feat: Add Option 3 - Deploy Additional Server with multi-server support

Major features: - Automated SSH key setup between remote and core servers - Docker TLS configuration with shared CA certificates - Automatic deployment of Dockge, Traefik, Sablier, and Infrastructure stacks - Copy all stacks (except core) to remote server for on-demand deployment - New standalone Traefik stack for remote server container discovery - Locale-aware SSH/SCP commands to handle Raspberry Pi warnings - Variable expansion support in .env files (${VAR} references) - Comprehensive error handling and verbose deployment logging Technical improvements: - setup_ssh_key_to_core() - Automated RSA 4096-bit key generation and installation - setup_multi_server_tls() - Fetch shared CA from core server via SSH - copy_all_stacks_for_remote() - Deploy all stacks except core - deploy_traefik_stack() - Local Traefik for container discovery - Enhanced localization with envsubst support - Docker network creation (traefik-network, homelab-network) - Password authentication with special character handling Fixes: - Fixed SSH key path handling for non-root users - Fixed SCP exit code checking (was checking grep instead of scp) - Fixed CA file detection with proper test commands - Removed unnecessary prepare_deployment() function call - Added ACTUAL_USER variable initialization for remote deployments
2026-02-06 22:00:25 -05:00
parent 5b3c4a2c5b
commit 44b529a7cb
3 changed files with 460 additions and 151 deletions
--- a/docker-compose/traefik/docker-compose.yml
+++ b/docker-compose/traefik/docker-compose.yml
@@ -0,0 +1,40 @@
+# Traefik Service for Remote Servers
+# This standalone Traefik instance runs on remote servers to discover local containers
+# and communicate with the core Traefik on the core server via Docker TLS
+
+services:
+  traefik:
+    # Local Traefik instance for container discovery on this remote server
+    image: traefik:v3
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - '--api.dashboard=true'
+      - '--api.insecure=false'
+      - '--providers.docker=true'
+      - '--providers.docker.exposedbydefault=false'
+      - '--providers.docker.network=traefik-network'
+      - '--providers.file.directory=/dynamic'
+      - '--providers.file.watch=true'
+      - '--log.level=INFO'
+      - '--accesslog=true'
+      - '--entrypoints.web.address=:80'
+      - '--entrypoints.websecure.address=:443'
+    environment:
+      - TZ=America/New_York
+    ports:
+      - '8080:8080'  # Dashboard (optional, for debugging)
+    volumes:
+      - ./config:/config
+      - ./dynamic:/dynamic
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - traefik-network
+    labels:
+      - 'homelab.category=infrastructure'
+      - 'homelab.description=Local reverse proxy for container discovery'
+      - 'traefik.enable=false'  # This Traefik doesn't route itself
+
+networks:
+  traefik-network:
+    external: true