Add Arcane stack and clean up deprecated files

- Add new Arcane application stack - Move aliases.sh to scripts/ directory - Remove deprecated files (IMPLEMENTATION_COMPLETE.md, markup.yml, release notes) - Remove standalone traefik docker-compose (now part of core stack) - Update documentation (ai-vscode-setup.md, docker-guidelines.md, core README)
2026-02-09 22:22:40 -05:00
parent 33336c75ff
commit 377ba6dc20
11 changed files with 136 additions and 764 deletions
--- a/docker-compose/core/README.md
+++ b/docker-compose/core/README.md
@@ -1,6 +1,6 @@
 # Core Infrastructure Services

-This directory contains the core infrastructure services that form the foundation of the homelab. These services should be deployed **on the main server only** and are critical for the operation of all other services across all servers.
+This directory contains the core infrastructure services that form the foundation of the homelab. These services should be deployed **on the core server only** and are critical for the operation of all other services across all servers.

 ## Services

@@ -18,9 +18,7 @@ This directory contains the core infrastructure services that form the foundatio
 - **Multi-Server**: Discovers services on all servers via Docker providers
 - **SSL**: Let's Encrypt with DNS-01 challenge (wildcard certificate)
 - **Dashboard**: Available at configured domain
- **Deploy**: Core server (multi-provider), Remote servers (local-only)
-
-**Note**: Sablier has been moved to its own stack (`/opt/stacks/sablier/`) and should be deployed on each server individually. See [Sablier documentation](../../docs/service-docs/sablier.md) for details.
+- **Deploy**: Core server only

 ### Authelia (v4.37.5)
 - **Purpose**: Single sign-on authentication service for all services across all servers
@@ -30,30 +28,24 @@ This directory contains the core infrastructure services that form the foundatio
 - **Database**: SQLite database in `authelia/config/db.sqlite3`
 - **Deploy**: Core server only

-### DuckDNS
- **Purpose**: Dynamic DNS service for domain resolution and wildcard SSL certificates
- **Subdomain**: Configurable via environment variables
- **Token**: Configured in environment variables
- **SSL Certificates**: Generates wildcard cert used by all services on all servers
- **Deploy**: Core server only
-
 ## Multi-Server Architecture

 The core stack on the main server provides centralized services for the entire homelab:

-**Core Server Responsibilities:**
+**Core Server:**
 - Receives all external traffic (ports 80/443 forwarded from router)
 - Runs DuckDNS for domain management and SSL certificates
 - Runs Authelia for centralized authentication
- Runs multi-provider Traefik that discovers services on all servers
- Generates shared CA for Docker TLS communication
+- Runs Sablier for lazyloading local containers
+- Traefik lables route servies on the core server
+- Traekif external-host-servername.yml defines routes for Remote Servers

-**Remote Server Setup:**
- Remote servers run their own Traefik instance (local Docker provider only)
- Remote servers run their own Sablier instance (local container management)
- Remote servers expose Docker API on port 2376 with TLS
- Core server Traefik connects to remote Docker APIs to discover services
- No port forwarding needed on remote servers
+**Remote Server:**
+- Each container exposes ports
+  - No port forwarding from router needed
+- No Traefik lables
+  - Traefik configured by an external-host yaml file on Core Server
+- Runs Sablier for lazyloading local containers

 **Service Access:**
 - All services accessible via: `https://service.yourdomain.duckdns.org`
@@ -98,10 +90,11 @@ core/
 ├── docker-compose.yml          # Main service definitions
 ├── .env                        # Environment variables
 ├── authelia/
-│   └── config/
-│       ├── configuration.yml   # Authelia main config
-│       ├── users_database.yml  # User credentials
-│       └── db.sqlite3          # SQLite database
+│   ├── config/
+│   |   ├── configuration.yml   # Authelia main config
+│   |   └── notification.txt
+|   └── secrets/
+|       └── users_database.yml  # User credentials
 ├── duckdns/
 │   └── config/                 # DuckDNS configuration
 ├── traefik/
@@ -113,106 +106,5 @@ core/
 │   │   └── external-host-*.yml # Remote server routing
 │   └── letsencrypt/
 │       └── acme.json           # SSL certificates
-└── shared-ca/                  # TLS certificates for multi-server
-    ├── ca.pem                  # Certificate Authority
-    ├── ca-key.pem              # CA private key
-    ├── cert.pem                # Client certificate
-    └── key.pem                 # Client key
+
 ```
-
-### Environment Variables (.env)
-```bash
-# Required for proper operation
-DUCKDNS_TOKEN=your_duckdns_token_here
-DUCKDNS_SUBDOMAINS=your_subdomain
-DOMAIN=yourdomain.duckdns.org
-TZ=America/New_York
-PUID=1000
-PGID=1000
-```
-
-### Network Requirements
- Docker network: `traefik-network`
- External ports: 80, 443 must be accessible
- DNS resolution: Domain must point to server IP
-
-## Deployment
-
-### Prerequisites
-1. Docker and Docker Compose installed
-2. Ports 80/443 forwarded to server
-3. DuckDNS account with valid token
-4. Domain configured in DuckDNS
-
-### Startup Order
-1. `duckdns` - For DNS updates and SSL certificate generation
-2. `traefik` - Reverse proxy (waits for SSL certificates)
-3. `authelia` - Authentication service
-
-**Note**: Sablier is now deployed separately in `/opt/stacks/sablier/` after core stack is running.
-
-### Commands
-```bash
-# Start all services
-docker-compose up -d
-
-# Check status
-docker-compose ps
-
-# View logs
-docker-compose logs -f [service-name]
-
-# Restart specific service
-docker-compose restart [service-name]
-```
-
-## Troubleshooting
-
-### Common Issues
-1. **Connection Refused**: Check if Traefik config file is in correct location (`traefik/config/traefik.yml`)
-2. **SSL Certificate Issues**: Verify DuckDNS token and domain configuration
-3. **Authelia Login Issues**: Check database file exists and configuration is valid
-4. **Service Not Starting**: Check Docker logs for error messages
-
-### Backup Strategy
- Configuration files are backed up automatically (see backup directories)
- Database should be backed up regularly
- SSL certificates are stored in `letsencrypt/acme.json`
- Use `backup.sh` script for automated backups
-
-## Security Notes
- Authelia provides authentication for protected services
- All external traffic goes through Traefik with SSL termination
- Internal services communicate via Docker networks
- Dashboard access is protected by Authelia middleware
-
-## Maintenance
- Monitor SSL certificate expiration (Let's Encrypt auto-renews)
- Keep Authelia version pinned until tested upgrades are available
- Regularly backup configuration and database files
- Check logs for security issues or errors
- Run `./backup.sh` regularly to backup critical files
-
-## Customization
-
-### Domain Configuration
-Update the following files with your domain:
- `docker-compose.yml`: Traefik labels and Authelia configuration
- `authelia/config/configuration.yml`: Domain settings
- `.env`: Domain environment variables
-
-### SSL Certificate Provider
-Modify `traefik/config/traefik.yml` to use different DNS providers:
-```yaml
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      dnsChallenge:
-        provider: cloudflare  # or other supported provider
-```
-
-### Adding New Services
-1. Add service definition to `docker-compose.yml`
-2. Configure Traefik labels for routing
-3. Add middleware for authentication if needed
-4. Update network configuration