feat: Complete EZ-Homelab deployment system overhaul

- Add unified ez-homelab.sh script with guided menu interface
- Create dedicated Dockge stack in /opt/dockge for clean isolation
- Move dockerproxy from core to infrastructure stack
- Fix Authelia configuration with proper variable placeholders
- Update all compose files to use  variables
- Enhance script with comprehensive variable replacement
- Fix sed delimiter conflicts and middleware issues
- Add proper step numbering and error handling
- Prepare all stacks for Dockge management
- Update README with new deployment instructions

docker-compose/core/authelia/configuration.yml

@@ -1,6 +1,6 @@
 # Authelia Configuration
 # Copy to /opt/stacks/authelia/configuration.yml
-# IMPORTANT: Replace 'kelin-casa.duckdns.org' with your actual DuckDNS domain
+# IMPORTANT: Replace '${DOMAIN}' with your actual DuckDNS domain
 
 server:
   host: 0.0.0.0
@@ -13,10 +13,10 @@ theme: dark
 
 jwt_secret: ${AUTHELIA_JWT_SECRET}
 
-default_redirection_url: https://auth.kelin-casa.duckdns.org
+default_redirection_url: https://auth.${DOMAIN}
 
 totp:
-  issuer: kelin-casa.duckdns.org
+  issuer: ${DOMAIN}
   period: 30
   skew: 1
 
@@ -36,31 +36,31 @@ access_control:
   
   rules:
     # Bypass Authelia for Jellyfin (allow app access)
-    - domain: jellyfin.kelin-casa.duckdns.org
+    - domain: jellyfin.${DOMAIN}
       policy: bypass
     
     # Bypass for Plex (allow app access)
-    - domain: plex.kelin-casa.duckdns.org
+    - domain: plex.${DOMAIN}
       policy: bypass
     
     # Bypass for Home Assistant (has its own auth)
-    - domain: ha.kelin-casa.duckdns.org
+    - domain: ha.${DOMAIN}
       policy: bypass
     
     # Bypass for development services (they have their own auth or setup)
-    - domain: pgadmin.kelin-casa.duckdns.org
+    - domain: pgadmin.${DOMAIN}
       policy: bypass
-    - domain: gitlab.kelin-casa.duckdns.org
+    - domain: gitlab.${DOMAIN}
       policy: bypass
     
     # Protected: All other services require authentication
-    - domain: "*.kelin-casa.duckdns.org"
+    - domain: "*.${DOMAIN}"
       policy: one_factor
     
     # Two-factor for admin services (optional)
     # - domain:
-    #     - "admin.kelin-casa.duckdns.org"
-    #     - "portainer.kelin-casa.duckdns.org"
+    #     - "admin.${DOMAIN}"
+    #     - "portainer.${DOMAIN}"
     #   policy: two_factor
 
 session:
@@ -69,7 +69,7 @@ session:
   expiration: 24h      # Session expires after 24 hours
   inactivity: 24h      # Session expires after 24 hours of inactivity
   remember_me_duration: 1M
-  domain: kelin-casa.duckdns.org
+  domain: ${DOMAIN}
 
 regulation:
   max_retries: 3

docker-compose/core/docker-compose.yml

@@ -73,25 +73,6 @@ services:
       - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
       - x-dockge.url=https://auth.${DOMAIN}
 
-  dockerproxy:
-    image: tecnativa/docker-socket-proxy:latest
-    container_name: dockerproxy
-    privileged: true
-    restart: unless-stopped
-    ports:
-      - 2375:2375
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    environment:
-      - CONTAINERS=1
-      - SERVICES=1
-      - TASKS=1
-      - NETWORKS=1
-      - NODES=1
-    labels:
-      - homelab.category=infrastructure
-      - homelab.description=Docker socket proxy for security
-
   # Sablier - Lazy loading service for Docker containers
   sablier-service:
     image: sablierapp/sablier:latest