Application Communication Matrix

DNS And Infrastructure Services

flowchart LR Clients["LAN clients"] Pi4["PiHolePi4\n10.0.0.195"] Pi4B["PiHole4B\n10.0.0.132"] Upstreams["Built-in upstream providers\ncurrently multiple enabled\nsimplification postponed"] UniFi["UniFi UDM SE\nDHCP advertises Pi-holes"] CloudDNS["Google Cloud DNS\npublic zone ravick5.com"] NAS["Synology services"] UniFi -. DHCP DNS options .-> Clients Clients --> Pi4 Clients --> Pi4B Pi4 --> Upstreams Pi4B --> Upstreams CloudDNS --> NAS

Storage Placement

flowchart TB V1["Volume 1\nLarge HDD RAID6 media/data\n/volume1"] V2["Volume 2\nSSD mirror\n/volume2\nretained rollback data"] V3["Volume 3\nSSD mirror\n/volume3\nPlex/Tautulli appdata"] V4["Volume 4\nDX1222 temporary RAID6/Btrfs\n/volume4"] V5["Volume5 SSD role\nDX1222 SSD mirror\ncurrent docs: /volume2/docker-v5\nDSM display path needs verification"] V1 --> Media["Media libraries\n/data/media"] V1 --> AudioBooks["Audiobooks\n/data/media/audiobooks/books"] V1 --> EBooks["Ebooks\n/data/media/books"] V1 --> ReadingLibraries["Reading libraries\nbooks root, books/comics, books/manhwa"] V1 --> DockerV1["Most container appdata\n/volume1/docker"] V1 --> Torrents["Torrent data\n/volume1/data/torrents"] V1 -. "evacuating before recreate" .-> V4 V2 --> OldPlexData["Old Plex appdata\nrollback only"] V2 --> OldTdarrData["Old Tdarr data\nrollback only"] V3 --> PlexData["Plex appdata\n/volume3/docker/plex"] V3 --> TautulliData["Tautulli appdata\n/volume3/docker/tautulli"] V5 --> DockerV5["Most non-Plex active appdata/projects/secrets\n/volume2/docker-v5"] V5 --> DownloadsV5["Planned download staging\n/volume2/downloads-v5"] V5 --> StagingV5["Import/staging scratch\n/volume2/staging-v5"] V5 --> ReadingCandidate["Possible future reading media\npath needs verification"] V4 --> MigrationRoot["Temporary migration root\n/volume4/migration-from-volume1"]

Notes And Risks

Seerr replaced Overseerr on 2026-05-24. The public request-app path now uses

Caddy instead of direct app-port exposure.

qBittorrent is routed through Gluetun and bound to tun0; current user

preference is to avoid VPN/port changes while it is connectable.

NZBHydra2 remains LAN-only and does not need Gluetun by default.
Observability now runs from Volume 5 and is intentionally non-critical.
Audiobookshelf appdata runs on Volume 5, while audiobook media remains on

Volume 1. ReadAIrr and ReadAIrr Postgres were retired from active runtime and

monitoring on 2026-06-14.

Kavita and Mylar3 appdata are assigned to Volume 5, while ebook/comic/manhwa

libraries remain on Volume 1. If Kavita scans are suspected of adding Volume1

pressure, move or one-way mirror the reading libraries to a Volume5 canonical

root before repointing the stack.

Volume 1 is being evacuated to temporary DX1222 Volume 4 after Synology

Support reported likely memory-related bit flip corruption history. Do not

treat /volume4/migration-from-volume1 as disposable cleanup data.

Homepage is the primary internal portal at http://10.0.0.119:7576 and

should not be exposed publicly without VPN/overlay or MFA/SSO planning.

Bazarr was retired from media-project on 2026-06-14 after repeated noise

and no clear operational value. Its old scripts/runbooks remain historical

reference only.

Anime automation is partially improved but still a future tuning area.
PiHole4B replaced the legacy PiHoleEx hardware on 2026-06-13 while keeping

the same secondary DNS IP.

Follow-up: verify DSM's displayed Volume5 name/number versus the

/volume2/docker-v5 path before retiring old Volume2/VM Storage references.

Open Follow-Ups

Confirm appdata backup plan and destination.
Verify Pi-hole scheduled backups.
Review qBittorrent/Gluetun optional services later.
Recapture Tdarr after the 2026-06-11 finish-out queue drains; Anime remains a

custom-profile pilot, not a normal cloned rollout.

Add deeper Pi-hole, UniFi, and desktop Tdarr worker metrics if useful.

Source	Destination	Purpose	Notes
External request user	Caddy	Public HTTPS entry for request app	UniFi forwards public `80/443` to Synology `8088/8443`.
Caddy	Seerr	Reverse proxy to request app	Direct public Seerr app-port exposure should stay disabled.
Seerr	Plex	User/media/request integration	Seerr replaced Overseerr; legacy Overseerr is stopped.
Seerr	Sonarr/Radarr	Create and track approved requests	Anime request behavior needs careful testing before broad user rollout.
Sonarr/Radarr/Lidarr	Prowlarr	Indexer coordination	Recyclarr currently applied only to selected Sonarr profiles.
Prowlarr	NZBHydra2	Meta-search/indexer layer	NZBHydra2 remains LAN-only.
Sonarr/Radarr/Lidarr	NZBGet	Usenet downloads	NZBGet post-processing should be watched after config changes.
Sonarr/Radarr/Lidarr	qBittorrent	Torrent downloads	qBittorrent uses Gluetun network namespace.
qBittorrent	Gluetun	VPN transport	Avoid VPN/port changes while qBittorrent is connectable.
Plex	`/volume1/data/media`	Reads media libraries	Buffering is currently treated as likely Volume1/storage-pressure related while the rebuild migration is underway.
Tautulli	Plex	Playback/session history and activity	Used for Plex dashboards and investigations.
Tdarr server	`/volume1/data/media`	Scans/transcode library source	Personal media is never a Tdarr target.
Desktop Tdarr node	Tdarr server and mapped shares	GPU transcodes and health checks	Worker count affects desktop/storage pressure.
Homepage	Internal VHNIC apps and Grafana dashboards	Primary internal portal / launchpad	Replaced Homarr on 2026-06-03; appdata/project moved to Volume5; internal only.
Audiobookshelf	`/volume1/data/media/audiobooks/books`	Audiobook library/player	Candidate for future Caddy exposure for ShelfPlayer.
ReadAIrr	Retired audiobook automation trial	Historical only	Removed from active runtime/monitoring on 2026-06-14 after repeated expensive rescans and bad imports.
Kavita	`/volume1/data/media/books`	Ebook/comic/manhwa reader	Appdata is on Volume5, but scans still read Volume1 until reading media is moved or mirrored.
Mylar3	`/volume1/data/media/books/comics`, `/manhwa`	Comic/manhwa management candidate	Appdata is on Volume5; media still lives on Volume1. Do not connect acquisition automation until reviewed.
Prometheus	Exporters	Metrics scrape	Runs on Volume 5 with Grafana and Alertmanager.
Grafana	Prometheus	Dashboard queries	Internal only for now.
Alertmanager	Discord bridge	Warning notifications	Info alerts are dashboard-only.