Implement fixes from test results

- Update Docker install to use curl method - Rename ADMIN_PASSWORD to AUTHELIA_ADMIN_PASSWORD - Fix Authelia password hash generation (remove grep, no quotes) - Revert compose labels to single quotes - Ensure users_database.yml has unquoted password placeholder
2026-02-02 20:59:07 -05:00
parent 7e4799f27e
commit 3d5979b5f1
19 changed files with 1232 additions and 467 deletions
--- a/docker-compose/homeassistant/docker-compose.yml
+++ b/docker-compose/homeassistant/docker-compose.yml
@@ -28,8 +28,8 @@ services:
      - TZ=America/New_York
    privileged: true
    labels:
-      - "homelab.category=iot"
-      - "homelab.description=Home automation platform"
+      - 'homelab.category=iot"
+      - 'homelab.description=Home automation platform"
      # Note: network_mode: host means Traefik can't proxy this directly
      # Use Traefik's file provider or external host routing

@@ -63,18 +63,18 @@ services:
      # TRAEFIK CONFIGURATION
      # ==========================================
      # Service metadata
-      - "homelab.category=iot"
-      - "homelab.description=ESP8266/ESP32 firmware manager"
+      - 'homelab.category=iot"
+      - 'homelab.description=ESP8266/ESP32 firmware manager"
      # Traefik reverse proxy (comment/uncomment to disable/enable)
      # If Traefik is on a remote server: these labels are NOT USED; 
      #   configure external yml files in /traefik/dynamic folder instead.
-      - "traefik.enable=true"
-      - "traefik.docker.network=traefik-network"
-      - "traefik.http.routers.esphome.rule=Host(`esphome.${DOMAIN}`)"
-      - "traefik.http.routers.esphome.entrypoints=websecure"
-      - "traefik.http.routers.esphome.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.esphome.middlewares=authelia@docker"
-      - "traefik.http.services.esphome.loadbalancer.server.port=6052"
+      - 'traefik.enable=true"
+      - 'traefik.docker.network=traefik-network"
+      - 'traefik.http.routers.esphome.rule=Host(`esphome.${DOMAIN}`)"
+      - 'traefik.http.routers.esphome.entrypoints=websecure"
+      - 'traefik.http.routers.esphome.tls.certresolver=letsencrypt"
+      - 'traefik.http.routers.esphome.middlewares=authelia@docker"
+      - 'traefik.http.services.esphome.loadbalancer.server.port=6052"

  # TasmoAdmin - Tasmota device manager
  tasmoadmin:
@@ -94,18 +94,18 @@ services:
      # TRAEFIK CONFIGURATION
      # ==========================================
      # Service metadata
-      - "homelab.category=iot"
-      - "homelab.description=Tasmota device management"
+      - 'homelab.category=iot"
+      - 'homelab.description=Tasmota device management"
      # Traefik reverse proxy (comment/uncomment to disable/enable)
      # If Traefik is on a remote server: these labels are NOT USED; 
      #   configure external yml files in /traefik/dynamic folder instead.
-      - "traefik.enable=true"
-      - "traefik.docker.network=traefik-network"
-      - "traefik.http.routers.tasmoadmin.rule=Host(`tasmoadmin.${DOMAIN}`)"
-      - "traefik.http.routers.tasmoadmin.entrypoints=websecure"
-      - "traefik.http.routers.tasmoadmin.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.tasmoadmin.middlewares=authelia@docker"
-      - "traefik.http.services.tasmoadmin.loadbalancer.server.port=80"
+      - 'traefik.enable=true"
+      - 'traefik.docker.network=traefik-network"
+      - 'traefik.http.routers.tasmoadmin.rule=Host(`tasmoadmin.${DOMAIN}`)"
+      - 'traefik.http.routers.tasmoadmin.entrypoints=websecure"
+      - 'traefik.http.routers.tasmoadmin.tls.certresolver=letsencrypt"
+      - 'traefik.http.routers.tasmoadmin.middlewares=authelia@docker"
+      - 'traefik.http.services.tasmoadmin.loadbalancer.server.port=80"

  # MotionEye - Video surveillance
  motioneye:
@@ -126,18 +126,18 @@ services:
      # TRAEFIK CONFIGURATION
      # ==========================================
      # Service metadata
-      - "homelab.category=iot"
-      - "homelab.description=Video surveillance system"
+      - 'homelab.category=iot"
+      - 'homelab.description=Video surveillance system"
      # Traefik reverse proxy (comment/uncomment to disable/enable)
      # If Traefik is on a remote server: these labels are NOT USED; 
      #   configure external yml files in /traefik/dynamic folder instead.
-      - "traefik.enable=true"
-      - "traefik.docker.network=traefik-network"
-      - "traefik.http.routers.motioneye.rule=Host(`motioneye.${DOMAIN}`)"
-      - "traefik.http.routers.motioneye.entrypoints=websecure"
-      - "traefik.http.routers.motioneye.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.motioneye.middlewares=authelia@docker"
-      - "traefik.http.services.motioneye.loadbalancer.server.port=8765"
+      - 'traefik.enable=true"
+      - 'traefik.docker.network=traefik-network"
+      - 'traefik.http.routers.motioneye.rule=Host(`motioneye.${DOMAIN}`)"
+      - 'traefik.http.routers.motioneye.entrypoints=websecure"
+      - 'traefik.http.routers.motioneye.tls.certresolver=letsencrypt"
+      - 'traefik.http.routers.motioneye.middlewares=authelia@docker"
+      - 'traefik.http.services.motioneye.loadbalancer.server.port=8765"

  # Node-RED - Flow-based automation (Home Assistant addon alternative)
  nodered:
@@ -166,18 +166,18 @@ services:
      # TRAEFIK CONFIGURATION
      # ==========================================
      # Service metadata
-      - "homelab.category=iot"
-      - "homelab.description=Flow-based automation programming"
+      - 'homelab.category=iot"
+      - 'homelab.description=Flow-based automation programming"
      # Traefik reverse proxy (comment/uncomment to disable/enable)
      # If Traefik is on a remote server: these labels are NOT USED; 
      #   configure external yml files in /traefik/dynamic folder instead.
-      - "traefik.enable=true"
-      - "traefik.docker.network=traefik-network"
-      - "traefik.http.routers.nodered.rule=Host(`nodered.${DOMAIN}`)"
-      - "traefik.http.routers.nodered.entrypoints=websecure"
-      - "traefik.http.routers.nodered.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.nodered.middlewares=authelia@docker"
-      - "traefik.http.services.nodered.loadbalancer.server.port=1880"
+      - 'traefik.enable=true"
+      - 'traefik.docker.network=traefik-network"
+      - 'traefik.http.routers.nodered.rule=Host(`nodered.${DOMAIN}`)"
+      - 'traefik.http.routers.nodered.entrypoints=websecure"
+      - 'traefik.http.routers.nodered.tls.certresolver=letsencrypt"
+      - 'traefik.http.routers.nodered.middlewares=authelia@docker"
+      - 'traefik.http.services.nodered.loadbalancer.server.port=1880"

  # Mosquitto - MQTT broker (Home Assistant addon alternative)
  # Used by: Home Assistant, ESPHome, Tasmota devices
@@ -195,8 +195,8 @@ services:
      - ./mosquitto/data:/mosquitto/data
      - ./mosquitto/log:/mosquitto/log
    labels:
-      - "homelab.category=iot"
-      - "homelab.description=MQTT message broker"
+      - 'homelab.category=iot"
+      - 'homelab.description=MQTT message broker"

  # Zigbee2MQTT - Zigbee to MQTT bridge (DISABLED - requires USB adapter)
  # NOTE: Requires USB Zigbee adapter (e.g., ConBee II, Sonoff ZBDongle)
@@ -219,14 +219,14 @@ services:
  #   environment:
  #     - TZ=America/New_York
  #   labels:
-  #     - "homelab.category=iot"
-  #     - "homelab.description=Zigbee to MQTT bridge"
-  #     - "traefik.enable=true"
-  #     - "traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.${DOMAIN}`)"
-  #     - "traefik.http.routers.zigbee2mqtt.entrypoints=websecure"
-  #     - "traefik.http.routers.zigbee2mqtt.tls.certresolver=letsencrypt"
-  #     - "traefik.http.routers.zigbee2mqtt.middlewares=authelia@docker"
-  #     - "traefik.http.services.zigbee2mqtt.loadbalancer.server.port=8080"
+  #     - 'homelab.category=iot"
+  #     - 'homelab.description=Zigbee to MQTT bridge"
+  #     - 'traefik.enable=true"
+  #     - 'traefik.http.routers.zigbee2mqtt.rule=Host(`zigbee2mqtt.${DOMAIN}`)"
+  #     - 'traefik.http.routers.zigbee2mqtt.entrypoints=websecure"
+  #     - 'traefik.http.routers.zigbee2mqtt.tls.certresolver=letsencrypt"
+  #     - 'traefik.http.routers.zigbee2mqtt.middlewares=authelia@docker"
+  #     - 'traefik.http.services.zigbee2mqtt.loadbalancer.server.port=8080"

 networks:
  homelab-network: