From 73cb274160ff85fc112d5befe04303577ce5852d Mon Sep 17 00:00:00 2001
From: Kelin <kelin@example.com>
Date: Wed, 4 Feb 2026 19:36:18 -0500
Subject: [PATCH] v0.1.2: Multi-server architecture + security cleanup

- Implement multi-server Traefik + Sablier architecture
- Add label-based automatic service discovery
- Create separate Sablier stack deployment
- Add remote server deployment workflow (Option 3)
- Add 9 new functions for multi-server management
- Remove deprecated config-templates folder
- Replace hardcoded private data with placeholders
- Update backup timestamp format to YY_MM_DD_hh_mm
- Add markup.yml to .gitignore

Breaking changes:
- Removed Sablier from core docker-compose.yml (now separate stack)
- Config templates moved from config-templates/ to docker-compose/core/
- REQUIRED_VARS now dynamic based on deployment type
---
 .gitignore                                    |    3 +
 IMPLEMENTATION_COMPLETE.md                    |  285 ++++
 config-templates/README.md                    |  196 ---
 config-templates/authelia/configuration.yml   |   81 -
 config-templates/authelia/users_database.yml  |   20 -
 config-templates/dokuwiki/conf/.htaccess      |    8 -
 config-templates/dokuwiki/conf/acl.auth.php   |   10 -
 .../dokuwiki/conf/acl.auth.php.dist           |   21 -
 config-templates/dokuwiki/conf/acronyms.conf  |   62 -
 config-templates/dokuwiki/conf/dokuwiki.php   |  187 ---
 config-templates/dokuwiki/conf/entities.conf  |   22 -
 config-templates/dokuwiki/conf/interwiki.conf |   43 -
 config-templates/dokuwiki/conf/license.php    |   38 -
 config-templates/dokuwiki/conf/local.php      |   13 -
 config-templates/dokuwiki/conf/local.php.dist |   16 -
 config-templates/dokuwiki/conf/manifest.json  |    3 -
 config-templates/dokuwiki/conf/mediameta.php  |   91 --
 config-templates/dokuwiki/conf/mime.conf      |   75 -
 .../dokuwiki/conf/mysql.conf.php.example      |  253 ---
 .../dokuwiki/conf/plugins.local.php           |   12 -
 config-templates/dokuwiki/conf/plugins.php    |    6 -
 .../dokuwiki/conf/plugins.required.php        |   12 -
 config-templates/dokuwiki/conf/scheme.conf    |   11 -
 config-templates/dokuwiki/conf/smileys.conf   |   28 -
 config-templates/dokuwiki/conf/users.auth.php |   13 -
 .../dokuwiki/conf/users.auth.php.dist         |   10 -
 config-templates/dokuwiki/conf/wordblock.conf |   29 -
 .../data/pages/architecture/backup.txt        |  293 ----
 .../data/pages/architecture/networking.txt    |  329 ----
 .../data/pages/architecture/overview.txt      |  298 ----
 .../data/pages/architecture/security.txt      |  299 ----
 .../data/pages/architecture/storage.txt       |  291 ----
 .../data/pages/backup_recovery/start.txt      |    3 -
 .../dokuwiki/data/pages/development/start.txt |    3 -
 .../data/pages/getting_started/access.txt     |  251 ---
 .../data/pages/getting_started/deployment.txt |  284 ----
 .../pages/getting_started/prerequisites.txt   |  201 ---
 .../data/pages/getting_started/security.txt   |  245 ---
 .../data/pages/getting_started/setup.txt      |  234 ---
 .../data/pages/getting_started/start.txt      |  126 --
 .../data/pages/services/core/authelia.txt     |  420 -----
 .../data/pages/services/core/duckdns.txt      |  289 ----
 .../data/pages/services/core/gluetun.txt      |  404 -----
 .../data/pages/services/core/sablier.txt      |  401 -----
 .../data/pages/services/core/traefik.txt      |  366 -----
 .../services/infrastructure/code-server.txt   |  428 -----
 .../services/infrastructure/docker-proxy.txt  |  384 -----
 .../pages/services/infrastructure/dockge.txt  |  313 ----
 .../pages/services/infrastructure/dozzle.txt  |  343 ----
 .../pages/services/infrastructure/glances.txt |  394 -----
 .../pages/services/infrastructure/pihole.txt  |  376 -----
 .../pages/services/infrastructure/start.txt   |   59 -
 .../services/infrastructure/watchtower.txt    |  404 -----
 .../data/pages/services/media/calibre-web.txt |  393 -----
 .../data/pages/services/media/jellyfin.txt    |  424 -----
 .../data/pages/services/media/qbittorrent.txt |  391 -----
 .../data/pages/services/media/start.txt       |  194 ---
 .../data/pages/services/monitoring/start.txt  |   53 -
 .../pages/services/productivity/start.txt     |    3 -
 .../dokuwiki/data/pages/services/start.txt    |  294 ----
 .../data/pages/services/utilities/start.txt   |   63 -
 .../dokuwiki/data/pages/sidebar.txt           |   84 -
 .../dokuwiki/data/pages/start.txt             |  105 --
 .../data/pages/troubleshooting/start.txt      |    3 -
 config-templates/dokuwiki/docker-compose.yml  |   35 -
 config-templates/homepage/bookmarks.yaml      |  493 ------
 config-templates/homepage/custom.css          |   31 -
 config-templates/homepage/custom.js           |    0
 config-templates/homepage/docker.yaml         |   18 -
 config-templates/homepage/kubernetes.yaml     |    2 -
 config-templates/homepage/proxmox.yaml        |    5 -
 config-templates/homepage/services.yaml       |  291 ----
 config-templates/homepage/settings.yaml       |    7 -
 config-templates/homepage/widgets.yaml        |   19 -
 config-templates/loki/loki-config.yml         |   46 -
 config-templates/prometheus/prometheus.yml    |   49 -
 config-templates/promtail/promtail-config.yml |   53 -
 config-templates/redis/redis.conf             |   42 -
 .../dynamic/external-host-homeassistant.yml   |   19 -
 .../traefik/dynamic/local-host-production.yml |  399 -----
 config-templates/traefik/dynamic/routes.yml   |   31 -
 config-templates/traefik/dynamic/sablier.yml  |  454 ------
 config-templates/traefik/traefik.yml          |   43 -
 .../core/authelia/config/users_database.yml   |    8 +-
 docker-compose/core/docker-compose.yml        |   53 +-
 docker-compose/core/traefik/traefik.yml       |    2 +-
 docker-compose/sablier/README.md              |   78 +
 docker-compose/sablier/docker-compose.yml     |   24 +
 docs/implementation-plan-corrections.md       |  202 +++
 docs/multi-server-implementation-plan.md      | 1401 +++++++++++++++++
 scripts/common.sh                             |  127 ++
 scripts/ez-homelab.sh                         |  224 ++-
 services to proxy.yaml                        |   33 -
 tasks.txt                                     |    6 -
 94 files changed, 2343 insertions(+), 12845 deletions(-)
 create mode 100644 IMPLEMENTATION_COMPLETE.md
 delete mode 100644 config-templates/README.md
 delete mode 100644 config-templates/authelia/configuration.yml
 delete mode 100644 config-templates/authelia/users_database.yml
 delete mode 100644 config-templates/dokuwiki/conf/.htaccess
 delete mode 100644 config-templates/dokuwiki/conf/acl.auth.php
 delete mode 100644 config-templates/dokuwiki/conf/acl.auth.php.dist
 delete mode 100644 config-templates/dokuwiki/conf/acronyms.conf
 delete mode 100644 config-templates/dokuwiki/conf/dokuwiki.php
 delete mode 100644 config-templates/dokuwiki/conf/entities.conf
 delete mode 100644 config-templates/dokuwiki/conf/interwiki.conf
 delete mode 100644 config-templates/dokuwiki/conf/license.php
 delete mode 100644 config-templates/dokuwiki/conf/local.php
 delete mode 100644 config-templates/dokuwiki/conf/local.php.dist
 delete mode 100644 config-templates/dokuwiki/conf/manifest.json
 delete mode 100644 config-templates/dokuwiki/conf/mediameta.php
 delete mode 100644 config-templates/dokuwiki/conf/mime.conf
 delete mode 100644 config-templates/dokuwiki/conf/mysql.conf.php.example
 delete mode 100644 config-templates/dokuwiki/conf/plugins.local.php
 delete mode 100644 config-templates/dokuwiki/conf/plugins.php
 delete mode 100644 config-templates/dokuwiki/conf/plugins.required.php
 delete mode 100644 config-templates/dokuwiki/conf/scheme.conf
 delete mode 100644 config-templates/dokuwiki/conf/smileys.conf
 delete mode 100644 config-templates/dokuwiki/conf/users.auth.php
 delete mode 100644 config-templates/dokuwiki/conf/users.auth.php.dist
 delete mode 100644 config-templates/dokuwiki/conf/wordblock.conf
 delete mode 100644 config-templates/dokuwiki/data/pages/architecture/backup.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/architecture/networking.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/architecture/overview.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/architecture/security.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/architecture/storage.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/backup_recovery/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/development/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/getting_started/access.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/getting_started/deployment.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/getting_started/prerequisites.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/getting_started/security.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/getting_started/setup.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/getting_started/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/core/authelia.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/core/duckdns.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/core/gluetun.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/core/sablier.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/core/traefik.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/infrastructure/code-server.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/infrastructure/docker-proxy.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/infrastructure/dockge.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/infrastructure/dozzle.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/infrastructure/glances.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/infrastructure/pihole.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/infrastructure/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/infrastructure/watchtower.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/media/calibre-web.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/media/jellyfin.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/media/qbittorrent.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/media/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/monitoring/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/productivity/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/services/utilities/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/sidebar.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/start.txt
 delete mode 100644 config-templates/dokuwiki/data/pages/troubleshooting/start.txt
 delete mode 100644 config-templates/dokuwiki/docker-compose.yml
 delete mode 100644 config-templates/homepage/bookmarks.yaml
 delete mode 100644 config-templates/homepage/custom.css
 delete mode 100644 config-templates/homepage/custom.js
 delete mode 100644 config-templates/homepage/docker.yaml
 delete mode 100644 config-templates/homepage/kubernetes.yaml
 delete mode 100644 config-templates/homepage/proxmox.yaml
 delete mode 100644 config-templates/homepage/services.yaml
 delete mode 100644 config-templates/homepage/settings.yaml
 delete mode 100644 config-templates/homepage/widgets.yaml
 delete mode 100644 config-templates/loki/loki-config.yml
 delete mode 100644 config-templates/prometheus/prometheus.yml
 delete mode 100644 config-templates/promtail/promtail-config.yml
 delete mode 100644 config-templates/redis/redis.conf
 delete mode 100644 config-templates/traefik/dynamic/external-host-homeassistant.yml
 delete mode 100644 config-templates/traefik/dynamic/local-host-production.yml
 delete mode 100644 config-templates/traefik/dynamic/routes.yml
 delete mode 100644 config-templates/traefik/dynamic/sablier.yml
 delete mode 100644 config-templates/traefik/traefik.yml
 create mode 100644 docker-compose/sablier/README.md
 create mode 100644 docker-compose/sablier/docker-compose.yml
 create mode 100644 docs/implementation-plan-corrections.md
 create mode 100644 docs/multi-server-implementation-plan.md
 delete mode 100644 services to proxy.yaml
 delete mode 100644 tasks.txt

diff --git a/.gitignore b/.gitignore
index ecd6958..65efeb7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,6 +36,9 @@ tmp/
 temp/
 *.tmp
 
+# Test/debug files with hardcoded values
+markup.yml
+
 # Docker volumes (if locally mounted)
 volumes/
 
diff --git a/IMPLEMENTATION_COMPLETE.md b/IMPLEMENTATION_COMPLETE.md
new file mode 100644
index 0000000..551629f
--- /dev/null
+++ b/IMPLEMENTATION_COMPLETE.md
@@ -0,0 +1,285 @@
+# Multi-Server Implementation - COMPLETED
+
+**Implementation Date:** February 4, 2026  
+**Status:** ✅ COMPLETE - All changes implemented and validated
+
+---
+
+## Implementation Summary
+
+Successfully implemented multi-server Traefik + Sablier architecture for EZ-Homelab. The system now supports:
+
+1. **Label-based automatic service discovery** - No manual YAML editing required
+2. **Multi-server Docker provider** - Traefik discovers containers on remote servers via TLS
+3. **Per-server Sablier instances** - Each server controls local lazy loading independently
+4. **Unified domain management** - All services under one DuckDNS wildcard domain
+5. **Secure Docker TLS** - Shared CA certificates for multi-server communication
+
+---
+
+## Changes Implemented
+
+### 1. File Structure Changes
+
+#### Deleted:
+- ✅ `config-templates/` folder (deprecated)
+
+#### Created:
+- ✅ `docker-compose/sablier/` - New standalone Sablier stack
+  - `docker-compose.yml` - Sablier container with local Docker socket
+  - `README.md` - Complete documentation
+
+#### Modified:
+- ✅ `docker-compose/core/docker-compose.yml` - Removed embedded Sablier service
+- ✅ `scripts/common.sh` - Added 4 new multi-server functions
+- ✅ `scripts/ez-homelab.sh` - Added 5 new functions + updated workflow
+- ✅ `.env.example` - Already contained REMOTE_SERVER_* variables
+
+---
+
+### 2. New Functions Added
+
+#### common.sh (4 functions)
+```bash
+detect_server_role()                    # Detects if server is core or remote
+generate_traefik_provider_config()      # Creates Docker provider config for remote server
+generate_sablier_middleware_config()    # Creates Sablier middleware for remote server
+add_remote_server_to_traefik()          # Registers remote server with core Traefik
+```
+
+#### ez-homelab.sh (5 functions)
+```bash
+check_docker_installed()                # Pre-flight check for Docker
+set_required_vars_for_deployment()      # Dynamic REQUIRED_VARS based on deployment type
+deploy_remote_server()                  # Complete remote server deployment workflow
+register_remote_server_with_core()      # SSH to core server for registration
+deploy_sablier_stack()                  # Deploy Sablier stack (used by both core and remote)
+```
+
+---
+
+### 3. Workflow Changes
+
+#### main() Function Updates:
+- ✅ Added Docker pre-check before Options 2 and 3
+- ✅ Calls `set_required_vars_for_deployment()` dynamically
+- ✅ Option 2: Sets `REQUIRED_VARS` for core deployment
+- ✅ Option 3: Sets `REQUIRED_VARS` for remote deployment, calls `deploy_remote_server()`
+
+#### deploy_core() Function Updates:
+- ✅ Automatically deploys Sablier stack after core deployment
+- ✅ Updated config paths from `config-templates/*` to `docker-compose/core/*`
+- ✅ Fixed backup timestamp format: `YY_MM_DD_hh_mm`
+
+#### Backup Logic Verification:
+- ✅ Backups correctly create from `/opt/stacks/core/` (deployed location, not repo)
+- ✅ Format: `traefik.backup.26_02_04_14_30/`
+
+---
+
+## Architecture Overview
+
+### Core Server (Option 2)
+```
+Core Server
+├── Traefik (discovers all servers)
+│   ├── Local Docker provider (this server)
+│   ├── Remote Docker provider (auto-registered)
+│   └── Dynamic configs in /opt/stacks/core/traefik/dynamic/
+├── Authelia (SSO for all servers)
+├── DuckDNS (wildcard domain)
+└── Sablier (manages local lazy loading)
+```
+
+### Remote Server (Option 3)
+```
+Remote Server
+├── Docker API (TLS port 2376)
+│   └── Shares CA with core server
+├── Sablier (manages local lazy loading)
+└── Services with Traefik labels
+    └── Auto-discovered by core Traefik
+```
+
+### Service Discovery Flow
+```
+1. Remote server deployed → Docker TLS configured → Sablier deployed
+2. Remote server registers with core → Creates Traefik provider config
+3. Traefik polls remote Docker API → Discovers labeled containers
+4. User accesses https://service.domain.duckdns.org
+5. Core Traefik routes to remote service
+6. SSL certificate issued by core Traefik
+```
+
+---
+
+## Required Variables by Deployment Type
+
+### Core Deployment (Option 2):
+```bash
+SERVER_IP
+SERVER_HOSTNAME
+DUCKDNS_SUBDOMAINS
+DUCKDNS_TOKEN
+DOMAIN
+DEFAULT_USER
+DEFAULT_PASSWORD
+DEFAULT_EMAIL
+```
+
+### Remote Deployment (Option 3):
+```bash
+SERVER_IP              # This remote server
+SERVER_HOSTNAME        # This remote server
+DUCKDNS_DOMAIN         # Shared domain
+DEFAULT_USER           # Local user
+REMOTE_SERVER_IP       # Core server IP
+REMOTE_SERVER_HOSTNAME # Core server hostname
+REMOTE_SERVER_USER     # Core server SSH user
+```
+
+---
+
+## Testing Checklist
+
+### Pre-Implementation Tests:
+- ✅ Bash syntax validation (`bash -n scripts/*.sh`)
+- ✅ Docker Compose syntax validation
+- ✅ No errors in VS Code
+
+### Post-Implementation Tests Required:
+- ⏳ Deploy core server (Option 2)
+- ⏳ Verify Sablier stack auto-deployed
+- ⏳ Verify shared CA generated
+- ⏳ Deploy remote server (Option 3)
+- ⏳ Verify Docker TLS configured
+- ⏳ Verify registration with core
+- ⏳ Deploy test service on remote with labels
+- ⏳ Verify Traefik discovers service
+- ⏳ Verify SSL certificate issued
+- ⏳ Verify lazy loading works
+
+---
+
+## Key Implementation Details
+
+### 1. Sablier Container Name
+- Changed from `sablier-service` to `sablier` (consistent naming)
+- Only connects to local Docker socket (no remote DOCKER_HOST)
+- Each server runs independent Sablier instance
+
+### 2. REQUIRED_VARS Mechanism
+- Reused existing `validate_and_prompt_variables()` function
+- Made REQUIRED_VARS dynamic via `set_required_vars_for_deployment()`
+- No duplicate validation functions created
+
+### 3. Docker Pre-Check
+- Added `check_docker_installed()` before deployment options
+- Prevents confusing errors during deployment
+- Guides users to Option 1 if Docker missing
+
+### 4. Traefik Provider Configuration
+- Auto-generated in `/opt/stacks/core/traefik/dynamic/`
+- Format: `docker-provider-{hostname}.yml`
+- Traefik auto-reloads within 2 seconds
+
+### 5. Remote Server Registration
+- Uses SSH to run functions on core server
+- Sources common.sh on core to access functions
+- Creates provider and Sablier middleware configs
+- Restarts Traefik to apply changes
+
+---
+
+## Files Modified Summary
+
+| File | Lines Changed | Status |
+|------|---------------|--------|
+| `scripts/common.sh` | +130 | ✅ Complete |
+| `scripts/ez-homelab.sh` | +200 | ✅ Complete |
+| `docker-compose/core/docker-compose.yml` | -38 | ✅ Complete |
+| `docker-compose/sablier/docker-compose.yml` | +19 | ✅ Created |
+| `docker-compose/sablier/README.md` | +77 | ✅ Created |
+| `config-templates/` | Entire folder | ✅ Deleted |
+
+**Total Lines of Code:** ~430 lines added/modified
+
+---
+
+## Documentation Updates Needed
+
+The following documentation should be updated:
+- [ ] README.md - Add multi-server architecture section
+- [ ] Quick reference guide - Update deployment options
+- [ ] Troubleshooting guide - Add multi-server scenarios
+
+---
+
+## Next Steps
+
+1. **Test on Raspberry Pi 4** - Verify resource constraints handled properly
+2. **Create example service** - Document label structure for remote services
+3. **Update RoadMap.md** - Mark investigation items as complete
+4. **Performance testing** - Verify timeout handling on Pi 4
+
+---
+
+## Notes for Future Maintenance
+
+### Adding New Remote Server:
+1. Run Option 3 on new server
+2. Script automatically registers with core
+3. Deploy services with proper labels
+
+### Removing Remote Server:
+1. Delete provider config: `/opt/stacks/core/traefik/dynamic/docker-provider-{hostname}.yml`
+2. Delete Sablier config: `/opt/stacks/core/traefik/dynamic/sablier-middleware-{hostname}.yml`
+3. Traefik auto-reloads
+
+### Debugging:
+- Check Traefik logs: `docker logs traefik`
+- Check dynamic configs: `/opt/stacks/core/traefik/dynamic/`
+- Verify Docker TLS: `docker -H tcp://remote-ip:2376 --tlsverify ps`
+- Check Sablier logs: `docker logs sablier`
+
+---
+
+## Implementation Validation
+
+### Syntax Checks:
+```bash
+✅ bash -n scripts/ez-homelab.sh
+✅ bash -n scripts/common.sh
+✅ docker compose -f docker-compose/core/docker-compose.yml config -q
+✅ docker compose -f docker-compose/sablier/docker-compose.yml config -q
+```
+
+### Code Quality:
+- ✅ No VS Code errors/warnings
+- ✅ Follows existing code patterns
+- ✅ Reuses existing functions appropriately
+- ✅ Proper error handling
+- ✅ Debug logging included
+- ✅ User-friendly messages
+
+---
+
+## Success Criteria - ALL MET ✅
+
+- [x] Sablier in separate stack (not embedded in core)
+- [x] Container named "sablier" (not "sablier-service")
+- [x] No prompt_for_server_role() function (unnecessary)
+- [x] Reused existing validate_and_prompt_variables()
+- [x] Dynamic REQUIRED_VARS based on deployment type
+- [x] Compose changes in repo files (not script overrides)
+- [x] Backup from /opt/stacks/ (not repo)
+- [x] Timestamp format: YY_MM_DD_hh_mm
+- [x] Docker pre-check before deployment
+- [x] Config-templates folder deleted
+- [x] All functions properly documented
+
+---
+
+**Implementation Complete!** 🎉
+
+Ready for deployment testing on target hardware (Raspberry Pi 4 4GB).
diff --git a/config-templates/README.md b/config-templates/README.md
deleted file mode 100644
index c508b20..0000000
--- a/config-templates/README.md
+++ /dev/null
@@ -1,196 +0,0 @@
-# Configuration Templates
-
-This directory contains example configuration files for various services. These templates provide sensible defaults and are ready to use with minimal modifications.
-
-## Usage
-
-1. **Create your config directory** (if it doesn't exist):
-   ```bash
-   mkdir -p config/service-name
-   ```
-
-2. **Copy the template** to your config directory:
-   ```bash
-   cp config-templates/service-name/* config/service-name/
-   ```
-
-3. **Edit the configuration** as needed for your environment
-
-4. **Start the service** using Docker Compose
-
-## Available Templates
-
-### Prometheus (`prometheus/prometheus.yml`)
-Metrics collection and monitoring system configuration.
-
-**Features:**
-- Pre-configured to scrape Node Exporter and cAdvisor
-- 15-second scrape interval
-- Ready for additional service monitoring
-
-**Setup:**
-```bash
-mkdir -p config/prometheus
-cp config-templates/prometheus/prometheus.yml config/prometheus/
-docker compose -f docker-compose/monitoring.yml up -d prometheus
-```
-
-### Loki (`loki/loki-config.yml`)
-Log aggregation system configuration.
-
-**Features:**
-- Filesystem-based storage
-- 30-day log retention
-- Automatic log compaction
-- Pre-configured for Promtail
-
-**Setup:**
-```bash
-mkdir -p config/loki
-cp config-templates/loki/loki-config.yml config/loki/
-docker compose -f docker-compose/monitoring.yml up -d loki
-```
-
-### Promtail (`promtail/promtail-config.yml`)
-Log shipper for Loki.
-
-**Features:**
-- Automatically ships Docker container logs
-- Parses Docker JSON format
-- Extracts container IDs and names
-- Optional system log collection
-
-**Setup:**
-```bash
-mkdir -p config/promtail
-cp config-templates/promtail/promtail-config.yml config/promtail/
-docker compose -f docker-compose/monitoring.yml up -d promtail
-```
-
-### Redis (`redis/redis.conf`)
-In-memory data store configuration.
-
-**Features:**
-- Both AOF and RDB persistence enabled
-- 256MB memory limit with LRU eviction
-- Sensible defaults for homelab use
-- Security options (password protection available)
-
-**Setup:**
-```bash
-mkdir -p config/redis
-cp config-templates/redis/redis.conf config/redis/
-# Optional: Edit redis.conf to set a password
-docker compose -f docker-compose/development.yml up -d redis
-```
-
-## Customization Tips
-
-### Prometheus
-- Add more scrape targets to monitor additional services
-- Adjust `scrape_interval` based on your needs (lower = more frequent, more data)
-- Configure alerting by uncommenting the alertmanager section
-
-### Loki
-- Adjust `retention_period` to keep logs longer or shorter
-- Change storage from filesystem to S3 for better scalability
-- Configure multiple tenants if needed
-
-### Promtail
-- Add more scrape configs for system logs, application logs, etc.
-- Customize pipeline stages to extract more labels
-- Filter logs based on patterns
-
-### Redis
-- Set `maxmemory` based on your available RAM
-- Choose appropriate `maxmemory-policy` for your use case
-- Enable password protection by uncommenting `requirepass`
-
-## Service-Specific Notes
-
-### Services That Don't Need Config Templates
-
-Many services work perfectly with just environment variables and don't require separate config files:
-
-- **Plex, Jellyfin**: Configure via web UI
-- **Sonarr, Radarr, Prowlarr**: Configure via web UI
-- **Portainer**: Configure via web UI
-- **Grafana**: Can use provisioning or web UI
-- **Most LinuxServer.io images**: Configured via environment variables
-
-### Services That Benefit from Config Files
-
-- **Prometheus**: Requires `prometheus.yml` for scrape configuration
-- **Loki**: Requires config for storage and retention
-- **Promtail**: Requires config for log sources
-- **Redis**: Benefits from custom config for persistence and security
-- **Nginx**: Needs config for proxy rules (use Nginx Proxy Manager UI instead)
-
-## Best Practices
-
-1. **Version Control**: Keep your config templates in git
-2. **Secrets**: Never commit passwords or API keys
-3. **Comments**: Add comments explaining custom settings
-4. **Backups**: Backup config directories regularly
-5. **Testing**: Test config changes in a separate environment first
-
-## Creating New Templates
-
-When creating templates for other services:
-
-1. Start with the official documentation
-2. Use sensible defaults for homelab use
-3. Add comments explaining important settings
-4. Include examples for common customizations
-5. Test the template before committing
-
-## Getting Help
-
-- Check the official documentation for each service
-- Ask GitHub Copilot in VS Code for configuration help
-- Review the [Docker Guidelines](../docs/docker-guidelines.md)
-- Consult service-specific community forums
-
-## Example: Full Monitoring Stack Setup
-
-```bash
-# Create all config directories
-mkdir -p config/{prometheus,loki,promtail,grafana}
-
-# Copy templates
-cp config-templates/prometheus/prometheus.yml config/prometheus/
-cp config-templates/loki/loki-config.yml config/loki/
-cp config-templates/promtail/promtail-config.yml config/promtail/
-
-# Start the monitoring stack
-docker compose -f docker-compose/monitoring.yml up -d
-
-# Access services
-# Prometheus: http://server-ip:9090
-# Grafana: http://server-ip:3000
-# Loki: http://server-ip:3100
-```
-
-## Troubleshooting
-
-### Config file not found
-Ensure you copied the template to the correct location referenced in the docker-compose file.
-
-### Permission errors
-Fix ownership:
-```bash
-sudo chown -R 1000:1000 config/service-name
-```
-
-### Syntax errors
-Validate YAML files:
-```bash
-# For YAML files
-python3 -c "import yaml; yaml.safe_load(open('config/service/config.yml'))"
-```
-
-### Service won't start
-Check logs for configuration errors:
-```bash
-docker compose -f docker-compose/file.yml logs service-name
-```
diff --git a/config-templates/authelia/configuration.yml b/config-templates/authelia/configuration.yml
deleted file mode 100644
index c3c1033..0000000
--- a/config-templates/authelia/configuration.yml
+++ /dev/null
@@ -1,81 +0,0 @@
-# Authelia Configuration
-# Copy to /opt/stacks/authelia/configuration.yml
-# IMPORTANT: Replace 'your-domain.duckdns.org' with your actual DuckDNS domain
-
-server:
-  host: 0.0.0.0
-  port: 9091
-
-log:
-  level: info
-
-theme: dark
-
-jwt_secret: ${AUTHELIA_JWT_SECRET}
-
-default_redirection_url: https://auth.${DOMAIN}
-
-totp:
-  issuer: ${DOMAIN}
-  period: 30
-  skew: 1
-
-authentication_backend:
-  file:
-    path: /config/users_database.yml
-    password:
-      algorithm: argon2id
-      iterations: 1
-      key_length: 32
-      salt_length: 16
-      memory: 1024
-      parallelism: 8
-
-access_control:
-  default_policy: deny
-  
-  rules:
-    # Bypass Authelia for Jellyfin (allow app access)
-    - domain: jellyfin.${DOMAIN}
-      policy: bypass
-    
-    # Bypass for Plex (allow app access)
-    - domain: plex.${DOMAIN}
-      policy: bypass
-    
-    # Bypass for Home Assistant (has its own auth)
-    - domain: ha.${DOMAIN}
-      policy: bypass
-    
-    # Protected: All other services require authentication
-    - domain: "*.${DOMAIN}"
-      policy: one_factor
-    
-    # Two-factor for admin services (optional)
-    # - domain:
-    #     - "admin.${DOMAIN}"
-    #     - "portainer.${DOMAIN}"
-    #   policy: two_factor
-
-session:
-  name: authelia_session
-  secret: ${AUTHELIA_SESSION_SECRET}
-  expiration: 24h      # Session expires after 24 hours
-  inactivity: 24h      # Session expires after 24 hours of inactivity
-  remember_me_duration: 1M
-  domain: ${DOMAIN}
-
-regulation:
-  max_retries: 3
-  find_time: 2m
-  ban_time: 5m
-
-storage:
-  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
-  local:
-    path: /config/db.sqlite3
-
-notifier:
-  # File-based notifications (for development/testing)
-  filesystem:
-    filename: /config/notification.txt
diff --git a/config-templates/authelia/users_database.yml b/config-templates/authelia/users_database.yml
deleted file mode 100644
index a69ca71..0000000
--- a/config-templates/authelia/users_database.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Authelia Users Database
-# Copy to /opt/stacks/authelia/users_database.yml
-# Generate password hashes with: docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'yourpassword'
-
-users:
-  ${AUTHELIA_ADMIN_USER}:
-    displayname: ${AUTHELIA_ADMIN_USER}
-    password: ${AUTHELIA_ADMIN_PASSWORD_HASH}
-    email: ${AUTHELIA_ADMIN_EMAIL}
-    groups:
-      - admins
-      - users
-  
-  # Example: Additional user
-  # user1:
-  #   displayname: "User One"
-  #   password: "$argon2id$v=19$m=65536,t=3,p=4$CHANGEME"
-  #   email: user1@example.com
-  #   groups:
-  #     - users
diff --git a/config-templates/dokuwiki/conf/.htaccess b/config-templates/dokuwiki/conf/.htaccess
deleted file mode 100644
index 9f49132..0000000
--- a/config-templates/dokuwiki/conf/.htaccess
+++ /dev/null
@@ -1,8 +0,0 @@
-## no access to the conf directory
-<IfModule mod_authz_core.c>
-    Require all denied
-</IfModule>
-<IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-</IfModule>
diff --git a/config-templates/dokuwiki/conf/acl.auth.php b/config-templates/dokuwiki/conf/acl.auth.php
deleted file mode 100644
index bd65f3e..0000000
--- a/config-templates/dokuwiki/conf/acl.auth.php
+++ /dev/null
@@ -1,10 +0,0 @@
-# acl.auth.php
-# <?php exit()?>
-# Don't modify the lines above
-#
-# Access Control Lists
-#
-# Auto-generated by install script
-# Date: Tue, 20 Jan 2026 20:06:48 -0500
-*               @ALL          1
-*               @user         8
diff --git a/config-templates/dokuwiki/conf/acl.auth.php.dist b/config-templates/dokuwiki/conf/acl.auth.php.dist
deleted file mode 100644
index 14344d7..0000000
--- a/config-templates/dokuwiki/conf/acl.auth.php.dist
+++ /dev/null
@@ -1,21 +0,0 @@
-# acl.auth.php
-# <?php exit()?>
-# Don't modify the lines above
-#
-# Access Control Lists
-#
-# Editing this file by hand shouldn't be necessary. Use the ACL
-# Manager interface instead.
-#
-# If your auth backend allows special char like spaces in groups
-# or user names you need to urlencode them (only chars <128, leave
-# UTF-8 multibyte chars as is)
-#
-# none   0
-# read   1
-# edit   2
-# create 4
-# upload 8
-# delete 16
-
-*               @ALL        8
diff --git a/config-templates/dokuwiki/conf/acronyms.conf b/config-templates/dokuwiki/conf/acronyms.conf
deleted file mode 100644
index 2ecdeda..0000000
--- a/config-templates/dokuwiki/conf/acronyms.conf
+++ /dev/null
@@ -1,62 +0,0 @@
-# Acronyms.
-
-ACL          Access Control List
-AFAICS       As far as I can see
-AFAIK        As far as I know
-AFAIR        As far as I remember
-API          Application Programming Interface
-ASAP         As soon as possible
-ASCII        American Standard Code for Information Interchange
-BTW          By the way
-CMS          Content Management System
-CSS          Cascading Style Sheets
-DNS          Domain Name System
-EOF          End of file
-EOL          End of line
-EOM          End of message
-EOT          End of text
-FAQ          Frequently Asked Questions
-FTP          File Transfer Protocol
-FOSS         Free & Open-Source Software
-FLOSS        Free/Libre and Open Source Software
-FUD          Fear, Uncertainty, and Doubt
-FYI          For your information
-GB           Gigabyte
-GHz          Gigahertz
-GPL          GNU General Public License
-GUI          Graphical User Interface
-HTML         HyperText Markup Language
-IANAL        I am not a lawyer (but)
-IE           Internet Explorer
-IIRC         If I remember correctly
-IMHO         In my humble opinion
-IMO          In my opinion
-IOW          In other words
-IRC          Internet Relay Chat
-IRL          In real life
-KISS         Keep it simple stupid
-LAN          Local Area Network
-LGPL         GNU Lesser General Public License
-LOL          Laughing out loud
-MathML       Mathematical Markup Language
-MB           Megabyte
-MHz          Megahertz
-MSIE         Microsoft Internet Explorer
-OMG          Oh my God
-OS           Operating System
-OSS          Open Source Software
-OTOH         On the other hand
-PITA         Pain in the Ass
-RFC          Request for Comments
-ROTFL        Rolling on the floor laughing
-RTFM         Read The Fine Manual
-spec         specification
-TIA          Thanks in advance
-TL;DR        Too long; didn't read
-TOC          Table of Contents
-URI          Uniform Resource Identifier
-URL          Uniform Resource Locator
-W3C          World Wide Web Consortium
-WTF?         What the f***
-WYSIWYG      What You See Is What You Get
-YMMV         Your mileage may vary
diff --git a/config-templates/dokuwiki/conf/dokuwiki.php b/config-templates/dokuwiki/conf/dokuwiki.php
deleted file mode 100644
index 6990b23..0000000
--- a/config-templates/dokuwiki/conf/dokuwiki.php
+++ /dev/null
@@ -1,187 +0,0 @@
-<?php
-/**
- * This is DokuWiki's Main Configuration file
- *
- * All the default values are kept here, you should not modify it but use
- * a local.php file instead to override the settings from here.
- *
- * This is a piece of PHP code so PHP syntax applies!
- *
- * For help with the configuration and a more detailed explanation of the various options
- * see https://www.dokuwiki.org/config
- */
-
-
-/* Basic Settings */
-$conf['title']       = 'DokuWiki';        //what to show in the title
-$conf['start']       = 'start';           //name of start page
-$conf['lang']        = 'en';              //your language
-$conf['template']    = 'dokuwiki';         //see lib/tpl directory
-$conf['tagline']     = '';                //tagline in header (if template supports it)
-$conf['sidebar']     = 'sidebar';         //name of sidebar in root namespace (if template supports it)
-$conf['license']     = 'cc-by-nc-sa';     //see conf/license.php
-$conf['savedir']     = './data';          //where to store all the files
-$conf['basedir']     = '';                //absolute dir from serveroot - blank for autodetection
-$conf['baseurl']     = '';                //URL to server including protocol - blank for autodetect
-$conf['cookiedir']   = '';                //path to use in cookies - blank for basedir
-$conf['dmode']       = 0755;              //set directory creation mode
-$conf['fmode']       = 0644;              //set file creation mode
-$conf['allowdebug']  = 0;                 //allow debug output, enable if needed 0|1
-
-/* Display Settings */
-$conf['recent']      = 20;                //how many entries to show in recent
-$conf['recent_days'] = 7;                 //How many days of recent changes to keep. (days)
-$conf['breadcrumbs'] = 10;                //how many recent visited pages to show
-$conf['youarehere']  = 0;                 //show "You are here" navigation? 0|1
-$conf['fullpath']    = 0;                 //show full path of the document or relative to datadir only? 0|1
-$conf['typography']  = 1;                 //smartquote conversion 0=off, 1=doublequotes, 2=all quotes
-$conf['dformat']     = '%Y/%m/%d %H:%M';  //dateformat accepted by PHPs strftime() function
-$conf['signature']   = ' --- //[[@MAIL@|@NAME@]] @DATE@//'; //signature see wiki page for details
-$conf['showuseras']  = 'loginname';       // 'loginname' users login name
-                                          // 'username' users full name
-                                          // 'email' e-mail address (will be obfuscated as per mailguard)
-                                          // 'email_link' e-mail address as a mailto: link (obfuscated)
-$conf['toptoclevel'] = 1;                 //Level starting with and below to include in AutoTOC (max. 5)
-$conf['tocminheads'] = 3;                 //Minimum amount of headlines that determines if a TOC is built
-$conf['maxtoclevel'] = 3;                 //Up to which level include into AutoTOC (max. 5)
-$conf['maxseclevel'] = 3;                 //Up to which level create editable sections (max. 5)
-$conf['camelcase']   = 0;                 //Use CamelCase for linking? (I don't like it) 0|1
-$conf['deaccent']    = 1;                 //deaccented chars in pagenames (1) or romanize (2) or keep (0)?
-$conf['useheading']  = 0;                 //use the first heading in a page as its name
-$conf['sneaky_index']= 0;                 //check for namespace read permission in index view (0|1) (1 might cause unexpected behavior)
-$conf['hidepages']   = '';                //Regexp for pages to be skipped from RSS, Search and Recent Changes
-
-/* Authentication Settings */
-$conf['useacl']      = 0;                //Use Access Control Lists to restrict access?
-$conf['autopasswd']  = 1;                //autogenerate passwords and email them to user
-$conf['authtype']    = 'authplain';      //which authentication backend should be used
-$conf['passcrypt']   = 'bcrypt';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411,bcrypt)
-$conf['defaultgroup']= 'user';           //Default groups new Users are added to
-$conf['superuser']   = '!!not set!!';    //The admin can be user or @group or comma separated list user1,@group1,user2
-$conf['manager']     = '!!not set!!';    //The manager can be user or @group or comma separated list user1,@group1,user2
-$conf['profileconfirm'] = 1;             //Require current password to confirm changes to user profile
-$conf['rememberme'] = 1;                 //Enable/disable remember me on login
-$conf['disableactions'] = '';            //comma separated list of actions to disable
-$conf['auth_security_timeout'] = 900;    //time (seconds) auth data is considered valid, set to 0 to recheck on every page view
-$conf['securecookie'] = 1;               //never send HTTPS cookies via HTTP
-$conf['samesitecookie'] = 'Lax';         //SameSite attribute for cookies (Lax|Strict|None|Empty)
-$conf['remote']      = 0;                //Enable/disable remote interfaces
-$conf['remoteuser']  = '!!not set!!';    //user/groups that have access to remote interface (comma separated). leave empty to allow all users
-$conf['remotecors']  = '';               //enable Cross-Origin Resource Sharing (CORS) for the remote interfaces. Asterisk (*) to allow all origins. leave empty to deny.
-
-/* Antispam Features */
-$conf['usewordblock']= 1;                //block spam based on words? 0|1
-$conf['relnofollow'] = 1;                //use rel="ugc nofollow" for external links?
-$conf['indexdelay']  = 60*60*24*5;       //allow indexing after this time (seconds) default is 5 days
-$conf['mailguard']   = 'hex';            //obfuscate email addresses against spam harvesters?
-                                         //valid entries are:
-                                         //  'visible' - replace @ with [at], . with [dot] and - with [dash]
-                                         //  'hex'     - use hex entities to encode the mail address
-                                         //  'none'    - do not obfuscate addresses
-$conf['iexssprotect']= 1;                // check for JavaScript and HTML in uploaded files 0|1
-
-/* Editing Settings */
-$conf['usedraft']    = 1;                //automatically save a draft while editing (0|1)
-$conf['locktime']    = 15*60;            //maximum age for lockfiles (defaults to 15 minutes)
-$conf['cachetime']   = 60*60*24;         //maximum age for cachefile in seconds (defaults to a day)
-
-/* Link Settings */
-// Set target to use when creating links - leave empty for same window
-$conf['target']['wiki']      = '';
-$conf['target']['interwiki'] = '';
-$conf['target']['extern']    = '';
-$conf['target']['media']     = '';
-$conf['target']['windows']   = '';
-
-/* Media Settings */
-$conf['mediarevisions'] = 1;             //enable/disable media revisions
-$conf['refcheck']    = 1;                //check for references before deleting media files
-$conf['gdlib']       = 2;                //the GDlib version (0, 1 or 2) 2 tries to autodetect
-$conf['im_convert']  = '';               //path to ImageMagicks convert (will be used instead of GD)
-$conf['jpg_quality'] = '70';             //quality of compression when scaling jpg images (0-100)
-$conf['fetchsize']   = 0;                //maximum size (bytes) fetch.php may download from extern, disabled by default
-
-/* Notification Settings */
-$conf['subscribers'] = 0;                //enable change notice subscription support
-$conf['subscribe_time'] = 24*60*60;      //Time after which digests / lists are sent (in sec, default 1 day)
-                                         //Should be smaller than the time specified in recent_days
-$conf['notify']      = '';               //send change info to this email (leave blank for nobody)
-$conf['registernotify'] = '';            //send info about newly registered users to this email (leave blank for nobody)
-$conf['mailfrom']    = '';               //use this email when sending mails
-$conf['mailreturnpath']    = '';         //use this email as returnpath for bounce mails
-$conf['mailprefix']  = '';               //use this as prefix of outgoing mails
-$conf['htmlmail']    = 1;                //send HTML multipart mails
-$conf['dontlog'] = 'debug';              //logging facilities that should be disabled
-$conf['logretain'] = 3;                  //how many days of logs to keep
-
-/* Syndication Settings */
-$conf['sitemap']     = 0;                //Create a Google sitemap? How often? In days.
-$conf['rss_type']    = 'rss1';           //type of RSS feed to provide, by default:
-                                         //  'rss'  - RSS 0.91
-                                         //  'rss1' - RSS 1.0
-                                         //  'rss2' - RSS 2.0
-                                         //  'atom' - Atom 0.3
-                                         //  'atom1' - Atom 1.0
-$conf['rss_linkto'] = 'diff';            //what page RSS entries link to:
-                                         //  'diff'    - page showing revision differences
-                                         //  'page'    - the revised page itself
-                                         //  'rev'     - page showing all revisions
-                                         //  'current' - most recent revision of page
-$conf['rss_content'] = 'abstract';       //what to put in the items by default?
-                                         //  'abstract' - plain text, first paragraph or so
-                                         //  'diff'     - plain text unified diff wrapped in <pre> tags
-                                         //  'htmldiff' - diff as HTML table
-                                         //  'html'     - the full page rendered in XHTML
-$conf['rss_media']   = 'both';           //what should be listed?
-                                         //  'both'     - page and media changes
-                                         //  'pages'    - page changes only
-                                         //  'media'    - media changes only
-$conf['rss_update'] = 5*60;              //Update the RSS feed every n seconds (defaults to 5 minutes)
-$conf['rss_show_summary'] = 1;           //Add revision summary to title? 0|1
-$conf['rss_show_deleted'] = 1;           //Show deleted items 0|1
-
-/* Advanced Settings */
-$conf['updatecheck'] = 1;                //automatically check for new releases?
-$conf['userewrite']  = 0;                //this makes nice URLs: 0: off 1: .htaccess 2: internal
-$conf['useslash']    = 0;                //use slash instead of colon? only when rewrite is on
-$conf['sepchar']     = '_';              //word separator character in page names; may be a
-                                         //  letter, a digit, '_', '-', or '.'.
-$conf['canonical']   = 0;                //Should all URLs use full canonical http://... style?
-$conf['fnencode']    = 'url';            //encode filenames (url|safe|utf-8)
-$conf['autoplural']  = 0;                //try (non)plural form of nonexistent files?
-$conf['compression'] = 'gz';             //compress old revisions: (0: off) ('gz': gnuzip) ('bz2': bzip)
-                                         //  bz2 generates smaller files, but needs more cpu-power
-$conf['gzip_output'] = 0;                //use gzip content encoding for the output xhtml (if allowed by browser)
-$conf['compress']    = 1;                //Strip whitespaces and comments from Styles and JavaScript? 1|0
-$conf['cssdatauri']  = 512;              //Maximum byte size of small images to embed into CSS, won't work on IE<8
-$conf['send404']     = 0;                //Send an HTTP 404 status for nonexistent pages?
-$conf['broken_iua']  = 0;                //Platform with broken ignore_user_abort (IIS+CGI) 0|1
-$conf['xsendfile']   = 0;                //Use X-Sendfile (1 = lighttpd, 2 = standard)
-$conf['renderer_xhtml'] = 'xhtml';       //renderer to use for main page generation
-$conf['readdircache'] = 0;               //time cache in second for the readdir operation, 0 to deactivate.
-$conf['search_nslimit'] = 0;             //limit the search to the current X namespaces
-$conf['search_fragment'] = 'exact';      //specify the default fragment search behavior
-
-/* Feature Flags */
-$conf['defer_js'] = 1;                   // Defer javascript to be executed after the page's HTML has been parsed. Setting will be removed in the next release.
-$conf['hidewarnings'] = 0;               // Hide warnings
-
-/* Network Settings */
-$conf['dnslookups'] = 1;                 //disable to disallow IP to hostname lookups
-$conf['jquerycdn']  = 0;                 //use a CDN for delivering jQuery?
-$conf['trustedproxies'] = array('::1', 'fe80::/10', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16');
-                                         // Trusted proxy servers from which to read the X-Forwarded-For header.
-                                         // Each item in the array may be either an IPv4 or IPv6 address, or
-                                         // an IPv4 or IPv6 CIDR range (e.g. 10.0.0.0/8).
-
-$conf['realip'] = false;                 // Enable reading the X-Real-IP header.  Default: false.
-                                         // Only enable this if your server writes this header, otherwise it may be spoofed.
-
-
-// Proxy setup - if your Server needs a proxy to access the web set these
-$conf['proxy']['host']    = '';
-$conf['proxy']['port']    = '';
-$conf['proxy']['user']    = '';
-$conf['proxy']['pass']    = '';
-$conf['proxy']['ssl']     = 0;
-$conf['proxy']['except']  = '';
diff --git a/config-templates/dokuwiki/conf/entities.conf b/config-templates/dokuwiki/conf/entities.conf
deleted file mode 100644
index c0d653c..0000000
--- a/config-templates/dokuwiki/conf/entities.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# Typography replacements
-#
-# Order does matter!
-#
-# You can use HTML entities here, but it is not recommended because it may break
-# non-HTML renderers. Use UTF-8 chars directly instead.
-
-<->     ↔
-->      →
-<-      ←
-<=>     ⇔
-=>      ⇒
-<=      ⇐
->>      »
-<<      «
----     —
---      –
-(c)     ©
-(tm)    ™
-(r)     ®
-...     …
-
diff --git a/config-templates/dokuwiki/conf/interwiki.conf b/config-templates/dokuwiki/conf/interwiki.conf
deleted file mode 100644
index a509056..0000000
--- a/config-templates/dokuwiki/conf/interwiki.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-# Each URL may contain one of these placeholders
-# {URL}  is replaced by the URL encoded representation of the wikiname
-#        this is the right thing to do in most cases
-# {NAME} this is replaced by the wikiname as given in the document
-#        only mandatory encoded is done, urlencoding if the link
-#        is an external URL, or encoding as a wikiname if it is an
-#        internal link (begins with a colon)
-# {SCHEME}
-# {HOST}
-# {PORT}
-# {PATH}
-# {QUERY} these placeholders will be replaced with the appropriate part
-#         of the link when parsed as a URL
-# If no placeholder is defined the urlencoded name is appended to the URL
-
-# To prevent losing your added InterWiki shortcuts after an upgrade,
-# you should add new ones to interwiki.local.conf
-
-wp        https://en.wikipedia.org/wiki/{NAME}
-wpfr      https://fr.wikipedia.org/wiki/{NAME}
-wpde      https://de.wikipedia.org/wiki/{NAME}
-wpes      https://es.wikipedia.org/wiki/{NAME}
-wppl      https://pl.wikipedia.org/wiki/{NAME}
-wpjp      https://ja.wikipedia.org/wiki/{NAME}
-wpru      https://ru.wikipedia.org/wiki/{NAME}
-wpmeta    https://meta.wikipedia.org/wiki/{NAME}
-doku      https://www.dokuwiki.org/
-rfc       https://tools.ietf.org/html/rfc
-man       http://man.cx/
-amazon    https://www.amazon.com/dp/{URL}?tag=splitbrain-20
-amazon.de https://www.amazon.de/dp/{URL}?tag=splitbrain-21
-amazon.uk https://www.amazon.co.uk/dp/{URL}
-paypal    https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&amp;business=
-phpfn     https://secure.php.net/{NAME}
-skype     skype:{NAME}
-google    https://www.google.com/search?q=
-google.de https://www.google.de/search?q=
-go        https://www.google.com/search?q={URL}&amp;btnI=lucky
-user      :user:{NAME}
-
-# To support VoIP/SIP/TEL links
-callto    callto://{NAME}
-tel       tel:{NAME}
diff --git a/config-templates/dokuwiki/conf/license.php b/config-templates/dokuwiki/conf/license.php
deleted file mode 100644
index 845c59f..0000000
--- a/config-templates/dokuwiki/conf/license.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-/**
- * This file defines multiple available licenses you can license your
- * wiki contents under. Do not change this file, but create a
- * license.local.php instead.
- */
-
-if(empty($LC)) $LC = empty($conf['lang']) ? 'en' : $conf['lang'];
-
-$license['cc-zero'] = array(
-    'name' => 'CC0 1.0 Universal',
-    'url'  => 'https://creativecommons.org/publicdomain/zero/1.0/deed.'.$LC,
-);
-$license['publicdomain'] = array(
-    'name' => 'Public Domain',
-    'url'  => 'https://creativecommons.org/licenses/publicdomain/deed.'.$LC,
-);
-$license['cc-by'] = array(
-    'name' => 'CC Attribution 4.0 International',
-    'url'  => 'https://creativecommons.org/licenses/by/4.0/deed.'.$LC,
-);
-$license['cc-by-sa'] = array(
-    'name' => 'CC Attribution-Share Alike 4.0 International',
-    'url'  => 'https://creativecommons.org/licenses/by-sa/4.0/deed.'.$LC,
-);
-$license['gnufdl'] = array(
-    'name' => 'GNU Free Documentation License 1.3',
-    'url'  => 'https://www.gnu.org/licenses/fdl-1.3.html',
-);
-$license['cc-by-nc'] = array(
-    'name' => 'CC Attribution-Noncommercial 4.0 International',
-    'url'  => 'https://creativecommons.org/licenses/by-nc/4.0/deed.'.$LC,
-);
-$license['cc-by-nc-sa'] = array(
-    'name' => 'CC Attribution-Noncommercial-Share Alike 4.0 International',
-    'url'  => 'https://creativecommons.org/licenses/by-nc-sa/4.0/deed.'.$LC,
-);
-
diff --git a/config-templates/dokuwiki/conf/local.php b/config-templates/dokuwiki/conf/local.php
deleted file mode 100644
index 1f33c80..0000000
--- a/config-templates/dokuwiki/conf/local.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php
-/**
- * Dokuwiki's Main Configuration File - Local Settings
- * Auto-generated by install script
- * Date: Tue, 20 Jan 2026 20:06:48 -0500
- */
-$conf['title'] = 'AI-Homelab';
-$conf['lang'] = 'en';
-$conf['license'] = 'cc-by-sa';
-$conf['useacl'] = 1;
-$conf['superuser'] = '@admin';
-$conf['disableactions'] = 'register';
-$conf['savedir'] = '/app/www/public/data';
diff --git a/config-templates/dokuwiki/conf/local.php.dist b/config-templates/dokuwiki/conf/local.php.dist
deleted file mode 100644
index 0397954..0000000
--- a/config-templates/dokuwiki/conf/local.php.dist
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-/**
- * This is an example of how a local.php could look like.
- * Simply copy the options you want to change from dokuwiki.php
- * to this file and change them.
- *
- * When using the installer, a correct local.php file be generated for
- * you automatically.
- */
-
-
-//$conf['title']       = 'My Wiki';        //what to show in the title
-
-//$conf['useacl']      = 1;                //Use Access Control Lists to restrict access?
-//$conf['superuser']   = 'joe';
-
diff --git a/config-templates/dokuwiki/conf/manifest.json b/config-templates/dokuwiki/conf/manifest.json
deleted file mode 100644
index 891bd79..0000000
--- a/config-templates/dokuwiki/conf/manifest.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-    "display": "standalone"
-}
diff --git a/config-templates/dokuwiki/conf/mediameta.php b/config-templates/dokuwiki/conf/mediameta.php
deleted file mode 100644
index b998de3..0000000
--- a/config-templates/dokuwiki/conf/mediameta.php
+++ /dev/null
@@ -1,91 +0,0 @@
-<?php
-/**
- * This configures which metadata will be editable through
- * the media manager. Each field of the array is an array with the
- * following contents:
- *   fieldname - Where data will be saved (EXIF or IPTC field)
- *   label     - key to lookup in the $lang var, if not found printed as is
- *   htmltype  - 'text', 'textarea' or 'date'
- *   lookups   - array additional fields to look up the data (EXIF or IPTC fields)
- *
- * The fields are not ordered continuously to make inserting additional items
- * in between simpler.
- *
- * This is a PHP snippet, so PHP syntax applies.
- *
- * Note: $fields is not a global variable and will not be available to any
- *       other functions or templates later
- *
- * You may extend or overwrite this variable in an optional
- * conf/mediameta.local.php file
- *
- * For a list of available EXIF/IPTC fields refer to
- * http://www.dokuwiki.org/devel:templates:detail.php
- */
-
-
-$fields = array(
-    10 => array('Iptc.Headline',
-                'img_title',
-                'text'),
-
-    20 => array('',
-                'img_date',
-                'date',
-                array('Date.EarliestTime')),
-
-    30 => array('',
-                'img_fname',
-                'text',
-                array('File.Name')),
-
-    40 => array('Iptc.Caption',
-                'img_caption',
-                'textarea',
-                array('Exif.UserComment',
-                      'Exif.TIFFImageDescription',
-                      'Exif.TIFFUserComment')),
-
-    50 => array('Iptc.Byline',
-                'img_artist',
-                'text',
-                array('Exif.TIFFArtist',
-                      'Exif.Artist',
-                      'Iptc.Credit')),
-
-    60 => array('Iptc.CopyrightNotice',
-                'img_copyr',
-                'text',
-                array('Exif.TIFFCopyright',
-                      'Exif.Copyright')),
-
-    70 => array('',
-                'img_format',
-                'text',
-                array('File.Format')),
-
-    80 => array('',
-                'img_fsize',
-                'text',
-                array('File.NiceSize')),
-
-    90 => array('',
-                'img_width',
-                'text',
-                array('File.Width')),
-
-    100 => array('',
-                'img_height',
-                'text',
-                array('File.Height')),
-
-    110 => array('',
-                'img_camera',
-                'text',
-                array('Simple.Camera')),
-
-    120 => array('Iptc.Keywords',
-                'img_keywords',
-                'text',
-                array('Exif.Category')),
-);
diff --git a/config-templates/dokuwiki/conf/mime.conf b/config-templates/dokuwiki/conf/mime.conf
deleted file mode 100644
index b271322..0000000
--- a/config-templates/dokuwiki/conf/mime.conf
+++ /dev/null
@@ -1,75 +0,0 @@
-# Allowed uploadable file extensions and mimetypes are defined here.
-# To extend this file it is recommended to create a mime.local.conf
-# file. Mimetypes that should be downloadable and not be opened in the
-# should be prefixed with a !
-
-jpg     image/jpeg
-jpeg    image/jpeg
-gif     image/gif
-png     image/png
-webp    image/webp
-ico     image/vnd.microsoft.icon
-
-mp3     audio/mpeg
-ogg     audio/ogg
-wav     audio/wav
-webm    video/webm
-ogv     video/ogg
-mp4     video/mp4
-vtt     text/vtt
-
-tgz     !application/octet-stream
-tar     !application/x-gtar
-gz      !application/octet-stream
-bz2     !application/octet-stream
-zip     !application/zip
-rar     !application/rar
-7z      !application/x-7z-compressed
-
-pdf     application/pdf
-ps      !application/postscript
-
-rpm     !application/octet-stream
-deb     !application/octet-stream
-
-doc     !application/msword
-xls     !application/msexcel
-ppt     !application/mspowerpoint
-rtf     !application/msword
-
-docx    !application/vnd.openxmlformats-officedocument.wordprocessingml.document
-xlsx    !application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
-pptx    !application/vnd.openxmlformats-officedocument.presentationml.presentation
-
-sxw     !application/soffice
-sxc     !application/soffice
-sxi     !application/soffice
-sxd     !application/soffice
-
-odc     !application/vnd.oasis.opendocument.chart
-odf     !application/vnd.oasis.opendocument.formula
-odg     !application/vnd.oasis.opendocument.graphics
-odi     !application/vnd.oasis.opendocument.image
-odp     !application/vnd.oasis.opendocument.presentation
-ods     !application/vnd.oasis.opendocument.spreadsheet
-odt     !application/vnd.oasis.opendocument.text
-
-svg     image/svg+xml
-
-# You should enable HTML and Text uploads only for restricted Wikis.
-# Spammers are known to upload spam pages through unprotected Wikis.
-# Note: Enabling HTML opens Cross Site Scripting vulnerabilities
-#       through JavaScript. Only enable this with trusted users. You
-#       need to disable the iexssprotect option additionally to
-#       adding the mime type here
-#html    text/html
-#htm     text/html
-#txt     text/plain
-#conf    text/plain
-#xml     text/xml
-#csv     text/csv
-
-# Also flash may be able to execute arbitrary scripts in the website's
-# context
-#swf     application/x-shockwave-flash
-
diff --git a/config-templates/dokuwiki/conf/mysql.conf.php.example b/config-templates/dokuwiki/conf/mysql.conf.php.example
deleted file mode 100644
index eef99fc..0000000
--- a/config-templates/dokuwiki/conf/mysql.conf.php.example
+++ /dev/null
@@ -1,253 +0,0 @@
-<?php
-/*
- * This is an example configuration for the mysql auth plugin.
- *
- * This SQL statements are optimized for following table structure.
- * If you use a different one you have to change them accordingly.
- * See comments of every statement for details.
- *
- * TABLE users
- *     uid   login   pass   firstname   lastname   email
- *
- * TABLE groups
- *     gid   name
- *
- * TABLE usergroup
- *     uid   gid
- *
- * To use this configuration you have to copy them to local.protected.php
- * or at least include this file in local.protected.php.
- */
-
-/* Options to configure database access. You need to set up this
- * options carefully, otherwise you won't be able to access you
- * database.
- */
-$conf['plugin']['authmysql']['server']   = '';
-$conf['plugin']['authmysql']['user']     = '';
-$conf['plugin']['authmysql']['password'] = '';
-$conf['plugin']['authmysql']['database'] = '';
-
-/* This option enables debug messages in the mysql plugin. It is
- * mostly useful for system admins.
- */
-$conf['plugin']['authmysql']['debug'] = 0;
-
-/* Normally password encryption is done by DokuWiki (recommended) but for
- * some reasons it might be useful to let the database do the encryption.
- * Set 'forwardClearPass' to '1' and the cleartext password is forwarded to
- * the database, otherwise the encrypted one.
- */
-$conf['plugin']['authmysql']['forwardClearPass'] = 0;
-
-/* Multiple table operations will be protected by locks. This array tells
- * the plugin which tables to lock. If you use any aliases for table names
- * these array must also contain these aliases. Any unnamed alias will cause
- * a warning during operation. See the example below.
- */
-$conf['plugin']['authmysql']['TablesToLock']= array("users", "users AS u","groups", "groups AS g", "usergroup", "usergroup AS ug");
-
-/***********************************************************************/
-/*       Basic SQL statements for user authentication (required)       */
-/***********************************************************************/
-
-/* This statement is used to grant or deny access to the wiki. The result
- * should be a table with exact one line containing at least the password
- * of the user. If the result table is empty or contains more than one
- * row, access will be denied.
- *
- * The plugin accesses the password as 'pass' so an alias might be necessary.
- *
- * Following patters will be replaced:
- *   %{user}    user name
- *   %{pass}    encrypted or clear text password (depends on 'encryptPass')
- *   %{dgroup}  default group name
- */
-$conf['plugin']['authmysql']['checkPass']   = "SELECT pass
-                                               FROM usergroup AS ug
-                                               JOIN users AS u ON u.uid=ug.uid
-                                               JOIN groups AS g ON g.gid=ug.gid
-                                               WHERE login='%{user}'
-                                               AND name='%{dgroup}'";
-
-/* This statement should return a table with exact one row containing
- * information about one user. The field needed are:
- * 'pass'  containing the encrypted or clear text password
- * 'name'  the user's full name
- * 'mail'  the user's email address
- *
- * Keep in mind that Dokuwiki will access this information through the
- * names listed above so aliases might be necessary.
- *
- * Following patters will be replaced:
- *   %{user}    user name
- */
-$conf['plugin']['authmysql']['getUserInfo'] = "SELECT pass, CONCAT(firstname,' ',lastname) AS name, email AS mail
-                                               FROM users
-                                               WHERE login='%{user}'";
-
-/* This statement is used to get all groups a user is member of. The
- * result should be a table containing all groups the given user is
- * member of. The plugin accesses the group name as 'group' so an alias
- * might be necessary.
- *
- * Following patters will be replaced:
- *   %{user}    user name
- */
-$conf['plugin']['authmysql']['getGroups']   = "SELECT name as `group`
-                                               FROM groups g, users u, usergroup ug
-                                               WHERE u.uid = ug.uid
-                                               AND g.gid = ug.gid
-                                               AND u.login='%{user}'";
-
-/***********************************************************************/
-/*      Additional minimum SQL statements to use the user manager      */
-/***********************************************************************/
-
-/* This statement should return a table containing all user login names
- * that meet certain filter criteria. The filter expressions will be added
- * case dependent by the plugin. At the end a sort expression will be added.
- * Important is that this list contains no double entries for a user. Each
- * user name is only allowed once in the table.
- *
- * The login name will be accessed as 'user' to an alias might be necessary.
- * No patterns will be replaced in this statement but following patters
- * will be replaced in the filter expressions:
- *   %{user}    in FilterLogin  user's login name
- *   %{name}    in FilterName   user's full name
- *   %{email}   in FilterEmail  user's email address
- *   %{group}   in FilterGroup  group name
- */
-$conf['plugin']['authmysql']['getUsers']    = "SELECT DISTINCT login AS user
-                                               FROM users AS u
-                                               LEFT JOIN usergroup AS ug ON u.uid=ug.uid
-                                               LEFT JOIN groups AS g ON ug.gid=g.gid";
-$conf['plugin']['authmysql']['FilterLogin'] = "login LIKE '%{user}'";
-$conf['plugin']['authmysql']['FilterName']  = "CONCAT(firstname,' ',lastname) LIKE '%{name}'";
-$conf['plugin']['authmysql']['FilterEmail'] = "email LIKE '%{email}'";
-$conf['plugin']['authmysql']['FilterGroup'] = "name LIKE '%{group}'";
-$conf['plugin']['authmysql']['SortOrder']   = "ORDER BY login";
-
-/***********************************************************************/
-/*   Additional SQL statements to add new users with the user manager  */
-/***********************************************************************/
-
-/* This statement should add a user to the database. Minimum information
- * to store are: login name, password, email address and full name.
- *
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{pass}    password (encrypted or clear text, depends on 'encryptPass')
- *   %{email}   email address
- *   %{name}    user's full name
- */
-$conf['plugin']['authmysql']['addUser']     = "INSERT INTO users
-                                               (login, pass, email, firstname, lastname)
-                                               VALUES ('%{user}', '%{pass}', '%{email}',
-                                               SUBSTRING_INDEX('%{name}',' ', 1),
-                                               SUBSTRING_INDEX('%{name}',' ', -1))";
-
-/* This statement should add a group to the database.
- * Following patterns will be replaced:
- *   %{group}   group name
- */
-$conf['plugin']['authmysql']['addGroup']    = "INSERT INTO groups (name)
-                                               VALUES ('%{group}')";
-
-/* This statement should connect a user to a group (a user become member
- * of that group).
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{uid}     id of a user dataset
- *   %{group}   group name
- *   %{gid}     id of a group dataset
- */
-$conf['plugin']['authmysql']['addUserGroup']= "INSERT INTO usergroup (uid, gid)
-                                               VALUES ('%{uid}', '%{gid}')";
-
-/* This statement should remove a group fom the database.
- * Following patterns will be replaced:
- *   %{group}   group name
- *   %{gid}     id of a group dataset
- */
-$conf['plugin']['authmysql']['delGroup']    = "DELETE FROM groups
-                                               WHERE gid='%{gid}'";
-
-/* This statement should return the database index of a given user name.
- * The plugin will access the index with the name 'id' so an alias might be
- * necessary.
- * following patters will be replaced:
- *   %{user}    user name
- */
-$conf['plugin']['authmysql']['getUserID']   = "SELECT uid AS id
-                                               FROM users
-                                               WHERE login='%{user}'";
-
-/***********************************************************************/
-/*   Additional SQL statements to delete users with the user manager   */
-/***********************************************************************/
-
-/* This statement should remove a user fom the database.
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{uid}     id of a user dataset
- */
-$conf['plugin']['authmysql']['delUser']     = "DELETE FROM users
-                                               WHERE uid='%{uid}'";
-
-/* This statement should remove all connections from a user to any group
- * (a user quits membership of all groups).
- * Following patterns will be replaced:
- *   %{uid}     id of a user dataset
- */
-$conf['plugin']['authmysql']['delUserRefs'] = "DELETE FROM usergroup
-                                               WHERE uid='%{uid}'";
-
-/***********************************************************************/
-/*   Additional SQL statements to modify users with the user manager   */
-/***********************************************************************/
-
-/* This statements should modify a user entry in the database. The
- * statements UpdateLogin, UpdatePass, UpdateEmail and UpdateName will be
- * added to updateUser on demand. Only changed parameters will be used.
- *
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{pass}    password (encrypted or clear text, depends on 'encryptPass')
- *   %{email}   email address
- *   %{name}    user's full name
- *   %{uid}     user id that should be updated
- */
-$conf['plugin']['authmysql']['updateUser']  = "UPDATE users SET";
-$conf['plugin']['authmysql']['UpdateLogin'] = "login='%{user}'";
-$conf['plugin']['authmysql']['UpdatePass']  = "pass='%{pass}'";
-$conf['plugin']['authmysql']['UpdateEmail'] = "email='%{email}'";
-$conf['plugin']['authmysql']['UpdateName']  = "firstname=SUBSTRING_INDEX('%{name}',' ', 1),
-                                               lastname=SUBSTRING_INDEX('%{name}',' ', -1)";
-$conf['plugin']['authmysql']['UpdateTarget']= "WHERE uid=%{uid}";
-
-/* This statement should remove a single connection from a user to a
- * group (a user quits membership of that group).
- *
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{uid}     id of a user dataset
- *   %{group}   group name
- *   %{gid}     id of a group dataset
- */
-$conf['plugin']['authmysql']['delUserGroup']= "DELETE FROM usergroup
-                                               WHERE uid='%{uid}'
-                                               AND gid='%{gid}'";
-
-/* This statement should return the database index of a given group name.
- * The plugin will access the index with the name 'id' so an alias might
- * be necessary.
- *
- * Following patters will be replaced:
- *   %{group}   group name
- */
-$conf['plugin']['authmysql']['getGroupID']  = "SELECT gid AS id
-                                               FROM groups
-                                               WHERE name='%{group}'";
-
-
diff --git a/config-templates/dokuwiki/conf/plugins.local.php b/config-templates/dokuwiki/conf/plugins.local.php
deleted file mode 100644
index e0e691d..0000000
--- a/config-templates/dokuwiki/conf/plugins.local.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-/*
- * Local plugin enable/disable settings
- *
- * Auto-generated by install script
- * Date: Tue, 20 Jan 2026 20:06:48 -0500
- */
-
-$plugins['authad']    = 0;
-$plugins['authldap']  = 0;
-$plugins['authmysql'] = 0;
-$plugins['authpgsql'] = 0;
diff --git a/config-templates/dokuwiki/conf/plugins.php b/config-templates/dokuwiki/conf/plugins.php
deleted file mode 100644
index b2c7997..0000000
--- a/config-templates/dokuwiki/conf/plugins.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-/**
- * This file configures the default states of available plugins. All settings in
- * the plugins.*.php files will override those here.
- */
-$plugins['testing'] = 0;
diff --git a/config-templates/dokuwiki/conf/plugins.required.php b/config-templates/dokuwiki/conf/plugins.required.php
deleted file mode 100644
index 1241bdb..0000000
--- a/config-templates/dokuwiki/conf/plugins.required.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-/**
- * This file configures the enabled/disabled status of plugins, which are also protected
- * from changes by the extension manager. These settings will override any local settings.
- * It is not recommended to change this file, as it is overwritten on DokuWiki upgrades.
- */
-$plugins['acl']               = 1;
-$plugins['authplain']         = 1;
-$plugins['extension']         = 1;
-$plugins['config']            = 1;
-$plugins['usermanager']       = 1;
-$plugins['template:dokuwiki'] = 1; // not a plugin, but this should not be uninstalled either
diff --git a/config-templates/dokuwiki/conf/scheme.conf b/config-templates/dokuwiki/conf/scheme.conf
deleted file mode 100644
index 88cb3c4..0000000
--- a/config-templates/dokuwiki/conf/scheme.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-#Add URL schemes you want to be recognized as links here
-
-http
-https
-telnet
-gopher
-wais
-ftp
-ed2k
-irc
-ldap
\ No newline at end of file
diff --git a/config-templates/dokuwiki/conf/smileys.conf b/config-templates/dokuwiki/conf/smileys.conf
deleted file mode 100644
index 914549d..0000000
--- a/config-templates/dokuwiki/conf/smileys.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# Smileys configured here will be replaced by the
-# configured images in the smiley directory
-
-8-)         cool.svg
-8-O         eek.svg
-8-o         eek.svg
-:-(         sad.svg
-:-)         smile.svg
-=)          smile2.svg
-:-/         doubt.svg
-:-\         doubt2.svg
-:-?         confused.svg
-:-D         biggrin.svg
-:-P         razz.svg
-:-o         surprised.svg
-:-O         surprised.svg
-:-x         silenced.svg
-:-X         silenced.svg
-:-|         neutral.svg
-;-)         wink.svg
-m(          facepalm.svg
-^_^         fun.svg
-:?:         question.svg
-:!:         exclaim.svg
-LOL         lol.svg
-FIXME       fixme.svg
-DELETEME    deleteme.svg
-
diff --git a/config-templates/dokuwiki/conf/users.auth.php b/config-templates/dokuwiki/conf/users.auth.php
deleted file mode 100644
index d288e51..0000000
--- a/config-templates/dokuwiki/conf/users.auth.php
+++ /dev/null
@@ -1,13 +0,0 @@
-# users.auth.php
-# <?php exit()?>
-# Don't modify the lines above
-#
-# Userfile
-#
-# Auto-generated by install script
-# Date: Tue, 20 Jan 2026 20:06:48 -0500
-#
-# Format:
-# login:passwordhash:Real Name:email:groups,comma,separated
-
-admin:$2y$10$dX5ryEUsFKXDRNl6DAk5Zem.1KtI8Q45.z0EQ6NLI7HXJjJyx4hqS:Admin:admin@example.com:admin,user
diff --git a/config-templates/dokuwiki/conf/users.auth.php.dist b/config-templates/dokuwiki/conf/users.auth.php.dist
deleted file mode 100644
index 8231aa5..0000000
--- a/config-templates/dokuwiki/conf/users.auth.php.dist
+++ /dev/null
@@ -1,10 +0,0 @@
-# users.auth.php
-# <?php exit()?>
-# Don't modify the lines above
-#
-# Userfile
-#
-# Format:
-#
-# login:passwordhash:Real Name:email:groups,comma,separated
-
diff --git a/config-templates/dokuwiki/conf/wordblock.conf b/config-templates/dokuwiki/conf/wordblock.conf
deleted file mode 100644
index 3040fa0..0000000
--- a/config-templates/dokuwiki/conf/wordblock.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# This blacklist is maintained by the DokuWiki community
-# patches welcome
-#
-https?:\/\/(\S*?)(-side-effects|top|pharm|pill|discount|discount-|deal|price|order|now|best|cheap|cheap-|online|buy|buy-|sale|sell)(\S*?)(cialis|viagra|prazolam|xanax|zanax|soma|vicodin|zenical|xenical|meridia|paxil|prozac|claritin|allegra|lexapro|wellbutrin|zoloft|retin|valium|levitra|phentermine)
-https?:\/\/(\S*?)(bi\s*sex|gay\s*sex|fetish|incest|penis|\brape\b)
-zoosex
-gang\s*bang
-facials
-ladyboy
-\btits\b
-bolea\.com
-52crystal
-baida\.org
-web-directory\.awardspace\.us
-korsan-team\.com
-BUDA TAMAMDIR
-wow-powerleveling-wow\.com
-wow gold
-wow-gold\.dinmo\.cn
-downgrade-vista\.com
-downgradetowindowsxp\.com
-elegantugg\.com
-classicedhardy\.com
-research-service\.com
-https?:\/\/(\S*?)(2-pay-secure|911essay|academia-research|anypapers|applicationessay|bestbuyessay|bestdissertation|bestessay|bestresume|besttermpaper|businessessay|college-paper|customessay|custom-made-paper|custom-writing|degree-?result|dissertationblog|dissertation-service|dissertations?expert|essaybank|essay-?blog|essaycapital|essaylogic|essaymill|essayontime|essaypaper|essays?land|essaytownsucks|essay-?writ|fastessays|freelancercareers|genuinecontent|genuineessay|genuinepaper|goessay|grandresume|killer-content|ma-dissertation|managementessay|masterpaper|mightystudent|needessay|researchedge|researchpaper-blog|resumecvservice|resumesexperts|resumesplanet|rushessay|samedayessay|superiorcontent|superiorpaper|superiorthesis|term-paper|termpaper-blog|term-paper-research|thesisblog|universalresearch|valwriting|vdwriters|wisetranslation|writersassembly|writers\.com\.ph|writers\.ph)
-flatsinmumbai\.co\.in
-https?:\/\/(\S*?)penny-?stock
-mattressreview\.biz
-(just|simply) (my|a) profile (site|webpage|page)
diff --git a/config-templates/dokuwiki/data/pages/architecture/backup.txt b/config-templates/dokuwiki/data/pages/architecture/backup.txt
deleted file mode 100644
index 74081aa..0000000
--- a/config-templates/dokuwiki/data/pages/architecture/backup.txt
+++ /dev/null
@@ -1,293 +0,0 @@
-====== Backup Strategy ======
-
-The AI-Homelab implements a comprehensive backup strategy designed for data protection, disaster recovery, and business continuity.
-
-===== Backup Principles =====
-
-**3-2-1 Rule:**
-  * **3 Copies**: Original + 2 backups
-  * **2 Media Types**: Different storage technologies
-  * **1 Offsite**: Geographic separation
-
-**Recovery Objectives:**
-  * **RTO (Recovery Time Objective)**: Time to restore service
-  * **RPO (Recovery Point Objective)**: Maximum data loss acceptable
-  * **RTO Target**: < 4 hours for critical services
-  * **RPO Target**: < 1 hour for critical data
-
-**Backup Types:**
-  * **Full**: Complete system backup
-  * **Incremental**: Changes since last backup
-  * **Differential**: Changes since last full backup
-  * **Snapshot**: Point-in-time copy
-
-===== Backup Architecture =====
-
-**Primary Backup Solution (Backrest):**
-```yaml
-services:
-  backrest:
-    image: ghcr.io/garethflowers/docker-backrest:latest
-    volumes:
-      - ./config/backrest:/config
-      - /mnt/backups:/backups
-      - /opt/stacks:/opt/stacks:ro
-      - /mnt:/mnt:ro
-    environment:
-      - BACKREST_CONFIG=/config/config.yml
-      - BACKREST_SCHEDULE=0 0 * * *
-```
-
-**Alternative Solution (Duplicati):**
-```yaml
-services:
-  duplicati:
-    image: lscr.io/linuxserver/duplicati:latest
-    volumes:
-      - duplicati-config:/config
-      - duplicati-source:/source:ro
-      - duplicati-backup:/backup
-```
-
-===== Backup Categories =====
-
-**Configuration Backups:**
-  * **Source**: `/opt/stacks/*/`
-  * **Frequency**: Daily
-  * **Retention**: 30 days
-  * **Type**: Incremental
-  * **Critical**: Yes (service definitions)
-
-**User Data Backups:**
-  * **Source**: `/mnt/media/`, `/mnt/nextcloud/`
-  * **Frequency**: Daily
-  * **Retention**: 90 days
-  * **Type**: Incremental
-  * **Critical**: Yes (user files)
-
-**Database Backups:**
-  * **Source**: Named Docker volumes
-  * **Frequency**: Hourly
-  * **Retention**: 7 days
-  * **Type**: Snapshot
-  * **Critical**: Yes (application data)
-
-**SSL Certificate Backups:**
-  * **Source**: `/opt/stacks/core/traefik/acme.json`
-  * **Frequency**: After renewal
-  * **Retention**: 1 year
-  * **Type**: Full
-  * **Critical**: Yes (HTTPS access)
-
-===== Backup Configuration =====
-
-**Backrest Configuration:**
-```yaml
-version: 1
-schedule: "0 2 * * *"  # Daily at 2 AM
-repositories:
-  - path: "/backups/local"
-    retention: "30d"
-  - path: "/backups/remote"
-    retention: "90d"
-backups:
-  - name: "stacks-config"
-    paths:
-      - "/opt/stacks"
-    exclude:
-      - "*.log"
-      - "*/cache/*"
-  - name: "user-data"
-    paths:
-      - "/mnt/media"
-      - "/mnt/nextcloud"
-    exclude:
-      - "*/temp/*"
-      - "*/cache/*"
-```
-
-**Duplicati Configuration:**
-  * **Source**: Local directories
-  * **Destination**: Local/network/cloud storage
-  * **Encryption**: AES-256
-  * **Compression**: ZIP
-  * **Deduplication**: Block-level
-
-===== Storage Destinations =====
-
-**Local Storage:**
-  * **Path**: `/mnt/backups/`
-  * **Type**: External HDD/SSD
-  * **Encryption**: Filesystem level
-  * **Access**: Direct mount
-
-**Network Storage:**
-  * **Protocol**: NFS/SMB/CIFS
-  * **Location**: NAS device
-  * **Redundancy**: RAID protection
-  * **Security**: VPN access
-
-**Cloud Storage:**
-  * **Providers**: AWS S3, Backblaze B2, Google Cloud
-  * **Encryption**: Client-side
-  * **Cost**: Pay for storage used
-  * **Access**: Internet connection
-
-**Offsite Storage:**
-  * **Location**: Different geographic location
-  * **Transport**: Encrypted drives
-  * **Frequency**: Weekly rotation
-  * **Security**: Physical security
-
-===== Encryption & Security =====
-
-**Encryption Methods:**
-  * **Symmetric**: AES-256-GCM
-  * **Asymmetric**: RSA key pairs
-  * **Key Management**: Secure key storage
-  * **Key Rotation**: Regular key updates
-
-**Security Measures:**
-  * **Access Control**: Restricted backup access
-  * **Network Security**: VPN for remote backups
-  * **Integrity Checks**: SHA-256 verification
-  * **Audit Logging**: Backup operation logs
-
-===== Automation & Scheduling =====
-
-**Cron Schedules:**
-```bash
-# Daily backups at 2 AM
-0 2 * * * /usr/local/bin/backrest backup
-
-# Weekly full backup on Sunday
-0 3 * * 0 /usr/local/bin/backrest backup --full
-
-# Monthly archive
-0 4 1 * * /usr/local/bin/backrest archive
-```
-
-**Monitoring:**
-  * **Success/Failure**: Email notifications
-  * **Size Tracking**: Storage usage monitoring
-  * **Performance**: Backup duration tracking
-  * **Health Checks**: Integrity verification
-
-===== Recovery Procedures =====
-
-**File-Level Recovery:**
-```bash
-# List snapshots
-restic snapshots
-
-# Restore specific file
-restic restore latest --target /tmp/restore --path /opt/stacks/config.yml
-
-# Restore to original location
-restic restore latest --target / --path /opt/stacks
-```
-
-**Volume Recovery:**
-```bash
-# Stop service
-docker compose down
-
-# Restore volume
-docker run --rm -v restored-volume:/data -v /backups:/backup busybox tar xzf /backup/volume.tar.gz -C /
-
-# Restart service
-docker compose up -d
-```
-
-**System Recovery:**
-  1. **Boot from installation media**
-  2. **Restore base system**
-  3. **Install Docker**
-  4. **Restore configurations**
-  5. **Restore user data**
-  6. **Verify services**
-
-===== Testing & Validation =====
-
-**Regular Testing:**
-  * **Monthly**: File restoration tests
-  * **Quarterly**: Volume recovery tests
-  * **Annually**: Full system recovery
-  * **After Changes**: Configuration updates
-
-**Validation Checks:**
-```bash
-# Verify backup integrity
-restic check
-
-# List backup contents
-restic ls latest
-
-# Compare file counts
-find /original -type f | wc -l
-restic ls latest | wc -l
-```
-
-**Performance Monitoring:**
-  * **Backup Duration**: Track completion times
-  * **Success Rate**: Monitor failure rates
-  * **Storage Growth**: Track backup size trends
-  * **Recovery Time**: Measure restoration speed
-
-===== Disaster Recovery =====
-
-**Disaster Scenarios:**
-  * **Hardware Failure**: Drive/server replacement
-  * **Data Corruption**: File system damage
-  * **Cyber Attack**: Ransomware recovery
-  * **Site Disaster**: Complete site loss
-
-**Recovery Strategies:**
-  * **Cold Standby**: Pre-configured backup server
-  * **Cloud Recovery**: Infrastructure as Code
-  * **Data Center**: Professional recovery services
-  * **Insurance**: Cyber liability coverage
-
-**Business Continuity:**
-  * **Critical Services**: < 1 hour RTO
-  * **Important Services**: < 4 hours RTO
-  * **Standard Services**: < 24 hours RTO
-  * **Acceptable Data Loss**: < 1 hour RPO
-
-===== Cost Optimization =====
-
-**Storage Costs:**
-  * **Local**: Low initial cost, high maintenance
-  * **Network**: Medium cost, shared resources
-  * **Cloud**: Pay-as-you-go, scalable
-  * **Offsite**: Security vs accessibility trade-off
-
-**Optimization Strategies:**
-  * **Compression**: Reduce storage requirements
-  * **Deduplication**: Eliminate redundant data
-  * **Tiering**: Move old data to cheaper storage
-  * **Retention Policies**: Delete unnecessary backups
-
-===== Compliance & Auditing =====
-
-**Regulatory Requirements:**
-  * **Data Retention**: Industry-specific rules
-  * **Encryption Standards**: FIPS compliance
-  * **Access Logging**: Audit trail requirements
-  * **Testing Frequency**: Regulatory testing schedules
-
-**Audit Procedures:**
-  * **Backup Logs**: Operation history
-  * **Access Logs**: Who accessed backups
-  * **Change Logs**: Configuration changes
-  * **Test Results**: Recovery test documentation
-
-**Documentation:**
-  * **Procedures**: Step-by-step recovery guides
-  * **Contacts**: Emergency contact information
-  * **Dependencies**: Required resources and access
-  * **Testing**: Regular test schedules and results
-
-This backup strategy ensures your homelab data remains protected and recoverable in any scenario.
-
-**Next:** Explore [[services:start|Service Management]] or learn about [[development:start|Contributing]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/architecture/networking.txt b/config-templates/dokuwiki/data/pages/architecture/networking.txt
deleted file mode 100644
index 5542b00..0000000
--- a/config-templates/dokuwiki/data/pages/architecture/networking.txt
+++ /dev/null
@@ -1,329 +0,0 @@
-====== Network Architecture ======
-
-The AI-Homelab uses a sophisticated network architecture designed for security, performance, and scalability.
-
-===== Network Topology =====
-
-```
-Internet
-    ↓
-[Router/Firewall]
-    ├── Port 80 (HTTP) → Traefik (Let's Encrypt)
-    ├── Port 443 (HTTPS) → Traefik (SSL Termination)
-    └── Port 22 (SSH) → Server (Management)
-    ↓
-[DuckDNS] Dynamic DNS
-    ↓
-[Traefik] Reverse Proxy
-    ├── Authelia SSO Middleware
-    ├── Service Routing
-    └── SSL Termination
-    ↓
-[Docker Networks]
-    ├── traefik-network (Web Services)
-    ├── homelab-network (Internal)
-    ├── media-network (Media Services)
-    └── service-specific networks
-```
-
-===== Docker Networks =====
-
-**traefik-network (Primary):**
-  * **Purpose**: All web-accessible services
-  * **Driver**: Bridge
-  * **IP Range**: 172.20.0.0/16
-  * **External Access**: Yes (via Traefik)
-
-**homelab-network (Internal):**
-  * **Purpose**: Internal service communication
-  * **Driver**: Bridge
-  * **IP Range**: 172.21.0.0/16
-  * **External Access**: No
-
-**media-network:**
-  * **Purpose**: Media service isolation
-  * **Driver**: Bridge
-  * **IP Range**: 172.22.0.0/16
-  * **External Access**: Via Traefik
-
-**dockerproxy-network:**
-  * **Purpose**: Docker socket proxy
-  * **Driver**: Bridge
-  * **Security**: Restricted access
-
-===== Traefik Routing =====
-
-**Entry Points:**
-```yaml
-entryPoints:
-  web:
-    address: ":80"
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-  websecure:
-    address: ":443"
-    http:
-      tls:
-        certResolver: letsencrypt
-```
-
-**Router Configuration:**
-```yaml
-http:
-  routers:
-    service-router:
-      rule: "Host(`service.yourdomain.duckdns.org`)"
-      entryPoints:
-        - websecure
-      service: service-name
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-```
-
-**Service Discovery:**
-```yaml
-http:
-  services:
-    service-name:
-      loadBalancer:
-        servers:
-          - url: "http://container-name:port"
-```
-
-===== SSL/TLS Configuration =====
-
-**Certificate Resolver:**
-```yaml
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      email: your-email@example.com
-      storage: /acme.json
-      dnsChallenge:
-        provider: duckdns
-        delayBeforeCheck: 30
-```
-
-**Wildcard Certificate:**
-  * **Domain**: `*.yourdomain.duckdns.org`
-  * **Provider**: Let's Encrypt
-  * **Challenge**: DNS-01 (DuckDNS)
-  * **Validity**: 90 days
-  * **Renewal**: Automatic
-
-**Security Headers:**
-```yaml
-middlewares:
-  security-headers:
-    headers:
-      stsSeconds: 31536000
-      stsIncludeSubdomains: true
-      stsPreload: true
-      forceSTSHeader: true
-      contentTypeNosniff: true
-      browserXssFilter: true
-      referrerPolicy: "strict-origin-when-cross-origin"
-      permissionsPolicy: "geolocation=(), microphone=(), camera=()"
-```
-
-===== Authelia Integration =====
-
-**SSO Middleware:**
-```yaml
-middlewares:
-  authelia:
-    forwardAuth:
-      address: "http://authelia:9091/api/verify?rd=https://auth.yourdomain.duckdns.org/"
-      trustForwardHeader: true
-      authResponseHeaders:
-        - "Remote-User"
-        - "Remote-Groups"
-        - "Remote-Name"
-        - "Remote-Email"
-```
-
-**Access Control Rules:**
-```yaml
-access_control:
-  default_policy: deny
-  rules:
-    - domain: "*.yourdomain.duckdns.org"
-      policy: two_factor
-    - domain: "jellyfin.yourdomain.duckdns.org"
-      policy: bypass
-    - domain: "plex.yourdomain.duckdns.org"
-      policy: bypass
-```
-
-===== VPN Integration =====
-
-**Gluetun Network Mode:**
-```yaml
-services:
-  qbittorrent:
-    network_mode: "service:gluetun"
-    depends_on:
-      - gluetun
-```
-
-**Port Mapping:**
-```yaml
-gluetun:
-  ports:
-    - "8080:8080"  # qBittorrent Web UI
-    - "6881:6881"  # Torrent port
-    - "6881:6881/udp"
-```
-
-**VPN Routing:**
-  * **Provider**: Surfshark (configurable)
-  * **Protocol**: WireGuard/OpenVPN
-  * **Kill Switch**: Prevents IP leaks
-  * **Port Forwarding**: Automatic
-
-===== Firewall Configuration =====
-
-**UFW Rules (Automatic):**
-```bash
-# Allow SSH
-sudo ufw allow ssh
-
-# Allow HTTP/HTTPS
-sudo ufw allow 80
-sudo ufw allow 443
-
-# Enable firewall
-sudo ufw enable
-
-# Default deny
-sudo ufw default deny incoming
-sudo ufw default allow outgoing
-```
-
-**Docker Security:**
-  * **No privileged containers**
-  * **Non-root user execution**
-  * **Minimal port exposure**
-  * **Network isolation**
-
-===== External Service Proxying =====
-
-**Traefik File Provider:**
-```yaml
-http:
-  routers:
-    external-service:
-      rule: "Host(`external.yourdomain.duckdns.org`)"
-      service: external-service
-      middlewares:
-        - authelia@docker
-  services:
-    external-service:
-      loadBalancer:
-        servers:
-          - url: "http://192.168.1.100:8123"
-```
-
-**Use Cases:**
-  * **Home Assistant** on Raspberry Pi
-  * **NAS devices** (TrueNAS, Unraid)
-  * **Network printers** and IoT devices
-  * **Legacy applications**
-
-===== DNS Configuration =====
-
-**DuckDNS Setup:**
-  * **Update Interval**: Every 5 minutes
-  * **API Token**: Stored in `.env`
-  * **Domains**: yourdomain.duckdns.org
-  * **Wildcard**: *.yourdomain.duckdns.org
-
-**Pi-hole Integration:**
-  * **Upstream DNS**: Quad9, Cloudflare
-  * **Ad Blocking**: Enabled
-  * **Local DNS**: Service discovery
-  * **DHCP**: Optional
-
-===== Network Troubleshooting =====
-
-**Connectivity Issues:**
-```bash
-# Check network connectivity
-ping -c 4 8.8.8.8
-
-# Test DNS resolution
-nslookup yourdomain.duckdns.org
-
-# Check port forwarding
-curl -I http://your-external-ip
-```
-
-**Docker Network Issues:**
-```bash
-# List networks
-docker network ls
-
-# Inspect network
-docker network inspect traefik-network
-
-# Check container connectivity
-docker exec container-name ping traefik
-```
-
-**SSL Certificate Problems:**
-```bash
-# Check certificate
-echo | openssl s_client -connect yourdomain.duckdns.org:443 -servername service.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -dates
-
-# View Traefik logs
-docker logs traefik | grep certificate
-```
-
-**Authelia Issues:**
-```bash
-# Check Authelia logs
-docker logs authelia
-
-# Test authentication
-curl -k https://auth.yourdomain.duckdns.org/api/state
-```
-
-===== Performance Optimization =====
-
-**Connection Pooling:**
-  * **Keep-Alive**: Persistent connections
-  * **Connection Reuse**: Reduce overhead
-  * **Load Balancing**: Distribute traffic
-
-**Caching:**
-  * **Browser Caching**: Static assets
-  * **Reverse Proxy**: Dynamic content
-  * **DNS Caching**: Pi-hole
-
-**Compression:**
-  * **Gzip**: Text compression
-  * **Brotli**: Advanced compression
-  * **Media**: No compression (already compressed)
-
-===== Monitoring =====
-
-**Network Monitoring:**
-  * **Traefik Dashboard**: Routing metrics
-  * **Authelia Logs**: Authentication events
-  * **Pi-hole Stats**: DNS queries
-  * **Uptime Kuma**: Service availability
-
-**Traffic Analysis:**
-  * **Request Logs**: Access patterns
-  * **Error Rates**: Service health
-  * **Response Times**: Performance metrics
-  * **Bandwidth Usage**: Network utilization
-
-This network architecture provides secure, efficient, and scalable connectivity for all homelab services.
-
-**Next:** Learn about [[architecture:security|Security Architecture]] or [[architecture:storage|Storage Strategy]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/architecture/overview.txt b/config-templates/dokuwiki/data/pages/architecture/overview.txt
deleted file mode 100644
index f4f28da..0000000
--- a/config-templates/dokuwiki/data/pages/architecture/overview.txt
+++ /dev/null
@@ -1,298 +0,0 @@
-====== System Architecture ======
-
-The AI-Homelab is built on a production-ready, scalable architecture designed for reliability, security, and ease of management.
-
-===== Core Principles =====
-
-**Infrastructure as Code:**
-  * All services defined in Docker Compose files
-  * Configuration managed through YAML files
-  * Version control with Git
-  * Reproducible deployments
-
-**Security First:**
-  * SSO protection for admin interfaces
-  * Automatic HTTPS with Let's Encrypt
-  * VPN routing for downloads
-  * Network isolation and segmentation
-
-**Scalability:**
-  * Resource limits prevent exhaustion
-  * Lazy loading reduces resource usage
-  * Modular service architecture
-  * Easy addition of new services
-
-**Observability:**
-  * Comprehensive logging
-  * Metrics collection
-  * Health monitoring
-  * Alerting capabilities
-
-===== Network Architecture =====
-
-```
-Internet
-    ↓
-[Router] Port Forwarding (80, 443)
-    ↓
-[DuckDNS] Dynamic DNS Updates
-    ↓
-[Traefik] Reverse Proxy + SSL Termination
-    ↓
-[Authelia] SSO Authentication
-    ↓
-[Docker Services] Isolated Containers
-```
-
-**Network Layers:**
-
-**External Access:**
-  * **DuckDNS**: Dynamic DNS service
-  * **Port Forwarding**: 80/443 to Traefik
-  * **SSL Termination**: Wildcard certificate
-
-**Reverse Proxy:**
-  * **Traefik**: Routes traffic to services
-  * **Authelia**: SSO middleware
-  * **Load Balancing**: Service discovery
-
-**Service Networks:**
-  * **traefik-network**: All web services
-  * **homelab-network**: Internal communication
-  * **media-network**: Media services
-  * **isolated networks**: Security segmentation
-
-===== Service Architecture =====
-
-**Core Stack (Essential Infrastructure):**
-  * **DuckDNS**: DNS updates every 5 minutes
-  * **Traefik**: HTTP routing and SSL
-  * **Authelia**: Authentication and authorization
-  * **Gluetun**: VPN client for downloads
-  * **Sablier**: Lazy loading service
-
-**Infrastructure Stack:**
-  * **Dockge**: Primary management interface
-  * **Pi-hole**: Network-wide DNS and ad blocking
-  * **Dozzle**: Live Docker log viewer
-  * **Glances**: System resource monitoring
-
-**Service Categories:**
-
-**Media Services:**
-  * **Jellyfin/Plex**: Media servers with transcoding
-  * **qBittorrent**: Torrent client (VPN routed)
-  * **Sonarr/Radarr**: Download automation
-  * **Prowlarr**: Indexer management
-
-**Productivity Services:**
-  * **Nextcloud**: File synchronization
-  * **Gitea**: Git service and CI/CD
-  * **BookStack**: Documentation platform
-  * **WordPress**: Blogging platform
-
-**Monitoring & Observability:**
-  * **Grafana**: Dashboard and visualization
-  * **Prometheus**: Metrics collection
-  * **Uptime Kuma**: Status monitoring
-  * **Loki**: Log aggregation
-
-===== Storage Architecture =====
-
-**Configuration Storage:**
-```
-/opt/stacks/
-├── core/                    # Core infrastructure
-├── infrastructure/          # Management tools
-├── media/                   # Media services
-├── productivity/            # Office tools
-└── monitoring/              # Observability
-```
-
-**Data Storage Strategy:**
-
-**Small Data (< 50GB):**
-  * **Location**: `/opt/stacks/stack-name/config/`
-  * **Type**: Bind mounts
-  * **Backup**: Included in configuration backups
-
-**Large Data (> 50GB):**
-  * **Location**: `/mnt/media/`, `/mnt/downloads/`, `/mnt/backups/`
-  * **Type**: External mounts
-  * **Backup**: Separate backup strategies
-
-**Database Storage:**
-  * **Type**: Named Docker volumes
-  * **Location**: Docker managed
-  * **Backup**: Volume snapshots
-
-===== Security Architecture =====
-
-**Authentication & Authorization:**
-
-**Authelia SSO:**
-  * **Protocol**: SAML, OpenID Connect
-  * **Storage**: File-based user database
-  * **2FA**: TOTP, WebAuthn support
-  * **Policies**: Domain-based access control
-
-**Service Authentication:**
-  * **Admin Services**: Authelia protected
-  * **Media Services**: Bypass for app compatibility
-  * **APIs**: Token-based authentication
-
-**Network Security:**
-  * **Firewall**: UFW with minimal ports
-  * **SSL/TLS**: End-to-end encryption
-  * **VPN**: Download traffic protection
-  * **Isolation**: Docker network segmentation
-
-===== Deployment Architecture =====
-
-**Two-Phase Deployment:**
-
-**Phase 1: Setup**
-```bash
-sudo ./scripts/setup-homelab.sh
-```
-  * System preparation
-  * Docker installation
-  * Authelia configuration
-  * Infrastructure setup
-
-**Phase 2: Deployment**
-```bash
-sudo ./scripts/deploy-homelab.sh
-```
-  * Core stack deployment
-  * SSL certificate generation
-  * Infrastructure services
-  * Health verification
-
-**Service Deployment:**
-  * **Dockge**: Web-based stack management
-  * **Manual**: Docker Compose commands
-  * **Automated**: CI/CD pipelines
-
-===== Resource Management =====
-
-**Resource Limits:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '2.0'
-      memory: 4G
-    reservations:
-      cpus: '0.5'
-      memory: 1G
-```
-
-**Resource Allocation Strategy:**
-  * **Core Services**: Minimal resources (0.1-0.5 CPU, 64MB-256MB RAM)
-  * **Web Services**: Moderate resources (1-2 CPU, 1-4GB RAM)
-  * **Media Services**: High resources (2-4 CPU, 4-8GB RAM)
-  * **Background Services**: Variable based on workload
-
-**Lazy Loading:**
-  * **Sablier**: On-demand service startup
-  * **Resource Savings**: 50-80% reduction in idle usage
-  * **Automatic Scaling**: Services start when accessed
-
-===== Monitoring Architecture =====
-
-**Metrics Collection:**
-  * **Prometheus**: Time-series metrics
-  * **Node Exporter**: System metrics
-  * **cAdvisor**: Container metrics
-  * **Custom Exporters**: Service-specific metrics
-
-**Logging:**
-  * **Dozzle**: Real-time log viewer
-  * **Loki**: Log aggregation
-  * **Promtail**: Log shipping
-  * **Structured Logging**: JSON format
-
-**Alerting:**
-  * **Uptime Kuma**: Service availability
-  * **Grafana**: Threshold-based alerts
-  * **Email/SMS**: Notification channels
-
-===== Backup Architecture =====
-
-**Backup Strategy:**
-  * **Backrest**: Primary backup solution (Restic)
-  * **Duplicati**: Alternative encrypted backups
-  * **Automated**: Scheduled backups
-  * **Encrypted**: AES-256 encryption
-
-**Backup Types:**
-  * **Configuration**: `/opt/stacks/` directories
-  * **User Data**: Service volumes and mounts
-  * **SSL Certificates**: `/opt/stacks/core/traefik/acme.json`
-  * **Databases**: Volume snapshots
-
-**Recovery:**
-  * **Point-in-time**: Versioned backups
-  * **Bare metal**: Complete system recovery
-  * **Service-level**: Individual service restoration
-
-===== High Availability =====
-
-**Redundancy:**
-  * **Load Balancing**: Traefik distributes traffic
-  * **Health Checks**: Automatic service monitoring
-  * **Failover**: Automatic service restart
-  * **Backups**: Multiple backup locations
-
-**Scalability:**
-  * **Horizontal**: Multiple service instances
-  * **Vertical**: Resource scaling
-  * **Storage**: Distributed storage options
-  * **Network**: High-bandwidth connections
-
-===== Development Architecture =====
-
-**AI Integration:**
-  * **GitHub Copilot**: Intelligent assistance
-  * **Copilot Instructions**: Context-aware guidance
-  * **Automated Configuration**: AI-generated compose files
-  * **Documentation**: AI-maintained wiki
-
-**Version Control:**
-  * **Git**: Source code management
-  * **Branches**: Feature development
-  * **Tags**: Release versioning
-  * **CI/CD**: Automated testing and deployment
-
-===== Performance Optimization =====
-
-**Caching:**
-  * **Browser Caching**: Static asset optimization
-  * **Database Caching**: Query result caching
-  * **CDN**: Content delivery networks
-  * **Reverse Proxy**: Traefik caching
-
-**Optimization Techniques:**
-  * **Compression**: Gzip/Brotli compression
-  * **Minification**: Asset optimization
-  * **Lazy Loading**: On-demand resource loading
-  * **Connection Pooling**: Database optimization
-
-===== Compliance & Governance =====
-
-**Security Standards:**
-  * **SSL/TLS**: Industry standard encryption
-  * **Access Control**: Least privilege principle
-  * **Audit Logging**: Comprehensive activity logs
-  * **Regular Updates**: Security patch management
-
-**Data Protection:**
-  * **Encryption**: Data at rest and in transit
-  * **Backup Encryption**: Secure offsite storage
-  * **Privacy**: Minimal data collection
-  * **Retention**: Configurable data lifecycle
-
-This architecture provides a solid foundation for a production-ready homelab that can scale with your needs while maintaining security and reliability.
-
-**Next:** Learn about [[architecture:networking|Network Architecture]] or explore [[services:start|Available Services]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/architecture/security.txt b/config-templates/dokuwiki/data/pages/architecture/security.txt
deleted file mode 100644
index d124b1a..0000000
--- a/config-templates/dokuwiki/data/pages/architecture/security.txt
+++ /dev/null
@@ -1,299 +0,0 @@
-====== Security Architecture ======
-
-The AI-Homelab implements a comprehensive security model based on defense in depth, zero trust principles, and industry best practices.
-
-===== Security Principles =====
-
-**Defense in Depth:**
-  * **Multiple Layers**: Network, application, and data security
-  * **Fail-Safe Defaults**: Secure by default, explicit opt-out
-  * **Least Privilege**: Minimal required permissions
-  * **Continuous Monitoring**: Real-time threat detection
-
-**Zero Trust:**
-  * **Never Trust**: Verify every access request
-  * **Assume Breach**: Design for compromised systems
-  * **Micro-Segmentation**: Isolate services and data
-  * **Continuous Verification**: Ongoing authentication
-
-**Compliance:**
-  * **Data Protection**: Encryption at rest and in transit
-  * **Access Control**: Role-based and attribute-based access
-  * **Audit Logging**: Comprehensive activity tracking
-  * **Regular Updates**: Security patch management
-
-===== Authentication & Authorization =====
-
-**Authelia SSO System:**
-
-**Architecture:**
-  * **Protocol**: OpenID Connect, SAML 2.0
-  * **Storage**: File-based user database
-  * **Session Management**: Secure JWT tokens
-  * **Multi-Factor**: TOTP, WebAuthn, Push notifications
-
-**User Management:**
-```yaml
-users:
-  admin:
-    displayname: Administrator
-    password: $argon2id$...
-    email: admin@yourdomain.duckdns.org
-    groups:
-      - admins
-      - dev
-```
-
-**Access Policies:**
-```yaml
-access_control:
-  default_policy: deny
-  rules:
-    # Admin services require 2FA
-    - domain: "*.yourdomain.duckdns.org"
-      policy: two_factor
-      subject:
-        - "group:admins"
-    
-    # Media services bypass SSO
-    - domain: "jellyfin.yourdomain.duckdns.org"
-      policy: bypass
-    
-    # API access with tokens
-    - domain: "*.yourdomain.duckdns.org"
-      policy: one_factor
-      resources:
-        - "^/api/.*"
-```
-
-**Session Security:**
-  * **Expiration**: 8 hour sessions
-  * **Inactivity Timeout**: 10 minute timeout
-  * **Secure Cookies**: HttpOnly, Secure, SameSite
-  * **CSRF Protection**: Token-based validation
-
-===== SSL/TLS Encryption =====
-
-**Certificate Management:**
-  * **Authority**: Let's Encrypt (trusted CA)
-  * **Type**: Wildcard ECDSA certificate
-  * **Domains**: *.yourdomain.duckdns.org
-  * **Renewal**: Automatic (30 days before expiry)
-
-**SSL Configuration:**
-```yaml
-tls:
-  certificates:
-    - certFile: /ssl/cert.pem
-      keyFile: /ssl/private.key
-  options:
-    default:
-      minVersion: VersionTLS12
-      cipherSuites:
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-      sniStrict: true
-```
-
-**Security Headers:**
-```yaml
-headers:
-  # Prevent clickjacking
-  customResponseHeaders:
-    X-Frame-Options: "SAMEORIGIN"
-    X-Content-Type-Options: "nosniff"
-    Referrer-Policy: "strict-origin-when-cross-origin"
-    Permissions-Policy: "geolocation=(), microphone=(), camera=()"
-  
-  # HSTS (HTTP Strict Transport Security)
-  stsSeconds: 31536000
-  stsIncludeSubdomains: true
-  stsPreload: true
-```
-
-===== Network Security =====
-
-**Firewall Configuration:**
-  * **UFW**: Uncomplicated Firewall
-  * **Default Policy**: Deny all incoming
-  * **Allowed Ports**: 22 (SSH), 80 (HTTP), 443 (HTTPS)
-  * **Docker Isolation**: Container network segmentation
-
-**Network Segmentation:**
-  * **traefik-network**: Web-facing services
-  * **homelab-network**: Internal services
-  * **media-network**: Media services
-  * **isolated-networks**: High-security services
-
-**VPN Protection:**
-  * **Gluetun**: VPN client container
-  * **Provider**: Surfshark (configurable)
-  * **Protocol**: WireGuard (preferred)
-  * **Kill Switch**: Prevents IP leaks
-
-===== Container Security =====
-
-**Docker Security Best Practices:**
-  * **Non-root Users**: PUID/PGID environment variables
-  * **No Privileged Containers**: Minimal capabilities
-  * **Read-only Filesystems**: Where possible
-  * **Resource Limits**: CPU and memory constraints
-
-**Security Scanning:**
-```yaml
-# Trivy vulnerability scanning
-docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
-  aquasec/trivy image your-image:latest
-
-# Container security audit
-docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
-  docker/docker-bench-security
-```
-
-**Image Security:**
-  * **Official Images**: LinuxServer.io preferred
-  * **Version Pinning**: Specific version tags
-  * **SBOM**: Software Bill of Materials
-  * **Signature Verification**: Image signing
-
-===== Data Protection =====
-
-**Encryption at Rest:**
-  * **SSL Certificates**: Encrypted storage
-  * **User Data**: Service-specific encryption
-  * **Backups**: AES-256 encryption
-  * **Secrets**: Environment variable protection
-
-**Encryption in Transit:**
-  * **HTTPS**: End-to-end encryption
-  * **API Communication**: TLS 1.2+
-  * **Database Connections**: SSL/TLS
-  * **VPN Tunneling**: WireGuard/OpenVPN
-
-**Data Classification:**
-  * **Public**: No encryption required
-  * **Internal**: TLS encryption
-  * **Sensitive**: Additional encryption layers
-  * **Critical**: Multi-layer encryption
-
-===== Access Control =====
-
-**Role-Based Access Control (RBAC):**
-```yaml
-# Authelia groups
-groups:
-  admins:
-    - admin
-  users:
-    - user1
-    - user2
-  media:
-    - family
-```
-
-**Service-Level Permissions:**
-  * **Nextcloud**: User and group permissions
-  * **Gitea**: Repository access control
-  * **Grafana**: Dashboard permissions
-  * **API Keys**: Scoped access tokens
-
-**Network Access Control:**
-  * **IP Whitelisting**: Restrict by IP address
-  * **Geo-blocking**: Country-based restrictions
-  * **Rate Limiting**: Prevent brute force attacks
-  * **Fail2Ban**: SSH protection
-
-===== Monitoring & Auditing =====
-
-**Security Monitoring:**
-  * **Authentication Logs**: Authelia events
-  * **Access Logs**: Traefik requests
-  * **System Logs**: Docker and system events
-  * **Intrusion Detection**: Pattern matching
-
-**Audit Logging:**
-```yaml
-# Loki log aggregation
-scrape_configs:
-  - job_name: 'authelia'
-    static_configs:
-      - targets: ['authelia:9091']
-    relabel_configs:
-      - source_labels: [__address__]
-        target_label: __param_target
-      - source_labels: [__param_target]
-        target_label: instance
-      - target_label: __address__
-        replacement: localhost:3100
-```
-
-**Alerting:**
-  * **Failed Logins**: Brute force detection
-  * **Certificate Expiry**: SSL renewal warnings
-  * **Service Downtime**: Availability monitoring
-  * **Security Events**: Suspicious activity
-
-===== Threat Mitigation =====
-
-**Common Threats:**
-  * **Brute Force**: Rate limiting, 2FA
-  * **SQL Injection**: Parameterized queries
-  * **XSS**: Content Security Policy
-  * **CSRF**: Token validation
-
-**Incident Response:**
-  1. **Detection**: Monitoring alerts
-  2. **Assessment**: Determine impact
-  3. **Containment**: Isolate affected systems
-  4. **Recovery**: Restore from backups
-  5. **Lessons Learned**: Update policies
-
-**Backup Security:**
-  * **Encryption**: AES-256-GCM
-  * **Integrity**: SHA-256 checksums
-  * **Retention**: Configurable policies
-  * **Testing**: Regular restoration tests
-
-===== Compliance & Governance =====
-
-**Security Standards:**
-  * **OWASP**: Web application security
-  * **NIST**: Cybersecurity framework
-  * **ISO 27001**: Information security
-  * **GDPR**: Data protection
-
-**Regular Assessments:**
-  * **Vulnerability Scanning**: Weekly
-  * **Penetration Testing**: Monthly
-  * **Security Audits**: Quarterly
-  * **Compliance Reviews**: Annual
-
-**Documentation:**
-  * **Security Policies**: Access and usage rules
-  * **Incident Response**: Procedures and contacts
-  * **Change Management**: Update procedures
-  * **Training**: Security awareness
-
-===== Advanced Security =====
-
-**Zero Trust Network Access (ZTNA):**
-  * **Identity-Based**: User and device verification
-  * **Context-Aware**: Risk-based access
-  * **Micro-Segmentation**: Service isolation
-  * **Continuous Monitoring**: Real-time assessment
-
-**Secrets Management:**
-  * **Environment Variables**: Runtime secrets
-  * **Docker Secrets**: Swarm mode secrets
-  * **External Vaults**: HashiCorp Vault integration
-  * **Key Rotation**: Automatic secret renewal
-
-**Intrusion Detection:**
-  * **Network IDS**: Traffic analysis
-  * **Host IDS**: System monitoring
-  * **Log Analysis**: Pattern detection
-  * **SIEM Integration**: Centralized logging
-
-This security architecture provides comprehensive protection for your homelab while maintaining usability and performance.
-
-**Next:** Learn about [[architecture:storage|Storage Strategy]] or [[architecture:backup|Backup Strategy]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/architecture/storage.txt b/config-templates/dokuwiki/data/pages/architecture/storage.txt
deleted file mode 100644
index 07712a9..0000000
--- a/config-templates/dokuwiki/data/pages/architecture/storage.txt
+++ /dev/null
@@ -1,291 +0,0 @@
-====== Storage Architecture ======
-
-The AI-Homelab implements a comprehensive storage strategy designed for performance, reliability, and scalability.
-
-===== Storage Principles =====
-
-**Data Classification:**
-  * **Configuration**: Application settings and metadata
-  * **User Data**: Files, documents, media
-  * **System Data**: Logs, caches, temporary files
-  * **Backup Data**: Archived copies and snapshots
-
-**Storage Tiers:**
-  * **Hot**: Frequently accessed data (SSD)
-  * **Warm**: Regularly accessed data (HDD)
-  * **Cold**: Archive data (external storage)
-  * **Offline**: Long-term retention (tape/offsite)
-
-**Performance Optimization:**
-  * **Caching**: In-memory data acceleration
-  * **Compression**: Storage space optimization
-  * **Deduplication**: Eliminate redundant data
-  * **Tiering**: Automatic data placement
-
-===== Directory Structure =====
-
-**System Storage (/opt/stacks/):**
-```
-/opt/stacks/
-├── core/                    # Core infrastructure
-│   ├── traefik/            # Reverse proxy config
-│   ├── authelia/           # SSO configuration
-│   ├── duckdns/            # DNS updater
-│   └── gluetun/            # VPN client
-├── infrastructure/         # Management tools
-├── media/                  # Media services
-├── productivity/           # Office applications
-├── monitoring/             # Observability stack
-└── utilities/              # Helper services
-```
-
-**Data Storage (/mnt/):**
-```
-/mnt/
-├── media/                  # Movies, TV, music
-│   ├── movies/
-│   ├── tv/
-│   └── music/
-├── downloads/              # Torrent downloads
-│   ├── complete/
-│   └── incomplete/
-├── backups/                # Backup archives
-├── nextcloud/              # Cloud storage
-├── git/                    # Git repositories
-└── surveillance/           # Camera footage
-```
-
-===== Docker Storage =====
-
-**Volume Types:**
-
-**Named Volumes (Managed):**
-```yaml
-volumes:
-  database-data:
-    driver: local
-```
-  * **Pros**: Docker managed, portable, backup-friendly
-  * **Cons**: Less direct access, filesystem overhead
-  * **Use**: Databases, application data
-
-**Bind Mounts (Direct):**
-```yaml
-volumes:
-  - ./config:/config
-  - /mnt/media:/media
-```
-  * **Pros**: Direct filesystem access, performance
-  * **Cons**: Host-dependent, permission management
-  * **Use**: Configuration, large media files
-
-**tmpfs (Memory):**
-```yaml
-tmpfs:
-  - /tmp/cache
-```
-  * **Pros**: High performance, automatic cleanup
-  * **Cons**: Volatile, memory usage
-  * **Use**: Caches, temporary files
-
-**Storage Drivers:**
-  * **overlay2**: Modern union filesystem
-  * **btrfs**: Advanced features (snapshots, compression)
-  * **zfs**: Enterprise-grade (snapshots, deduplication)
-
-===== Service Storage Patterns =====
-
-**Configuration Storage:**
-```yaml
-services:
-  service-name:
-    volumes:
-      - ./config/service-name:/config
-      - service-data:/data
-```
-  * **Config**: Bind mount in stack directory
-  * **Data**: Named volume for persistence
-  * **Permissions**: PUID/PGID for access control
-
-**Media Storage:**
-```yaml
-services:
-  jellyfin:
-    volumes:
-      - ./config/jellyfin:/config
-      - jellyfin-cache:/cache
-      - /mnt/media:/media:ro
-      - /mnt/transcode:/transcode
-```
-  * **Media**: Read-only external mount
-  * **Transcode**: Temporary processing space
-  * **Cache**: Named volume for performance
-
-**Database Storage:**
-```yaml
-services:
-  postgres:
-    volumes:
-      - postgres-data:/var/lib/postgresql/data
-    environment:
-      - POSTGRES_DB=homelab
-      - POSTGRES_USER=homelab
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-```
-  * **Data**: Named volume for persistence
-  * **Backups**: Volume snapshots
-  * **Performance**: Proper indexing
-
-===== Backup Storage =====
-
-**Backrest (Primary):**
-```yaml
-services:
-  backrest:
-    volumes:
-      - ./config/backrest:/config
-      - /mnt/backups:/backups
-      - /opt/stacks:/opt/stacks:ro
-      - /mnt:/mnt:ro
-```
-  * **Repository**: Local and remote storage
-  * **Encryption**: AES-256-GCM
-  * **Deduplication**: Space-efficient
-  * **Snapshots**: Point-in-time recovery
-
-**Duplicati (Alternative):**
-```yaml
-services:
-  duplicati:
-    volumes:
-      - duplicati-config:/config
-      - duplicati-source:/source:ro
-      - duplicati-backup:/backup
-```
-  * **Frontend**: Web-based interface
-  * **Destinations**: Multiple cloud providers
-  * **Encryption**: Built-in encryption
-  * **Scheduling**: Automated backups
-
-===== Performance Optimization =====
-
-**Filesystem Choice:**
-  * **ext4**: General purpose, reliable
-  * **btrfs**: Snapshots, compression, RAID
-  * **ZFS**: Advanced features, data integrity
-  * **XFS**: High performance, large files
-
-**RAID Configuration:**
-  * **RAID 1**: Mirroring (2 drives)
-  * **RAID 5**: Striping with parity (3+ drives)
-  * **RAID 10**: Mirroring + striping (4+ drives)
-  * **RAID Z**: ZFS software RAID
-
-**Caching Strategies:**
-  * **Page Cache**: OS-level caching
-  * **Application Cache**: Service-specific caching
-  * **CDN**: Content delivery networks
-  * **Reverse Proxy**: Traefik caching
-
-===== Monitoring & Maintenance =====
-
-**Storage Monitoring:**
-```bash
-# Disk usage
-df -h
-
-# Docker storage
-docker system df
-
-# Volume usage
-docker volume ls
-docker volume inspect volume-name
-```
-
-**Maintenance Tasks:**
-  * **Cleanup**: Remove unused volumes and images
-  * **Defragmentation**: Filesystem optimization
-  * **SMART Monitoring**: Drive health checks
-  * **Backup Verification**: Integrity testing
-
-**Health Checks:**
-  * **Filesystem**: fsck, scrub operations
-  * **RAID**: Array status monitoring
-  * **SMART**: Drive error monitoring
-  * **Backup**: Restoration testing
-
-===== Capacity Planning =====
-
-**Storage Requirements:**
-
-| Service | Typical Size | Growth Rate |
-|---------|-------------|-------------|
-| Nextcloud | 100GB+ | High (user files) |
-| Jellyfin | 500GB+ | High (media library) |
-| Gitea | 10GB+ | Medium (repositories) |
-| Grafana | 5GB+ | Low (metrics) |
-| Backups | 2x data size | Variable |
-
-**Scaling Strategies:**
-  * **Vertical**: Larger drives, more RAM
-  * **Horizontal**: Multiple storage servers
-  * **Cloud**: Hybrid cloud storage
-  * **Archival**: Long-term retention solutions
-
-===== Security Considerations =====
-
-**Encryption:**
-  * **At Rest**: Filesystem encryption (LUKS)
-  * **In Transit**: TLS encryption
-  * **Backups**: Encrypted archives
-  * **Keys**: Secure key management
-
-**Access Control:**
-  * **Permissions**: Proper file permissions
-  * **SELinux/AppArmor**: Mandatory access control
-  * **Network**: Isolated storage networks
-  * **Auditing**: Access logging
-
-**Data Protection:**
-  * **RAID**: Redundancy protection
-  * **Snapshots**: Point-in-time copies
-  * **Backups**: Offsite copies
-  * **Testing**: Regular recovery tests
-
-===== Disaster Recovery =====
-
-**Recovery Strategies:**
-  * **File-level**: Individual file restoration
-  * **Volume-level**: Docker volume recovery
-  * **System-level**: Complete system restore
-  * **Bare-metal**: Full server recovery
-
-**Business Continuity:**
-  * **RTO**: Recovery Time Objective
-  * **RPO**: Recovery Point Objective
-  * **Testing**: Regular DR exercises
-  * **Documentation**: Recovery procedures
-
-**High Availability:**
-  * **Replication**: Data mirroring
-  * **Clustering**: Distributed storage
-  * **Load Balancing**: Access distribution
-  * **Failover**: Automatic switching
-
-===== Migration Strategies =====
-
-**Storage Migration:**
-  * **Live Migration**: Zero-downtime moves
-  * **Offline Migration**: Scheduled maintenance
-  * **Incremental**: Phased data movement
-  * **Verification**: Data integrity checks
-
-**Technology Upgrades:**
-  * **Filesystem**: ext4 to btrfs/ZFS
-  * **RAID**: Hardware to software RAID
-  * **Storage**: Local to network storage
-  * **Cloud**: Hybrid cloud solutions
-
-This storage architecture provides reliable, performant, and scalable data management for your homelab.
-
-**Next:** Learn about [[architecture:backup|Backup Strategy]] or explore [[services:start|Service Management]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/backup_recovery/start.txt b/config-templates/dokuwiki/data/pages/backup_recovery/start.txt
deleted file mode 100644
index 8d8f14f..0000000
--- a/config-templates/dokuwiki/data/pages/backup_recovery/start.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-====== Backup & Recovery ======
-
-Coming soon...
diff --git a/config-templates/dokuwiki/data/pages/development/start.txt b/config-templates/dokuwiki/data/pages/development/start.txt
deleted file mode 100644
index 9cfb859..0000000
--- a/config-templates/dokuwiki/data/pages/development/start.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-====== Development ======
-
-Coming soon...
diff --git a/config-templates/dokuwiki/data/pages/getting_started/access.txt b/config-templates/dokuwiki/data/pages/getting_started/access.txt
deleted file mode 100644
index 4b70dc0..0000000
--- a/config-templates/dokuwiki/data/pages/getting_started/access.txt
+++ /dev/null
@@ -1,251 +0,0 @@
-====== Access Services ======
-
-After deployment, access your homelab services through secure HTTPS URLs.
-
-===== Service URLs =====
-
-All services are accessible at `https://service-name.yourdomain.duckdns.org`
-
-| Category | Service | URL | Authentication | Purpose |
-|----------|---------|-----|----------------|---------|
-| **Management** | Dockge | `https://dockge.yourdomain.duckdns.org` | Authelia SSO | Stack management |
-| **Management** | Homepage | `https://home.yourdomain.duckdns.org` | Authelia SSO | Service dashboard |
-| **Security** | Authelia | `https://auth.yourdomain.duckdns.org` | Direct login | SSO authentication |
-| **Infrastructure** | Traefik | `https://traefik.yourdomain.duckdns.org` | Authelia SSO | Reverse proxy dashboard |
-| **Infrastructure** | Pi-hole | `http://pihole.yourdomain.duckdns.org` | Authelia SSO | DNS & ad blocking |
-| **Infrastructure** | Dozzle | `https://dozzle.yourdomain.duckdns.org` | Authelia SSO | Log viewer |
-| **Infrastructure** | Glances | `https://glances.yourdomain.duckdns.org` | Authelia SSO | System monitoring |
-| **Media** | Jellyfin | `https://jellyfin.yourdomain.duckdns.org` | None (app access) | Media server |
-| **Media** | Plex | `https://plex.yourdomain.duckdns.org` | None (app access) | Media server |
-| **Media** | qBittorrent | `https://qbit.yourdomain.duckdns.org` | Authelia SSO | Torrent client |
-| **Media Mgmt** | Sonarr | `https://sonarr.yourdomain.duckdns.org` | Authelia SSO | TV automation |
-| **Media Mgmt** | Radarr | `https://radarr.yourdomain.duckdns.org` | Authelia SSO | Movie automation |
-| **Productivity** | Nextcloud | `https://nextcloud.yourdomain.duckdns.org` | Authelia SSO | File sync |
-| **Productivity** | Gitea | `https://git.yourdomain.duckdns.org` | Authelia SSO | Git service |
-| **Productivity** | BookStack | `https://docs.yourdomain.duckdns.org` | Authelia SSO | Documentation |
-| **Monitoring** | Grafana | `https://grafana.yourdomain.duckdns.org` | Authelia SSO | Dashboards |
-| **Monitoring** | Prometheus | `https://prometheus.yourdomain.duckdns.org` | Authelia SSO | Metrics |
-| **Monitoring** | Uptime Kuma | `https://status.yourdomain.duckdns.org` | Authelia SSO | Status monitoring |
-| **Home Auto** | Home Assistant | `https://ha.yourdomain.duckdns.org` | None (built-in auth) | Home automation |
-| **Utilities** | Backrest | `https://backrest.yourdomain.duckdns.org` | Authelia SSO | Backup management |
-| **Development** | Code Server | `https://code.yourdomain.duckdns.org` | Authelia SSO | VS Code in browser |
-
-===== Authentication =====
-
-==== Authelia SSO (Single Sign-On) ====
-
-**Protected Services:**
-  * Most admin interfaces require Authelia login
-  * One login grants access to all protected services
-  * Supports 2FA (Two-Factor Authentication)
-
-**Login Process:**
-  1. Visit any protected service URL
-  2. Redirected to Authelia login page
-  3. Enter username and password
-  4. (Optional) Enter 2FA code
-  5. Redirected back to original service
-
-**Default Credentials:**
-  * Username: `admin` (or custom from setup)
-  * Password: Secure password from setup
-
-==== Service-Specific Authentication ====
-
-**No SSO (Direct Access):**
-  * **Jellyfin/Plex**: Use service's built-in user management
-  * **Home Assistant**: Built-in authentication system
-  * **Nextcloud**: Can use Authelia or built-in auth
-
-**VPN-Protected Services:**
-  * **qBittorrent**: Routes through Gluetun VPN
-  * Access via web UI after Authelia login
-
-===== Security Features =====
-
-==== SSL/TLS Encryption ====
-
-**Wildcard Certificate:**
-  * Covers all `*.yourdomain.duckdns.org` subdomains
-  * Issued by Let's Encrypt (free)
-  * Automatic renewal every 90 days
-  * A+ SSL rating
-
-**Certificate Details:**
-  * **Issuer**: Let's Encrypt Authority X3
-  * **Algorithm**: ECDSA P-256
-  * **Validity**: 90 days
-  * **Renewal**: Automatic via Traefik
-
-==== Firewall Protection ====
-
-**UFW Configuration:**
-  * Only ports 80, 443, and 22 (SSH) open
-  * All other ports blocked
-  * Docker containers isolated
-
-**Network Security:**
-  * Services behind reverse proxy
-  * No direct container exposure
-  * VPN routing for downloads
-
-==== Access Control ====
-
-**Authelia Policies:**
-  * **One Factor**: Username + password
-  * **Two Factor**: Username + password + TOTP
-  * **Bypass**: No authentication required
-
-**Default Policies:**
-  * Admin services: Two-factor recommended
-  * Media services: Bypass (app compatibility)
-  * Public services: Bypass when appropriate
-
-===== First-Time Access =====
-
-==== Configure Authelia ====
-
-1. **Access Authelia:**
-   * URL: `https://auth.yourdomain.duckdns.org`
-   * Login with admin credentials
-
-2. **Enable 2FA:**
-   * Go to **Settings** → **One-Time Password**
-   * Scan QR code with authenticator app
-   * Enter verification code
-
-3. **Configure Access Rules:**
-   * Edit `/opt/stacks/core/authelia/configuration.yml`
-   * Modify access policies as needed
-
-==== Set Up Homepage Dashboard ====
-
-1. **Access Homepage:**
-   * URL: `https://home.yourdomain.duckdns.org`
-
-2. **Initial Configuration:**
-   * Click settings icon (gear)
-   * Add deployed services
-   * Configure widgets
-
-3. **API Integration:**
-   * Add API keys for enhanced widgets
-   * Configure service integrations
-
-==== Test Service Access ====
-
-**Verification Checklist:**
-  * [ ] Authelia login works
-  * [ ] Homepage loads correctly
-  * [ ] Dockge accessible
-  * [ ] SSL certificates valid
-  * [ ] No mixed content warnings
-
-===== Troubleshooting Access =====
-
-==== SSL Certificate Issues ====
-
-**"Not Secure" warnings:**
-  * Wait 2-5 minutes after deployment
-  * Check DNS propagation: `nslookup yourdomain.duckdns.org`
-  * Verify ports 80/443 forwarded
-  * Check Traefik logs: `docker logs traefik`
-
-**Certificate errors:**
-```bash
-# Check certificate status
-echo | openssl s_client -connect yourdomain.duckdns.org:443 -servername dockge.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -dates
-```
-
-==== Authentication Problems ====
-
-**Can't log in to Authelia:**
-  * Verify username/password
-  * Check 2FA setup
-  * Clear browser cache
-  * Check Authelia logs: `docker logs authelia`
-
-**Redirect loops:**
-  * Check Traefik configuration
-  * Verify middleware labels
-  * Restart Traefik: `docker restart traefik`
-
-==== Service Not Accessible ====
-
-**404 errors:**
-  * Service not deployed
-  * Traefik route not configured
-  * Wrong subdomain
-
-**Connection refused:**
-  * Service not running
-  * Port mapping issues
-  * Network connectivity problems
-
-==== DNS Issues ====
-
-**Domain not resolving:**
-  * Check DuckDNS configuration
-  * Verify token in `.env`
-  * Wait for DNS propagation
-
-**Local network access:**
-  * Use internal IP for local access
-  * Configure local DNS overrides
-
-===== Advanced Access =====
-
-==== External Service Proxying ====
-
-**Proxy non-Docker services:**
-  * Raspberry Pi Home Assistant
-  * NAS devices
-  * Other network services
-
-**Configuration:**
-  * Add routes to `/opt/stacks/core/traefik/dynamic/external.yml`
-  * Include Authelia middleware
-  * Test connectivity
-
-==== VPN Access ====
-
-**Remote Access:**
-  * Configure VPN server (OpenVPN/WireGuard)
-  * Route traffic through VPN
-  * Access local services remotely
-
-==== API Access ====
-
-**Service APIs:**
-  * Most services expose REST APIs
-  * Use API keys for authentication
-  * Configure in Homepage widgets
-
-===== Mobile Access =====
-
-**Mobile Apps:**
-  * **Jellyfin/Plex**: Dedicated mobile apps
-  * **Nextcloud**: Mobile sync client
-  * **Home Assistant**: Mobile companion app
-  * **Bitwarden**: Password manager
-
-**Browser Access:**
-  * All services work in mobile browsers
-  * Responsive design for most interfaces
-  * Authelia SSO works on mobile
-
-===== Performance Optimization =====
-
-**Loading Speed:**
-  * Enable HTTP/2 in Traefik
-  * Use CDN for static assets
-  * Optimize service configurations
-
-**Resource Usage:**
-  * Monitor with Glances
-  * Set appropriate resource limits
-  * Use lazy loading for unused services
-
-Ready to access your services? Start with the [[getting_started:security|Security Setup]] guide.
-
-**Need help?** Check [[troubleshooting:networking|Network Troubleshooting]] or visit [[https://github.com/kelinfoxy/AI-Homelab/discussions|GitHub Discussions]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/getting_started/deployment.txt b/config-templates/dokuwiki/data/pages/getting_started/deployment.txt
deleted file mode 100644
index 31e8c2f..0000000
--- a/config-templates/dokuwiki/data/pages/getting_started/deployment.txt
+++ /dev/null
@@ -1,284 +0,0 @@
-====== Deployment ======
-
-After setup, deploy your homelab services using Dockge or manual commands.
-
-===== Using Dockge (Recommended) =====
-
-**Access Dockge:**
-  * URL: `https://dockge.yourdomain.duckdns.org`
-  * Username: `admin` (or your custom username)
-  * Password: Your secure password from setup
-
-**Deploy Services:**
-  1. Click **"Add Stack"** button
-  2. Choose **"From Docker Compose"**
-  3. Select a compose file from the repository
-  4. Click **"Deploy"**
-  5. Monitor deployment in the **"Logs"** tab
-
-**Available Stacks:**
-  * `media.yml` - Media services (Jellyfin, qBittorrent)
-  * `media-management.yml` - Download automation (Sonarr, Radarr)
-  * `productivity.yml` - Office tools (Nextcloud, Gitea)
-  * `monitoring.yml` - Observability (Grafana, Prometheus)
-  * `homeassistant.yml` - Home automation
-  * `utilities.yml` - Backup and utilities
-
-===== Manual Deployment =====
-
-**Deploy Individual Stacks:**
-
-```bash
-# Navigate to repository
-cd ~/AI-Homelab
-
-# Deploy media services
-docker compose -f docker-compose/media.yml up -d
-
-# Deploy productivity stack
-docker compose -f docker-compose/productivity.yml up -d
-
-# Deploy monitoring
-docker compose -f docker-compose/monitoring.yml up -d
-```
-
-**Check Deployment Status:**
-
-```bash
-# View all running containers
-docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
-
-# Check specific stack
-docker compose -f docker-compose/media.yml ps
-
-# View logs
-docker compose -f docker-compose/media.yml logs -f
-```
-
-===== Service Access =====
-
-After deployment, services are available at:
-
-| Category | Service | URL | Notes |
-|----------|---------|-----|-------|
-| **Media** | Jellyfin | `https://jellyfin.yourdomain.duckdns.org` | No SSO (app access) |
-| **Media** | qBittorrent | `https://qbit.yourdomain.duckdns.org` | VPN protected |
-| **Productivity** | Nextcloud | `https://nextcloud.yourdomain.duckdns.org` | File sync |
-| **Productivity** | Gitea | `https://git.yourdomain.duckdns.org` | Git service |
-| **Monitoring** | Grafana | `https://grafana.yourdomain.duckdns.org` | Dashboards |
-| **Development** | Code Server | `https://code.yourdomain.duckdns.org` | VS Code in browser |
-
-===== Post-Deployment Configuration =====
-
-==== Configure Homepage Dashboard ====
-
-1. Visit `https://home.yourdomain.duckdns.org`
-2. Click settings (gear icon)
-3. Add services to dashboard
-4. Configure widgets with API keys
-
-**Example Widgets:**
-  * System monitoring (CPU, RAM, disk)
-  * Service status checks
-  * Weather information
-  * Calendar integration
-
-==== Set Up Backups ====
-
-1. Deploy Backrest service
-2. Configure backup schedules
-3. Set up encryption
-4. Test backup restoration
-
-==== Configure Monitoring ====
-
-1. Deploy Grafana and Prometheus
-2. Import dashboards
-3. Set up alerts
-4. Configure data sources
-
-===== Deployment Order =====
-
-**Recommended Deployment Sequence:**
-
-1. **Core** (deployed automatically)
-   - DuckDNS, Traefik, Authelia, Gluetun
-
-2. **Infrastructure** (deployed automatically)
-   - Dockge, Pi-hole, Dozzle, Glances
-
-3. **Dashboards** (deployed automatically)
-   - Homepage, Homarr
-
-4. **Media Services**
-   - Jellyfin or Plex
-   - qBittorrent (VPN routing)
-   - Sonarr, Radarr, Prowlarr
-
-5. **Productivity**
-   - Nextcloud, Gitea, BookStack
-
-6. **Monitoring**
-   - Grafana, Prometheus, Uptime Kuma
-
-7. **Home Automation**
-   - Home Assistant, Node-RED
-
-===== Resource Management =====
-
-**Monitor Resource Usage:**
-
-```bash
-# Check container resources
-docker stats
-
-# View system resources
-docker run --rm -v /proc:/host/proc:ro --net=host codenvy/glances
-
-# Check disk space
-df -h /opt/stacks/
-```
-
-**Resource Limits Applied:**
-  * CPU limits prevent resource exhaustion
-  * Memory limits protect system stability
-  * Automatic cleanup of unused resources
-
-===== Troubleshooting Deployment =====
-
-==== Service Won't Start ====
-
-**Check Logs:**
-```bash
-# View service logs
-docker compose -f docker-compose/stack.yml logs service-name
-
-# Follow logs in real-time
-docker compose -f docker-compose/stack.yml logs -f service-name
-```
-
-**Common Issues:**
-  * Port conflicts
-  * Missing environment variables
-  * Network connectivity problems
-  * Insufficient resources
-
-==== SSL Certificate Issues ====
-
-**Check Certificate Status:**
-```bash
-# View Traefik logs
-docker logs traefik | grep certificate
-
-# Check certificate file
-ls -la /opt/stacks/core/traefik/acme.json
-```
-
-**Certificate Problems:**
-  * DNS propagation delay (wait 5-10 minutes)
-  * DuckDNS token incorrect
-  * Ports 80/443 not forwarded
-  * Rate limiting (Let's Encrypt limits)
-
-==== Network Issues ====
-
-**Verify Networks:**
-```bash
-# List Docker networks
-docker network ls
-
-# Inspect traefik-network
-docker network inspect traefik-network
-```
-
-**Network Troubleshooting:**
-  * Services not on correct network
-  * Firewall blocking traffic
-  * DNS resolution problems
-
-==== Permission Issues ====
-
-**Check File Permissions:**
-```bash
-# Check stack directory permissions
-ls -la /opt/stacks/stack-name/
-
-# Check Docker socket permissions
-ls -la /var/run/docker.sock
-```
-
-**Fix Permissions:**
-```bash
-# Set correct ownership
-sudo chown -R $USER:$USER /opt/stacks/stack-name/
-
-# Add user to docker group
-sudo usermod -aG docker $USER
-```
-
-===== Scaling and Customization =====
-
-==== Add Custom Services ====
-
-1. Create new compose file
-2. Add Traefik labels for routing
-3. Include Authelia middleware
-4. Deploy via Dockge
-
-==== Modify Existing Services ====
-
-1. Edit compose file
-2. Update environment variables
-3. Redeploy service
-4. Test functionality
-
-==== Remove Services ====
-
-```bash
-# Stop and remove service
-docker compose -f docker-compose/stack.yml down
-
-# Remove with volumes
-docker compose -f docker-compose/stack.yml down -v
-
-# Clean up unused resources
-docker system prune
-```
-
-===== Performance Optimization =====
-
-**Hardware Acceleration:**
-  * Enable NVIDIA GPU for transcoding
-  * Use SSD storage for databases
-  * Configure appropriate CPU/memory limits
-
-**Network Optimization:**
-  * Use wired connections when possible
-  * Configure QoS for media streaming
-  * Optimize DNS resolution
-
-**Service Optimization:**
-  * Enable lazy loading for unused services
-  * Configure appropriate resource limits
-  * Use efficient Docker images
-
-===== Backup and Recovery =====
-
-**Regular Backups:**
-  * Configuration files in `/opt/stacks/`
-  * SSL certificates in `/opt/stacks/core/traefik/`
-  * User data in service volumes
-
-**Recovery Process:**
-  * Restore configuration files
-  * Redeploy services
-  * Restore user data from backups
-
-**Disaster Recovery:**
-  * Keep backup scripts ready
-  * Document recovery procedures
-  * Test restoration regularly
-
-Ready to deploy? Use Dockge to start deploying services!
-
-**Need help?** See [[troubleshooting:services|Service Troubleshooting]] or check [[reference:commands|Command Reference]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/getting_started/prerequisites.txt b/config-templates/dokuwiki/data/pages/getting_started/prerequisites.txt
deleted file mode 100644
index d8ffd57..0000000
--- a/config-templates/dokuwiki/data/pages/getting_started/prerequisites.txt
+++ /dev/null
@@ -1,201 +0,0 @@
-====== Prerequisites ======
-
-Before deploying your AI-Homelab, ensure your system meets these requirements.
-
-===== System Requirements =====
-
-**Minimum Hardware:**
-  * **CPU**: 2-core processor (4+ cores recommended)
-  * **RAM**: 4GB minimum (8GB+ recommended)
-  * **Storage**: 50GB free space (SSD preferred)
-  * **Network**: Stable internet connection
-
-**Recommended Hardware:**
-  * **CPU**: 4+ core processor with virtualization support
-  * **RAM**: 16GB+ for full stack deployment
-  * **Storage**: 500GB+ SSD for media and backups
-  * **GPU**: NVIDIA GPU (optional, for hardware transcoding)
-
-===== Operating System =====
-
-**Supported Systems:**
-  * **Ubuntu 20.04+** (recommended)
-  * **Debian 11+**
-  * **Ubuntu Server**
-  * **Raspberry Pi OS** (64-bit, for lightweight deployments)
-
-**Fresh Installation Recommended:**
-  * Start with a clean OS install
-  * Avoid pre-installed Docker versions
-  * Use LTS (Long Term Support) releases
-
-===== Network Requirements =====
-
-**Domain & DNS:**
-  * **DuckDNS account**: [[https://duckdns.org|Create free account]]
-  * **Domain**: Choose your subdomain (e.g., `yourname.duckdns.org`)
-  * **Token**: Get your DuckDNS token from account settings
-
-**Port Forwarding:**
-  * **Port 80**: Required for Let's Encrypt HTTP challenge
-  * **Port 443**: Required for HTTPS traffic
-  * **Router**: Configure port forwarding to your server
-
-**Network Access:**
-  * **Outbound**: Full internet access for updates and services
-  * **Inbound**: Ports 80/443 forwarded from router
-  * **Local**: Access to router admin panel (for port forwarding)
-
-===== Software Prerequisites =====
-
-**Required Software:**
-  * **Git**: Version control system
-  * **curl/wget**: Download utilities
-  * **SSH server**: Remote access (usually pre-installed)
-
-**Optional but Recommended:**
-  * **VS Code**: With GitHub Copilot extension
-  * **Docker Desktop**: For local testing (Windows/Mac)
-  * **NVIDIA drivers**: If using GPU acceleration
-
-===== Account Setup =====
-
-**Required Accounts:**
-  * **DuckDNS**: Free dynamic DNS service
-    * Visit [[https://duckdns.org]]
-    * Create account and subdomain
-    * Copy your token for configuration
-
-**Optional Accounts (for specific services):**
-  * **Surfshark VPN**: For secure downloads
-  * **GitHub**: For repository access and Copilot
-  * **Cloud storage**: For offsite backups
-
-===== Security Considerations =====
-
-**Firewall Setup:**
-  * UFW (Uncomplicated Firewall) will be configured automatically
-  * Only necessary ports will be opened
-  * SSH access restricted to key-based authentication
-
-**SSL Certificates:**
-  * Let's Encrypt provides free certificates
-  * Wildcard certificate covers all subdomains
-  * Automatic renewal every 90 days
-
-**Access Control:**
-  * Authelia provides SSO (Single Sign-On)
-  * 2FA (Two-Factor Authentication) recommended
-  * Granular access control per service
-
-===== Pre-Installation Checklist =====
-
-**Hardware Check:**
-  * [ ] Server meets minimum requirements
-  * [ ] Sufficient storage space available
-  * [ ] Stable power supply
-  * [ ] Backup power (UPS) recommended
-
-**Network Check:**
-  * [ ] Internet connection stable
-  * [ ] Router supports port forwarding
-  * [ ] Ports 80/443 available and forwarded
-  * [ ] Local IP address known and static
-
-**Account Setup:**
-  * [ ] DuckDNS account created
-  * [ ] Domain chosen and configured
-  * [ ] DuckDNS token obtained
-  * [ ] Optional: VPN credentials prepared
-
-**Software Preparation:**
-  * [ ] SSH access to server established
-  * [ ] VS Code installed (optional)
-  * [ ] GitHub Copilot configured (optional)
-
-===== Environment Variables =====
-
-Create a `.env` file with these variables:
-
-```
-# Domain Configuration
-DOMAIN=yourdomain.duckdns.org
-DUCKDNS_TOKEN=your-duckdns-token
-
-# Optional: VPN Configuration
-SURFSHARK_USERNAME=your-vpn-username
-SURFSHARK_PASSWORD=your-vpn-password
-
-# Authelia (auto-generated by setup script)
-AUTHELIA_JWT_SECRET=64-char-random-string
-AUTHELIA_SESSION_SECRET=64-char-random-string
-AUTHELIA_STORAGE_ENCRYPTION_KEY=64-char-random-string
-
-# User Configuration
-PUID=1000
-PGID=1000
-TZ=America/New_York
-```
-
-**Note:** Authelia secrets are auto-generated by the setup script. Leave them with default values initially.
-
-===== Testing Your Setup =====
-
-**Network Connectivity:**
-```bash
-# Test internet connection
-ping -c 4 8.8.8.8
-
-# Test DNS resolution
-nslookup duckdns.org
-
-# Test port forwarding (from external network)
-curl -I http://your-external-ip
-```
-
-**System Resources:**
-```bash
-# Check available space
-df -h /
-
-# Check memory
-free -h
-
-# Check CPU cores
-nproc
-```
-
-**SSH Access:**
-```bash
-# Test SSH connection
-ssh user@your-server-ip
-
-# Test sudo access
-sudo whoami
-```
-
-===== Troubleshooting Prerequisites =====
-
-**"Permission denied" errors:**
-  * Ensure you have sudo access
-  * Check if user is in sudo group
-  * Try running commands with `sudo`
-
-**Network connectivity issues:**
-  * Verify internet connection
-  * Check firewall settings
-  * Test DNS resolution
-
-**Port forwarding problems:**
-  * Access router admin panel
-  * Verify ports 80/443 are forwarded
-  * Check if ISP blocks these ports
-
-**DuckDNS issues:**
-  * Verify token is correct
-  * Check domain is available
-  * Test DNS updates manually
-
-Ready to proceed? Continue to [[getting_started:setup|Automated Setup]].
-
-**Need Help?** Check the [[troubleshooting:start|Troubleshooting Guide]] or visit [[https://github.com/kelinfoxy/AI-Homelab/discussions|GitHub Discussions]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/getting_started/security.txt b/config-templates/dokuwiki/data/pages/getting_started/security.txt
deleted file mode 100644
index 97fc79d..0000000
--- a/config-templates/dokuwiki/data/pages/getting_started/security.txt
+++ /dev/null
@@ -1,245 +0,0 @@
-====== Security Setup ======
-
-Secure your homelab with proper authentication, encryption, and access controls.
-
-===== Two-Factor Authentication =====
-
-**Enable 2FA for Authelia:**
-
-1. **Access Authelia:**
-   * URL: `https://auth.yourdomain.duckdns.org`
-   * Login with admin credentials
-
-2. **Configure TOTP:**
-   * Go to **Settings** → **One-Time Password**
-   * Install authenticator app (Google Authenticator, Authy, etc.)
-   * Scan QR code or enter secret manually
-   * Enter verification code to enable
-
-3. **Backup Codes:**
-   * Generate backup codes for recovery
-   * Store securely (encrypted password manager)
-   * Use only for emergency access
-
-**2FA Best Practices:**
-  * Use hardware security keys when possible
-  * Enable biometric authentication on mobile
-  * Regularly rotate backup codes
-  * Test recovery process
-
-===== Access Control Policies =====
-
-**Authelia Configuration:**
-  * Location: `/opt/stacks/core/authelia/configuration.yml`
-
-**Default Policies:**
-```yaml
-access_control:
-  default_policy: deny
-  rules:
-    # Admin services - require 2FA
-    - domain: "*.yourdomain.duckdns.org"
-      policy: two_factor
-      
-    # Media services - bypass SSO (app compatibility)
-    - domain: jellyfin.yourdomain.duckdns.org
-      policy: bypass
-    - domain: plex.yourdomain.duckdns.org
-      policy: bypass
-      
-    # Home Assistant - bypass (built-in auth)
-    - domain: ha.yourdomain.duckdns.org
-      policy: bypass
-```
-
-**Policy Types:**
-  * **deny**: Block all access
-  * **one_factor**: Username + password only
-  * **two_factor**: Username + password + 2FA
-  * **bypass**: No authentication required
-
-===== SSL/TLS Security =====
-
-**Certificate Management:**
-  * **Issuer**: Let's Encrypt (trusted CA)
-  * **Type**: Wildcard certificate (*.yourdomain.duckdns.org)
-  * **Algorithm**: ECDSA P-256 with SHA-256
-  * **Validity**: 90 days with automatic renewal
-
-**Security Headers:**
-  * **HSTS**: HTTP Strict Transport Security
-  * **CSP**: Content Security Policy
-  * **X-Frame-Options**: Clickjacking protection
-  * **X-Content-Type-Options**: MIME sniffing prevention
-
-**Traefik Security:**
-```yaml
-# In traefik.yml
-http:
-  middlewares:
-    security-headers:
-      headers:
-        customRequestHeaders:
-          X-Forwarded-Proto: "https"
-        customResponseHeaders:
-          X-Frame-Options: "SAMEORIGIN"
-          X-Content-Type-Options: "nosniff"
-          Referrer-Policy: "strict-origin-when-cross-origin"
-          Permissions-Policy: "geolocation=(), microphone=(), camera=()"
-```
-
-===== Firewall Configuration =====
-
-**UFW Rules (automatically configured):**
-```bash
-# Allow SSH
-sudo ufw allow ssh
-
-# Allow HTTP/HTTPS
-sudo ufw allow 80
-sudo ufw allow 443
-
-# Enable firewall
-sudo ufw enable
-```
-
-**Docker Security:**
-  * Containers run as non-root users
-  * No privileged containers
-  * Minimal exposed ports
-  * Network isolation
-
-===== Password Security =====
-
-**Strong Password Requirements:**
-  * Minimum 12 characters
-  * Mix of uppercase, lowercase, numbers, symbols
-  * No dictionary words or common patterns
-  * Unique per service
-
-**Password Manager Integration:**
-  * Use Bitwarden/Vaultwarden for password storage
-  * Enable auto-fill for services
-  * Regular password rotation
-  * Emergency access setup
-
-===== VPN and Network Security =====
-
-**Download Protection:**
-  * qBittorrent routes through Gluetun VPN
-  * All torrent traffic encrypted
-  * No IP leaks during downloads
-
-**Network Segmentation:**
-  * Services isolated in Docker networks
-  * Database access restricted
-  * External services proxied through Traefik
-
-===== Backup Security =====
-
-**Encrypted Backups:**
-  * Use Backrest with encryption
-  * Store encryption keys securely
-  * Offsite backup storage
-  * Regular integrity checks
-
-**Backup Verification:**
-```bash
-# Test backup restoration
-restic restore latest --target /tmp/restore-test
-restic check
-```
-
-===== Service-Specific Security =====
-
-**Nextcloud Security:**
-  * Enable brute force protection
-  * Configure trusted domains
-  * Set up file encryption
-  * Regular security scans
-
-**Gitea Security:**
-  * Disable public registration
-  * Enable SSH key authentication
-  * Configure access tokens
-  * Regular repository backups
-
-**Database Security:**
-  * Strong database passwords
-  * Network isolation
-  * Regular updates
-  * Query logging
-
-===== Monitoring and Alerts =====
-
-**Security Monitoring:**
-  * Enable fail2ban for SSH protection
-  * Monitor authentication attempts
-  * Set up intrusion detection
-  * Log analysis with Loki/Promtail
-
-**Alert Configuration:**
-  * Failed login notifications
-  * Certificate expiration warnings
-  * Service downtime alerts
-  * Security vulnerability notifications
-
-===== Incident Response =====
-
-**Security Breach Response:**
-  1. **Isolate**: Disconnect affected systems
-  2. **Assess**: Determine scope of breach
-  3. **Contain**: Change all passwords
-  4. **Recover**: Restore from clean backups
-  5. **Learn**: Update security policies
-
-**Emergency Access:**
-  * Keep backup authentication methods
-  * Document recovery procedures
-  * Test incident response plans
-  * Regular security audits
-
-===== Advanced Security =====
-
-**Certificate Pinning:**
-  * Pin Let's Encrypt intermediate certificates
-  * Monitor certificate transparency logs
-  * Automated certificate validation
-
-**Zero Trust Architecture:**
-  * Every access request verified
-  * Minimal privilege access
-  * Continuous authentication
-  * Network micro-segmentation
-
-**Compliance Considerations:**
-  * Data encryption at rest and in transit
-  * Access logging and monitoring
-  * Regular security assessments
-  * Privacy-preserving configurations
-
-===== Security Checklist =====
-
-**Initial Setup:**
-  * [ ] 2FA enabled for all admin accounts
-  * [ ] Strong, unique passwords everywhere
-  * [ ] SSL certificates properly configured
-  * [ ] Firewall rules verified
-  * [ ] VPN configured for downloads
-
-**Ongoing Security:**
-  * [ ] Regular password rotation
-  * [ ] Security updates applied
-  * [ ] Backup encryption verified
-  * [ ] Access logs reviewed
-  * [ ] Security scans performed
-
-**Emergency Preparedness:**
-  * [ ] Backup authentication methods available
-  * [ ] Incident response plan documented
-  * [ ] Recovery procedures tested
-  * [ ] Contact information current
-
-Your homelab is now secure! Continue to [[architecture:security|Security Architecture]] for detailed technical information.
-
-**Need help?** Check [[troubleshooting:ssl|SSL Troubleshooting]] or visit [[https://github.com/kelinfoxy/AI-Homelab/discussions|GitHub Discussions]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/getting_started/setup.txt b/config-templates/dokuwiki/data/pages/getting_started/setup.txt
deleted file mode 100644
index 0d68f17..0000000
--- a/config-templates/dokuwiki/data/pages/getting_started/setup.txt
+++ /dev/null
@@ -1,234 +0,0 @@
-====== Automated Setup ======
-
-The AI-Homelab uses two automated scripts for deployment. This is the recommended approach for most users.
-
-===== Quick Setup Commands =====
-
-```bash
-# 1. Clone the repository
-git clone https://github.com/kelinfoxy/AI-Homelab.git
-cd AI-Homelab
-
-# 2. Configure environment
-cp .env.example .env
-nano .env  # Edit with your domain and tokens
-
-# 3. Run setup script
-sudo ./scripts/setup-homelab.sh
-
-# 4. Run deployment script
-sudo ./scripts/deploy-homelab.sh
-```
-
-That's it! Your homelab will be ready in 10-15 minutes.
-
-===== Detailed Setup Process =====
-
-==== Step 1: Clone Repository ====
-
-```bash
-# Clone to your home directory
-cd ~
-git clone https://github.com/kelinfoxy/AI-Homelab.git
-cd AI-Homelab
-```
-
-**What this provides:**
-  * Complete homelab configuration
-  * Docker compose files for all services
-  * Automated deployment scripts
-  * Configuration templates
-  * Documentation and guides
-
-==== Step 2: Configure Environment ====
-
-```bash
-# Copy example configuration
-cp .env.example .env
-
-# Edit with your settings
-nano .env
-```
-
-**Required variables:**
-```
-DOMAIN=yourdomain.duckdns.org
-DUCKDNS_TOKEN=your-duckdns-token
-ACME_EMAIL=your-email@example.com
-```
-
-**Optional variables:**
-```
-SURFSHARK_USERNAME=your-vpn-username
-SURFSHARK_PASSWORD=your-vpn-password
-TZ=America/New_York
-PUID=1000
-PGID=1000
-```
-
-==== Step 3: Run Setup Script ====
-
-```bash
-# Execute with sudo privileges
-sudo ./scripts/setup-homelab.sh
-```
-
-**What the setup script does:**
-
-**System Preparation:**
-  * Updates system packages
-  * Installs required dependencies (git, curl, etc.)
-  * Installs Docker Engine + Compose V2
-  * Configures user permissions
-  * Sets up UFW firewall
-  * Enables SSH server
-
-**Authelia Configuration:**
-  * Generates cryptographic secrets (JWT, session, encryption keys)
-  * Prompts for admin username (default: admin)
-  * Prompts for secure password with confirmation
-  * Generates argon2id password hash
-  * Creates user database
-
-**Infrastructure Setup:**
-  * Creates `/opt/stacks/` directory structure
-  * Sets up Docker networks (traefik-network, homelab-network, etc.)
-  * Detects NVIDIA GPU and offers driver installation
-
-**Security Features:**
-  * Idempotent (safe to re-run)
-  * Comprehensive error handling
-  * Timeout protection for operations
-  * Clear troubleshooting messages
-
-==== Step 4: Run Deployment Script ====
-
-```bash
-# Deploy all services
-sudo ./scripts/deploy-homelab.sh
-```
-
-**What the deployment script does:**
-
-**Prerequisites Check:**
-  * Validates environment configuration
-  * Verifies Docker installation
-  * Checks network connectivity
-
-**Core Stack Deployment:**
-  * Deploys DuckDNS, Traefik, Authelia, Gluetun
-  * Obtains wildcard SSL certificate (*.yourdomain.duckdns.org)
-  * Configures reverse proxy routing
-
-**Infrastructure Deployment:**
-  * Deploys Dockge, Pi-hole, monitoring tools
-  * Sets up dashboards (Homepage, Homarr)
-  * Configures service discovery
-
-**Health Checks:**
-  * Waits for services to become healthy
-  * Validates SSL certificate generation
-  * Opens Dockge in browser
-
-===== Post-Setup Configuration =====
-
-==== Access Your Services ====
-
-After deployment, access services at:
-
-| Service | URL | Status |
-|---------|-----|--------|
-| **Dockge** | `https://dockge.yourdomain.duckdns.org` | ✅ Primary management |
-| **Homepage** | `https://home.yourdomain.duckdns.org` | ✅ Service dashboard |
-| **Authelia** | `https://auth.yourdomain.duckdns.org` | ✅ SSO login |
-| **Traefik** | `https://traefik.yourdomain.duckdns.org` | ✅ Proxy dashboard |
-
-**Default Credentials:**
-  * Username: `admin` (or your custom username)
-  * Password: The secure password you created
-
-==== Configure Two-Factor Authentication ====
-
-1. Visit `https://auth.yourdomain.duckdns.org`
-2. Log in with your admin credentials
-3. Go to Settings → One-Time Password
-4. Scan QR code with authenticator app
-5. Enter verification code to enable 2FA
-
-==== Customize Homepage Dashboard ====
-
-1. Visit `https://home.yourdomain.duckdns.org`
-2. Click the settings icon (gear)
-3. Configure services and widgets
-4. Add API keys for enhanced widgets
-
-===== Troubleshooting Setup =====
-
-==== Common Issues ====
-
-**"Permission denied" when running scripts:**
-```bash
-# Ensure you're using sudo
-sudo ./scripts/setup-homelab.sh
-
-# Check if scripts are executable
-ls -la scripts/
-chmod +x scripts/*.sh
-```
-
-**Docker installation fails:**
-```bash
-# Remove conflicting packages
-sudo apt remove docker docker-engine docker.io containerd runc
-
-# Re-run setup script
-sudo ./scripts/setup-homelab.sh
-```
-
-**SSL certificate generation fails:**
-  * Check DuckDNS token is correct in `.env`
-  * Verify ports 80/443 are forwarded
-  * Wait 2-5 minutes for DNS propagation
-  * Check Traefik logs: `docker logs traefik`
-
-**Services not accessible:**
-  * Verify domain resolves: `nslookup yourdomain.duckdns.org`
-  * Check firewall: `sudo ufw status`
-  * View service logs: `docker compose -f /opt/stacks/core/docker-compose.yml logs`
-
-==== NVIDIA GPU Setup ====
-
-If you have an NVIDIA GPU and want hardware acceleration:
-
-```bash
-# During setup script, answer 'y' when prompted
-# Or install manually after setup:
-
-# Add NVIDIA package repository
-distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
-curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add -
-curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list
-
-# Install NVIDIA Docker
-sudo apt-get update && sudo apt-get install -y nvidia-docker2
-sudo systemctl restart docker
-
-# Test GPU access
-docker run --rm --gpus all nvidia/cuda:12.0.0-base-ubuntu22.04 nvidia-smi
-```
-
-==== Manual Setup Alternative ====
-
-If automated scripts fail, see [[getting_started:manual|Manual Setup Guide]] for step-by-step instructions.
-
-===== Next Steps =====
-
-1. **Explore Services**: Use Dockge to deploy additional services
-2. **Configure Backups**: Set up Backrest for automated backups
-3. **Add Monitoring**: Deploy Grafana/Prometheus for observability
-4. **Customize**: Modify services to fit your needs
-5. **Contribute**: Help improve the project
-
-**Ready to deploy?** Run the setup script and enjoy your new homelab!
-
-**Need help?** Check [[troubleshooting:deployment|Deployment Troubleshooting]] or ask in [[https://github.com/kelinfoxy/AI-Homelab/discussions|GitHub Discussions]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/getting_started/start.txt b/config-templates/dokuwiki/data/pages/getting_started/start.txt
deleted file mode 100644
index 287c9d1..0000000
--- a/config-templates/dokuwiki/data/pages/getting_started/start.txt
+++ /dev/null
@@ -1,126 +0,0 @@
-====== Getting Started ======
-
-Welcome to your AI-powered homelab! This guide will walk you through setting up your production-ready infrastructure with Dockge, Traefik, Authelia, and 70+ services.
-
-===== Quick Start Checklist =====
-
-**Prerequisites:**
-  * [ ] Fresh Debian/Ubuntu server (or existing system)
-  * [ ] Root/sudo access
-  * [ ] Internet connection
-  * [ ] VS Code with GitHub Copilot (recommended)
-
-**Setup Process:**
-  * [ ] Clone repository: `git clone https://github.com/kelinfoxy/AI-Homelab.git`
-  * [ ] Configure `.env` file with your domain and tokens
-  * [ ] Run setup script: `sudo ./scripts/setup-homelab.sh`
-  * [ ] Run deployment script: `sudo ./scripts/deploy-homelab.sh`
-  * [ ] Access Dockge at `https://dockge.yourdomain.duckdns.org`
-
-**Post-Setup:**
-  * [ ] Set up 2FA with Authelia
-  * [ ] Configure Homepage dashboard
-  * [ ] Deploy additional services as needed
-  * [ ] Set up backups with Backrest
-
-===== What You Get =====
-
-Your homelab includes:
-
-**Core Infrastructure (Deployed First):**
-  * **DuckDNS**: Dynamic DNS with Let's Encrypt wildcard SSL certificates
-  * **Traefik**: Reverse proxy with automatic HTTPS termination
-  * **Authelia**: SSO authentication protecting all services
-  * **Gluetun**: VPN client for secure downloads
-  * **Sablier**: Lazy loading service for resource management
-
-**Management Tools:**
-  * **Dockge**: Web-based Docker stack manager (PRIMARY interface)
-  * **Pi-hole**: Network-wide ad blocking and DNS
-  * **Dozzle**: Live Docker log viewer
-  * **Glances**: System monitoring dashboard
-
-**Dashboards:**
-  * **Homepage**: AI-configured service dashboard
-  * **Homarr**: Modern alternative dashboard
-
-**70+ Available Services:**
-  * Media: Plex, Jellyfin, Sonarr, Radarr, qBittorrent
-  * Productivity: Nextcloud, Gitea, BookStack, WordPress
-  * Home Automation: Home Assistant, Node-RED, Zigbee2MQTT
-  * Monitoring: Grafana, Prometheus, Uptime Kuma
-  * Development: VS Code Server, GitLab, Jupyter
-  * And many more...
-
-===== Architecture Overview =====
-
-```
-Internet → DuckDNS → Traefik → Authelia → Services
-                    ↓
-              Wildcard SSL (*.yourdomain.duckdns.org)
-```
-
-**Key Features:**
-  * **File-based configuration**: AI-manageable YAML files
-  * **Automatic HTTPS**: Let's Encrypt wildcard certificates
-  * **SSO protection**: Authelia secures admin interfaces
-  * **VPN routing**: Downloads protected through Gluetun
-  * **Resource management**: Automatic container limits
-  * **Lazy loading**: Services start on-demand
-
-===== Access Your Services =====
-
-After deployment, access services at:
-
-| Service | URL | Purpose |
-|---------|-----|---------|
-| **Dockge** | `https://dockge.yourdomain.duckdns.org` | Stack management |
-| **Homepage** | `https://home.yourdomain.duckdns.org` | Service dashboard |
-| **Authelia** | `https://auth.yourdomain.duckdns.org` | SSO login |
-| **Traefik** | `https://traefik.yourdomain.duckdns.org` | Reverse proxy dashboard |
-| **Pi-hole** | `http://pihole.yourdomain.duckdns.org` | DNS admin |
-| **Dozzle** | `https://dozzle.yourdomain.duckdns.org` | Log viewer |
-
-**Default Credentials:**
-  * Username: `admin` (or custom username from setup)
-  * Password: Secure password created during setup
-
-===== Next Steps =====
-
-1. **Complete Security Setup**
-   * Configure 2FA in Authelia
-   * Review service access policies
-   * Set up backup encryption
-
-2. **Deploy Core Services**
-   * Use Dockge to deploy media services
-   * Configure Homepage widgets
-   * Set up monitoring dashboards
-
-3. **Customize Your Stack**
-   * Add external service proxying
-   * Configure backup schedules
-   * Set up development environment
-
-4. **Learn Advanced Features**
-   * Use AI Copilot for management
-   * Explore service customization
-   * Contribute to the project
-
-===== Getting Help =====
-
-**Documentation:**
-  * [[architecture:overview|Architecture Guide]]
-  * [[services:start|Service Reference]]
-  * [[troubleshooting:start|Troubleshooting]]
-  * [[reference:start|Quick Reference]]
-
-**Community:**
-  * [[https://github.com/kelinfoxy/AI-Homelab/issues|GitHub Issues]]
-  * [[https://github.com/kelinfoxy/AI-Homelab/discussions|Discussions]]
-
-**AI Assistance:**
-  * Use GitHub Copilot in VS Code
-  * Reference the [[development:copilot|Copilot Instructions]]
-
-Ready to get started? Continue to [[getting_started:prerequisites|Prerequisites]] or jump straight to [[getting_started:setup|Automated Setup]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/core/authelia.txt b/config-templates/dokuwiki/data/pages/services/core/authelia.txt
deleted file mode 100644
index 011e7eb..0000000
--- a/config-templates/dokuwiki/data/pages/services/core/authelia.txt
+++ /dev/null
@@ -1,420 +0,0 @@
-====== Authelia ======
-
-Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) capabilities to secure access to your homelab services.
-
-===== Overview =====
-
-**Purpose:** SSO authentication server
-**URL:** `https://auth.yourdomain.duckdns.org`
-**Authentication:** Direct login (username/password + 2FA)
-**Deployment:** Automatic (core stack)
-**Storage:** File-based user database
-
-===== Key Features =====
-
-**Authentication Methods:**
-  * **Username/Password**: Secure credential verification
-  * **TOTP (Time-based One-Time Password)**: RFC 6238 compliant
-  * **WebAuthn**: Hardware security key support
-  * **Push Notifications**: Mobile authentication
-
-**Authorization:**
-  * **Domain-based policies**: Per-service access control
-  * **Group membership**: Role-based permissions
-  * **Bypass rules**: Direct access for media services
-  * **Session management**: Secure token handling
-
-**Security:**
-  * **Argon2id hashing**: Memory-hard password hashing
-  * **JWT tokens**: Secure session management
-  * **CSRF protection**: Cross-site request forgery prevention
-  * **Brute force protection**: Rate limiting and account lockout
-
-**Integration:**
-  * **Traefik middleware**: Reverse proxy authentication
-  * **LDAP support**: External user directory integration
-  * **SAML/OIDC**: Enterprise federation protocols
-  * **API access**: RESTful authentication API
-
-===== Configuration =====
-
-**Main Configuration (configuration.yml):**
-```yaml
----
-# Authelia configuration
-host: 0.0.0.0
-port: 9091
-
-log:
-  level: info
-  format: json
-
-jwt_secret: ${AUTHELIA_JWT_SECRET}
-session:
-  name: authelia_session
-  secret: ${AUTHELIA_SESSION_SECRET}
-  expiration: 3600  # 1 hour
-  inactivity: 300   # 5 minutes
-  domain: yourdomain.duckdns.org
-
-storage:
-  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
-  local:
-    path: /config/db.sqlite3
-
-access_control:
-  default_policy: deny
-  rules:
-    # Admin services require 2FA
-    - domain: "*.yourdomain.duckdns.org"
-      policy: two_factor
-      subject:
-        - "group:admins"
-    
-    # Media services bypass SSO
-    - domain: "jellyfin.yourdomain.duckdns.org"
-      policy: bypass
-    - domain: "plex.yourdomain.duckdns.org"
-      policy: bypass
-
-api:
-  disable_bearer_token: false
-
-authentication_backend:
-  file:
-    path: /config/users_database.yml
-
-notifier:
-  filesystem:
-    filename: /config/notification.txt
-```
-
-**User Database (users_database.yml):**
-```yaml
----
-users:
-  admin:
-    displayname: Administrator
-    password: $argon2id$...
-    email: admin@yourdomain.duckdns.org
-    groups:
-      - admins
-      - dev
-```
-
-===== Docker Compose =====
-
-```yaml
-services:
-  authelia:
-    image: authelia/authelia:latest
-    container_name: authelia
-    restart: unless-stopped
-    networks:
-      - traefik-network
-    volumes:
-      - ./authelia/configuration.yml:/config/configuration.yml:ro
-      - ./authelia/users_database.yml:/config/users_database.yml
-      - ./authelia/db.sqlite3:/config/db.sqlite3
-      - ./authelia/notification.txt:/config/notification.txt
-    environment:
-      - AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET}
-      - AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET}
-      - AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_STORAGE_ENCRYPTION_KEY}
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)"
-      - "traefik.http.routers.authelia.entrypoints=websecure"
-      - "traefik.http.routers.authelia.tls.certresolver=letsencrypt"
-      # No Authelia middleware for itself
-      - "traefik.http.services.authelia.loadbalancer.server.port=9091"
-    depends_on:
-      - authelia-redis  # If using Redis
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 256M
-        reservations:
-          cpus: '0.1'
-          memory: 64M
-```
-
-===== User Management =====
-
-**Adding Users:**
-```yaml
-users:
-  newuser:
-    displayname: "New User"
-    password: "$argon2id$..."  # Generate with authelia crypto hash generate argon2
-    email: newuser@example.com
-    groups:
-      - users
-```
-
-**Password Hashing:**
-```bash
-# Generate Argon2id hash
-docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'mypassword'
-```
-
-**Group Management:**
-```yaml
-# Define groups
-groups:
-  admins:
-    - admin
-  users:
-    - user1
-    - user2
-  media:
-    - family
-```
-
-===== Access Control Policies =====
-
-**Policy Types:**
-  * **deny**: Block all access
-  * **one_factor**: Username + password only
-  * **two_factor**: Username + password + 2FA
-  * **bypass**: No authentication required
-
-**Rule Structure:**
-```yaml
-rules:
-  - domain: "*.yourdomain.duckdns.org"
-    policy: two_factor
-    subject:
-      - "user:admin"
-      - "group:admins"
-    resources:
-      - "^/api/.*"  # API endpoints
-```
-
-**Advanced Rules:**
-```yaml
-# Time-based access
-- domain: "*.yourdomain.duckdns.org"
-    policy: two_factor
-    subject: "group:admins"
-    rules:
-      - operator: present
-        operand: http_request.header.Authorization
-
-# IP-based restrictions
-- domain: "admin.yourdomain.duckdns.org"
-    policy: deny
-    networks:
-      - "192.168.1.0/24"  # Allow only local network
-```
-
-===== Two-Factor Authentication =====
-
-**TOTP Setup:**
-  1. Access Authelia dashboard
-  2. Go to **Settings** → **One-Time Password**
-  3. Install authenticator app (Google Authenticator, Authy, etc.)
-  4. Scan QR code or enter secret manually
-  5. Enter verification code to enable
-
-**WebAuthn (Hardware Keys):**
-  * **Supported**: YubiKey, Google Titan, etc.
-  * **Protocol**: FIDO2/WebAuthn
-  * **Benefits**: Phishing-resistant, no shared secrets
-
-**Backup Codes:**
-  * Generate one-time use codes
-  * Store securely (encrypted password manager)
-  * Use only for emergency access
-
-===== Integration with Traefik =====
-
-**ForwardAuth Middleware:**
-```yaml
-# In Traefik dynamic configuration
-middlewares:
-  authelia:
-    forwardAuth:
-      address: "http://authelia:9091/api/verify?rd=https://auth.yourdomain.duckdns.org/"
-      trustForwardHeader: true
-      authResponseHeaders:
-        - "Remote-User"
-        - "Remote-Groups"
-        - "Remote-Name"
-        - "Remote-Email"
-```
-
-**Service Protection:**
-```yaml
-# Add to service labels
-labels:
-  - "traefik.http.routers.service.middlewares=authelia@docker"
-```
-
-**Bypass Configuration:**
-```yaml
-# In Authelia configuration.yml
-access_control:
-  rules:
-    - domain: "jellyfin.yourdomain.duckdns.org"
-      policy: bypass
-    - domain: "plex.yourdomain.duckdns.org"
-      policy: bypass
-```
-
-===== Session Management =====
-
-**Session Configuration:**
-```yaml
-session:
-  name: authelia_session
-  secret: ${AUTHELIA_SESSION_SECRET}
-  expiration: 3600  # 1 hour
-  inactivity: 300   # 5 minutes
-  domain: yourdomain.duckdns.org
-  same_site: lax
-  secure: true
-  http_only: true
-```
-
-**Session Security:**
-  * **Secure cookies**: HTTPS only
-  * **HttpOnly**: JavaScript protection
-  * **SameSite**: CSRF protection
-  * **Expiration**: Automatic logout
-
-===== Monitoring & Logging =====
-
-**Log Configuration:**
-```yaml
-log:
-  level: info  # debug, info, warn, error
-  format: json  # json or text
-  file: /config/authelia.log
-```
-
-**Monitoring Integration:**
-  * **Prometheus metrics**: `/metrics` endpoint
-  * **Health checks**: `/api/health` endpoint
-  * **Log aggregation**: Loki integration
-  * **Alerting**: Failed authentication notifications
-
-**Audit Logging:**
-  * **Authentication events**: Login/logout tracking
-  * **Authorization decisions**: Access control logging
-  * **Security events**: Failed attempts, lockouts
-  * **Compliance**: Audit trail for security reviews
-
-===== Security Best Practices =====
-
-**Password Policies:**
-  * **Complexity**: Minimum 12 characters, mixed case, numbers, symbols
-  * **Expiration**: Regular rotation (90-180 days)
-  * **History**: Prevent password reuse
-  * **Lockout**: Account lockout after failed attempts
-
-**Session Security:**
-  * **Short sessions**: 1 hour maximum
-  * **Inactivity timeout**: 5-15 minutes
-  * **Secure cookies**: All security flags enabled
-  * **Token rotation**: Regular token refresh
-
-**Network Security:**
-  * **HTTPS only**: No HTTP access
-  * **HSTS**: HTTP Strict Transport Security
-  * **CSP**: Content Security Policy
-  * **Rate limiting**: Brute force protection
-
-===== Troubleshooting =====
-
-**Login Issues:**
-```bash
-# Check Authelia logs
-docker logs authelia
-
-# Verify configuration
-docker exec authelia authelia validate-config /config/configuration.yml
-
-# Test authentication API
-curl -k https://auth.yourdomain.duckdns.org/api/state
-```
-
-**2FA Problems:**
-  * Check system time synchronization
-  * Verify TOTP secret/code
-  * Clear browser cache
-  * Try different authenticator app
-
-**Middleware Issues:**
-```bash
-# Check Traefik logs
-docker logs traefik | grep authelia
-
-# Test middleware
-curl -H "Host: service.yourdomain.duckdns.org" http://localhost/
-```
-
-**Configuration Errors:**
-  * Validate YAML syntax
-  * Check file permissions
-  * Verify environment variables
-  * Test configuration with `authelia validate-config`
-
-===== Advanced Features =====
-
-**LDAP Integration:**
-```yaml
-authentication_backend:
-  ldap:
-    url: ldap://127.0.0.1
-    base_dn: dc=example,dc=com
-    username_attribute: uid
-    additional_users_dn: ou=users
-    users_filter: (&({username_attribute}={input})(objectClass=person))
-    groups_filter: (&(member={dn})(objectClass=groupOfNames))
-    group_name_attribute: cn
-    mail_attribute: mail
-    display_name_attribute: displayName
-```
-
-**SAML/OIDC Identity Providers:**
-```yaml
-identity_providers:
-  oidc:
-    # OIDC configuration
-  saml:
-    # SAML configuration
-```
-
-**Custom Themes:**
-```yaml
-theme: dark  # light, dark, grey, auto
-```
-
-**API Integration:**
-  * **REST API**: Programmatic authentication
-  * **Webhooks**: Event notifications
-  * **SCIM**: User provisioning
-  * **GraphQL**: Advanced queries
-
-===== Backup & Recovery =====
-
-**Configuration Backup:**
-  * **Files**: `configuration.yml`, `users_database.yml`
-  * **Database**: `db.sqlite3`
-  * **Secrets**: Environment variables
-
-**Password Recovery:**
-  * **Backup codes**: One-time use recovery
-  * **Admin reset**: Administrative password reset
-  * **Self-service**: Password reset via email
-
-**Disaster Recovery:**
-  * **Configuration restore**: YAML file recovery
-  * **Database recovery**: SQLite backup restoration
-  * **Secret rotation**: Emergency credential management
-
-Authelia provides enterprise-grade authentication and authorization for your homelab, ensuring secure access to all your services.
-
-**Next:** Learn about [[services:core:duckdns|DuckDNS]] or [[services:core:gluetun|Gluetun]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/core/duckdns.txt b/config-templates/dokuwiki/data/pages/services/core/duckdns.txt
deleted file mode 100644
index 723863a..0000000
--- a/config-templates/dokuwiki/data/pages/services/core/duckdns.txt
+++ /dev/null
@@ -1,289 +0,0 @@
-====== DuckDNS ======
-
-DuckDNS is a free dynamic DNS service that automatically updates your domain's IP address. In the AI-Homelab, DuckDNS provides the domain name that Traefik uses for SSL certificates and service routing.
-
-===== Overview =====
-
-**Purpose:** Dynamic DNS service
-**URL:** https://duckdns.org (external service)
-**Authentication:** Token-based
-**Deployment:** Automatic (core stack)
-**Update Interval:** Every 5 minutes
-
-===== Key Features =====
-
-**Dynamic DNS:**
-  * **Free service**: No cost for basic usage
-  * **Multiple domains**: Support for multiple subdomains
-  * **API integration**: RESTful API for updates
-  * **IPv4/IPv6**: Support for both IP versions
-
-**SSL Integration:**
-  * **Wildcard certificates**: *.yourdomain.duckdns.org
-  * **Let's Encrypt**: Automatic certificate generation
-  * **DNS challenge**: Domain ownership verification
-  * **Certificate renewal**: Automatic 90-day renewal
-
-**Reliability:**
-  * **High uptime**: 99.9%+ availability
-  * **Global CDN**: Fast DNS resolution worldwide
-  * **Redundant servers**: Multiple DNS servers
-  * **Monitoring**: Service status monitoring
-
-===== Configuration =====
-
-**DuckDNS Account Setup:**
-  1. Visit https://duckdns.org
-  2. Create free account
-  3. Choose domain name (your subdomain)
-  4. Get API token from account settings
-
-**Environment Variables:**
-```bash
-# Required
-DOMAIN=yourdomain.duckdns.org
-DUCKDNS_TOKEN=your-api-token
-
-# Optional
-DUCKDNS_SUBDOMAINS=subdomain1,subdomain2
-```
-
-**Container Configuration:**
-```yaml
-services:
-  duckdns:
-    image: lscr.io/linuxserver/duckdns:latest
-    container_name: duckdns
-    restart: unless-stopped
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=${TZ}
-      - SUBDOMAINS=${DUCKDNS_SUBDOMAINS:-yourdomain}
-      - TOKEN=${DUCKDNS_TOKEN}
-    deploy:
-      resources:
-        limits:
-          cpus: '0.1'
-          memory: 64M
-        reservations:
-          cpus: '0.01'
-          memory: 16M
-```
-
-===== How It Works =====
-
-**DNS Update Process:**
-  1. **IP Detection**: Container detects current public IP
-  2. **API Call**: Sends update request to DuckDNS API
-  3. **DNS Update**: DuckDNS updates DNS records
-  4. **Propagation**: DNS changes propagate globally
-  5. **Verification**: Container verifies update success
-
-**Update Frequency:**
-  * **Interval**: Every 5 minutes
-  * **Trigger**: Container startup + periodic updates
-  * **Condition**: IP address change detected
-  * **Logging**: Update success/failure logging
-
-**API Integration:**
-```bash
-# Manual update (for testing)
-curl "https://www.duckdns.org/update?domains=yourdomain&token=your-token&ip="
-
-# Check current IP
-curl "https://www.duckdns.org/update?domains=yourdomain&token=your-token&verbose=1"
-```
-
-===== SSL Certificate Integration =====
-
-**Traefik Configuration:**
-```yaml
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      email: your-email@example.com
-      storage: /acme.json
-      dnsChallenge:
-        provider: duckdns
-        delayBeforeCheck: 30
-```
-
-**Certificate Generation:**
-  * **Challenge Type**: DNS-01
-  * **Record**: `_acme-challenge.yourdomain.duckdns.org`
-  * **Value**: Generated by Let's Encrypt
-  * **TTL**: 60 seconds (temporary)
-
-**Wildcard Certificate:**
-  * **Domain**: `*.yourdomain.duckdns.org`
-  * **Coverage**: All subdomains automatically
-  * **Type**: ECDSA P-256
-  * **Validity**: 90 days
-  * **Renewal**: Automatic (30 days before expiry)
-
-===== Monitoring & Troubleshooting =====
-
-**Container Logs:**
-```bash
-# View DuckDNS logs
-docker logs duckdns
-
-# Follow logs in real-time
-docker logs -f duckdns
-```
-
-**DNS Verification:**
-```bash
-# Check DNS resolution
-nslookup yourdomain.duckdns.org
-
-# Check TXT record (during certificate generation)
-dig TXT _acme-challenge.yourdomain.duckdns.org
-
-# Verify IP address
-curl -s https://api.ipify.org
-```
-
-**Common Issues:**
-
-**DNS Not Updating:**
-```bash
-# Check token validity
-curl "https://www.duckdns.org/update?domains=yourdomain&token=wrong-token"
-
-# Verify internet connectivity
-ping -c 4 8.8.8.8
-
-# Check container status
-docker ps | grep duckdns
-```
-
-**SSL Certificate Issues:**
-  * **Rate Limiting**: Let's Encrypt limits (20 certificates/week)
-  * **DNS Propagation**: Wait 5-10 minutes after DNS update
-  * **Token Issues**: Verify DuckDNS token is correct
-  * **Port Forwarding**: Ensure 80/443 are forwarded
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs duckdns`
-  2. **Verify token**: Test API manually
-  3. **Check IP**: Confirm current public IP
-  4. **Test DNS**: Verify domain resolution
-  5. **Restart container**: `docker restart duckdns`
-
-===== Advanced Configuration =====
-
-**Multiple Subdomains:**
-```bash
-# Environment variable
-DUCKDNS_SUBDOMAINS=sub1,sub2,sub3
-
-# Or in compose
-environment:
-  - SUBDOMAINS=sub1,sub2,sub3
-```
-
-**IPv6 Support:**
-```bash
-# Enable IPv6 updates
-environment:
-  - IPV6=1
-```
-
-**Custom Update Interval:**
-```bash
-# Modify container command
-command: sh -c "while true; do /app/duckdns.sh; sleep 300; done"
-# 300 seconds = 5 minutes (default)
-```
-
-===== Security Considerations =====
-
-**Token Security:**
-  * **Storage**: Environment variables (not in code)
-  * **Access**: Limited to DuckDNS container only
-  * **Rotation**: Regular token renewal
-  * **Monitoring**: API usage monitoring
-
-**DNS Security:**
-  * **DNSSEC**: Not supported by DuckDNS
-  * **Rate Limiting**: API call restrictions
-  * **Monitoring**: DNS query logging
-  * **Backup**: Secondary DNS provider consideration
-
-===== Performance & Reliability =====
-
-**Update Efficiency:**
-  * **Conditional Updates**: Only when IP changes
-  * **Fast API**: Quick response times
-  * **Error Handling**: Retry logic for failures
-  * **Logging**: Comprehensive update logging
-
-**Global Distribution:**
-  * **Anycast**: Multiple global DNS servers
-  * **CDN**: Fast resolution worldwide
-  * **Caching**: DNS record caching
-  * **Redundancy**: Multiple server locations
-
-===== Alternative DNS Providers =====
-
-**If DuckDNS is insufficient:**
-
-**Cloudflare:**
-  * **Free tier**: 100,000 DNS queries/month
-  * **API**: Full DNS management
-  * **DNSSEC**: Supported
-  * **Analytics**: Query statistics
-
-**No-IP:**
-  * **Free tier**: 30-day renewal requirement
-  * **Multiple hosts**: Up to 3 free domains
-  * **Client software**: Windows/Mac/Linux clients
-  * **Groups**: Domain grouping
-
-**Dynu:**
-  * **Free tier**: 1 domain, 30-day renewal
-  * **API**: RESTful API
-  * **IPv6**: Supported
-  * **Analytics**: Basic statistics
-
-===== Migration Guide =====
-
-**Switching DNS Providers:**
-  1. **Register**: Create account with new provider
-  2. **Configure**: Set up domain and get API token
-  3. **Update**: Modify environment variables
-  4. **Test**: Verify DNS resolution
-  5. **SSL**: Update Traefik certificate resolver
-  6. **Cleanup**: Remove old DuckDNS container
-
-**Certificate Migration:**
-  * **Backup**: Save acme.json file
-  * **Update**: Change DNS provider in Traefik
-  * **Renew**: Force certificate renewal
-  * **Verify**: Test SSL certificate validity
-
-===== Best Practices =====
-
-**Domain Management:**
-  * **Choose wisely**: Select available, memorable domain
-  * **Documentation**: Record domain and token securely
-  * **Backup**: Include DNS settings in backup
-  * **Monitoring**: Monitor domain expiration
-
-**SSL Management:**
-  * **Wildcard**: Use for all subdomains
-  * **Backup**: Regular acme.json backups
-  * **Monitoring**: Certificate expiry alerts
-  * **Testing**: Regular SSL validation
-
-**Reliability:**
-  * **Redundancy**: Consider secondary DNS
-  * **Monitoring**: DNS and SSL health checks
-  * **Updates**: Keep container updated
-  * **Logging**: Monitor update success
-
-DuckDNS provides the foundation for your homelab's domain name and SSL certificates, ensuring secure and reliable access to all your services.
-
-**Next:** Learn about [[services:core:gluetun|Gluetun]] or explore [[architecture:networking|Network Architecture]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/core/gluetun.txt b/config-templates/dokuwiki/data/pages/services/core/gluetun.txt
deleted file mode 100644
index 31ada15..0000000
--- a/config-templates/dokuwiki/data/pages/services/core/gluetun.txt
+++ /dev/null
@@ -1,404 +0,0 @@
-====== Gluetun ======
-
-Gluetun is a VPN client container that routes download services through VPN providers like Surfshark, NordVPN, or Mullvad. It provides network-level VPN protection for torrent clients and other download services.
-
-===== Overview =====
-
-**Purpose:** VPN client for download services
-**Supported VPNs:** Surfshark, NordVPN, Mullvad, ExpressVPN, ProtonVPN, and 20+ others
-**Network Mode:** Service-based routing
-**Deployment:** Core stack (always running)
-**Resource Usage:** Low (minimal CPU/memory)
-
-===== Key Features =====
-
-**VPN Providers:**
-  * **Surfshark**: Primary recommended provider
-  * **WireGuard/OpenVPN**: Multiple protocol support
-  * **Port Forwarding**: Automatic port forwarding
-  * **Kill Switch**: Network isolation when VPN fails
-
-**Network Routing:**
-  * **Service Mode**: `network_mode: "service:gluetun"`
-  * **Port Mapping**: VPN ports mapped to host
-  * **DNS**: VPN provider DNS servers
-  * **Firewall**: Built-in firewall rules
-
-**Security Features:**
-  * **IP Leak Protection**: Prevents IP exposure
-  * **DNS Leak Protection**: VPN DNS enforcement
-  * **Kill Switch**: Automatic connection blocking
-  * **Protocol Selection**: WireGuard/OpenVPN choice
-
-===== Configuration =====
-
-**Environment Variables:**
-```bash
-# VPN Provider (Surfshark recommended)
-VPN_SERVICE_PROVIDER=surfshark
-VPN_TYPE=wireguard
-
-# Credentials
-VPN_USERNAME=your-username
-VPN_PASSWORD=your-password
-
-# Optional: Specific server/country
-SERVER_COUNTRIES=Netherlands
-SERVER_CITIES=Amsterdam
-
-# Optional: WireGuard specific
-WIREGUARD_PRIVATE_KEY=your-private-key
-WIREGUARD_ADDRESSES=10.0.0.0/8
-```
-
-**Container Configuration:**
-```yaml
-services:
-  gluetun:
-    image: qmcgaw/gluetun:latest
-    container_name: gluetun
-    restart: unless-stopped
-    cap_add:
-      - NET_ADMIN
-    devices:
-      - /dev/net/tun:/dev/net/tun
-    environment:
-      - VPN_SERVICE_PROVIDER=${VPN_SERVICE_PROVIDER}
-      - VPN_TYPE=${VPN_TYPE}
-      - VPN_USERNAME=${VPN_USERNAME}
-      - VPN_PASSWORD=${VPN_PASSWORD}
-      - SERVER_COUNTRIES=${SERVER_COUNTRIES:-Netherlands}
-    volumes:
-      - ./gluetun/config:/config
-    ports:
-      - 8080:8080    # qBittorrent WebUI
-      - 6881:6881    # qBittorrent TCP
-      - 6881:6881/udp # qBittorrent UDP
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 256M
-        reservations:
-          cpus: '0.1'
-          memory: 64M
-```
-
-===== How VPN Routing Works =====
-
-**Service-Based Routing:**
-```yaml
-# Download service configuration
-services:
-  qbittorrent:
-    image: lscr.io/linuxserver/qbittorrent:latest
-    network_mode: "service:gluetun"  # Routes through VPN
-    depends_on:
-      - gluetun
-    volumes:
-      - ./qbittorrent/config:/config
-      - /mnt/downloads:/downloads
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=${TZ}
-    # No ports exposed - accessed via Gluetun
-```
-
-**Network Flow:**
-  1. **Gluetun Container**: Establishes VPN connection
-  2. **Service Mode**: Download service shares Gluetun's network stack
-  3. **VPN Routing**: All traffic from download service goes through VPN
-  4. **Port Mapping**: VPN ports mapped to Gluetun container ports
-  5. **Access**: Services access download client via Gluetun's IP/port
-
-===== VPN Provider Setup =====
-
-**Surfshark (Recommended):**
-  1. **Sign up**: https://surfshark.com
-  2. **Get credentials**: Username/password from account
-  3. **WireGuard**: Generate private key (optional, faster)
-  4. **Configure**: Use in environment variables
-
-**WireGuard Setup (Optional but Recommended):**
-```bash
-# Generate private key
-wg genkey
-
-# Or use Surfshark app to get key
-# Account -> Manual Setup -> WireGuard
-```
-
-**Other Providers:**
-```yaml
-# NordVPN
-VPN_SERVICE_PROVIDER=nordvpn
-VPN_TYPE=openvpn
-
-# Mullvad
-VPN_SERVICE_PROVIDER=mullvad
-VPN_TYPE=wireguard
-
-# ExpressVPN
-VPN_SERVICE_PROVIDER=expressvpn
-VPN_TYPE=openvpn
-```
-
-===== Port Management =====
-
-**Port Forwarding:**
-```yaml
-# Gluetun ports (map download service ports)
-ports:
-  - 8080:8080      # WebUI
-  - 6881:6881      # TCP torrent port
-  - 6881:6881/udp  # UDP torrent port
-  - 51413:51413    # Alternative torrent port
-  - 51413:51413/udp
-```
-
-**Dynamic Port Forwarding:**
-  * **Automatic**: Some providers support automatic port forwarding
-  * **Manual**: Configure specific ports in VPN provider
-  * **Testing**: Verify port forwarding with online tools
-
-**Port Forwarding Check:**
-```bash
-# Check if port is open
-curl -s "https://portchecker.co/check" --data "port=6881"
-
-# Or use online port checker
-# Visit: https://www.yougetsignal.com/tools/open-ports/
-```
-
-===== Monitoring & Troubleshooting =====
-
-**Container Logs:**
-```bash
-# View Gluetun logs
-docker logs gluetun
-
-# Follow logs in real-time
-docker logs -f gluetun
-```
-
-**VPN Status Check:**
-```bash
-# Check VPN connection
-docker exec gluetun sh -c "curl -s ifconfig.me"
-
-# Verify VPN IP (should be different from your real IP)
-docker exec gluetun sh -c "curl -s https://api.ipify.org"
-```
-
-**Kill Switch Testing:**
-```bash
-# Test kill switch (disconnect VPN)
-docker exec gluetun sh -c "iptables -P OUTPUT DROP"
-
-# Restore (reconnect VPN)
-docker restart gluetun
-```
-
-**Common Issues:**
-
-**VPN Connection Failed:**
-```bash
-# Check credentials
-docker logs gluetun | grep -i "auth\|login\|password"
-
-# Verify server selection
-docker logs gluetun | grep -i "server\|country"
-
-# Test VPN provider status
-# Visit provider status page
-```
-
-**DNS Leaks:**
-```bash
-# Check DNS servers
-docker exec gluetun sh -c "cat /etc/resolv.conf"
-
-# Test DNS leak
-# Visit: https://www.dnsleaktest.com
-```
-
-**Port Forwarding Issues:**
-  * **Provider Support**: Not all VPNs support port forwarding
-  * **Server Selection**: Choose servers that support port forwarding
-  * **Configuration**: Enable port forwarding in VPN account
-  * **Testing**: Use port checking tools
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs gluetun`
-  2. **Verify credentials**: Test with VPN provider app
-  3. **Test connection**: Manual VPN connection
-  4. **Check ports**: Verify port forwarding
-  5. **Restart**: `docker restart gluetun`
-
-===== Security Considerations =====
-
-**Kill Switch Protection:**
-  * **Automatic**: Blocks all traffic if VPN disconnects
-  * **Testing**: Regularly test kill switch functionality
-  * **Monitoring**: Monitor VPN connection status
-  * **Alerts**: Set up notifications for VPN failures
-
-**IP Leak Prevention:**
-  * **WebRTC**: Disable WebRTC in browsers
-  * **IPv6**: Disable IPv6 if not needed
-  * **DNS**: Use VPN DNS servers only
-  * **Testing**: Regular leak testing
-
-**Credential Security:**
-  * **Storage**: Environment variables (not in code)
-  * **Access**: Limited to Gluetun container
-  * **Rotation**: Regular password changes
-  * **2FA**: Enable 2FA on VPN account
-
-===== Performance Optimization =====
-
-**Protocol Selection:**
-  * **WireGuard**: Faster, more secure (recommended)
-  * **OpenVPN**: More compatible, slightly slower
-  * **IKEv2**: Mobile-optimized
-
-**Server Selection:**
-  * **Location**: Choose closest servers
-  * **Load**: Select less crowded servers
-  * **Features**: Port forwarding capable servers
-  * **Testing**: Test different server locations
-
-**Resource Limits:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '0.5'    # Low CPU usage
-      memory: 256M   # Minimal memory
-    reservations:
-      cpus: '0.1'
-      memory: 64M
-```
-
-===== Advanced Configuration =====
-
-**Custom VPN Configuration:**
-```yaml
-# Custom OpenVPN config
-volumes:
-  - ./gluetun/config:/config
-  - ./custom-config:/custom
-
-environment:
-  - VPN_TYPE=openvpn
-  - OPENVPN_CUSTOM_CONFIG=/custom/my-config.ovpn
-```
-
-**Multiple VPN Services:**
-```yaml
-# Separate Gluetun instances for different services
-services:
-  gluetun-us:
-    # US-based VPN
-    environment:
-      - SERVER_COUNTRIES=United States
-
-  gluetun-nl:
-    # Netherlands-based VPN
-    environment:
-      - SERVER_COUNTRIES=Netherlands
-```
-
-**Health Checks:**
-```yaml
-healthcheck:
-  test: ["CMD", "curl", "-f", "https://api.ipify.org"]
-  interval: 30s
-  timeout: 10s
-  retries: 3
-```
-
-===== Integration with Download Services =====
-
-**qBittorrent Configuration:**
-```yaml
-# In qbittorrent config
-# Network settings
-Connection Limits:
-  Global max number of upload slots: 20
-  Max number of upload slots per torrent: 5
-
-# BitTorrent settings
-Enable DHT: Yes
-Enable PeX: Yes
-Enable LSD: Yes
-
-# WebUI settings
-IP Address: 0.0.0.0
-Port: 8080
-```
-
-**Transmission Configuration:**
-```yaml
-# transmission-daemon settings.json
-{
-  "rpc-port": 9091,
-  "rpc-username": "admin",
-  "rpc-password": "password",
-  "rpc-whitelist-enabled": false,
-  "download-dir": "/downloads",
-  "incomplete-dir": "/downloads/incomplete"
-}
-```
-
-===== Backup & Recovery =====
-
-**Configuration Backup:**
-```bash
-# Backup Gluetun config
-docker run --rm \
-  -v gluetun-config:/config \
-  -v $(pwd)/backup:/backup \
-  busybox tar czf /backup/gluetun-config.tar.gz /config
-```
-
-**VPN Credential Rotation:**
-  1. **Generate new credentials** in VPN provider
-  2. **Update environment variables** in .env
-  3. **Restart Gluetun**: `docker restart gluetun`
-  4. **Verify connection**: Check logs and IP
-  5. **Test downloads**: Verify torrent functionality
-
-===== Best Practices =====
-
-**VPN Selection:**
-  * **Reliability**: Choose reputable providers
-  * **Speed**: Test connection speeds
-  * **Features**: Port forwarding, kill switch
-  * **Privacy**: No-logs policy
-  * **Cost**: Balance features vs price
-
-**Security:**
-  * **Kill Switch**: Always enabled
-  * **Regular Testing**: Monthly leak tests
-  * **Updates**: Keep Gluetun updated
-  * **Monitoring**: VPN status monitoring
-
-**Performance:**
-  * **WireGuard**: Prefer over OpenVPN
-  * **Server Location**: Closest available
-  * **Load Balancing**: Distribute across servers
-  * **Monitoring**: Track connection quality
-
-**Maintenance:**
-  * **Credential Rotation**: Regular password changes
-  * **Log Review**: Monitor connection logs
-  * **Update Checks**: Keep VPN client updated
-  * **Backup**: Regular configuration backups
-
-Gluetun provides essential VPN protection for download services, ensuring your torrenting and file sharing activities remain private and secure.
-
-**Next:** Learn about [[services:core:sablier|Sablier]] or explore [[architecture:security|Security Architecture]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/core/sablier.txt b/config-templates/dokuwiki/data/pages/services/core/sablier.txt
deleted file mode 100644
index 2ae46a4..0000000
--- a/config-templates/dokuwiki/data/pages/services/core/sablier.txt
+++ /dev/null
@@ -1,401 +0,0 @@
-====== Sablier ======
-
-Sablier is a lazy loading service that starts Docker containers on-demand when accessed, then automatically stops them after a period of inactivity. This saves system resources by keeping unused services stopped until needed.
-
-===== Overview =====
-
-**Purpose:** On-demand container startup
-**Integration:** Traefik middleware
-**Resource Savings:** Significant CPU/memory reduction
-**Deployment:** Core stack (always running)
-**Configuration:** Label-based activation
-
-===== Key Features =====
-
-**Lazy Loading:**
-  * **On-Demand Startup**: Containers start when accessed
-  * **Automatic Shutdown**: Stop after inactivity timeout
-  * **Resource Efficiency**: Save CPU/memory when not used
-  * **Transparent**: No user experience changes
-
-**Integration:**
-  * **Traefik Middleware**: HTTP request triggering
-  * **Label Configuration**: Simple Docker labels
-  * **Group Management**: Related services as groups
-  * **Health Checks**: Wait for service readiness
-
-**Performance:**
-  * **Fast Startup**: Quick container initialization
-  * **Timeout Control**: Configurable inactivity periods
-  * **Queue Management**: Handle multiple concurrent requests
-  * **Monitoring**: Startup/shutdown tracking
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  sablier:
-    image: acouvreur/sablier:latest
-    container_name: sablier
-    restart: unless-stopped
-    environment:
-      - SABLIER_STRATEGY=docker-api
-      - SABLIER_DOCKER_API_VERSION=1.41
-      - SABLIER_DOCKER_NETWORK=traefik-network
-      - SABLIER_TIMEOUT=5m
-      - SABLIER_SESSION_DURATION=168h
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '0.2'
-          memory: 128M
-        reservations:
-          cpus: '0.05'
-          memory: 32M
-```
-
-**Service Integration Labels:**
-```yaml
-# Enable Sablier for a service
-labels:
-  - "sablier.enable=true"
-  - "sablier.group=my-service-group"
-  - "sablier.start-on-demand=true"
-  - "sablier.timeout=5m"  # Optional: per-service timeout
-```
-
-===== How Lazy Loading Works =====
-
-**Request Flow:**
-  1. **HTTP Request**: User accesses service URL
-  2. **Traefik Routing**: Request hits Traefik with Sablier middleware
-  3. **Sablier Check**: Sablier checks if target service is running
-  4. **Container Start**: If stopped, Sablier starts the container
-  5. **Health Wait**: Waits for service to be ready
-  6. **Request Forward**: Forwards request to running service
-  7. **Timeout Reset**: Resets inactivity timer
-
-**Automatic Shutdown:**
-  * **Inactivity Detection**: No requests for timeout period
-  * **Graceful Shutdown**: Container stopped cleanly
-  * **Resource Recovery**: CPU/memory freed up
-  * **Restart Ready**: Ready for next access
-
-===== Service Configuration =====
-
-**Basic Setup:**
-```yaml
-services:
-  my-service:
-    image: my-service:latest
-    labels:
-      # Traefik labels (normal)
-      - "traefik.enable=true"
-      - "traefik.http.routers.my-service.rule=Host(`my-service.${DOMAIN}`)"
-      - "traefik.http.routers.my-service.entrypoints=websecure"
-      - "traefik.http.routers.my-service.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.my-service.middlewares=authelia@docker"
-      
-      # Sablier labels (lazy loading)
-      - "sablier.enable=true"
-      - "sablier.group=my-service"
-      - "sablier.start-on-demand=true"
-```
-
-**Advanced Configuration:**
-```yaml
-labels:
-  # Custom timeout (overrides global)
-  - "sablier.timeout=10m"
-  
-  # Custom session duration
-  - "sablier.session-duration=24h"
-  
-  # Group multiple services
-  - "sablier.group=media-stack"
-```
-
-===== Timeout Management =====
-
-**Global Timeout:**
-```yaml
-environment:
-  - SABLIER_TIMEOUT=5m  # Default 5 minutes
-```
-
-**Per-Service Timeout:**
-```yaml
-labels:
-  - "sablier.timeout=15m"  # Override for this service
-```
-
-**Session Duration:**
-```yaml
-environment:
-  - SABLIER_SESSION_DURATION=168h  # 7 days default
-```
-
-**Timeout Behavior:**
-  * **Activity Reset**: Each request resets the timer
-  * **Graceful Shutdown**: Clean container stop
-  * **Resource Recovery**: Memory/CPU freed
-  * **Quick Restart**: Fast startup on next access
-
-===== Group Management =====
-
-**Service Groups:**
-```yaml
-# Related services in same group
-services:
-  sonarr:
-    labels:
-      - "sablier.group=media-management"
-      
-  radarr:
-    labels:
-      - "sablier.group=media-management"
-      
-  prowlarr:
-    labels:
-      - "sablier.group=media-management"
-```
-
-**Group Benefits:**
-  * **Coordinated Startup**: Start related services together
-  * **Shared Timeout**: Group timeout applies to all
-  * **Resource Management**: Better resource planning
-  * **Dependency Handling**: Handle service dependencies
-
-===== Monitoring & Troubleshooting =====
-
-**Sablier Logs:**
-```bash
-# View Sablier logs
-docker logs sablier
-
-# Follow logs in real-time
-docker logs -f sablier
-```
-
-**Startup Monitoring:**
-```bash
-# Check service startup
-docker logs sablier | grep "Starting container"
-
-# Monitor shutdowns
-docker logs sablier | grep "Stopping container"
-```
-
-**Debug Mode:**
-```yaml
-environment:
-  - SABLIER_LOG_LEVEL=debug
-```
-
-**Common Issues:**
-
-**Service Not Starting:**
-```bash
-# Check Sablier logs
-docker logs sablier | grep -i "error\|failed"
-
-# Verify Docker socket access
-docker exec sablier ls -la /var/run/docker.sock
-
-# Check network connectivity
-docker exec sablier ping -c 2 traefik
-```
-
-**Timeout Issues:**
-  * **Too Short**: Services stopping too quickly
-  * **Too Long**: Resources not freed timely
-  * **Per-Service**: Override global timeout
-  * **Testing**: Monitor actual usage patterns
-
-**Middleware Issues:**
-  * **Traefik Config**: Verify middleware order
-  * **Label Format**: Check label syntax
-  * **Network Access**: Ensure Sablier can reach Docker API
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs sablier`
-  2. **Verify labels**: Check service configuration
-  3. **Test startup**: Manual container start
-  4. **Check network**: Verify Docker API access
-  5. **Restart Sablier**: `docker restart sablier`
-
-===== Performance Optimization =====
-
-**Resource Limits:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '0.2'    # Low CPU usage
-      memory: 128M   # Minimal memory
-    reservations:
-      cpus: '0.05'
-      memory: 32M
-```
-
-**Timeout Tuning:**
-  * **Frequent Access**: Longer timeouts (15-30m)
-  * **Infrequent Access**: Shorter timeouts (2-5m)
-  * **Resource Intensive**: Consider manual management
-  * **User Patterns**: Monitor and adjust based on usage
-
-**Startup Optimization:**
-  * **Health Checks**: Fast health check endpoints
-  * **Dependencies**: Minimize startup dependencies
-  * **Caching**: Use persistent volumes for data
-  * **Pre-warming**: Keep critical services running
-
-===== Security Considerations =====
-
-**Docker Socket Access:**
-  * **Read-Only**: Mount socket as read-only
-  * **Limited Access**: Only Sablier container access
-  * **Network Isolation**: Separate network for Sablier
-  * **Monitoring**: Monitor Docker API usage
-
-**Service Security:**
-  * **No Direct Access**: Services only accessible via Traefik
-  * **Authentication**: Authelia protection maintained
-  * **SSL**: HTTPS encryption preserved
-  * **Timeout Security**: Automatic cleanup prevents exposure
-
-===== Advanced Configuration =====
-
-**Custom Strategies:**
-```yaml
-environment:
-  - SABLIER_STRATEGY=docker-api  # Default
-  # Alternative: kubernetes, swarm
-```
-
-**Queue Management:**
-```yaml
-environment:
-  - SABLIER_QUEUE_SIZE=10  # Concurrent startups
-  - SABLIER_QUEUE_TIMEOUT=30s  # Queue wait timeout
-```
-
-**Health Check Configuration:**
-```yaml
-environment:
-  - SABLIER_HEALTH_CHECK=true
-  - SABLIER_HEALTH_CHECK_TIMEOUT=30s
-  - SABLIER_HEALTH_CHECK_INTERVAL=5s
-```
-
-**Dynamic Configuration:**
-```yaml
-# Via environment variables
-environment:
-  - SABLIER_SERVICES=my-service:5m,other-service:10m
-```
-
-===== Integration Examples =====
-
-**Media Management Stack:**
-```yaml
-services:
-  sonarr:
-    labels:
-      - "sablier.enable=true"
-      - "sablier.group=media-mgmt"
-      - "sablier.timeout=15m"
-      
-  radarr:
-    labels:
-      - "sablier.enable=true"
-      - "sablier.group=media-mgmt"
-      - "sablier.timeout=15m"
-      
-  prowlarr:
-    labels:
-      - "sablier.enable=true"
-      - "sablier.group=media-mgmt"
-      - "sablier.timeout=10m"
-```
-
-**Development Tools:**
-```yaml
-services:
-  code-server:
-    labels:
-      - "sablier.enable=true"
-      - "sablier.group=dev-tools"
-      - "sablier.timeout=2h"  # Longer for development
-      
-  jupyter:
-    labels:
-      - "sablier.enable=true"
-      - "sablier.group=dev-tools"
-      - "sablier.timeout=1h"
-```
-
-===== Best Practices =====
-
-**Service Selection:**
-  * **Infrequently Used**: Perfect for rarely accessed services
-  * **Resource Intensive**: Save resources on heavy services
-  * **Development Tools**: Good for dev environments
-  * **Always-On**: Keep critical services running
-
-**Timeout Configuration:**
-  * **Monitor Usage**: Track actual access patterns
-  * **Adjust Gradually**: Start conservative, adjust based on logs
-  * **Per-Service**: Different timeouts for different services
-  * **User Feedback**: Consider user experience
-
-**Resource Management:**
-  * **Capacity Planning**: Calculate resource savings
-  * **Monitoring**: Track startup/shutdown patterns
-  * **Optimization**: Tune based on system resources
-  * **Backup Plan**: Manual startup if needed
-
-**Maintenance:**
-  * **Log Review**: Regular log analysis
-  * **Performance Monitoring**: Track resource usage
-  * **Configuration Updates**: Update timeouts as needed
-  * **Documentation**: Document lazy-loaded services
-
-===== Monitoring & Alerts =====
-
-**Log Analysis:**
-```bash
-# Startup events
-docker logs sablier | grep "Starting"
-
-# Shutdown events
-docker logs sablier | grep "Stopping"
-
-# Errors
-docker logs sablier | grep -i "error"
-```
-
-**Performance Metrics:**
-  * **Startup Time**: Time to service readiness
-  * **Resource Usage**: CPU/memory before/after
-  * **Access Patterns**: Frequency of service access
-  * **Timeout Effectiveness**: Actual vs configured timeouts
-
-**Health Monitoring:**
-```yaml
-# Add health check
-healthcheck:
-  test: ["CMD", "curl", "-f", "http://localhost:10000/health"]
-  interval: 30s
-  timeout: 10s
-  retries: 3
-```
-
-Sablier significantly reduces resource usage by keeping unused services stopped until needed, while maintaining a seamless user experience through automatic on-demand startup.
-
-**Next:** Explore [[architecture:storage|Storage Architecture]] or return to [[services:start|Services Overview]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/core/traefik.txt b/config-templates/dokuwiki/data/pages/services/core/traefik.txt
deleted file mode 100644
index 373e035..0000000
--- a/config-templates/dokuwiki/data/pages/services/core/traefik.txt
+++ /dev/null
@@ -1,366 +0,0 @@
-====== Traefik ======
-
-Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. In the AI-Homelab, Traefik serves as the main entry point for all services, providing automatic HTTPS, load balancing, and routing.
-
-===== Overview =====
-
-**Purpose:** HTTP reverse proxy and load balancer
-**URL:** `https://traefik.yourdomain.duckdns.org`
-**Authentication:** Authelia SSO
-**Deployment:** Automatic (core stack)
-**Configuration:** File-based (YAML)
-
-===== Key Features =====
-
-**Automatic HTTPS:**
-  * Let's Encrypt integration
-  * Wildcard SSL certificates
-  * Automatic renewal (90 days)
-  * A+ SSL rating
-
-**Service Discovery:**
-  * Docker label-based routing
-  * Dynamic configuration reloading
-  * Zero-downtime deployments
-  * Health check integration
-
-**Load Balancing:**
-  * Round-robin distribution
-  * Weighted load balancing
-  * Session stickiness
-  * Circuit breaker protection
-
-**Security:**
-  * HTTP security headers
-  * Rate limiting
-  * IP whitelisting
-  * CORS protection
-
-===== Configuration =====
-
-**Static Configuration (traefik.yml):**
-```yaml
-global:
-  checkNewVersion: false
-  sendAnonymousUsage: false
-
-api:
-  dashboard: true
-  insecure: false
-
-entryPoints:
-  web:
-    address: ":80"
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-  websecure:
-    address: ":443"
-    http:
-      tls:
-        certResolver: letsencrypt
-
-providers:
-  docker:
-    endpoint: "unix:///var/run/docker.sock"
-    exposedByDefault: false
-    network: traefik-network
-  file:
-    directory: /dynamic
-    watch: true
-
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      email: your-email@example.com
-      storage: /acme.json
-      dnsChallenge:
-        provider: duckdns
-        delayBeforeCheck: 30
-```
-
-**Dynamic Configuration (external.yml):**
-```yaml
-http:
-  middlewares:
-    authelia:
-      forwardAuth:
-        address: "http://authelia:9091/api/verify?rd=https://auth.yourdomain.duckdns.org/"
-        trustForwardHeader: true
-        authResponseHeaders:
-          - "Remote-User"
-          - "Remote-Groups"
-          - "Remote-Name"
-          - "Remote-Email"
-
-    security-headers:
-      headers:
-        customRequestHeaders:
-          X-Forwarded-Proto: "https"
-        customResponseHeaders:
-          X-Frame-Options: "SAMEORIGIN"
-          X-Content-Type-Options: "nosniff"
-          Referrer-Policy: "strict-origin-when-cross-origin"
-          Permissions-Policy: "geolocation=(), microphone=(), camera=()"
-        stsSeconds: 31536000
-        stsIncludeSubdomains: true
-        stsPreload: true
-```
-
-===== Docker Compose =====
-
-```yaml
-services:
-  traefik:
-    image: traefik:v3.0
-    container_name: traefik
-    restart: unless-stopped
-    networks:
-      - traefik-network
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ./traefik.yml:/etc/traefik/traefik.yml:ro
-      - ./dynamic:/dynamic:ro
-      - ./acme.json:/acme.json
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    environment:
-      - DUCKDNS_TOKEN=${DUCKDNS_TOKEN}
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
-      - "traefik.http.routers.traefik.entrypoints=websecure"
-      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.traefik.middlewares=authelia@docker"
-      - "traefik.http.routers.traefik.service=api@internal"
-      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 256M
-        reservations:
-          cpus: '0.1'
-          memory: 64M
-```
-
-===== Service Routing =====
-
-**Standard Service Labels:**
-```yaml
-labels:
-  - "traefik.enable=true"
-  - "traefik.http.routers.service.rule=Host(`service.${DOMAIN}`)"
-  - "traefik.http.routers.service.entrypoints=websecure"
-  - "traefik.http.routers.service.tls.certresolver=letsencrypt"
-  - "traefik.http.routers.service.middlewares=authelia@docker"
-  - "traefik.http.services.service.loadbalancer.server.port=8080"
-```
-
-**Router Components:**
-  * **Rule**: Host matching (e.g., `Host(`service.domain.org`)`)
-  * **EntryPoint**: HTTP/HTTPS endpoint
-  * **TLS**: Certificate resolver
-  * **Middlewares**: Authentication, security headers
-  * **Service**: Backend service definition
-
-**Advanced Routing:**
-```yaml
-# Path-based routing
-- "traefik.http.routers.api.rule=Host(`api.${DOMAIN}`) && PathPrefix(`/v1`)"
-- "traefik.http.routers.web.rule=Host(`app.${DOMAIN}`)"
-
-# Header-based routing
-- "traefik.http.routers.mobile.rule=Host(`app.${DOMAIN}`) && Headers(`User-Agent`, `*Mobile*`)"
-
-# Priority routing
-- "traefik.http.routers.specific.rule=Host(`service.${DOMAIN}`) && Path(`/api`)"
-- "traefik.http.routers.specific.priority=100"
-```
-
-===== SSL Certificate Management =====
-
-**Certificate Generation:**
-  * **Challenge**: DNS-01 (DuckDNS)
-  * **Provider**: Let's Encrypt
-  * **Type**: ECDSA P-256
-  * **Validity**: 90 days
-  * **Renewal**: Automatic (30 days before expiry)
-
-**Certificate Storage:**
-  * **File**: `/opt/stacks/core/traefik/acme.json`
-  * **Permissions**: 600 (owner read/write only)
-  * **Backup**: Include in backup strategy
-  * **Format**: JSON with encrypted private keys
-
-**Troubleshooting SSL:**
-```bash
-# Check certificate status
-echo | openssl s_client -connect yourdomain.duckdns.org:443 -servername service.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -dates
-
-# View Traefik logs
-docker logs traefik | grep certificate
-
-# Check DNS TXT record
-dig TXT _acme-challenge.yourdomain.duckdns.org
-```
-
-===== Monitoring & Logging =====
-
-**Dashboard Access:**
-  * URL: `https://traefik.yourdomain.duckdns.org`
-  * Features: Real-time routing, health status, metrics
-  * Authentication: Authelia SSO required
-
-**Log Configuration:**
-```yaml
-log:
-  level: INFO
-  format: json
-
-accessLog:
-  filePath: /var/log/traefik/access.log
-  format: json
-  filters:
-    statusCodes: ["200-299", "400-499", "500-599"]
-```
-
-**Metrics Integration:**
-  * **Prometheus**: `/metrics` endpoint
-  * **Health Checks**: Service health monitoring
-  * **Performance**: Response time tracking
-
-===== Security Features =====
-
-**Authentication Middleware:**
-  * **Authelia Integration**: SSO for protected services
-  * **Bypass Rules**: Direct access for media services
-  * **Session Management**: Secure cookie handling
-
-**Rate Limiting:**
-```yaml
-middlewares:
-  rate-limit:
-    rateLimit:
-      burst: 100
-      average: 50
-```
-
-**IP Whitelisting:**
-```yaml
-middlewares:
-  ip-whitelist:
-    ipWhiteList:
-      sourceRange:
-        - "192.168.1.0/24"
-        - "10.0.0.0/8"
-```
-
-===== Performance Optimization =====
-
-**Caching:**
-```yaml
-middlewares:
-  cache:
-    inFlightReq:
-      amount: 64
-```
-
-**Compression:**
-  * **Gzip**: Automatic text compression
-  * **Brotli**: Advanced compression (if supported)
-
-**Connection Pooling:**
-  * **Keep-Alive**: Persistent connections
-  * **Connection Reuse**: Reduced latency
-  * **Timeout Management**: Connection limits
-
-===== Troubleshooting =====
-
-**Service Not Accessible:**
-```bash
-# Check if service is running
-docker ps | grep service-name
-
-# Verify Traefik labels
-docker inspect service-name | grep traefik
-
-# Check Traefik logs
-docker logs traefik | grep service-name
-```
-
-**SSL Issues:**
-  * Verify DuckDNS token
-  * Check DNS propagation
-  * Confirm port forwarding
-  * Review certificate logs
-
-**Routing Problems:**
-  * Validate router rules
-  * Check middleware configuration
-  * Test service connectivity
-  * Review access logs
-
-**Performance Issues:**
-  * Monitor resource usage
-  * Check connection limits
-  * Review middleware stack
-  * Analyze access patterns
-
-===== External Service Proxying =====
-
-**Proxying Non-Docker Services:**
-```yaml
-# In dynamic/external.yml
-http:
-  routers:
-    external-service:
-      rule: "Host(`external.yourdomain.duckdns.org`)"
-      service: external-service
-      middlewares:
-        - authelia@docker
-  services:
-    external-service:
-      loadBalancer:
-        servers:
-          - url: "http://192.168.1.100:8123"
-```
-
-**Use Cases:**
-  * Raspberry Pi Home Assistant
-  * NAS devices
-  * Legacy applications
-  * Network printers
-
-===== Best Practices =====
-
-**Configuration Management:**
-  * Use version control for config files
-  * Test changes in staging
-  * Document custom routing rules
-  * Regular backup of acme.json
-
-**Security:**
-  * Keep Traefik updated
-  * Monitor access logs
-  * Use strong authentication
-  * Regular security audits
-
-**Performance:**
-  * Implement appropriate caching
-  * Use connection pooling
-  * Monitor resource usage
-  * Optimize middleware stack
-
-**Monitoring:**
-  * Set up alerts for failures
-  * Monitor certificate expiry
-  * Track performance metrics
-  * Regular log analysis
-
-Traefik is the backbone of your homelab's networking infrastructure, providing secure, efficient, and reliable service routing.
-
-**Next:** Learn about [[services:core:authelia|Authelia]] or [[services:core:duckdns|DuckDNS]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/infrastructure/code-server.txt b/config-templates/dokuwiki/data/pages/services/infrastructure/code-server.txt
deleted file mode 100644
index ec9b8c1..0000000
--- a/config-templates/dokuwiki/data/pages/services/infrastructure/code-server.txt
+++ /dev/null
@@ -1,428 +0,0 @@
-====== Code Server ======
-
-Code Server is a web-based version of Visual Studio Code that runs in your browser, providing a full development environment accessible from anywhere. It includes all VS Code features, extensions, and integrates with your homelab development workflow.
-
-===== Overview =====
-
-**Purpose:** Browser-based code editor
-**URL:** https://code.yourdomain.duckdns.org
-**Authentication:** Authelia SSO protected
-**Deployment:** Infrastructure stack
-**Interface:** Full VS Code web interface
-
-===== Key Features =====
-
-**VS Code Features:**
-  * **Full IDE**: Complete Visual Studio Code experience
-  * **Extensions**: Access to VS Code marketplace
-  * **Themes**: All VS Code themes and customization
-  * **Git Integration**: Built-in Git version control
-
-**Web Access:**
-  * **Browser-based**: Access from any device
-  * **Responsive Design**: Works on desktop and mobile
-  * **Persistent Sessions**: Maintain work sessions
-  * **File Synchronization**: Sync across devices
-
-**Development Tools:**
-  * **Terminal Integration**: Built-in terminal access
-  * **Debugging**: Full debugging capabilities
-  * **Extensions**: Python, Docker, GitHub Copilot
-  * **Language Support**: 50+ programming languages
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  code-server:
-    image: lscr.io/linuxserver/code-server:latest
-    container_name: code-server
-    restart: unless-stopped
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=${TZ}
-      - PASSWORD=${CODE_SERVER_PASSWORD}
-      - SUDO_PASSWORD=${CODE_SERVER_PASSWORD}
-      - PROXY_DOMAIN=${DOMAIN}
-      - DEFAULT_WORKSPACE=/config/workspace
-    volumes:
-      - ./code-server/config:/config
-      - /opt/stacks:/opt/stacks:ro
-      - /home/kelin/AI-Homelab:/workspace
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '1.0'
-          memory: 1G
-        reservations:
-          cpus: '0.2'
-          memory: 256M
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.code-server.rule=Host(`code.${DOMAIN}`)"
-      - "traefik.http.routers.code-server.entrypoints=websecure"
-      - "traefik.http.routers.code-server.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.code-server.middlewares=authelia@docker"
-      - "traefik.http.services.code-server.loadbalancer.server.port=8443"
-      - "x-dockge.url=https://code.${DOMAIN}"
-```
-
-**Environment Variables:**
-```bash
-# User permissions
-PUID=1000
-PGID=1000
-
-# Authentication
-PASSWORD=your-secure-password
-SUDO_PASSWORD=your-secure-password
-
-# Domain configuration
-PROXY_DOMAIN=yourdomain.duckdns.org
-
-# Default workspace
-DEFAULT_WORKSPACE=/config/workspace
-```
-
-===== Getting Started =====
-
-**Initial Access:**
-  1. **Access URL**: Visit https://code.yourdomain.duckdns.org
-  2. **Authelia Login**: Authenticate with SSO
-  3. **Password Setup**: Enter container password
-  4. **Workspace Setup**: Configure your workspace
-
-**Interface Overview:**
-  * **Explorer**: File and folder navigation
-  * **Editor**: Code editing with syntax highlighting
-  * **Terminal**: Integrated command line access
-  * **Extensions**: VS Code extension marketplace
-  * **Settings**: Full VS Code configuration
-
-===== Workspace Configuration =====
-
-**Directory Mounting:**
-```yaml
-volumes:
-  # AI-Homelab repository
-  - /home/kelin/AI-Homelab:/workspace
-  
-  # Stack configurations
-  - /opt/stacks:/opt/stacks:ro
-  
-  # User configuration
-  - ./code-server/config:/config
-```
-
-**Workspace Settings:**
-```json
-// .vscode/settings.json in workspace
-{
-  "python.defaultInterpreterPath": "/usr/bin/python3",
-  "git.enableSmartCommit": true,
-  "editor.formatOnSave": true,
-  "terminal.integrated.shell.linux": "/bin/bash"
-}
-```
-
-**Recommended Extensions:**
-  * **GitHub Copilot**: AI-powered code completion
-  * **Python**: Python language support
-  * **Docker**: Container management
-  * **GitLens**: Enhanced Git capabilities
-  * **Remote SSH**: Remote development
-
-===== Development Workflow =====
-
-**Homelab Development:**
-  * **Stack Editing**: Edit docker-compose.yml files
-  * **Configuration Management**: Modify service configurations
-  * **Script Development**: Create automation scripts
-  * **Documentation**: Edit wiki and documentation
-
-**AI Integration:**
-  * **GitHub Copilot**: AI-powered code suggestions
-  * **AI Toolkit**: Access to AI development tools
-  * **Model Testing**: Test AI models and integrations
-  * **Workflow Development**: Create AI agent workflows
-
-**Version Control:**
-  * **Git Integration**: Full Git repository management
-  * **Branch Management**: Create and manage branches
-  * **Commit Management**: Stage, commit, and push changes
-  * **Conflict Resolution**: Handle merge conflicts
-
-===== Extensions & Customization =====
-
-**Essential Extensions:**
-```json
-{
-  "recommendations": [
-    "ms-python.python",
-    "ms-vscode.vscode-json",
-    "ms-vscode-remote.remote-ssh",
-    "GitHub.copilot",
-    "ms-vscode.vscode-docker",
-    "eamodio.gitlens",
-    "ms-vscode.vscode-yaml",
-    "redhat.vscode-yaml"
-  ]
-}
-```
-
-**Theme Configuration:**
-```json
-// Dark theme with high contrast
-{
-  "workbench.colorTheme": "Default Dark Modern",
-  "editor.fontSize": 14,
-  "editor.lineHeight": 1.6,
-  "terminal.integrated.fontSize": 13
-}
-```
-
-**Keybindings:**
-```json
-// Custom keybindings
-[
-  {
-    "key": "ctrl+shift+t",
-    "command": "workbench.action.terminal.new"
-  },
-  {
-    "key": "ctrl+shift+g",
-    "command": "gitlens.showCommitSearch"
-  }
-]
-```
-
-===== Terminal Integration =====
-
-**Terminal Configuration:**
-```json
-{
-  "terminal.integrated.shell.linux": "/bin/bash",
-  "terminal.integrated.cwd": "/workspace",
-  "terminal.integrated.env.linux": {
-    "PATH": "/usr/local/bin:/usr/bin:/bin"
-  }
-}
-```
-
-**Docker Commands:**
-```bash
-# Access from terminal
-docker ps
-docker logs container-name
-docker exec -it container-name /bin/bash
-```
-
-**Development Commands:**
-```bash
-# Python development
-python3 -m venv venv
-source venv/bin/activate
-pip install -r requirements.txt
-
-# Git operations
-git status
-git add .
-git commit -m "Update"
-git push origin main
-```
-
-===== Security Considerations =====
-
-**Access Control:**
-  * **Authelia Protection**: SSO authentication required
-  * **Password Protection**: Additional container password
-  * **Network Isolation**: Container network restrictions
-  * **File Permissions**: Proper user permission mapping
-
-**Data Protection:**
-  * **Workspace Security**: Secure workspace access
-  * **Git Credentials**: Secure Git authentication
-  * **Extension Security**: Verify extension sources
-  * **Session Security**: Secure web sessions
-
-===== Performance Optimization =====
-
-**Resource Management:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '1.0'
-      memory: 1G
-    reservations:
-      cpus: '0.2'
-      memory: 256M
-```
-
-**Performance Tuning:**
-  * **Extension Management**: Limit active extensions
-  * **File Watching**: Configure file watcher limits
-  * **Memory Usage**: Monitor memory consumption
-  * **Caching**: Enable appropriate caching
-
-===== Troubleshooting =====
-
-**Connection Issues:**
-```bash
-# Check service status
-docker ps | grep code-server
-
-# View logs
-docker logs code-server
-
-# Test web access
-curl -k https://code.yourdomain.duckdns.org
-```
-
-**Extension Problems:**
-  * **Installation Failures**: Check network connectivity
-  * **Compatibility Issues**: Verify VS Code version compatibility
-  * **Permission Errors**: Check file permissions
-  * **Cache Issues**: Clear extension cache
-
-**Workspace Issues:**
-  * **File Access**: Verify volume mount permissions
-  * **Git Problems**: Check Git configuration
-  * **Python Issues**: Verify Python interpreter path
-  * **Extension Sync**: Check settings synchronization
-
-**Performance Issues:**
-  * **High CPU Usage**: Reduce active extensions
-  * **Memory Problems**: Increase memory limits
-  * **Slow Loading**: Clear browser cache
-  * **Network Latency**: Check network performance
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs code-server`
-  2. **Verify configuration**: Check environment variables
-  3. **Test connectivity**: Access web interface
-  4. **Clear cache**: Clear browser and extension cache
-  5. **Restart service**: `docker restart code-server`
-
-===== Integration with Homelab =====
-
-**Stack Management:**
-  * **Compose Editing**: Edit docker-compose.yml files
-  * **Configuration Management**: Modify service settings
-  * **Script Development**: Create deployment scripts
-  * **Documentation**: Update wiki and docs
-
-**AI Development:**
-  * **Model Testing**: Test AI models in isolated environment
-  * **Workflow Development**: Create AI agent workflows
-  * **API Integration**: Develop API integrations
-  * **Tool Development**: Build custom tools and extensions
-
-**Monitoring & Debugging:**
-  * **Log Analysis**: Analyze service logs
-  * **Performance Monitoring**: Monitor system performance
-  * **Network Debugging**: Debug network connectivity
-  * **Container Debugging**: Debug containerized applications
-
-===== Best Practices =====
-
-**Workspace Organization:**
-  * **Project Structure**: Maintain clean project structure
-  * **Version Control**: Use Git for all projects
-  * **Documentation**: Document code and configurations
-  * **Backup**: Regular workspace backups
-
-**Development Workflow:**
-  * **Branch Strategy**: Use feature branches
-  * **Code Reviews**: Review code changes
-  * **Testing**: Test changes before deployment
-  * **Documentation**: Update documentation
-
-**Security:**
-  * **Access Control**: Limit workspace access
-  * **Credential Management**: Secure sensitive credentials
-  * **Extension Verification**: Only trusted extensions
-  * **Session Management**: Proper session handling
-
-**Performance:**
-  * **Resource Limits**: Appropriate resource allocation
-  * **Extension Management**: Keep extensions updated
-  * **Cache Management**: Regular cache cleanup
-  * **Optimization**: Optimize for your use case
-
-===== Use Cases =====
-
-**Homelab Management:**
-  * **Service Configuration**: Edit service configurations
-  * **Script Development**: Create automation scripts
-  * **Documentation**: Maintain project documentation
-  * **Troubleshooting**: Debug homelab issues
-
-**Development Work:**
-  * **Code Development**: Full-stack development
-  * **API Development**: Build and test APIs
-  * **Testing**: Unit and integration testing
-  * **Debugging**: Application debugging
-
-**Remote Development:**
-  * **Mobile Development**: Code on mobile devices
-  * **Travel Access**: Access code while traveling
-  * **Collaborative Work**: Share development environment
-  * **Backup Access**: Access code from any location
-
-**Education & Learning:**
-  * **Tutorial Following**: Follow coding tutorials
-  * **Experimentation**: Test new technologies
-  * **Documentation**: Create learning materials
-  * **Project Development**: Build personal projects
-
-===== Advanced Configuration =====
-
-**Custom Extensions:**
-```json
-// Install custom extensions
-{
-  "extensions": {
-    "recommendations": [
-      "ms-python.python",
-      "GitHub.copilot"
-    ]
-  }
-}
-```
-
-**Remote Development:**
-```json
-// SSH configuration for remote development
-{
-  "remote.SSH.configFile": "~/.ssh/config",
-  "remote.SSH.remotePlatform": {
-    "homelab-server": "linux"
-  }
-}
-```
-
-**Task Automation:**
-```json
-// tasks.json for automation
-{
-  "version": "2.0.0",
-  "tasks": [
-    {
-      "label": "Deploy Stack",
-      "type": "shell",
-      "command": "docker-compose",
-      "args": ["up", "-d"],
-      "group": "build"
-    }
-  ]
-}
-```
-
-Code Server provides a full-featured development environment in your browser, perfectly integrated with your homelab workflow and AI development tools.
-
-**Next:** Learn about [[services:infrastructure:docker-proxy|Docker Proxy]] or explore [[getting_started:access|Access Guide]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/infrastructure/docker-proxy.txt b/config-templates/dokuwiki/data/pages/services/infrastructure/docker-proxy.txt
deleted file mode 100644
index 8f80213..0000000
--- a/config-templates/dokuwiki/data/pages/services/infrastructure/docker-proxy.txt
+++ /dev/null
@@ -1,384 +0,0 @@
-====== Docker Proxy ======
-
-Docker Proxy provides secure remote access to the Docker daemon socket, enabling safe Docker API access from external tools and services. It acts as a secure proxy between Docker clients and the Docker daemon.
-
-===== Overview =====
-
-**Purpose:** Secure Docker socket proxy
-**Deployment:** Infrastructure stack
-**Access Method:** TCP socket (no web UI)
-**Security:** TLS encryption and authentication
-**Integration:** External Docker tool access
-
-===== Key Features =====
-
-**Secure Access:**
-  * **TLS Encryption**: Encrypted Docker API communication
-  * **Authentication**: Client certificate authentication
-  * **Access Control**: Granular permission control
-  * **Audit Logging**: Comprehensive access logging
-
-**Proxy Features:**
-  * **Socket Proxy**: TCP proxy for Docker socket
-  * **API Compatibility**: Full Docker API support
-  * **Connection Pooling**: Efficient connection management
-  * **Load Balancing**: Distribute requests across instances
-
-**Monitoring:**
-  * **Request Logging**: Log all Docker API requests
-  * **Performance Metrics**: Monitor proxy performance
-  * **Health Checks**: Proxy health monitoring
-  * **Error Tracking**: Track and report errors
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  docker-proxy:
-    image: tecnativa/docker-socket-proxy:latest
-    container_name: docker-proxy
-    restart: unless-stopped
-    environment:
-      - CONTAINERS=1
-      - SERVICES=1
-      - TASKS=1
-      - NODES=0
-      - SWARM=0
-      - NETWORKS=0
-      - VOLUMES=0
-      - IMAGES=0
-      - EXEC=0
-      - INFO=1
-      - VERSION=1
-      - PING=1
-      - BUILD=0
-      - COMMIT=0
-      - CONFIGS=0
-      - DISTRIBUTION=0
-      - EVENTS=1
-      - GRPC=0
-      - LOGS=1
-      - PLUGINS=0
-      - POST=0
-      - SECRETS=0
-      - SESSION=0
-      - SYSTEM=0
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    ports:
-      - 2376:2376
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '0.2'
-          memory: 64M
-        reservations:
-          cpus: '0.01'
-          memory: 16M
-```
-
-**Permission Levels:**
-```bash
-# Read-only access (recommended)
-CONTAINERS=1    # List containers
-SERVICES=1      # List services
-TASKS=1         # List tasks
-INFO=1          # System info
-VERSION=1       # Version info
-PING=1          # Health checks
-EVENTS=1        # Docker events
-LOGS=1          # Container logs
-
-# Write access (use carefully)
-IMAGES=1        # Pull/push images
-NETWORKS=1      # Network management
-VOLUMES=1       # Volume management
-EXEC=1          # Execute commands
-BUILD=1         # Build images
-POST=1          # Create resources
-```
-
-===== Security Configuration =====
-
-**TLS Setup:**
-```yaml
-# Generate certificates
-openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-  -subj "/C=US/ST=State/L=City/O=Organization/CN=docker-proxy" \
-  -keyout docker-proxy.key -out docker-proxy.crt
-
-# Mount certificates
-volumes:
-  - ./certs/docker-proxy.crt:/certs/server.crt:ro
-  - ./certs/docker-proxy.key:/certs/server.key:ro
-```
-
-**Client Authentication:**
-```bash
-# Client certificate authentication
-environment:
-  - AUTH=1
-  - CERTS_PATH=/certs
-
-volumes:
-  - ./certs:/certs:ro
-```
-
-**Access Control:**
-  * **IP Whitelisting**: Restrict access by IP address
-  * **Certificate Validation**: Require valid client certificates
-  * **Permission Levels**: Granular API permission control
-  * **Rate Limiting**: Prevent abuse and DoS attacks
-
-===== Usage Examples =====
-
-**Docker Client Connection:**
-```bash
-# Connect using TCP
-export DOCKER_HOST=tcp://localhost:2376
-docker ps
-
-# With TLS
-export DOCKER_HOST=tcp://localhost:2376
-export DOCKER_TLS_VERIFY=1
-export DOCKER_CERT_PATH=/path/to/certs
-docker ps
-```
-
-**External Tool Integration:**
-```python
-# Python Docker client
-import docker
-
-client = docker.DockerClient(base_url='tcp://localhost:2376')
-containers = client.containers.list()
-```
-
-**CI/CD Integration:**
-```yaml
-# GitHub Actions example
-- name: Connect to Docker
-  run: |
-    echo "DOCKER_HOST=tcp://docker-proxy:2376" >> $GITHUB_ENV
-    docker ps
-```
-
-**Monitoring Integration:**
-```bash
-# Prometheus metrics
-curl http://localhost:2376/metrics
-
-# Health check
-curl http://localhost:2376/_ping
-```
-
-===== Monitoring & Troubleshooting =====
-
-**Proxy Logs:**
-```bash
-# View proxy logs
-docker logs docker-proxy
-
-# Follow logs in real-time
-docker logs -f docker-proxy
-```
-
-**Connection Testing:**
-```bash
-# Test basic connectivity
-telnet localhost 2376
-
-# Test Docker API
-curl http://localhost:2376/_ping
-
-# Test with Docker client
-DOCKER_HOST=tcp://localhost:2376 docker version
-```
-
-**Permission Issues:**
-  * **Access Denied**: Check permission environment variables
-  * **Certificate Errors**: Verify TLS certificate configuration
-  * **Network Issues**: Check firewall and network connectivity
-  * **Socket Access**: Verify Docker socket permissions
-
-**Performance Issues:**
-  * **High Latency**: Check network configuration
-  * **Connection Limits**: Monitor concurrent connections
-  * **Resource Usage**: Check CPU/memory usage
-  * **Rate Limiting**: Adjust rate limiting settings
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs docker-proxy`
-  2. **Test connectivity**: Verify TCP connection
-  3. **Validate permissions**: Check environment variables
-  4. **Test Docker client**: Verify Docker API access
-  5. **Restart service**: `docker restart docker-proxy`
-
-===== Advanced Configuration =====
-
-**High Availability:**
-```yaml
-# Multiple proxy instances
-services:
-  docker-proxy-1:
-    # Configuration for instance 1
-    
-  docker-proxy-2:
-    # Configuration for instance 2
-    
-  load-balancer:
-    # Load balancer configuration
-```
-
-**Custom TLS Configuration:**
-```yaml
-environment:
-  - TLS_CERT=/certs/custom.crt
-  - TLS_KEY=/certs/custom.key
-  - TLS_CA=/certs/ca.crt
-```
-
-**Rate Limiting:**
-```yaml
-environment:
-  - RATE_LIMIT=100  # Requests per minute
-  - BURST_LIMIT=20  # Burst allowance
-```
-
-**Audit Logging:**
-```yaml
-environment:
-  - LOG_LEVEL=debug
-  - AUDIT_LOG=/logs/audit.log
-
-volumes:
-  - ./logs:/logs
-```
-
-===== Security Best Practices =====
-
-**Access Control:**
-  * **Principle of Least Privilege**: Grant minimal required permissions
-  * **Network Segmentation**: Isolate proxy network access
-  * **Certificate Management**: Regular certificate rotation
-  * **Monitoring**: Continuous access monitoring
-
-**TLS Security:**
-  * **Strong Ciphers**: Use modern TLS cipher suites
-  * **Certificate Validation**: Enable client certificate validation
-  * **Perfect Forward Secrecy**: Enable PFS cipher suites
-  * **Regular Updates**: Keep TLS libraries updated
-
-**Operational Security:**
-  * **Log Analysis**: Regular security log review
-  * **Intrusion Detection**: Monitor for suspicious activity
-  * **Backup Security**: Secure configuration backups
-  * **Incident Response**: Have security incident procedures
-
-===== Integration Patterns =====
-
-**CI/CD Pipelines:**
-```yaml
-# Jenkins pipeline
-pipeline {
-  agent any
-  stages {
-    stage('Build') {
-      steps {
-        script {
-          docker.withServer('tcp://docker-proxy:2376') {
-            docker.build('my-app')
-          }
-        }
-      }
-    }
-  }
-}
-```
-
-**Monitoring Integration:**
-```yaml
-# Prometheus configuration
-scrape_configs:
-  - job_name: 'docker-proxy'
-    static_configs:
-      - targets: ['docker-proxy:2376']
-    metrics_path: '/metrics'
-```
-
-**Backup Integration:**
-```bash
-# Backup Docker configurations
-DOCKER_HOST=tcp://localhost:2376 docker system info > system-info.json
-DOCKER_HOST=tcp://localhost:2376 docker config ls > configs.json
-```
-
-===== Performance Optimization =====
-
-**Resource Management:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '0.2'
-      memory: 64M
-    reservations:
-      cpus: '0.01'
-      memory: 16M
-```
-
-**Connection Optimization:**
-  * **Connection Pooling**: Reuse connections efficiently
-  * **Timeout Configuration**: Appropriate request timeouts
-  * **Concurrent Limits**: Control simultaneous connections
-  * **Caching**: Cache frequently accessed data
-
-===== Use Cases =====
-
-**Development Environments:**
-  * **Remote Docker Access**: Access Docker from development machines
-  * **CI/CD Integration**: Integrate with build pipelines
-  * **Testing Environments**: Isolated testing environments
-  * **Container Management**: Manage containers from external tools
-
-**Production Management:**
-  * **Monitoring Tools**: Connect monitoring tools to Docker API
-  * **Management Platforms**: Integrate with Docker management platforms
-  * **Backup Solutions**: Connect backup tools to Docker
-  * **Security Scanning**: Integrate security scanning tools
-
-**Homelab Management:**
-  * **Portainer Integration**: Connect Portainer to Docker API
-  * **External Tools**: Use Docker CLI from external machines
-  * **Automation Scripts**: Run Docker automation scripts
-  * **Monitoring Integration**: Connect monitoring stacks
-
-**Enterprise Integration:**
-  * **Centralized Management**: Connect to enterprise Docker platforms
-  * **Compliance Monitoring**: Meet compliance requirements
-  * **Audit Trails**: Maintain Docker operation audit logs
-  * **Security Integration**: Integrate with security platforms
-
-===== Backup & Recovery =====
-
-**Configuration Backup:**
-```bash
-# Backup proxy configuration
-docker run --rm \
-  -v docker-proxy-config:/config \
-  -v $(pwd)/backup:/backup \
-  busybox tar czf /backup/docker-proxy-config.tar.gz /config
-```
-
-**Certificate Management:**
-  * **Certificate Backup**: Regular certificate backups
-  * **Key Rotation**: Periodic key rotation procedures
-  * **Certificate Monitoring**: Monitor certificate expiration
-  * **Renewal Process**: Automated certificate renewal
-
-Docker Proxy provides secure, controlled access to the Docker daemon, enabling safe integration with external tools and services while maintaining security and audit capabilities.
-
-**Next:** Explore [[services:media:start|Media Services]] or return to [[services:start|Services Overview]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/infrastructure/dockge.txt b/config-templates/dokuwiki/data/pages/services/infrastructure/dockge.txt
deleted file mode 100644
index 2b0ca34..0000000
--- a/config-templates/dokuwiki/data/pages/services/infrastructure/dockge.txt
+++ /dev/null
@@ -1,313 +0,0 @@
-====== Dockge ======
-
-Dockge is the primary web-based interface for managing Docker stacks in your homelab. It provides a clean, intuitive way to deploy, monitor, and manage all your services through a web UI, making it the central hub for homelab management.
-
-===== Overview =====
-
-**Purpose:** Docker stack management interface
-**URL:** https://dockge.yourdomain.duckdns.org
-**Authentication:** Authelia SSO protected
-**Deployment:** Infrastructure stack
-**Interface:** Modern web UI with drag-and-drop
-
-===== Key Features =====
-
-**Stack Management:**
-  * **Visual Interface**: Web-based stack management
-  * **Compose File Editing**: Direct YAML editing
-  * **One-Click Deploy**: Deploy stacks with single click
-  * **Real-time Monitoring**: Live container status
-
-**Container Operations:**
-  * **Start/Stop/Restart**: Individual container control
-  * **Log Viewing**: Integrated log viewer
-  * **Resource Monitoring**: CPU/memory usage
-  * **Network Inspection**: Container networking info
-
-**File Management:**
-  * **Directory Browser**: Navigate stack directories
-  * **File Editor**: Edit configuration files
-  * **Upload/Download**: File transfer capabilities
-  * **Backup Integration**: Stack backup/restore
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  dockge:
-    image: louislam/dockge:1
-    container_name: dockge
-    restart: unless-stopped
-    environment:
-      - DOCKGE_STACKS_DIR=/opt/stacks
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - /opt/stacks:/opt/stacks
-      - ./dockge/data:/app/data
-    ports:
-      - 5001:5001
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 256M
-        reservations:
-          cpus: '0.1'
-          memory: 64M
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)"
-      - "traefik.http.routers.dockge.entrypoints=websecure"
-      - "traefik.http.routers.dockge.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.dockge.middlewares=authelia@docker"
-      - "traefik.http.services.dockge.loadbalancer.server.port=5001"
-      - "x-dockge.url=https://dockge.${DOMAIN}"
-```
-
-**Directory Structure:**
-```
-/opt/stacks/
-├── core/                    # Core infrastructure
-├── infrastructure/          # Management tools
-├── media/                   # Media services
-├── media-management/        # Download automation
-├── dashboards/              # Dashboard services
-├── homeassistant/           # Home automation
-├── productivity/            # Office tools
-├── monitoring/              # Observability
-├── utilities/               # Backup/utilities
-└── development/             # Dev tools
-```
-
-===== Getting Started =====
-
-**Initial Access:**
-  1. **Deploy Infrastructure Stack**: Run deploy script or manual deployment
-  2. **Access URL**: Visit https://dockge.yourdomain.duckdns.org
-  3. **Authelia Login**: Authenticate with your credentials
-  4. **First Stack**: Create your first stack
-
-**Interface Overview:**
-  * **Left Sidebar**: Stack categories and navigation
-  * **Main Panel**: Stack list with status indicators
-  * **Top Bar**: Search, settings, and actions
-  * **Stack Cards**: Individual stack management
-
-===== Stack Operations =====
-
-**Creating a New Stack:**
-  1. **Click "Compose"**: Open compose file editor
-  2. **Enter Stack Name**: Choose directory name
-  3. **Paste YAML**: Copy docker-compose.yml content
-  4. **Deploy**: Click deploy button
-  5. **Monitor**: Watch deployment progress
-
-**Managing Existing Stacks:**
-  * **Start/Stop**: Control stack lifecycle
-  * **Update**: Pull new images and restart
-  * **Edit**: Modify compose files
-  * **Logs**: View container logs
-  * **Terminal**: Access container shells
-
-**Stack Status Indicators:**
-  * **🟢 Running**: All containers healthy
-  * **🟡 Partial**: Some containers issues
-  * **🔴 Stopped**: Stack not running
-  * **🔵 Updating**: Stack being updated
-
-===== File Management =====
-
-**Directory Navigation:**
-  * **Browse Stacks**: Navigate /opt/stacks directory
-  * **File Editor**: Edit YAML, config files
-  * **Upload Files**: Drag-and-drop file uploads
-  * **Download**: Download files from containers
-
-**Configuration Editing:**
-  * **Syntax Highlighting**: YAML, JSON, text files
-  * **Save Changes**: Auto-save or manual save
-  * **Version Control**: Track file changes
-  * **Backup**: Automatic file backups
-
-===== Container Management =====
-
-**Individual Container Control:**
-  * **Start/Stop/Restart**: Container lifecycle
-  * **Logs**: Real-time log streaming
-  * **Exec**: Run commands in containers
-  * **Inspect**: View container details
-
-**Resource Monitoring:**
-  * **CPU Usage**: Real-time CPU monitoring
-  * **Memory Usage**: RAM consumption tracking
-  * **Network I/O**: Traffic monitoring
-  * **Disk Usage**: Storage utilization
-
-===== Advanced Features =====
-
-**Environment Variables:**
-```yaml
-# Global environment file
-# /opt/stacks/.env
-DOMAIN=yourdomain.duckdns.org
-PUID=1000
-PGID=1000
-TZ=America/New_York
-```
-
-**Stack Dependencies:**
-  * **Service Dependencies**: depends_on configuration
-  * **Network Dependencies**: Shared networks
-  * **Volume Dependencies**: Shared storage
-  * **Health Checks**: Service readiness
-
-**Backup & Restore:**
-  * **Stack Export**: Download compose files
-  * **Configuration Backup**: Environment files
-  * **Volume Backup**: Data persistence
-  * **Full Restore**: Complete stack recovery
-
-===== Integration with AI Assistant =====
-
-**AI-Powered Management:**
-  * **Service Creation**: AI generates compose files
-  * **Configuration Help**: AI assists with setup
-  * **Troubleshooting**: AI analyzes logs and issues
-  * **Documentation**: AI maintains service docs
-
-**Workflow Integration:**
-  * **VS Code**: Direct file editing
-  * **GitHub Copilot**: AI assistance for configurations
-  * **Automated Deployments**: Script-based stack management
-  * **Monitoring Integration**: Health check automation
-
-===== Security Considerations =====
-
-**Access Control:**
-  * **Authelia Protection**: SSO authentication required
-  * **User Permissions**: Container user mapping (PUID/PGID)
-  * **Docker Socket**: Read-only access to Docker API
-  * **Network Isolation**: Container network segmentation
-
-**Data Protection:**
-  * **Encrypted Connections**: HTTPS via Traefik
-  * **Secure Storage**: Sensitive data in environment files
-  * **Backup Security**: Encrypted backup storage
-  * **Access Logging**: User action auditing
-
-===== Performance Optimization =====
-
-**Resource Management:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '0.5'
-      memory: 256M
-    reservations:
-      cpus: '0.1'
-      memory: 64M
-```
-
-**Container Optimization:**
-  * **Image Updates**: Regular security updates
-  * **Log Rotation**: Prevent disk space issues
-  * **Cache Management**: Docker layer caching
-  * **Network Efficiency**: Optimized container networking
-
-===== Troubleshooting =====
-
-**Common Issues:**
-
-**Cannot Connect to Docker:**
-```bash
-# Check Docker socket permissions
-ls -la /var/run/docker.sock
-
-# Verify Docker is running
-docker ps
-
-# Check container logs
-docker logs dockge
-```
-
-**Stack Deployment Fails:**
-  * **YAML Syntax**: Validate compose file syntax
-  * **Port Conflicts**: Check for port usage conflicts
-  * **Network Issues**: Verify network connectivity
-  * **Permission Errors**: Check file/directory permissions
-
-**Web Interface Issues:**
-  * **Traefik Routing**: Verify Traefik configuration
-  * **Authelia Access**: Check SSO authentication
-  * **SSL Certificates**: Validate certificate status
-  * **Browser Cache**: Clear browser cache
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs dockge`
-  2. **Validate configuration**: Test compose file syntax
-  3. **Network connectivity**: Verify Docker network access
-  4. **Restart service**: `docker restart dockge`
-  5. **Check dependencies**: Ensure required services running
-
-===== Best Practices =====
-
-**Stack Organization:**
-  * **Logical Grouping**: Group related services
-  * **Naming Convention**: Consistent naming patterns
-  * **Documentation**: Comment complex configurations
-  * **Version Control**: Track configuration changes
-
-**Maintenance:**
-  * **Regular Updates**: Keep images updated
-  * **Backup Routine**: Regular configuration backups
-  * **Log Monitoring**: Review logs for issues
-  * **Performance Tuning**: Optimize resource usage
-
-**Security:**
-  * **Access Control**: Limit user permissions
-  * **Network Security**: Use secure networks
-  * **Data Encryption**: Encrypt sensitive data
-  * **Audit Logging**: Monitor access and changes
-
-**Workflow:**
-  * **Testing**: Test changes in development first
-  * **Documentation**: Document custom configurations
-  * **Automation**: Use scripts for repetitive tasks
-  * **Monitoring**: Monitor stack health continuously
-
-===== Integration Examples =====
-
-**Adding a New Service:**
-```yaml
-# 1. Create new stack directory
-# 2. Add docker-compose.yml
-# 3. Configure environment variables
-# 4. Deploy via Dockge UI
-# 5. Test service functionality
-```
-
-**Service Updates:**
-```yaml
-# 1. Edit compose file in Dockge
-# 2. Update image version
-# 3. Deploy changes
-# 4. Monitor startup logs
-# 5. Verify functionality
-```
-
-**Backup Strategy:**
-```yaml
-# 1. Export stack configurations
-# 2. Backup environment files
-# 3. Backup persistent volumes
-# 4. Store backups securely
-# 5. Test restore procedures
-```
-
-Dockge serves as the central nervous system of your homelab, providing intuitive management of all your Docker services through a modern web interface.
-
-**Next:** Learn about [[services:infrastructure:pihole|Pi-hole]] or explore [[getting_started:deployment|Deployment Guide]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/infrastructure/dozzle.txt b/config-templates/dokuwiki/data/pages/services/infrastructure/dozzle.txt
deleted file mode 100644
index 7b88972..0000000
--- a/config-templates/dokuwiki/data/pages/services/infrastructure/dozzle.txt
+++ /dev/null
@@ -1,343 +0,0 @@
-====== Dozzle ======
-
-Dozzle is a real-time log viewer for Docker containers, providing a web-based interface to monitor and search through container logs. It offers live log streaming, filtering capabilities, and multi-container log management.
-
-===== Overview =====
-
-**Purpose:** Real-time Docker log viewer
-**URL:** https://dozzle.yourdomain.duckdns.org
-**Authentication:** Authelia SSO protected
-**Deployment:** Infrastructure stack
-**Interface:** Modern web UI with live updates
-
-===== Key Features =====
-
-**Log Viewing:**
-  * **Real-time Streaming**: Live log updates
-  * **Multi-container**: View multiple containers simultaneously
-  * **Search & Filter**: Advanced log filtering
-  * **Color Coding**: Syntax highlighting for different log levels
-
-**Container Management:**
-  * **Container List**: All running containers
-  * **Status Indicators**: Container health status
-  * **Quick Actions**: Start/stop/restart containers
-  * **Resource Monitoring**: Basic CPU/memory stats
-
-**Search & Filtering:**
-  * **Text Search**: Search within logs
-  * **Regex Support**: Regular expression filtering
-  * **Date Filtering**: Time-based log filtering
-  * **Container Filtering**: Filter by specific containers
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  dozzle:
-    image: amir20/dozzle:latest
-    container_name: dozzle
-    restart: unless-stopped
-    environment:
-      - DOZZLE_USERNAME=${DOZZLE_USERNAME:-admin}
-      - DOZZLE_PASSWORD=${DOZZLE_PASSWORD}
-      - DOZZLE_LEVEL=info
-      - DOZZLE_TAILSIZE=100
-      - DOZZLE_FILTER_CONTAINERS=${DOZZLE_FILTER_CONTAINERS}
-      - DOZZLE_NO_ANALYTICS=true
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '0.3'
-          memory: 128M
-        reservations:
-          cpus: '0.05'
-          memory: 32M
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)"
-      - "traefik.http.routers.dozzle.entrypoints=websecure"
-      - "traefik.http.routers.dozzle.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.dozzle.middlewares=authelia@docker"
-      - "traefik.http.services.dozzle.loadbalancer.server.port=8080"
-      - "x-dockge.url=https://dozzle.${DOMAIN}"
-```
-
-**Environment Variables:**
-```bash
-# Authentication (optional, Authelia handles SSO)
-DOZZLE_USERNAME=admin
-DOZZLE_PASSWORD=your-secure-password
-
-# Logging configuration
-DOZZLE_LEVEL=info  # debug, info, warn, error
-DOZZLE_TAILSIZE=100  # Lines to show initially
-
-# Container filtering (optional)
-DOZZLE_FILTER_CONTAINERS=container1,container2
-
-# Privacy
-DOZZLE_NO_ANALYTICS=true
-```
-
-===== Interface Overview =====
-
-**Main Dashboard:**
-  * **Container List**: Left sidebar with all containers
-  * **Log Viewer**: Main panel showing selected logs
-  * **Search Bar**: Top search and filter controls
-  * **Status Bar**: Connection and filter status
-
-**Container Selection:**
-  * **Single Container**: Click to view individual logs
-  * **Multiple Containers**: Hold Ctrl/Cmd to select multiple
-  * **All Containers**: View logs from all containers
-  * **Container Groups**: Filter by stack or service type
-
-**Log Display:**
-  * **Live Updates**: Real-time log streaming
-  * **Color Coding**: Different colors for log levels
-  * **Timestamps**: Show log timestamps
-  * **Line Numbers**: Reference specific log lines
-
-===== Search & Filtering =====
-
-**Text Search:**
-```bash
-# Basic search
-error warning
-
-# Case-sensitive search
-/Error|Warning/
-
-# Complex patterns
-"connection refused" OR "timeout"
-```
-
-**Advanced Filtering:**
-  * **Container Name**: Filter by specific containers
-  * **Log Level**: Filter by severity (ERROR, WARN, INFO, DEBUG)
-  * **Time Range**: Show logs from specific time periods
-  * **Regex Patterns**: Use regular expressions for complex matching
-
-**Saved Filters:**
-  * **Custom Filters**: Save frequently used search patterns
-  * **Filter Presets**: Pre-configured filter combinations
-  * **Quick Filters**: One-click common filters (errors only, etc.)
-
-===== Container Management =====
-
-**Quick Actions:**
-  * **Start/Stop**: Control container lifecycle
-  * **Restart**: Restart individual containers
-  * **Logs**: Jump to detailed logs
-  * **Exec**: Open terminal in container
-
-**Container Information:**
-  * **Status**: Running, stopped, paused
-  * **Uptime**: How long container has been running
-  * **Image**: Container image and version
-  * **Ports**: Exposed ports and mappings
-
-**Resource Monitoring:**
-  * **CPU Usage**: Real-time CPU percentage
-  * **Memory Usage**: RAM consumption
-  * **Network I/O**: Data transfer rates
-  * **Disk I/O**: Storage read/write operations
-
-===== Advanced Features =====
-
-**Log Analysis:**
-  * **Pattern Recognition**: Identify common error patterns
-  * **Anomaly Detection**: Flag unusual log patterns
-  * **Trend Analysis**: Track log volume over time
-  * **Alert Integration**: Send alerts for specific log patterns
-
-**Export & Sharing:**
-  * **Log Export**: Download logs as text files
-  * **Share Links**: Generate shareable log links
-  * **API Access**: Programmatic log access
-  * **Integration**: Connect with other monitoring tools
-
-**Customization:**
-  * **Themes**: Light/dark mode switching
-  * **Layout**: Customizable interface layout
-  * **Shortcuts**: Keyboard shortcuts for common actions
-  * **Notifications**: Browser notifications for events
-
-===== Security Considerations =====
-
-**Access Control:**
-  * **Authelia Protection**: SSO authentication required
-  * **User Permissions**: Container access restrictions
-  * **Log Privacy**: Sensitive data in logs
-  * **Network Security**: Secure Docker socket access
-
-**Data Protection:**
-  * **Log Encryption**: Secure log transmission
-  * **Access Logging**: Audit log access
-  * **Data Retention**: Log retention policies
-  * **Privacy Controls**: Filter sensitive information
-
-===== Performance Optimization =====
-
-**Resource Management:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '0.3'
-      memory: 128M
-    reservations:
-      cpus: '0.05'
-      memory: 32M
-```
-
-**Log Optimization:**
-  * **Tail Size**: Limit initial log display
-  * **Buffer Management**: Efficient log buffering
-  * **Compression**: Log compression for storage
-  * **Cleanup**: Automatic old log cleanup
-
-**Container Filtering:**
-```yaml
-# Limit visible containers
-environment:
-  - DOZZLE_FILTER_CONTAINERS=traefik,authelia,dockge
-```
-
-===== Troubleshooting =====
-
-**Connection Issues:**
-```bash
-# Check Docker socket access
-ls -la /var/run/docker.sock
-
-# Verify Docker is running
-docker ps
-
-# Check container logs
-docker logs dozzle
-```
-
-**Log Display Problems:**
-  * **No Logs Showing**: Check container permissions
-  * **Logs Not Updating**: Verify real-time connection
-  * **Search Not Working**: Check search syntax
-  * **Performance Issues**: Reduce number of containers
-
-**Authentication Issues:**
-  * **Login Problems**: Verify credentials
-  * **Authelia Integration**: Check SSO configuration
-  * **Session Timeout**: Adjust session settings
-  * **Permission Denied**: Check user permissions
-
-**Web Interface Issues:**
-  * **Page Not Loading**: Check Traefik routing
-  * **SSL Errors**: Verify certificate status
-  * **JavaScript Errors**: Clear browser cache
-  * **Mobile Issues**: Check responsive design
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs dozzle`
-  2. **Test connectivity**: Verify Docker socket access
-  3. **Validate configuration**: Check environment variables
-  4. **Browser testing**: Test in different browsers
-  5. **Restart service**: `docker restart dozzle`
-
-===== Integration with Monitoring =====
-
-**Prometheus Integration:**
-```yaml
-# Expose metrics for monitoring
-environment:
-  - DOZZLE_ENABLE_METRICS=true
-  - DOZZLE_METRICS_PORT=8081
-```
-
-**Grafana Dashboards:**
-  * **Log Volume**: Track log generation rates
-  * **Error Rates**: Monitor error log frequency
-  * **Container Health**: Track container status
-  * **Performance Metrics**: CPU/memory usage trends
-
-**Alert Integration:**
-  * **Error Alerts**: Alert on specific error patterns
-  * **Container Alerts**: Notify on container failures
-  * **Performance Alerts**: Alert on resource issues
-  * **Log Volume Alerts**: Alert on unusual log activity
-
-===== Best Practices =====
-
-**Log Management:**
-  * **Regular Monitoring**: Daily log review routine
-  * **Search Optimization**: Use efficient search patterns
-  * **Filter Usage**: Create useful filter presets
-  * **Export Strategy**: Regular log exports for analysis
-
-**Container Organization:**
-  * **Naming Convention**: Consistent container naming
-  * **Grouping**: Logical container grouping
-  * **Tagging**: Use labels for better organization
-  * **Documentation**: Document container purposes
-
-**Security:**
-  * **Access Control**: Limit log access to authorized users
-  * **Data Protection**: Be aware of sensitive data in logs
-  * **Network Security**: Secure Docker socket access
-  * **Audit Logging**: Track log access and searches
-
-**Performance:**
-  * **Resource Limits**: Appropriate CPU/memory limits
-  * **Container Filtering**: Limit visible containers
-  * **Log Tail Size**: Optimize initial log display
-  * **Caching**: Use browser caching for better performance
-
-===== Use Cases =====
-
-**Development & Debugging:**
-  * **Application Logs**: Monitor application behavior
-  * **Error Tracking**: Quickly identify and fix errors
-  * **Performance Monitoring**: Track application performance
-  * **Integration Testing**: Verify service interactions
-
-**Production Monitoring:**
-  * **Service Health**: Monitor service availability
-  * **Error Detection**: Catch errors before they escalate
-  * **User Issue Investigation**: Debug user-reported problems
-  * **Security Monitoring**: Watch for suspicious activity
-
-**Maintenance & Troubleshooting:**
-  * **Update Monitoring**: Watch for issues during updates
-  * **Configuration Changes**: Monitor impact of changes
-  * **Network Issues**: Debug connectivity problems
-  * **Resource Problems**: Identify resource bottlenecks
-
-===== Keyboard Shortcuts =====
-
-**Navigation:**
-  * **Ctrl/Cmd + K**: Focus search bar
-  * **Arrow Keys**: Navigate container list
-  * **Enter**: Select container
-  * **Esc**: Clear selection
-
-**Search:**
-  * **Ctrl/Cmd + F**: Start search
-  * **F3**: Find next occurrence
-  * **Shift + F3**: Find previous occurrence
-  * **Ctrl/Cmd + G**: Go to line
-
-**Actions:**
-  * **Ctrl/Cmd + R**: Refresh logs
-  * **Ctrl/Cmd + S**: Save current filter
-  * **Ctrl/Cmd + E**: Export logs
-  * **Ctrl/Cmd + T**: Open terminal
-
-Dozzle provides essential log monitoring capabilities with an intuitive interface, making it easy to track and troubleshoot your containerized services in real-time.
-
-**Next:** Learn about [[services:infrastructure:glances|Glances]] or explore [[architecture:monitoring|Monitoring Architecture]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/infrastructure/glances.txt b/config-templates/dokuwiki/data/pages/services/infrastructure/glances.txt
deleted file mode 100644
index 3cbb384..0000000
--- a/config-templates/dokuwiki/data/pages/services/infrastructure/glances.txt
+++ /dev/null
@@ -1,394 +0,0 @@
-====== Glances ======
-
-Glances is a cross-platform system monitoring tool that provides real-time information about your system's performance, resources, and running processes. It offers a web-based interface for monitoring system health and performance metrics.
-
-===== Overview =====
-
-**Purpose:** System and container monitoring
-**URL:** https://glances.yourdomain.duckdns.org
-**Authentication:** Authelia SSO protected
-**Deployment:** Infrastructure stack
-**Interface:** Web-based monitoring dashboard
-
-===== Key Features =====
-
-**System Monitoring:**
-  * **CPU Usage**: Real-time CPU utilization
-  * **Memory Usage**: RAM and swap monitoring
-  * **Disk I/O**: Storage read/write operations
-  * **Network I/O**: Network traffic monitoring
-
-**Container Monitoring:**
-  * **Docker Stats**: Container resource usage
-  * **Container Health**: Status and health checks
-  * **Process Monitoring**: Running processes
-  * **Service Status**: Application service monitoring
-
-**Performance Metrics:**
-  * **Load Average**: System load over time
-  * **Temperature**: CPU and system temperatures
-  * **Fan Speed**: Cooling system monitoring
-  * **Power Usage**: System power consumption
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  glances:
-    image: nicolargo/glances:latest
-    container_name: glances
-    restart: unless-stopped
-    pid: host
-    environment:
-      - GLANCES_OPT=-w
-      - GLANCES_OPT_WEBserver=true
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - /etc/os-release:/etc/os-release:ro
-      - /proc:/host/proc:ro
-      - /sys:/host/sys:ro
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '0.3'
-          memory: 128M
-        reservations:
-          cpus: '0.05'
-          memory: 32M
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.glances.rule=Host(`glances.${DOMAIN}`)"
-      - "traefik.http.routers.glances.entrypoints=websecure"
-      - "traefik.http.routers.glances.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.glances.middlewares=authelia@docker"
-      - "traefik.http.services.glances.loadbalancer.server.port=61208"
-      - "x-dockge.url=https://glances.${DOMAIN}"
-```
-
-**Command Line Options:**
-```bash
-# Web server mode
-GLANCES_OPT=-w
-
-# Additional options
-GLANCES_OPT=-w --disable-webui-password --enable-process-extended
-
-# Custom refresh interval
-GLANCES_OPT=-w --time 5
-
-# Disable specific plugins
-GLANCES_OPT=-w --disable cpu --disable mem
-```
-
-===== Interface Overview =====
-
-**Main Dashboard:**
-  * **System Overview**: CPU, memory, disk, network
-  * **Container List**: Docker container statistics
-  * **Process List**: Top running processes
-  * **Alerts Panel**: System alerts and warnings
-
-**Navigation Tabs:**
-  * **System**: Core system metrics
-  * **Docker**: Container monitoring
-  * **Processes**: Process management
-  * **Alerts**: System alerts and thresholds
-  * **Filesystem**: Disk usage and I/O
-
-**Real-time Updates:**
-  * **Auto-refresh**: Configurable update intervals
-  * **Live Charts**: Real-time performance graphs
-  * **Color Coding**: Status-based color indicators
-  * **Threshold Alerts**: Configurable warning levels
-
-===== System Monitoring =====
-
-**CPU Monitoring:**
-  * **Usage Percentage**: Overall CPU utilization
-  * **Per-Core Usage**: Individual core monitoring
-  * **Load Average**: 1, 5, 15-minute averages
-  * **CPU Frequency**: Current clock speeds
-
-**Memory Monitoring:**
-  * **RAM Usage**: Physical memory utilization
-  * **Swap Usage**: Swap file/page file usage
-  * **Memory Pressure**: System memory pressure
-  * **Cache Statistics**: Buffer and cache usage
-
-**Disk Monitoring:**
-  * **Usage Percentage**: Filesystem utilization
-  * **I/O Operations**: Read/write operations per second
-  * **Transfer Rates**: Data transfer speeds
-  * **Disk Health**: S.M.A.R.T. status (if available)
-
-**Network Monitoring:**
-  * **Interface Statistics**: Per-interface traffic
-  * **Connection Count**: Active network connections
-  * **Bandwidth Usage**: Upload/download rates
-  * **Network Errors**: Packet loss and errors
-
-===== Container Monitoring =====
-
-**Docker Integration:**
-  * **Container List**: All running containers
-  * **Resource Usage**: CPU, memory per container
-  * **Network Stats**: Container network traffic
-  * **Health Status**: Container health checks
-
-**Container Details:**
-  * **Image Information**: Base image and version
-  * **Port Mappings**: Exposed ports
-  * **Volume Mounts**: Attached volumes
-  * **Environment Variables**: Container configuration
-
-**Performance Metrics:**
-  * **CPU Shares**: CPU allocation and usage
-  * **Memory Limits**: Memory constraints and usage
-  * **Network I/O**: Container network traffic
-  * **Disk I/O**: Container storage operations
-
-===== Process Monitoring =====
-
-**Process List:**
-  * **Top Processes**: Most resource-intensive processes
-  * **Process Tree**: Parent-child process relationships
-  * **User Processes**: Per-user process listing
-  * **System Processes**: Kernel and system processes
-
-**Process Details:**
-  * **CPU Usage**: Per-process CPU consumption
-  * **Memory Usage**: RAM and virtual memory
-  * **I/O Operations**: Disk read/write activity
-  * **Network Activity**: Network connections
-
-**Process Management:**
-  * **Kill Process**: Terminate problematic processes
-  * **Change Priority**: Adjust process nice levels
-  * **Resource Limits**: Set process resource limits
-  * **Process Groups**: Group related processes
-
-===== Alert System =====
-
-**Threshold Configuration:**
-```yaml
-# Alert thresholds (environment variables)
-GLANCES_OPT=-w --alert cpu>80,mem>90,disk>85
-```
-
-**Alert Types:**
-  * **CPU Alerts**: High CPU usage warnings
-  * **Memory Alerts**: Memory pressure alerts
-  * **Disk Alerts**: Storage space warnings
-  * **Network Alerts**: Bandwidth threshold alerts
-
-**Alert Actions:**
-  * **Visual Indicators**: Color-coded alerts
-  * **Sound Alerts**: Audio notifications
-  * **Email Notifications**: SMTP alerts
-  * **Webhook Integration**: External alert systems
-
-===== Advanced Configuration =====
-
-**Custom Plugins:**
-```yaml
-# Enable additional plugins
-GLANCES_OPT=-w --enable-plugin sensors --enable-plugin gpu
-```
-
-**Export Options:**
-```yaml
-# Export to various formats
-GLANCES_OPT=-w --export csv --export-csv-file /data/stats.csv
-GLANCES_OPT=-w --export influxdb --export-influxdb-host localhost
-```
-
-**Remote Monitoring:**
-```yaml
-# Monitor remote systems
-GLANCES_OPT=-w --client localhost:61209
-```
-
-**Configuration File:**
-```yaml
-# glances.conf
-[main]
-refresh=2
-history_size=1200
-
-[cpu]
-user_careful=50
-user_warning=70
-user_critical=90
-```
-
-===== Security Considerations =====
-
-**Access Control:**
-  * **Authelia Protection**: SSO authentication required
-  * **Network Isolation**: Container network restrictions
-  * **Read-only Access**: Limited system access
-  * **Audit Logging**: Monitor access patterns
-
-**Data Protection:**
-  * **Sensitive Data**: Avoid exposing sensitive information
-  * **Encryption**: Secure data transmission
-  * **Access Logging**: Track monitoring access
-  * **Privacy Controls**: Limit exposed system information
-
-===== Performance Optimization =====
-
-**Resource Management:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '0.3'
-      memory: 128M
-    reservations:
-      cpus: '0.05'
-      memory: 32M
-```
-
-**Monitoring Optimization:**
-  * **Refresh Rate**: Balance between real-time and performance
-  * **Data Retention**: Configure historical data limits
-  * **Plugin Selection**: Enable only needed monitoring plugins
-  * **Caching**: Use efficient data caching
-
-===== Troubleshooting =====
-
-**Connection Issues:**
-```bash
-# Check web interface
-curl -k https://glances.yourdomain.duckdns.org
-
-# Verify port accessibility
-netstat -tlnp | grep 61208
-
-# Check container logs
-docker logs glances
-```
-
-**Monitoring Problems:**
-  * **No Data Showing**: Check system permissions
-  * **High Resource Usage**: Adjust refresh rates
-  * **Missing Metrics**: Enable required plugins
-  * **Inaccurate Data**: Verify system compatibility
-
-**Docker Integration Issues:**
-  * **Socket Access**: Verify Docker socket permissions
-  * **Container Detection**: Check Docker API access
-  * **Permission Errors**: Adjust container privileges
-  * **Network Issues**: Check container networking
-
-**Performance Issues:**
-  * **High CPU Usage**: Reduce refresh frequency
-  * **Memory Leaks**: Monitor memory consumption
-  * **Disk I/O**: Optimize data storage
-  * **Network Latency**: Check network performance
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs glances`
-  2. **Verify configuration**: Test command line options
-  3. **Test connectivity**: Check web interface access
-  4. **Monitor resources**: Track system resource usage
-  5. **Restart service**: `docker restart glances`
-
-===== Integration with Monitoring Stack =====
-
-**Prometheus Integration:**
-```yaml
-# Export metrics to Prometheus
-GLANCES_OPT=-w --export prometheus --export-prometheus-port 9091
-```
-
-**Grafana Dashboards:**
-  * **System Overview**: CPU, memory, disk, network
-  * **Container Metrics**: Docker container statistics
-  * **Process Monitoring**: Top processes and resource usage
-  * **Historical Trends**: Performance over time
-
-**Alert Manager Integration:**
-  * **Threshold Alerts**: Configurable alert rules
-  * **Notification Channels**: Email, Slack, webhook alerts
-  * **Escalation Policies**: Multi-level alert handling
-  * **Silence Management**: Alert suppression rules
-
-===== Best Practices =====
-
-**Monitoring Strategy:**
-  * **Key Metrics**: Focus on critical system metrics
-  * **Alert Thresholds**: Set appropriate warning levels
-  * **Baseline Establishment**: Understand normal system behavior
-  * **Trend Analysis**: Monitor performance trends
-
-**Alert Configuration:**
-  * **Avoid Alert Fatigue**: Set meaningful thresholds
-  * **Escalation Paths**: Define alert escalation procedures
-  * **Maintenance Windows**: Suppress alerts during maintenance
-  * **Testing**: Regularly test alert functionality
-
-**Performance:**
-  * **Resource Limits**: Appropriate CPU/memory allocation
-  * **Refresh Rates**: Balance real-time vs performance
-  * **Data Retention**: Configure appropriate history
-  * **Optimization**: Enable only needed features
-
-**Security:**
-  * **Access Control**: Limit monitoring access
-  * **Data Protection**: Secure monitoring data
-  * **Network Security**: Secure monitoring traffic
-  * **Compliance**: Meet monitoring compliance requirements
-
-===== Use Cases =====
-
-**System Administration:**
-  * **Performance Monitoring**: Track system health
-  * **Capacity Planning**: Plan for resource upgrades
-  * **Troubleshooting**: Diagnose system issues
-  * **Maintenance Planning**: Schedule maintenance windows
-
-**Container Orchestration:**
-  * **Resource Allocation**: Monitor container resources
-  * **Health Checks**: Track container health
-  * **Scaling Decisions**: Inform scaling decisions
-  * **Optimization**: Optimize container performance
-
-**Development & Testing:**
-  * **Application Monitoring**: Monitor application performance
-  * **Resource Usage**: Track development environment usage
-  * **Debugging**: Identify performance bottlenecks
-  * **Testing**: Validate system performance
-
-**Production Monitoring:**
-  * **SLA Monitoring**: Ensure service level agreements
-  * **Incident Response**: Quick issue identification
-  * **Root Cause Analysis**: Analyze system incidents
-  * **Reporting**: Generate performance reports
-
-===== Keyboard Shortcuts =====
-
-**Navigation:**
-  * **Tab**: Switch between sections
-  * **Arrow Keys**: Navigate lists and menus
-  * **Enter**: Select item or open details
-  * **Esc**: Close dialogs or return to main view
-
-**Actions:**
-  * **R**: Refresh data
-  * **S**: Sort current list
-  * **F**: Filter/search
-  * **H**: Show help
-
-**Views:**
-  * **1-9**: Switch to specific tabs
-  * **C**: Container view
-  * **P**: Process view
-  * **A**: Alerts view
-
-Glances provides comprehensive system and container monitoring with an intuitive web interface, essential for maintaining your homelab's health and performance.
-
-**Next:** Learn about [[services:infrastructure:watchtower|Watchtower]] or explore [[architecture:monitoring|Monitoring Architecture]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/infrastructure/pihole.txt b/config-templates/dokuwiki/data/pages/services/infrastructure/pihole.txt
deleted file mode 100644
index cb893b5..0000000
--- a/config-templates/dokuwiki/data/pages/services/infrastructure/pihole.txt
+++ /dev/null
@@ -1,376 +0,0 @@
-====== Pi-hole ======
-
-Pi-hole is a network-wide ad blocker that acts as a DNS sinkhole, blocking advertisements and tracking domains at the network level. It provides DNS-based ad blocking, DHCP server capabilities, and comprehensive network statistics.
-
-===== Overview =====
-
-**Purpose:** Network-wide ad blocking and DNS
-**URL:** http://pihole.yourdomain.duckdns.org (HTTP only)
-**Authentication:** Authelia SSO protected
-**Deployment:** Infrastructure stack
-**Protocol:** DNS (port 53), DHCP (optional)
-
-===== Key Features =====
-
-**Ad Blocking:**
-  * **DNS Sinkhole**: Blocks ad/tracking domains
-  * **Network Wide**: Protects all devices on network
-  * **Custom Lists**: Support for custom blocklists
-  * **Whitelist/Blacklist**: Fine-grained control
-
-**DNS Services:**
-  * **Recursive DNS**: Full DNS resolution
-  * **DNSSEC**: DNS security extensions
-  * **Conditional Forwarding**: Local hostname resolution
-  * **Rate Limiting**: Query rate limiting
-
-**DHCP Server:**
-  * **IP Address Assignment**: Dynamic IP allocation
-  * **Static Leases**: Reserved IP addresses
-  * **Network Configuration**: Gateway and DNS settings
-  * **Client Management**: Device tracking
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  pihole:
-    image: pihole/pihole:latest
-    container_name: pihole
-    restart: unless-stopped
-    environment:
-      - TZ=${TZ}
-      - WEBPASSWORD=${PIHOLE_PASSWORD}
-      - PIHOLE_DNS_=1.1.1.1;1.0.0.1;8.8.8.8;8.8.4.4
-      - DHCP_ACTIVE=false  # Set to true to enable DHCP
-      - DHCP_START=192.168.1.100
-      - DHCP_END=192.168.1.200
-      - DHCP_ROUTER=192.168.1.1
-      - DHCP_LEASETIME=24
-    volumes:
-      - ./pihole/etc-pihole:/etc/pihole
-      - ./pihole/etc-dnsmasq.d:/etc/dnsmasq.d
-    ports:
-      - 53:53/tcp
-      - 53:53/udp
-      - 8082:80/tcp  # Web interface
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 256M
-        reservations:
-          cpus: '0.1'
-          memory: 64M
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)"
-      - "traefik.http.routers.pihole.entrypoints=websecure"
-      - "traefik.http.routers.pihole.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.pihole.middlewares=authelia@docker"
-      - "traefik.http.services.pihole.loadbalancer.server.port=80"
-      - "x-dockge.url=http://pihole.${DOMAIN}"
-    dns:
-      - 127.0.0.1
-      - 1.1.1.1
-```
-
-**Environment Variables:**
-```bash
-# Required
-PIHOLE_PASSWORD=your-secure-password
-
-# Optional DNS servers (comma-separated)
-PIHOLE_DNS_=1.1.1.1;1.0.0.1;8.8.8.8;8.8.4.4
-
-# DHCP Configuration (if enabled)
-DHCP_ACTIVE=true
-DHCP_START=192.168.1.100
-DHCP_END=192.168.1.200
-DHCP_ROUTER=192.168.1.1
-DHCP_LEASETIME=24
-```
-
-===== DNS Configuration =====
-
-**Upstream DNS Servers:**
-  * **Cloudflare**: 1.1.1.1, 1.0.0.1 (default)
-  * **Google**: 8.8.8.8, 8.8.4.4
-  * **Quad9**: 9.9.9.9, 149.112.112.112
-  * **OpenDNS**: 208.67.222.222, 208.67.220.220
-
-**DNS Settings:**
-```bash
-# In Pi-hole admin interface
-# Settings > DNS
-# Enable DNSSEC for enhanced security
-# Configure conditional forwarding for local network
-```
-
-**Client Configuration:**
-  * **Router DNS**: Set router to use Pi-hole IP
-  * **Device DNS**: Configure individual devices
-  * **DHCP**: Enable DHCP server in Pi-hole
-  * **IPv6**: Configure IPv6 DNS if needed
-
-===== Ad Blocking Setup =====
-
-**Blocklists:**
-  * **Default Lists**: Pre-configured ad/tracking lists
-  * **Custom Lists**: Add your own blocklists
-  * **Gravity Update**: Regular list updates
-  * **Regex Filtering**: Advanced pattern matching
-
-**Whitelist/Blacklist:**
-  * **Whitelist**: Allow specific domains
-  * **Blacklist**: Block additional domains
-  * **Regex**: Pattern-based filtering
-  * **Client Groups**: Per-device rules
-
-**Group Management:**
-```bash
-# Create client groups for different policies
-# Assign devices to groups
-# Apply different filtering rules per group
-```
-
-===== DHCP Server Configuration =====
-
-**DHCP Setup:**
-```yaml
-environment:
-  - DHCP_ACTIVE=true
-  - DHCP_START=192.168.1.100
-  - DHCP_END=192.168.1.200
-  - DHCP_ROUTER=192.168.1.1
-  - DHCP_LEASETIME=24
-```
-
-**Static Leases:**
-  * **MAC Address**: Device hardware address
-  * **IP Address**: Reserved static IP
-  * **Hostname**: Device name
-  * **Description**: Device description
-
-**DHCP Options:**
-  * **Domain Name**: Local domain suffix
-  * **NTP Servers**: Time synchronization
-  * **PXE Boot**: Network boot options
-  * **Vendor Options**: Device-specific options
-
-===== Monitoring & Statistics =====
-
-**Dashboard Overview:**
-  * **Total Queries**: DNS query volume
-  * **Blocked Domains**: Ad blocking statistics
-  * **Top Clients**: Most active devices
-  * **Top Domains**: Frequently queried domains
-
-**Query Log:**
-  * **Real-time Monitoring**: Live query feed
-  * **Filtering**: Search and filter queries
-  * **Blocking Status**: See what's blocked/allowed
-  * **Client Tracking**: Per-device statistics
-
-**Long-term Statistics:**
-  * **Historical Data**: Query trends over time
-  * **Blocking Efficiency**: Ad blocking performance
-  * **Client Usage**: Device activity patterns
-  * **Domain Analysis**: Popular domain tracking
-
-===== Security Features =====
-
-**Access Control:**
-  * **Web Interface**: Password protected
-  * **Authelia Integration**: SSO authentication
-  * **IP Restrictions**: Limit admin access
-  * **Session Management**: Secure login sessions
-
-**DNS Security:**
-  * **DNSSEC**: Domain signature validation
-  * **Query Logging**: Audit trail of requests
-  * **Rate Limiting**: Prevent DNS amplification
-  * **Cache Poisoning**: Protection against attacks
-
-**Network Security:**
-  * **Firewall Integration**: UFW/iptables rules
-  * **Port Protection**: Restrict unnecessary ports
-  * **Traffic Monitoring**: Network traffic analysis
-  * **Intrusion Detection**: Suspicious activity alerts
-
-===== Performance Optimization =====
-
-**DNS Performance:**
-```yaml
-# Optimize DNS settings
-# Settings > DNS > Interface Settings
-# Enable cache optimization
-# Configure upstream server timeout
-```
-
-**Resource Limits:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '0.5'
-      memory: 256M
-    reservations:
-      cpus: '0.1'
-      memory: 64M
-```
-
-**Caching:**
-  * **DNS Cache**: Local query caching
-  * **Blocklist Cache**: Efficient blocklist lookups
-  * **Negative Cache**: Failed query caching
-  * **TTL Management**: Cache expiration handling
-
-===== Troubleshooting =====
-
-**DNS Resolution Issues:**
-```bash
-# Check DNS resolution
-nslookup google.com 127.0.0.1
-
-# Test Pi-hole DNS
-dig @127.0.0.1 google.com
-
-# Check upstream connectivity
-dig @8.8.8.8 google.com
-```
-
-**Ad Blocking Problems:**
-  * **Test Blocking**: Visit ad-heavy sites
-  * **Check Lists**: Verify blocklists are updating
-  * **Whitelist Issues**: Check whitelist configuration
-  * **Client Bypass**: Some apps bypass DNS
-
-**DHCP Issues:**
-  * **IP Conflicts**: Check for IP address conflicts
-  * **Lease Problems**: Clear DHCP leases
-  * **Router Settings**: Verify router DHCP disabled
-  * **Network Issues**: Check network connectivity
-
-**Web Interface Problems:**
-  * **Login Issues**: Reset admin password
-  * **SSL Problems**: Check certificate validity
-  * **Authelia**: Verify SSO configuration
-  * **Browser Cache**: Clear browser cache
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs pihole`
-  2. **Test DNS**: Verify DNS resolution works
-  3. **Check configuration**: Validate environment variables
-  4. **Network connectivity**: Test upstream DNS
-  5. **Restart service**: `docker restart pihole`
-
-===== Advanced Configuration =====
-
-**Custom DNS Records:**
-```bash
-# Add local DNS records
-# Settings > Local DNS > DNS Records
-# Add A, AAAA, CNAME, PTR records
-```
-
-**Conditional Forwarding:**
-```bash
-# Forward local queries to router
-# Settings > DNS > Advanced Settings
-# Enable conditional forwarding
-# Set router IP and local domain
-```
-
-**Regex Blocking:**
-```bash
-# Advanced blocking patterns
-# Settings > DNS > Group Management
-# Create regex filters for complex patterns
-```
-
-**API Access:**
-```bash
-# Enable API for external tools
-# Settings > API > Show API token
-# Use token for programmatic access
-```
-
-===== Integration with Other Services =====
-
-**Router Integration:**
-  * **DNS Settings**: Configure router to use Pi-hole
-  * **DHCP Disable**: Disable router DHCP if using Pi-hole
-  * **Port Forwarding**: Forward port 53 to Pi-hole
-  * **Static IP**: Give Pi-hole static IP address
-
-**Monitoring Integration:**
-  * **Prometheus**: Export metrics for monitoring
-  * **Grafana**: Create dashboards for Pi-hole stats
-  * **Uptime Kuma**: Monitor Pi-hole availability
-  * **Alerting**: Set up alerts for service issues
-
-**Backup Integration:**
-  * **Configuration Backup**: Backup Pi-hole settings
-  * **Blocklist Backup**: Save custom lists
-  * **DHCP Backup**: Backup DHCP leases
-  * **Automated Backups**: Schedule regular backups
-
-===== Best Practices =====
-
-**DNS Configuration:**
-  * **Multiple Upstream**: Use multiple DNS servers
-  * **DNSSEC**: Enable DNS security
-  * **Conditional Forwarding**: Enable for local network
-  * **Rate Limiting**: Prevent abuse
-
-**Ad Blocking:**
-  * **Regular Updates**: Keep blocklists current
-  * **Custom Lists**: Add domain-specific blocks
-  * **Whitelist Carefully**: Only whitelist necessary sites
-  * **Test Blocking**: Verify blocking effectiveness
-
-**DHCP Management:**
-  * **IP Planning**: Plan IP address ranges
-  * **Static Leases**: Reserve IPs for servers
-  * **Lease Time**: Appropriate lease durations
-  * **Monitoring**: Track DHCP usage
-
-**Security:**
-  * **Strong Password**: Secure admin password
-  * **Access Control**: Limit admin access
-  * **Updates**: Keep Pi-hole updated
-  * **Monitoring**: Monitor for security issues
-
-**Maintenance:**
-  * **Log Rotation**: Manage log file sizes
-  * **Database Optimization**: Regular database maintenance
-  * **Backup Routine**: Regular configuration backups
-  * **Performance Monitoring**: Track resource usage
-
-===== Common Use Cases =====
-
-**Home Network:**
-  * **Ad Blocking**: Block ads on all devices
-  * **Parental Controls**: Block inappropriate content
-  * **Device Management**: Track and manage devices
-  * **Network Monitoring**: Monitor network activity
-
-**Small Office:**
-  * **Content Filtering**: Block productivity-draining sites
-  * **Guest Network**: Separate guest DNS
-  * **Device Control**: Manage corporate devices
-  * **Reporting**: Generate usage reports
-
-**Development:**
-  * **Local DNS**: Resolve development domains
-  * **Testing**: Test ad blocking effectiveness
-  * **Network Simulation**: Simulate network conditions
-  * **Debugging**: Debug DNS-related issues
-
-Pi-hole provides essential network services with powerful ad blocking capabilities, serving as the DNS backbone of your homelab network.
-
-**Next:** Learn about [[services:infrastructure:dozzle|Dozzle]] or explore [[architecture:networking|Network Architecture]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/infrastructure/start.txt b/config-templates/dokuwiki/data/pages/services/infrastructure/start.txt
deleted file mode 100644
index d09881d..0000000
--- a/config-templates/dokuwiki/data/pages/services/infrastructure/start.txt
+++ /dev/null
@@ -1,59 +0,0 @@
-====== Infrastructure Services ======
-
-This section covers management, monitoring, and development tools for your homelab infrastructure.
-
-===== Available Services =====
-
-**Dockge** - Docker Compose Manager
-  * Access: https://dockge.${DOMAIN}
-  * Description: Web-based Docker Compose stack manager
-  * Stack: infrastructure.yml
-
-**Pi-hole** - Network-wide ad blocker
-  * Access: http://pihole.${DOMAIN} (or https via Traefik)
-  * Description: DNS-based ad blocking and network monitoring
-  * Stack: infrastructure.yml
-
-**Dozzle** - Real-time log viewer
-  * Access: https://dozzle.${DOMAIN}
-  * Description: Web interface for viewing Docker container logs
-  * Stack: infrastructure.yml
-
-**Glances** - System monitoring
-  * Access: https://glances.${DOMAIN}
-  * Description: Cross-platform system monitoring tool
-  * Stack: infrastructure.yml
-
-**Watchtower** - Automatic updates
-  * Description: Automatically updates Docker containers
-  * Stack: infrastructure.yml
-
-**Code Server** - VS Code in browser
-  * Access: https://code.${DOMAIN}
-  * Description: Run VS Code in your browser
-  * Stack: infrastructure.yml
-
-**Docker Proxy** - Secure Docker access
-  * Description: Provides secure access to Docker socket
-  * Stack: infrastructure.yml
-
-===== Quick Start =====
-
-1. Deploy the infrastructure stack:
-   docker-compose -f infrastructure.yml up -d
-
-2. Access Dockge at https://dockge.${DOMAIN} to manage stacks
-
-3. Configure Pi-hole for network-wide ad blocking
-
-4. Use Dozzle to monitor container logs in real-time
-
-5. Set up Glances for system monitoring
-
-===== Integration =====
-
-Infrastructure services integrate with:
-  * **Traefik** - Automatic SSL and routing
-  * **Authelia** - SSO authentication
-  * **Docker** - Container management and monitoring
-  * **System** - Hardware and OS monitoring
diff --git a/config-templates/dokuwiki/data/pages/services/infrastructure/watchtower.txt b/config-templates/dokuwiki/data/pages/services/infrastructure/watchtower.txt
deleted file mode 100644
index 4acfdfa..0000000
--- a/config-templates/dokuwiki/data/pages/services/infrastructure/watchtower.txt
+++ /dev/null
@@ -1,404 +0,0 @@
-====== Watchtower ======
-
-Watchtower is an automated container update service that monitors running Docker containers and automatically updates them when new images are available. It ensures your homelab services stay up-to-date with the latest security patches and features.
-
-===== Overview =====
-
-**Purpose:** Automated container updates
-**Deployment:** Infrastructure stack (currently disabled)
-**Monitoring:** Passive background service
-**Update Strategy:** Rolling updates with health checks
-
-===== Key Features =====
-
-**Automated Updates:**
-  * **Image Monitoring**: Checks for new image versions
-  * **Scheduled Updates**: Configurable update intervals
-  * **Rolling Updates**: Updates containers one by one
-  * **Health Checks**: Waits for container health before proceeding
-
-**Update Control:**
-  * **Include/Exclude**: Control which containers to update
-  * **Update Notifications**: Email/Slack notifications
-  * **Rollback Support**: Revert to previous versions
-  * **Dry Run Mode**: Test updates without applying
-
-**Safety Features:**
-  * **Health Monitoring**: Ensures containers start successfully
-  * **Timeout Control**: Prevents hanging updates
-  * **Resource Limits**: Controls update resource usage
-  * **Backup Integration**: Coordinates with backup services
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  watchtower:
-    image: containrrr/watchtower:latest
-    container_name: watchtower
-    restart: unless-stopped
-    environment:
-      - WATCHTOWER_CLEANUP=true
-      - WATCHTOWER_POLL_INTERVAL=3600
-      - WATCHTOWER_TIMEOUT=30s
-      - WATCHTOWER_NOTIFICATIONS=shoutrrr
-      - WATCHTOWER_NOTIFICATION_URL=discord://token@webhook
-      - WATCHTOWER_INCLUDE_STOPPED=false
-      - WATCHTOWER_REVIVE_STOPPED=false
-      - WATCHTOWER_REMOVE_VOLUMES=false
-      - WATCHTOWER_LABEL_ENABLE=true
-      - WATCHTOWER_MONITOR_ONLY=false
-      - WATCHTOWER_RUN_ONCE=false
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    command: --interval 3600 --cleanup --label-enable
-    deploy:
-      resources:
-        limits:
-          cpus: '0.2'
-          memory: 64M
-        reservations:
-          cpus: '0.01'
-          memory: 16M
-```
-
-**Environment Variables:**
-```bash
-# Update interval (seconds)
-WATCHTOWER_POLL_INTERVAL=3600
-
-# Update timeout
-WATCHTOWER_TIMEOUT=30s
-
-# Cleanup old images
-WATCHTOWER_CLEANUP=true
-
-# Notification settings
-WATCHTOWER_NOTIFICATIONS=shoutrrr
-WATCHTOWER_NOTIFICATION_URL=discord://token@webhook
-
-# Container control
-WATCHTOWER_INCLUDE_STOPPED=false
-WATCHTOWER_REVIVE_STOPPED=false
-WATCHTOWER_REMOVE_VOLUMES=false
-
-# Label-based control
-WATCHTOWER_LABEL_ENABLE=true
-
-# Monitoring mode
-WATCHTOWER_MONITOR_ONLY=false
-
-# One-time run
-WATCHTOWER_RUN_ONCE=false
-```
-
-===== Update Process =====
-
-**Monitoring Phase:**
-  1. **Image Check**: Queries Docker registry for new versions
-  2. **Version Comparison**: Compares current vs latest versions
-  3. **Update Decision**: Determines if update is needed
-  4. **Schedule Planning**: Plans update timing
-
-**Update Execution:**
-  1. **Container Stop**: Gracefully stops current container
-  2. **Image Pull**: Downloads new image version
-  3. **Container Start**: Starts container with new image
-  4. **Health Check**: Verifies container health
-  5. **Cleanup**: Removes old images (if enabled)
-
-**Post-Update:**
-  * **Notification**: Sends update notifications
-  * **Logging**: Records update details
-  * **Monitoring**: Continues monitoring for next updates
-  * **Error Handling**: Handles update failures
-
-===== Container Selection =====
-
-**Label-Based Control:**
-```yaml
-# Enable updates for specific containers
-labels:
-  - "com.centurylinklabs.watchtower.enable=true"
-
-# Disable updates for specific containers
-labels:
-  - "com.centurylinklabs.watchtower.enable=false"
-```
-
-**Include/Exclude Patterns:**
-```bash
-# Include only specific containers
-command: --include=traefik,authelia,dockge
-
-# Exclude specific containers
-command: --exclude=plex,jellyfin
-
-# Use regex patterns
-command: --include="^media-.*"
-```
-
-**Scope Control:**
-  * **All Containers**: Update all running containers
-  * **Specific Services**: Update only selected services
-  * **Stack-Based**: Update containers in specific stacks
-  * **Label-Based**: Use Docker labels for control
-
-===== Notification System =====
-
-**Supported Notifications:**
-  * **Email**: SMTP email notifications
-  * **Slack**: Slack channel notifications
-  * **Discord**: Discord webhook notifications
-  * **Gotify**: Gotify push notifications
-  * **Telegram**: Telegram bot notifications
-
-**Notification Configuration:**
-```yaml
-environment:
-  - WATCHTOWER_NOTIFICATIONS=shoutrrr
-  - WATCHTOWER_NOTIFICATION_URL=slack://token@channel
-  # Or for Discord
-  - WATCHTOWER_NOTIFICATION_URL=discord://token@webhook
-  # Or for email
-  - WATCHTOWER_NOTIFICATION_URL=smtp://user:pass@host:port
-```
-
-**Notification Content:**
-  * **Update Started**: Container update beginning
-  * **Update Completed**: Successful update confirmation
-  * **Update Failed**: Error details and troubleshooting
-  * **Rollback Performed**: Automatic rollback notifications
-
-===== Safety & Reliability =====
-
-**Health Checks:**
-```yaml
-# Wait for health checks
-command: --interval 3600 --cleanup --label-enable --enable-healthchecks
-```
-
-**Timeout Management:**
-```yaml
-# Set update timeouts
-environment:
-  - WATCHTOWER_TIMEOUT=60s
-```
-
-**Rollback Capability:**
-```yaml
-# Enable automatic rollback on failure
-command: --rollback-on-failure
-```
-
-**Resource Protection:**
-  * **CPU Limits**: Prevent update resource exhaustion
-  * **Memory Limits**: Control memory usage during updates
-  * **Network Limits**: Manage download bandwidth
-  * **Concurrent Updates**: Limit simultaneous updates
-
-===== Scheduling =====
-
-**Update Intervals:**
-```bash
-# Check every hour
-command: --interval 3600
-
-# Check every 24 hours
-command: --interval 86400
-
-# Check at specific times
-command: --schedule "0 0 4 * * *"  # Daily at 4 AM
-```
-
-**Maintenance Windows:**
-  * **Off-hours Updates**: Schedule updates during low-usage times
-  * **Weekend Updates**: Perform updates on weekends
-  * **Manual Control**: Trigger updates manually when needed
-  * **Holiday Scheduling**: Avoid updates during holidays
-
-===== Troubleshooting =====
-
-**Update Failures:**
-```bash
-# Check Watchtower logs
-docker logs watchtower
-
-# Manual update test
-docker pull image:latest
-docker stop container
-docker rm container
-docker run -d --name container image:latest
-```
-
-**Permission Issues:**
-  * **Docker Socket**: Verify socket access permissions
-  * **Registry Access**: Check Docker registry authentication
-  * **Network Issues**: Verify internet connectivity
-  * **Disk Space**: Ensure sufficient space for image downloads
-
-**Notification Problems:**
-  * **Webhook URLs**: Verify notification endpoint URLs
-  * **Authentication**: Check API tokens and credentials
-  * **Network Access**: Ensure outbound connectivity
-  * **Rate Limits**: Check service rate limiting
-
-**Performance Issues:**
-  * **Resource Usage**: Monitor CPU/memory during updates
-  * **Update Frequency**: Adjust polling intervals
-  * **Concurrent Updates**: Limit simultaneous container updates
-  * **Network Bandwidth**: Control download speeds
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs watchtower`
-  2. **Test manually**: Perform manual container updates
-  3. **Verify configuration**: Check environment variables
-  4. **Test notifications**: Send test notifications
-  5. **Restart service**: `docker restart watchtower`
-
-===== Advanced Configuration =====
-
-**Custom Update Logic:**
-```bash
-# Use custom update script
-command: --script /path/to/update-script.sh
-```
-
-**Lifecycle Hooks:**
-```yaml
-# Pre/post update hooks
-command: --pre-check /path/to/pre-check.sh --post-check /path/to/post-check.sh
-```
-
-**Advanced Filtering:**
-```bash
-# Complex filtering rules
-command: --filter-by-label=com.example.version=latest --filter-by-label=com.example.tier=frontend
-```
-
-**Monitoring Integration:**
-```yaml
-# Export metrics
-command: --metrics
-environment:
-  - WATCHTOWER_METRICS_PORT=8080
-```
-
-===== Security Considerations =====
-
-**Access Control:**
-  * **Docker Socket Security**: Read-only socket access
-  * **Registry Authentication**: Secure registry credentials
-  * **Network Security**: Secure update traffic
-  * **Audit Logging**: Track all update activities
-
-**Update Security:**
-  * **Image Verification**: Verify image authenticity
-  * **Vulnerability Scanning**: Check for security issues
-  * **Trusted Sources**: Only update from trusted registries
-  * **Rollback Security**: Secure rollback procedures
-
-===== Integration with Backup =====
-
-**Backup Coordination:**
-```yaml
-# Coordinate with backup services
-command: --pre-check /scripts/backup-check.sh --post-check /scripts/backup-verify.sh
-```
-
-**Backup Scripts:**
-```bash
-#!/bin/bash
-# Pre-update backup
-docker exec backup-service backup-now
-
-# Post-update verification
-docker exec backup-service verify-backup
-```
-
-**Automated Backup:**
-  * **Pre-update Backup**: Backup before each update
-  * **Post-update Verification**: Verify backup integrity
-  * **Rollback Backup**: Maintain rollback capability
-  * **Retention Policy**: Manage backup retention
-
-===== Best Practices =====
-
-**Update Strategy:**
-  * **Staged Updates**: Update non-critical services first
-  * **Monitoring**: Monitor updates closely initially
-  * **Testing**: Test updates in development first
-  * **Documentation**: Document update procedures
-
-**Safety Measures:**
-  * **Health Checks**: Always enable health checks
-  * **Timeouts**: Set appropriate update timeouts
-  * **Notifications**: Enable comprehensive notifications
-  * **Rollback**: Have rollback procedures ready
-
-**Performance:**
-  * **Resource Limits**: Appropriate CPU/memory limits
-  * **Update Windows**: Schedule during low-usage times
-  * **Concurrent Limits**: Limit simultaneous updates
-  * **Network Management**: Control bandwidth usage
-
-**Monitoring:**
-  * **Update Tracking**: Monitor update success/failure
-  * **Performance Impact**: Track update performance impact
-  * **Error Analysis**: Analyze update failure patterns
-  * **Success Metrics**: Track update success rates
-
-===== Use Cases =====
-
-**Production Environments:**
-  * **Security Updates**: Automatic security patch deployment
-  * **Feature Updates**: Deploy new features automatically
-  * **Compliance**: Maintain compliance with update policies
-  * **Stability**: Ensure service stability through updates
-
-**Development Environments:**
-  * **Testing Updates**: Test update procedures safely
-  * **CI/CD Integration**: Integrate with development pipelines
-  * **Version Control**: Manage container versions
-  * **Rollback Testing**: Test rollback capabilities
-
-**Homelab Management:**
-  * **Convenience**: Hands-off update management
-  * **Security**: Maintain security through updates
-  * **Stability**: Prevent version drift issues
-  * **Monitoring**: Track update status and health
-
-**Enterprise Deployments:**
-  * **Policy Compliance**: Enforce update policies
-  * **Change Management**: Manage change through updates
-  * **Audit Trails**: Maintain update audit logs
-  * **Reporting**: Generate update compliance reports
-
-===== Manual Update Process =====
-
-**When Watchtower is Disabled:**
-```bash
-# Manual update procedure
-# 1. Identify containers to update
-docker ps --format "table {{.Names}}\t{{.Image}}"
-
-# 2. Check for updates
-docker pull image:latest
-
-# 3. Backup current state
-docker tag current-image backup-image
-
-# 4. Stop and update container
-docker stop container
-docker rm container
-docker run -d --name container image:latest
-
-# 5. Verify update
-docker logs container
-docker ps | grep container
-```
-
-Watchtower provides automated container updates with safety features and monitoring, ensuring your homelab services remain current and secure.
-
-**Next:** Learn about [[services:infrastructure:code-server|Code Server]] or explore [[architecture:backup|Backup Architecture]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/media/calibre-web.txt b/config-templates/dokuwiki/data/pages/services/media/calibre-web.txt
deleted file mode 100644
index ce4005b..0000000
--- a/config-templates/dokuwiki/data/pages/services/media/calibre-web.txt
+++ /dev/null
@@ -1,393 +0,0 @@
-====== Calibre-Web ======
-
-Calibre-Web is a web application that provides a clean web interface for browsing, reading, and downloading eBooks stored in a Calibre database. It allows you to access your eBook library from any device with a web browser.
-
-===== Overview =====
-
-**Purpose:** Web interface for Calibre eBook library
-**URL:** https://calibre.yourdomain.duckdns.org
-**Authentication:** Built-in user management
-**Deployment:** Media stack
-**Database:** SQLite (Calibre database)
-
-===== Key Features =====
-
-**Library Management:**
-  * **Browse Books**: Browse your eBook collection
-  * **Search & Filter**: Advanced search and filtering
-  * **Categories**: Organize by author, genre, series
-  * **Metadata Display**: Rich book information display
-
-**Reading Features:**
-  * **Online Reading**: Read books directly in browser
-  * **Download Options**: Download in multiple formats
-  * **Reading Progress**: Track reading progress
-  * **Bookmarks**: Save reading positions
-
-**User Management:**
-  * **Multiple Users**: Separate accounts for users
-  * **Access Control**: Configure user permissions
-  * **Reading Statistics**: Track reading habits
-  * **Personal Shelves**: Create custom book collections
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  calibre-web:
-    image: lscr.io/linuxserver/calibre-web:latest
-    container_name: calibre-web
-    restart: unless-stopped
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=${TZ}
-      - DOCKER_MODS=linuxserver/mods:universal-calibre  # Calibre integration
-    volumes:
-      - ./calibre-web/config:/config
-      - /mnt/media/books:/books  # Calibre library location
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '1.0'
-          memory: 512M
-        reservations:
-          cpus: '0.2'
-          memory: 128M
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.calibre-web.rule=Host(`calibre.${DOMAIN}`)"
-      - "traefik.http.routers.calibre-web.entrypoints=websecure"
-      - "traefik.http.routers.calibre-web.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.calibre-web.middlewares=authelia@docker"
-      - "traefik.http.services.calibre-web.loadbalancer.server.port=8083"
-      - "x-dockge.url=https://calibre.${DOMAIN}"
-```
-
-**Environment Variables:**
-```bash
-# User permissions
-PUID=1000
-PGID=1000
-
-# Timezone
-TZ=America/New_York
-
-# Calibre integration (optional)
-DOCKER_MODS=linuxserver/mods:universal-calibre
-```
-
-===== Calibre Database Setup =====
-
-**Calibre Library Structure:**
-```
-/mnt/media/books/
-├── metadata.db          # Calibre database
-├── metadata_db_prefs_backup.json
-├── books/               # Book files
-│   ├── Author Name/
-│   │   ├── Book Title (Year)/
-│   │   │   ├── book.epub
-│   │   │   ├── cover.jpg
-│   │   │   └── metadata.opf
-│   └── Another Author/
-└── covers/              # Cover images
-```
-
-**Database Connection:**
-  * **Path**: `/books` (mounted Calibre library)
-  * **Auto-Detection**: Automatically finds metadata.db
-  * **Metadata Access**: Full access to Calibre metadata
-  * **Cover Images**: Access to book covers
-
-**Initial Setup:**
-  1. **Place Calibre Library**: Mount existing Calibre library
-  2. **Database Detection**: Calibre-Web finds metadata.db
-  3. **Admin Account**: Create administrator account
-  4. **Library Scan**: Scan and index books
-
-===== User Management =====
-
-**Administrator Setup:**
-  1. **First Access**: Visit Calibre-Web URL
-  2. **Create Admin**: Set up administrator account
-  3. **Configure Library**: Point to Calibre database
-  4. **User Settings**: Configure application settings
-
-**User Accounts:**
-  * **User Creation**: Add user accounts
-  * **Permission Levels**: Admin, User, Guest
-  * **Library Access**: Control book access per user
-  * **Download Rights**: Configure download permissions
-
-**Authentication:**
-  * **Username/Password**: Standard authentication
-  * **LDAP Integration**: External user directory (optional)
-  * **Guest Access**: Allow anonymous browsing
-  * **Session Management**: Configurable session timeouts
-
-===== Library Features =====
-
-**Browse & Search:**
-  * **Book Grid/List**: Multiple viewing modes
-  * **Advanced Search**: Search by title, author, genre
-  * **Filters**: Filter by language, format, rating
-  * **Sorting**: Sort by various criteria
-
-**Book Details:**
-  * **Metadata Display**: Title, author, description
-  * **Cover Images**: High-quality book covers
-  * **File Information**: Format, size, pages
-  * **Ratings & Reviews**: User ratings and reviews
-
-**Reading Interface:**
-  * **EPUB Reader**: Built-in EPUB reader
-  * **PDF Viewer**: PDF document viewer
-  * **Progress Tracking**: Reading progress saving
-  * **Bookmarking**: Save reading positions
-
-===== Download & Formats =====
-
-**Supported Formats:**
-  * **EPUB**: Most common eBook format
-  * **PDF**: Portable document format
-  * **MOBI**: Kindle format
-  * **AZW3**: Amazon format
-  * **TXT**: Plain text
-  * **RTF**: Rich text format
-
-**Download Options:**
-  * **Direct Download**: Download original format
-  * **Format Conversion**: Convert to other formats
-  * **Bulk Download**: Download multiple books
-  * **ZIP Archives**: Download as compressed archives
-
-**Conversion Features:**
-  * **Calibre Integration**: Use Calibre for conversion
-  * **Format Support**: Convert between supported formats
-  * **Quality Settings**: Adjust conversion quality
-  * **Metadata Preservation**: Maintain book metadata
-
-===== Customization =====
-
-**Interface Themes:**
-  * **Light Theme**: Clean, bright interface
-  * **Dark Theme**: Easy on the eyes
-  * **Custom CSS**: Advanced customization
-  * **Responsive Design**: Mobile-friendly interface
-
-**Language Support:**
-  * **Multiple Languages**: 20+ supported languages
-  * **Interface Translation**: Full UI translation
-  * **Metadata Languages**: Support for various languages
-  * **RTL Support**: Right-to-left language support
-
-**Display Options:**
-  * **Books per Page**: Configure pagination
-  * **Cover Sizes**: Adjust cover image sizes
-  * **Metadata Fields**: Customize displayed fields
-  * **Grid/List Views**: Choose viewing preferences
-
-===== Advanced Features =====
-
-**Shelves & Collections:**
-  * **Custom Shelves**: Create personal book collections
-  * **Public Shelves**: Share collections with others
-  * **Smart Shelves**: Dynamic collections based on criteria
-  * **Shelf Management**: Organize and categorize shelves
-
-**Reading Statistics:**
-  * **Reading Progress**: Track reading progress
-  * **Reading Time**: Monitor reading duration
-  * **Books Read**: Track completed books
-  * **Reading Goals**: Set reading targets
-
-**Social Features:**
-  * **User Reviews**: Write and read book reviews
-  * **Ratings**: Rate books and see averages
-  * **Recommendations**: Book recommendation system
-  * **User Activity**: See what others are reading
-
-===== Integration Features =====
-
-**Calibre Integration:**
-  * **Database Sync**: Sync with Calibre desktop
-  * **Metadata Updates**: Update from Calibre
-  * **Cover Downloads**: Download covers from Calibre
-  * **Format Conversion**: Use Calibre conversion tools
-
-**External Services:**
-  * **Goodreads**: Import ratings and reviews
-  * **Google Books**: Enhanced metadata
-  * **Open Library**: Additional book information
-  * **ISBN Lookup**: Automatic ISBN resolution
-
-**API Access:**
-  * **REST API**: Programmatic access
-  * **Webhook Support**: Event notifications
-  * **Third-party Integration**: Connect with other services
-  * **Automation**: Script-based automation
-
-===== Security Considerations =====
-
-**Access Control:**
-  * **User Authentication**: Secure user authentication
-  * **Permission Levels**: Granular access control
-  * **IP Restrictions**: Limit access by IP address
-  * **Session Security**: Secure session management
-
-**Data Protection:**
-  * **File Permissions**: Proper file system permissions
-  * **Database Security**: SQLite database protection
-  * **Backup Security**: Secure backup procedures
-  * **Encryption**: Data encryption options
-
-===== Performance Optimization =====
-
-**Resource Management:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '1.0'
-      memory: 512M
-    reservations:
-      cpus: '0.2'
-      memory: 128M
-```
-
-**Database Optimization:**
-  * **Index Maintenance**: Regular database maintenance
-  * **Query Optimization**: Efficient database queries
-  * **Cache Management**: Metadata and cover caching
-  * **Search Optimization**: Fast search capabilities
-
-===== Troubleshooting =====
-
-**Database Connection Issues:**
-```bash
-# Check database file permissions
-ls -la /mnt/media/books/metadata.db
-
-# Verify database integrity
-docker exec calibre-web sqlite3 /books/metadata.db ".tables"
-
-# Check Calibre-Web logs
-docker logs calibre-web
-```
-
-**Book Display Problems:**
-  * **Cover Images**: Check cover file permissions
-  * **Metadata Issues**: Verify database integrity
-  * **File Permissions**: Check book file access
-  * **Format Support**: Verify supported formats
-
-**User Authentication Issues:**
-  * **Login Problems**: Check user credentials
-  * **Permission Errors**: Verify user permissions
-  * **Session Issues**: Clear browser cookies
-  * **Password Reset**: Administrator password reset
-
-**Reading Interface Issues:**
-  * **EPUB Display**: Check EPUB file validity
-  * **PDF Viewer**: Verify PDF compatibility
-  * **Progress Saving**: Check database write permissions
-  * **Bookmark Issues**: Clear browser cache
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs calibre-web`
-  2. **Verify database**: Test database connectivity
-  3. **Check permissions**: Validate file permissions
-  4. **Test access**: Verify web interface access
-  5. **Restart service**: `docker restart calibre-web`
-
-===== Backup & Recovery =====
-
-**Configuration Backup:**
-```bash
-# Backup Calibre-Web configuration
-docker run --rm \
-  -v calibre-web-config:/config \
-  -v $(pwd)/backup:/backup \
-  busybox tar czf /backup/calibre-web-config.tar.gz /config
-```
-
-**Database Backup:**
-```bash
-# Backup Calibre database
-docker run --rm \
-  -v /mnt/media/books:/books \
-  -v $(pwd)/backup:/backup \
-  busybox tar czf /backup/calibre-library.tar.gz /books
-```
-
-**Recovery Process:**
-  1. **Restore Configuration**: Restore config directory
-  2. **Restore Database**: Restore Calibre library
-  3. **Verify Integrity**: Check database and files
-  4. **Update Permissions**: Fix file permissions
-  5. **Test Access**: Verify web interface works
-
-===== Best Practices =====
-
-**Library Management:**
-  * **Consistent Naming**: Follow Calibre naming conventions
-  * **Metadata Quality**: Maintain accurate metadata
-  * **File Organization**: Proper folder structure
-  * **Regular Backups**: Frequent library backups
-
-**User Management:**
-  * **Permission Planning**: Plan user access levels
-  * **Regular Audits**: Review user permissions
-  * **Password Policies**: Enforce strong passwords
-  * **Activity Monitoring**: Monitor user activity
-
-**Performance:**
-  * **Resource Allocation**: Appropriate CPU/memory limits
-  * **Database Maintenance**: Regular database optimization
-  * **Cache Management**: Optimize caching settings
-  * **Network Optimization**: Fast network access
-
-**Maintenance:**
-  * **Regular Updates**: Keep Calibre-Web updated
-  * **Database Maintenance**: Regular database cleanup
-  * **File System Checks**: Verify file integrity
-  * **Security Updates**: Apply security patches
-
-===== Advanced Configuration =====
-
-**Reverse Proxy Configuration:**
-```nginx
-# Nginx configuration for additional features
-location /calibre {
-    proxy_pass http://calibre-web:8083;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-}
-```
-
-**LDAP Integration:**
-```python
-# LDAP configuration in config files
-LDAP_URL = "ldap://your-ldap-server"
-LDAP_USER_DN = "ou=users,dc=example,dc=com"
-LDAP_GROUP_DN = "ou=groups,dc=example,dc=com"
-```
-
-**API Usage Examples:**
-```bash
-# Get library information
-curl -u username:password https://calibre.yourdomain.duckdns.org/api/books
-
-# Search books
-curl -u username:password "https://calibre.yourdomain.duckdns.org/api/books?search=author:smith"
-```
-
-Calibre-Web provides a beautiful, user-friendly web interface for your Calibre eBook library, making it easy to browse, read, and manage your digital book collection from any device.
-
-**Next:** Learn about [[services:media:qbittorrent|qBittorrent]] or explore [[architecture:backup|Backup Architecture]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/media/jellyfin.txt b/config-templates/dokuwiki/data/pages/services/media/jellyfin.txt
deleted file mode 100644
index 22fbf43..0000000
--- a/config-templates/dokuwiki/data/pages/services/media/jellyfin.txt
+++ /dev/null
@@ -1,424 +0,0 @@
-====== Jellyfin ======
-
-Jellyfin is a free, open-source media server that allows you to organize, manage, and stream your personal media collection. It provides a modern, user-friendly interface for accessing movies, TV shows, music, and photos from any device.
-
-===== Overview =====
-
-**Purpose:** Media server and streaming platform
-**URL:** https://jellyfin.yourdomain.duckdns.org
-**Authentication:** Built-in user management (no SSO)
-**Deployment:** Media stack
-**Features:** Multi-device streaming, transcoding, metadata management
-
-===== Key Features =====
-
-**Media Management:**
-  * **Library Organization**: Automatic media organization
-  * **Metadata Fetching**: Rich metadata from online sources
-  * **Poster Art**: High-quality artwork and posters
-  * **Collections**: Custom media collections and playlists
-
-**Streaming Capabilities:**
-  * **Multi-Device Support**: Stream to any device
-  * **Adaptive Streaming**: Automatic quality adjustment
-  * **Transcoding**: Real-time video transcoding
-  * **Direct Play**: Direct streaming when supported
-
-**User Management:**
-  * **Multiple Users**: Separate accounts for family members
-  * **Parental Controls**: Content restrictions and ratings
-  * **Viewing History**: Track watched content
-  * **Personal Libraries**: User-specific content access
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  jellyfin:
-    image: lscr.io/linuxserver/jellyfin:latest
-    container_name: jellyfin
-    restart: unless-stopped
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=${TZ}
-      - JELLYFIN_PublishedServerUrl=https://jellyfin.${DOMAIN}
-    volumes:
-      - ./jellyfin/config:/config
-      - /mnt/media/movies:/data/movies
-      - /mnt/media/tv:/data/tv
-      - /mnt/media/music:/data/music
-      - /mnt/transcode:/config/transcodes
-    devices:
-      - /dev/dri:/dev/dri  # Hardware acceleration (optional)
-    networks:
-      - traefik-network
-    deploy:
-      resources:
-        limits:
-          cpus: '2.0'
-          memory: 2G
-        reservations:
-          cpus: '0.5'
-          memory: 512M
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)"
-      - "traefik.http.routers.jellyfin.entrypoints=websecure"
-      - "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt"
-      # No Authelia middleware - direct access for app compatibility
-      - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
-      - "x-dockge.url=https://jellyfin.${DOMAIN}"
-```
-
-**Environment Variables:**
-```bash
-# User permissions
-PUID=1000
-PGID=1000
-
-# Timezone
-TZ=America/New_York
-
-# Public URL (for external access)
-JELLYFIN_PublishedServerUrl=https://jellyfin.yourdomain.duckdns.org
-```
-
-===== Media Library Setup =====
-
-**Directory Structure:**
-```
-/mnt/media/
-├── movies/           # Movie files
-│   ├── Movie1 (2023)/
-│   └── Movie2 (2023)/
-├── tv/              # TV show files
-│   ├── Show1/
-│   │   ├── Season 01/
-│   │   └── Season 02/
-│   └── Show2/
-├── music/           # Music files
-│   ├── Artist1/
-│   └── Artist2/
-└── photos/          # Photo collections
-```
-
-**Library Configuration:**
-  * **Movie Library**: Point to `/data/movies`
-  * **TV Library**: Point to `/data/tv`
-  * **Music Library**: Point to `/data/music`
-  * **Photo Library**: Point to `/data/photos`
-
-**Naming Conventions:**
-```
-Movies: "Movie Name (Year)/Movie Name (Year).mkv"
-TV: "Show Name/Season 01/Show Name - S01E01.mkv"
-Music: "Artist/Album/01 - Song Title.mp3"
-```
-
-===== Hardware Acceleration =====
-
-**Intel Quick Sync:**
-```yaml
-devices:
-  - /dev/dri:/dev/dri
-
-environment:
-  - JELLYFIN_FFmpeg__probesize=1G
-  - JELLYFIN_FFmpeg__analyzeduration=200M
-```
-
-**NVIDIA GPU:**
-```yaml
-deploy:
-  resources:
-    reservations:
-      devices:
-        - driver: nvidia
-          count: 1
-          capabilities: [gpu]
-
-environment:
-  - NVIDIA_VISIBLE_DEVICES=all
-  - NVIDIA_DRIVER_CAPABILITIES=all
-```
-
-**VAAPI (Software):**
-```yaml
-environment:
-  - JELLYFIN_FFmpeg__hwaccel=vaapi
-  - JELLYFIN_FFmpeg__hwaccel_device=/dev/dri/renderD128
-  - JELLYFIN_FFmpeg__hwaccel_output_format=vaapi
-```
-
-===== User Management =====
-
-**Administrator Setup:**
-  1. **First Access**: Visit Jellyfin URL
-  2. **Create Admin Account**: Set up administrator account
-  3. **Configure Libraries**: Add media libraries
-  4. **Set Preferences**: Configure server settings
-
-**User Accounts:**
-  * **User Creation**: Add family member accounts
-  * **Access Levels**: Configure library access per user
-  * **Parental Controls**: Set content ratings and restrictions
-  * **Device Limits**: Control simultaneous streams
-
-**Authentication:**
-  * **Local Users**: Username/password authentication
-  * **Easy PIN**: Simple PIN for quick access
-  * **Auto Login**: Remember login on trusted devices
-
-===== Transcoding Configuration =====
-
-**Transcoding Settings:**
-```yaml
-# Transcode location
-volumes:
-  - /mnt/transcode:/config/transcodes
-```
-
-**Quality Settings:**
-  * **Video Quality**: Adjust bitrate and resolution
-  * **Audio Quality**: Configure audio encoding
-  * **Container Format**: Choose output format
-  * **Hardware Acceleration**: Enable GPU transcoding
-
-**Performance Tuning:**
-  * **Concurrent Streams**: Limit simultaneous transcodes
-  * **Buffer Size**: Adjust transcoding buffer
-  * **Thread Count**: Configure encoding threads
-  * **Quality Presets**: Balance quality vs speed
-
-===== Metadata Management =====
-
-**Metadata Sources:**
-  * **The Movie Database (TMDb)**: Movie and TV metadata
-  * **TheTVDB**: TV show information
-  * **MusicBrainz**: Music metadata
-  * **FanArt.tv**: Artwork and posters
-
-**Metadata Refresh:**
-  * **Automatic Updates**: Regular metadata updates
-  * **Manual Refresh**: Force metadata refresh
-  * **Image Downloads**: Download posters and artwork
-  * **Language Settings**: Configure metadata language
-
-**Custom Metadata:**
-  * **Override Information**: Manually edit metadata
-  * **Custom Images**: Upload custom artwork
-  * **Collections**: Create custom collections
-  * **Tags**: Add custom tags and genres
-
-===== Client Applications =====
-
-**Official Apps:**
-  * **Android/iOS**: Mobile apps for streaming
-  * **Roku**: TV streaming device support
-  * **Fire TV**: Amazon Fire TV support
-  * **Android TV**: Android TV support
-
-**Third-Party Clients:**
-  * **Kodi**: Media center integration
-  * **Plex**: Alternative media server
-  * **Emby**: Similar media server
-  * **Infuse**: iOS/macOS media player
-
-**Web Client:**
-  * **Modern Interface**: Responsive web player
-  * **Keyboard Shortcuts**: Full keyboard navigation
-  * **Cast Support**: Chromecast and DLNA
-  * **Offline Sync**: Download for offline viewing
-
-===== Plugins & Extensions =====
-
-**Official Plugins:**
-  * **Open Subtitles**: Subtitle downloading
-  * **MusicBrainz**: Enhanced music metadata
-  * **AniList**: Anime tracking integration
-  * **Trakt**: Watch history synchronization
-
-**Community Plugins:**
-  * **Kodi Sync**: Sync with Kodi library
-  * **FanArt**: Additional artwork sources
-  * **Theme Videos**: Movie theme videos
-  * **Trailer**: Trailer playback
-
-**Plugin Installation:**
-  1. **Dashboard > Plugins**: Access plugin catalog
-  2. **Browse Repository**: Find desired plugins
-  3. **Install**: Click install button
-  4. **Configure**: Set plugin preferences
-
-===== Backup & Recovery =====
-
-**Configuration Backup:**
-```bash
-# Backup Jellyfin configuration
-docker run --rm \
-  -v jellyfin-config:/config \
-  -v $(pwd)/backup:/backup \
-  busybox tar czf /backup/jellyfin-config.tar.gz /config
-```
-
-**Database Backup:**
-```bash
-# Backup Jellyfin database
-docker exec jellyfin sqlite3 /config/data/library.db .dump > jellyfin-backup.sql
-```
-
-**Media Backup:**
-  * **File System**: Backup media files separately
-  * **Metadata**: Configuration includes metadata
-  * **User Data**: User preferences and watch history
-  * **Plugins**: Plugin configurations
-
-===== Performance Optimization =====
-
-**Resource Management:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '2.0'
-      memory: 2G
-    reservations:
-      cpus: '0.5'
-      memory: 512M
-```
-
-**Optimization Tips:**
-  * **Library Scanning**: Schedule scans during off-hours
-  * **Transcoding Limits**: Limit concurrent transcodes
-  * **Cache Management**: Configure appropriate cache sizes
-  * **Network Optimization**: Use appropriate network settings
-
-===== Troubleshooting =====
-
-**Playback Issues:**
-```bash
-# Check transcoding logs
-docker logs jellyfin | grep -i ffmpeg
-
-# Verify hardware acceleration
-docker exec jellyfin vainfo  # VAAPI
-docker exec jellyfin nvidia-smi  # NVIDIA
-```
-
-**Library Scanning Problems:**
-  * **Permission Issues**: Check file permissions
-  * **Naming Problems**: Verify file naming conventions
-  * **Metadata Errors**: Check metadata provider status
-  * **Network Issues**: Verify internet connectivity
-
-**Web Interface Issues:**
-  * **Loading Problems**: Clear browser cache
-  * **SSL Errors**: Check certificate validity
-  * **CORS Issues**: Verify reverse proxy configuration
-  * **JavaScript Errors**: Check browser compatibility
-
-**Transcoding Issues:**
-  * **Hardware Acceleration**: Verify GPU access
-  * **Codec Support**: Check supported codecs
-  * **Resource Limits**: Monitor CPU/memory usage
-  * **Quality Settings**: Adjust transcoding parameters
-
-**Troubleshooting Steps:**
-  1. **Check logs**: `docker logs jellyfin`
-  2. **Verify configuration**: Check environment variables
-  3. **Test access**: Verify web interface access
-  4. **Check permissions**: Validate file permissions
-  5. **Restart service**: `docker restart jellyfin`
-
-===== Security Considerations =====
-
-**Access Control:**
-  * **User Authentication**: Strong password requirements
-  * **Network Security**: Restrict network access
-  * **HTTPS Only**: Force secure connections
-  * **Session Management**: Configure session timeouts
-
-**Media Security:**
-  * **File Permissions**: Proper file system permissions
-  * **Network Shares**: Secure network share access
-  * **Backup Security**: Encrypt backup data
-  * **Access Logging**: Monitor access patterns
-
-===== Integration with Media Stack =====
-
-**Sonarr/Radarr Integration:**
-  * **Automatic Downloads**: Integration with download clients
-  * **Library Updates**: Automatic library refreshes
-  * **Quality Profiles**: Match download quality to playback
-  * **Naming Conventions**: Consistent file naming
-
-**qBittorrent Integration:**
-  * **Download Monitoring**: Track download progress
-  * **Category Management**: Organize downloads by type
-  * **Completion Notifications**: Notify when downloads complete
-  * **File Management**: Automatic file organization
-
-**Hardware Acceleration:**
-  * **GPU Utilization**: Leverage available GPU resources
-  * **Transcoding Efficiency**: Optimize transcoding performance
-  * **Power Management**: Balance performance and power usage
-  * **Resource Monitoring**: Monitor hardware utilization
-
-===== Best Practices =====
-
-**Library Management:**
-  * **Consistent Naming**: Follow naming conventions
-  * **Quality Standards**: Maintain consistent quality
-  * **Metadata Accuracy**: Keep metadata up-to-date
-  * **Regular Maintenance**: Periodic library cleanup
-
-**Performance:**
-  * **Resource Allocation**: Appropriate CPU/memory limits
-  * **Transcoding Settings**: Balance quality and performance
-  * **Caching Strategy**: Optimize cache usage
-  * **Network Configuration**: Optimize network settings
-
-**User Experience:**
-  * **Interface Customization**: Customize user interfaces
-  * **Device Profiles**: Optimize for different devices
-  * **Subtitle Management**: Configure subtitle preferences
-  * **Audio Settings**: Configure audio preferences
-
-**Maintenance:**
-  * **Regular Updates**: Keep Jellyfin updated
-  * **Library Scans**: Regular library maintenance
-  * **Backup Routine**: Regular configuration backups
-  * **Performance Monitoring**: Monitor system performance
-
-===== Advanced Configuration =====
-
-**Custom CSS:**
-```css
-/* Custom theme modifications */
-.dashboardHeader {
-  background-color: #your-color;
-}
-
-.libraryCard {
-  border-radius: 10px;
-}
-```
-
-**API Access:**
-```bash
-# Access Jellyfin API
-curl -H "X-MediaBrowser-Token: your-api-key" \
-  https://jellyfin.yourdomain.duckdns.org/Items
-```
-
-**Webhook Integration:**
-  * **Playback Events**: Trigger actions on media events
-  * **User Actions**: Monitor user activities
-  * **System Events**: Respond to system events
-  * **External Integration**: Connect with other services
-
-Jellyfin provides a powerful, free alternative to proprietary media servers, offering comprehensive media management and streaming capabilities with excellent client support across all platforms.
-
-**Next:** Learn about [[services:media:calibre-web|Calibre-Web]] or explore [[architecture:storage|Storage Architecture]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/media/qbittorrent.txt b/config-templates/dokuwiki/data/pages/services/media/qbittorrent.txt
deleted file mode 100644
index ce0f7f5..0000000
--- a/config-templates/dokuwiki/data/pages/services/media/qbittorrent.txt
+++ /dev/null
@@ -1,391 +0,0 @@
-====== qBittorrent ======
-
-qBittorrent is a free and open-source BitTorrent client that provides a web-based interface for downloading and managing torrent files. In the AI-Homelab, it's configured to route all traffic through Gluetun VPN for enhanced privacy and security.
-
-===== Overview =====
-
-**Purpose:** Torrent downloading with VPN protection
-**URL:** https://qbit.yourdomain.duckdns.org
-**Authentication:** Built-in web UI authentication
-**Deployment:** Media stack (VPN-routed through Gluetun)
-**VPN Integration:** Routes through Gluetun container
-
-===== Key Features =====
-
-**Torrent Management:**
-  * **Web Interface**: Clean, responsive web UI
-  * **Torrent Creation**: Create torrents from files/folders
-  * **Magnet Links**: Support for magnet link downloads
-  * **Batch Downloads**: Download multiple torrents
-  * **RSS Feeds**: Automatic RSS feed monitoring
-
-**Download Control:**
-  * **Speed Limits**: Set download/upload speed limits
-  * **Bandwidth Management**: Per-torrent bandwidth allocation
-  * **Queue Management**: Priority-based download queuing
-  * **Auto-Management**: Automatic torrent management
-
-**Privacy & Security:**
-  * **VPN Routing**: All traffic through Gluetun VPN
-  * **IP Binding**: Bind to VPN interface only
-  * **Encryption**: Protocol encryption support
-  * **Proxy Support**: SOCKS5/HTTP proxy support
-
-===== Configuration =====
-
-**Container Configuration:**
-```yaml
-services:
-  qbittorrent:
-    image: lscr.io/linuxserver/qbittorrent:latest
-    container_name: qbittorrent
-    network_mode: "service:gluetun"  # Route through VPN
-    depends_on:
-      - gluetun
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=${TZ}
-      - WEBUI_PORT=8080
-    volumes:
-      - ./qbittorrent/config:/config
-      - /mnt/downloads:/downloads
-    restart: unless-stopped
-    deploy:
-      resources:
-        limits:
-          cpus: '2.0'
-          memory: 1G
-        reservations:
-          cpus: '0.5'
-          memory: 256M
-```
-
-**Gluetun Configuration (Update):**
-```yaml
-# In gluetun service, add port mapping
-gluetun:
-  ports:
-    - 8080:8080  # qBittorrent WebUI
-    - 6881:6881  # Torrent ports (TCP)
-    - 6881:6881/udp  # Torrent ports (UDP)
-```
-
-**Environment Variables:**
-```bash
-# User permissions
-PUID=1000
-PGID=1000
-
-# Timezone
-TZ=America/New_York
-
-# Web UI port
-WEBUI_PORT=8080
-```
-
-===== VPN Integration =====
-
-**Network Mode:**
-```yaml
-network_mode: "service:gluetun"
-```
-
-**Benefits:**
-  * **IP Protection**: All torrent traffic through VPN
-  * **ISP Protection**: Hide torrenting from ISP
-  * **Geographic Access**: Access geo-restricted content
-  * **Privacy**: Enhanced download privacy
-
-**Port Mapping:**
-  * **WebUI**: 8080 (internal to Gluetun)
-  * **Torrent TCP**: 6881
-  * **Torrent UDP**: 6881
-
-**VPN Verification:**
-```bash
-# Check if qBittorrent is using VPN IP
-docker exec gluetun curl -s ifconfig.me
-
-# Verify qBittorrent is accessible through VPN
-curl -k https://qbit.yourdomain.duckdns.org
-```
-
-===== Initial Setup =====
-
-**First Access:**
-  1. **Navigate**: Visit qBittorrent URL
-  2. **Default Credentials**: admin/adminadmin
-  3. **Change Password**: Immediately change default password
-  4. **Configure Settings**: Set up download preferences
-
-**Basic Configuration:**
-  * **Download Location**: Set to `/downloads`
-  * **Temporary Files**: Configure temp directory
-  * **Auto-Management**: Enable automatic torrent management
-  * **WebUI Settings**: Configure interface preferences
-
-===== Download Management =====
-
-**Adding Torrents:**
-  * **Torrent Files**: Upload .torrent files
-  * **Magnet Links**: Paste magnet links
-  * **URLs**: Add torrent URLs
-  * **Batch Operations**: Add multiple torrents
-
-**Download Categories:**
-  * **Category Creation**: Create download categories
-  * **Path Assignment**: Assign paths per category
-  * **Automatic Sorting**: Auto-assign categories
-  * **Category Management**: Organize downloads
-
-**Queue Management:**
-  * **Priority Setting**: Set download priorities
-  * **Queue Limits**: Limit concurrent downloads
-  * **Speed Allocation**: Allocate bandwidth per torrent
-  * **Sequential Downloads**: Download files in order
-
-===== Advanced Features =====
-
-**RSS Integration:**
-  * **RSS Feeds**: Add RSS torrent feeds
-  * **Automatic Downloads**: Auto-download matching torrents
-  * **Filters**: Set download filters and rules
-  * **Smart Filtering**: Advanced filtering options
-
-**Search Integration:**
-  * **Built-in Search**: Search torrent sites
-  * **Search Plugins**: Install additional search plugins
-  * **Plugin Management**: Manage search engines
-  * **Search History**: Track search history
-
-**Automation:**
-  * **Watch Folders**: Monitor folders for new torrents
-  * **Auto-Tagging**: Automatic torrent tagging
-  * **Script Integration**: Execute scripts on completion
-  * **API Integration**: REST API for automation
-
-===== Performance Optimization =====
-
-**Speed Settings:**
-```yaml
-# Recommended settings for VPN
-Global maximum number of upload slots: 20
-Global maximum number of half-open connections: 500
-Maximum number of upload slots per torrent: 4
-Maximum number of connections per torrent: 100
-```
-
-**Disk Settings:**
-  * **Disk Cache**: Set to 64-128 MB
-  * **Disk Cache Expiry**: 60 seconds
-  * **OS Cache**: Enable OS cache
-  * **Coalesce Reads**: Enable for SSDs
-
-**Connection Settings:**
-  * **Global Max Connections**: 500
-  * **Max Per Torrent**: 100
-  * **Max Upload Slots**: 20
-  * **Max Half-Open**: 500
-
-===== Security Configuration =====
-
-**WebUI Security:**
-  * **Authentication**: Enable username/password
-  * **HTTPS**: Force HTTPS connections
-  * **IP Filtering**: Restrict access by IP
-  * **Session Timeout**: Configure session limits
-
-**Network Security:**
-  * **Encryption**: Enable protocol encryption
-  * **DHT**: Enable DHT for peer discovery
-  * **PEX**: Enable peer exchange
-  * **LSD**: Enable local service discovery
-
-**VPN Security:**
-  * **Kill Switch**: Gluetun provides kill switch
-  * **DNS Leak Protection**: VPN DNS protection
-  * **IPv6 Blocking**: Block IPv6 leaks
-  * **Port Forwarding**: VPN port forwarding
-
-===== Integration with Media Stack =====
-
-**Sonarr/Radarr Integration:**
-```yaml
-# In Sonarr/Radarr settings
-Download Client: qBittorrent
-Host: qbittorrent  # Container name
-Port: 8080
-Username: your-username
-Password: your-password
-Category: sonarr  # Use categories for organization
-```
-
-**Category Setup:**
-  * **sonarr**: For TV show downloads
-  * **radarr**: For movie downloads
-  * **manual**: For manual downloads
-  * **books**: For book downloads
-
-**Path Mapping:**
-  * **/downloads/complete/sonarr**: TV shows
-  * **/downloads/complete/radarr**: Movies
-  * **/downloads/complete/manual**: Manual downloads
-
-===== Monitoring & Maintenance =====
-
-**Health Checks:**
-```yaml
-healthcheck:
-  test: ["CMD", "curl", "-f", "http://localhost:8080"]
-  interval: 30s
-  timeout: 10s
-  retries: 3
-```
-
-**Log Monitoring:**
-```bash
-# View qBittorrent logs
-docker logs qbittorrent
-
-# View Gluetun logs (VPN)
-docker logs gluetun
-```
-
-**Performance Monitoring:**
-  * **Download Speed**: Monitor download/upload speeds
-  * **Connection Count**: Track peer connections
-  * **Disk I/O**: Monitor disk usage
-  * **Memory Usage**: Track memory consumption
-
-===== Troubleshooting =====
-
-**VPN Connection Issues:**
-```bash
-# Check VPN status
-docker exec gluetun sh -c "curl -s ifconfig.me"
-
-# Verify Gluetun is running
-docker ps | grep gluetun
-
-# Check Gluetun logs
-docker logs gluetun | grep -i wireguard
-```
-
-**WebUI Access Issues:**
-  * **Port Mapping**: Verify port 8080 is mapped in Gluetun
-  * **Network Mode**: Confirm `network_mode: "service:gluetun"`
-  * **Firewall**: Check firewall rules
-  * **Traefik**: Verify Traefik routing
-
-**Download Problems:**
-  * **Port Forwarding**: Check if VPN supports port forwarding
-  * **Speed Limits**: Remove artificial speed limits
-  * **Tracker Issues**: Check tracker status
-  * **Peer Connections**: Verify peer connectivity
-
-**Common Issues:**
-  * **No Downloads**: Check VPN connection and port forwarding
-  * **Slow Speeds**: Verify VPN server selection and speed
-  * **Connection Errors**: Check firewall and network settings
-  * **Authentication**: Verify username/password credentials
-
-**Troubleshooting Steps:**
-  1. **Check VPN**: Verify Gluetun is connected
-  2. **Test Access**: Access WebUI directly
-  3. **Check Logs**: Review container logs
-  4. **Verify Ports**: Confirm port mappings
-  5. **Test Downloads**: Try a known working torrent
-
-===== Backup & Recovery =====
-
-**Configuration Backup:**
-```bash
-# Backup qBittorrent configuration
-docker run --rm \
-  -v qbittorrent-config:/config \
-  -v $(pwd)/backup:/backup \
-  busybox tar czf /backup/qbittorrent-config.tar.gz /config
-```
-
-**Download Recovery:**
-  * **Resume Downloads**: qBittorrent auto-resumes
-  * **Torrent Files**: Backup .torrent files
-  * **Fast Resume**: Use fast resume data
-  * **Re-add Torrents**: Re-add from backup
-
-**Migration:**
-  1. **Stop Container**: Stop qBittorrent
-  2. **Backup Config**: Backup configuration directory
-  3. **Restore Config**: Restore to new location
-  4. **Update Paths**: Update download paths if changed
-  5. **Start Container**: Restart qBittorrent
-
-===== Best Practices =====
-
-**VPN Usage:**
-  * **Dedicated Server**: Use VPN server optimized for P2P
-  * **Port Forwarding**: Enable port forwarding when available
-  * **Kill Switch**: Always use VPN kill switch
-  * **IP Rotation**: Rotate VPN servers periodically
-
-**Download Management:**
-  * **Category Organization**: Use categories for organization
-  * **Speed Limits**: Set reasonable speed limits
-  * **Queue Management**: Limit concurrent downloads
-  * **Disk Space**: Monitor available disk space
-
-**Security:**
-  * **Strong Passwords**: Use strong WebUI passwords
-  * **IP Restrictions**: Limit WebUI access
-  * **Regular Updates**: Keep qBittorrent updated
-  * **VPN Always**: Never disable VPN routing
-
-**Performance:**
-  * **Resource Allocation**: Appropriate CPU/memory limits
-  * **Disk I/O**: Use fast storage for downloads
-  * **Network Optimization**: Optimize VPN server selection
-  * **Cache Settings**: Optimize disk cache settings
-
-===== Advanced Configuration =====
-
-**qBittorrent.conf Settings:**
-```ini
-[Preferences]
-WebUI\Username=your-username
-WebUI\Password_PBKDF2="encrypted-password"
-WebUI\Port=8080
-Downloads\SavePath=/downloads
-Downloads\TempPath=/downloads/temp
-```
-
-**API Usage:**
-```bash
-# Get torrent list
-curl -u username:password "http://localhost:8080/api/v2/torrents/info"
-
-# Add magnet link
-curl -X POST \
-  -u username:password \
-  -d "urls=magnet:?..." \
-  http://localhost:8080/api/v2/torrents/add
-```
-
-**Integration Scripts:**
-```bash
-#!/bin/bash
-# Auto-organize completed downloads
-QB_HOST="http://localhost:8080"
-QB_USER="username"
-QB_PASS="password"
-
-# Get completed torrents
-completed=$(curl -s -u $QB_USER:$QB_PASS "$QB_HOST/api/v2/torrents/info?filter=completed")
-
-# Process completed torrents
-# Add your organization logic here
-```
-
-qBittorrent provides a powerful, privacy-focused torrent downloading solution that integrates seamlessly with your media automation stack while maintaining security through VPN routing.
-
-**Next:** Explore [[services:media-management:start|Media Management Services]] or return to [[services:media:start|Media Services Overview]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/media/start.txt b/config-templates/dokuwiki/data/pages/services/media/start.txt
deleted file mode 100644
index d5945f2..0000000
--- a/config-templates/dokuwiki/data/pages/services/media/start.txt
+++ /dev/null
@@ -1,194 +0,0 @@
-====== Media Services ======
-
-The Media Services stack provides comprehensive media management, streaming, and downloading capabilities for your homelab. These services handle everything from media library organization to automated downloading and streaming.
-
-===== Overview =====
-
-**Stack Components:**
-  * **[[services:media:jellyfin|Jellyfin]]**: Media server for streaming movies, TV shows, and music
-  * **[[services:media:calibre-web|Calibre-Web]]**: Web interface for eBook library management
-  * **[[services:media:qbittorrent|qBittorrent]]**: Torrent client with VPN protection
-
-**Key Features:**
-  * **Unified Media Access**: Stream media from any device
-  * **EBook Management**: Browse and read digital books
-  * **Secure Downloading**: VPN-protected torrent downloads
-  * **Cross-Platform**: Works on all devices and platforms
-
-===== Service Details =====
-
-^ Service ^ Purpose ^ URL ^ Authentication ^ Storage ^
-| [[services:media:jellyfin|Jellyfin]] | Media streaming server | https://jellyfin.${DOMAIN} | Apps/devices | /mnt/media |
-| [[services:media:calibre-web|Calibre-Web]] | eBook web interface | https://calibre.${DOMAIN} | Built-in users | /mnt/media/books |
-| [[services:media:qbittorrent|qBittorrent]] | Torrent downloads | https://qbit.${DOMAIN} | Web UI auth | /mnt/downloads |
-
-===== Architecture =====
-
-**Storage Layout:**
-```
-/mnt/media/
-├── movies/           # Movie files
-├── tv/              # TV show files
-├── music/           # Music files
-├── books/           # Calibre eBook library
-│   ├── metadata.db
-│   └── books/
-└── photos/          # Photo collections
-
-/mnt/downloads/
-├── complete/        # Completed downloads
-├── incomplete/      # Active downloads
-└── temp/           # Temporary files
-```
-
-**Network Configuration:**
-  * **Jellyfin**: Direct access (no SSO for app compatibility)
-  * **Calibre-Web**: Authelia SSO protection
-  * **qBittorrent**: Authelia SSO + VPN routing through Gluetun
-
-===== Deployment =====
-
-**Docker Compose (media.yml):**
-```yaml
-services:
-  jellyfin:
-    image: lscr.io/linuxserver/jellyfin:latest
-    # ... Jellyfin configuration
-
-  calibre-web:
-    image: lscr.io/linuxserver/calibre-web:latest
-    # ... Calibre-Web configuration
-
-  qbittorrent:
-    image: lscr.io/linuxserver/qbittorrent:latest
-    network_mode: "service:gluetun"  # VPN routing
-    # ... qBittorrent configuration
-```
-
-**Prerequisites:**
-  * **Core Stack**: Traefik, Authelia, Gluetun must be running
-  * **Storage**: /mnt/media and /mnt/downloads mounted
-  * **VPN**: Gluetun configured with torrent-friendly provider
-  * **Permissions**: Proper PUID/PGID for file access
-
-===== Integration =====
-
-**With Media Management:**
-  * **Sonarr/Radarr**: Auto-download TV/movies
-  * **qBittorrent**: Download client for automation
-  * **Jellyfin**: Media library scanning and streaming
-  * **Prowlarr**: Indexer management
-
-**With Home Automation:**
-  * **Home Assistant**: Media control integration
-  * **Node-RED**: Custom media workflows
-  * **MotionEye**: Security camera integration
-
-**With Monitoring:**
-  * **Uptime Kuma**: Service availability monitoring
-  * **Grafana**: Performance dashboards
-  * **Prometheus**: Resource monitoring
-
-===== Security Considerations =====
-
-**Access Control:**
-  * **Jellyfin**: No SSO (device/app compatibility)
-  * **Calibre-Web**: SSO protected
-  * **qBittorrent**: SSO protected + VPN isolation
-
-**Network Security:**
-  * **VPN Routing**: qBittorrent traffic through VPN
-  * **Firewall Rules**: Restrict external access
-  * **SSL/TLS**: All services use HTTPS
-  * **Authentication**: Strong passwords required
-
-===== Performance Optimization =====
-
-**Hardware Acceleration:**
-  * **Jellyfin**: GPU transcoding support
-  * **Intel Quick Sync**: Hardware encoding/decoding
-  * **NVIDIA NVENC**: GPU-accelerated transcoding
-  * **VAAPI**: Linux video acceleration
-
-**Storage Optimization:**
-  * **SSD Storage**: Fast access for media files
-  * **RAID Arrays**: Data redundancy and performance
-  * **Network Storage**: NAS integration for large libraries
-  * **Caching**: Metadata and thumbnail caching
-
-**Resource Allocation:**
-```yaml
-# Recommended limits
-jellyfin:
-  cpus: '2.0'
-  memory: 4G
-
-calibre-web:
-  cpus: '1.0'
-  memory: 512M
-
-qbittorrent:
-  cpus: '2.0'
-  memory: 1G
-```
-
-===== Maintenance =====
-
-**Regular Tasks:**
-  * **Library Scans**: Regular media library scanning
-  * **Database Optimization**: Calibre database maintenance
-  * **Download Cleanup**: Remove completed torrents
-  * **Update Checks**: Keep services updated
-
-**Backup Strategy:**
-  * **Configuration**: Backup service configurations
-  * **Databases**: Backup Calibre and Jellyfin databases
-  * **Metadata**: Preserve media metadata
-  * **Automation**: Automated backup scripts
-
-===== Troubleshooting =====
-
-**Common Issues:**
-  * **Media Not Showing**: Check file permissions and paths
-  * **Slow Streaming**: Verify transcoding settings
-  * **Download Issues**: Check VPN connection and ports
-  * **Authentication**: Verify SSO configuration
-
-**Diagnostic Commands:**
-```bash
-# Check service status
-docker compose -f media.yml ps
-
-# View logs
-docker compose -f media.yml logs -f service-name
-
-# Test VPN connection
-docker exec gluetun curl -s ifconfig.me
-
-# Check file permissions
-ls -la /mnt/media/
-```
-
-===== Best Practices =====
-
-**Library Organization:**
-  * **Consistent Naming**: Follow media naming conventions
-  * **Folder Structure**: Logical folder hierarchy
-  * **Metadata Quality**: Accurate media information
-  * **Regular Maintenance**: Keep libraries organized
-
-**Security:**
-  * **VPN Always**: Never disable VPN for downloads
-  * **Strong Passwords**: Use strong authentication
-  * **Access Logging**: Monitor access patterns
-  * **Regular Updates**: Keep services current
-
-**Performance:**
-  * **Resource Monitoring**: Track CPU/memory usage
-  * **Storage Optimization**: Use appropriate storage types
-  * **Network Optimization**: Fast network connections
-  * **Caching**: Enable appropriate caching
-
-The Media Services stack provides a complete media entertainment solution with streaming, eBook management, and secure downloading capabilities.
-
-**Next:** Explore [[services:media-management:start|Media Management Services]] for automated downloading or return to [[services:start|Services Overview]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/monitoring/start.txt b/config-templates/dokuwiki/data/pages/services/monitoring/start.txt
deleted file mode 100644
index a834318..0000000
--- a/config-templates/dokuwiki/data/pages/services/monitoring/start.txt
+++ /dev/null
@@ -1,53 +0,0 @@
-====== Monitoring Services ======
-
-This section covers monitoring and observability tools for your homelab.
-
-===== Available Services =====
-
-**Grafana** - Dashboard and visualization platform
-  * Access: https://grafana.${DOMAIN}
-  * Description: Create dashboards for metrics, logs, and alerts
-  * Stack: monitoring.yml
-
-**Prometheus** - Metrics collection and alerting
-  * Access: https://prometheus.${DOMAIN}
-  * Description: Time-series database for monitoring metrics
-  * Stack: monitoring.yml
-
-**Node Exporter** - System metrics exporter
-  * Description: Exports hardware and OS metrics for Prometheus
-  * Stack: monitoring.yml
-
-**cAdvisor** - Container metrics
-  * Description: Provides container metrics for Prometheus
-  * Stack: monitoring.yml
-
-**Loki** - Log aggregation
-  * Access: https://loki.${DOMAIN}
-  * Description: Log aggregation system for Docker containers
-  * Stack: monitoring.yml
-
-**Promtail** - Log shipping agent
-  * Description: Ships logs from Docker containers to Loki
-  * Stack: monitoring.yml
-
-===== Quick Start =====
-
-1. Deploy the monitoring stack:
-   docker-compose -f monitoring.yml up -d
-
-2. Access Grafana at https://grafana.${DOMAIN}
-   - Default credentials: admin/admin
-   - Change password on first login
-
-3. Configure Prometheus data sources in Grafana
-
-4. Set up dashboards for your services
-
-===== Integration =====
-
-Monitoring services integrate with:
-  * **Traefik** - Automatic SSL and routing
-  * **Authelia** - SSO authentication
-  * **Docker** - Container metrics via cAdvisor
-  * **System** - Hardware metrics via Node Exporter
diff --git a/config-templates/dokuwiki/data/pages/services/productivity/start.txt b/config-templates/dokuwiki/data/pages/services/productivity/start.txt
deleted file mode 100644
index aa3af32..0000000
--- a/config-templates/dokuwiki/data/pages/services/productivity/start.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-====== Productivity Services ======
-
-Coming soon...
diff --git a/config-templates/dokuwiki/data/pages/services/start.txt b/config-templates/dokuwiki/data/pages/services/start.txt
deleted file mode 100644
index 029fdfa..0000000
--- a/config-templates/dokuwiki/data/pages/services/start.txt
+++ /dev/null
@@ -1,294 +0,0 @@
-====== Services Overview ======
-
-The AI-Homelab provides 70+ pre-configured services organized into logical stacks. All services follow consistent patterns for deployment, security, and management.
-
-===== Service Categories =====
-
-| Category | Services | Description | Deployment |
-|----------|----------|-------------|------------|
-| **Core** | 4 services | Essential infrastructure | Automatic |
-| **Infrastructure** | 8 services | Management and monitoring | Automatic |
-| **Media** | 3 services | Media servers and downloaders | Manual |
-| **Media Management** | 10 services | Download automation | Manual |
-| **Productivity** | 8+6 services | Office and collaboration | Manual |
-| **Home Automation** | 7 services | Smart home integration | Manual |
-| **Monitoring** | 8 services | Observability and alerting | Manual |
-| **Utilities** | 6 services | Backup and miscellaneous | Manual |
-| **Development** | 6 services | Development tools | Manual |
-| **Alternatives** | 6+3 services | Alternative implementations | Optional |
-
-===== Core Infrastructure =====
-
-**Deployed automatically with setup scripts.**
-
-| Service | URL | Purpose | SSO | Documentation |
-|---------|-----|---------|-----|---------------|
-| **[[services:core:duckdns|DuckDNS]]** | - | Dynamic DNS updates | - | [[services:core:duckdns|Details]] |
-| **[[services:core:traefik|Traefik]]** | `https://traefik.yourdomain.duckdns.org` | Reverse proxy | ✓ | [[services:core:traefik|Details]] |
-| **[[services:core:authelia|Authelia]]** | `https://auth.yourdomain.duckdns.org` | SSO authentication | - | [[services:core:authelia|Details]] |
-| **[[services:core:gluetun|Gluetun]]** | - | VPN client | - | [[services:core:gluetun|Details]] |
-| **[[services:core:sablier|Sablier]]** | `http://sablier.yourdomain.duckdns.org:10000` | Lazy loading | - | [[services:core:sablier|Details]] |
-
-===== Infrastructure Services =====
-
-**Management and monitoring tools.**
-
-| Service | URL | Purpose | SSO | Documentation |
-|---------|-----|---------|-----|---------------|
-| **[[services:infrastructure:dockge|Dockge]]** | `https://dockge.yourdomain.duckdns.org` | Stack manager | ✓ | [[services:infrastructure:dockge|Details]] |
-| **[[services:infrastructure:pihole|Pi-hole]]** | `http://pihole.yourdomain.duckdns.org` | DNS & ad blocking | ✓ | [[services:infrastructure:pihole|Details]] |
-| **[[services:infrastructure:dozzle|Dozzle]]** | `https://dozzle.yourdomain.duckdns.org` | Log viewer | ✓ | [[services:infrastructure:dozzle|Details]] |
-| **[[services:infrastructure:glances|Glances]]** | `https://glances.yourdomain.duckdns.org` | System monitor | ✓ | [[services:infrastructure:glances|Details]] |
-| **[[services:infrastructure:watchtower|Watchtower]]** | - | Auto updates | - | [[services:infrastructure:watchtower|Details]] |
-| **[[services:infrastructure:code-server|Code Server]]** | `https://code.yourdomain.duckdns.org` | VS Code in browser | ✓ | [[services:infrastructure:code-server|Details]] |
-| **[[services:infrastructure:docker-proxy|Docker Proxy]]** | - | Secure socket access | - | [[services:infrastructure:docker-proxy|Details]] |
-
-===== Monitoring Services =====
-
-**Observability and alerting tools.**
-
-See [[services:monitoring:start|Monitoring Services Overview]]
-
-===== Utilities Services =====
-
-**Backup, development, and miscellaneous tools.**
-
-See [[services:utilities:start|Utilities Services Overview]]
-
-===== Media Services =====
-
-**Media servers, eBook management, and secure downloading.**
-
-| Service | URL | Purpose | SSO | Documentation |
-|---------|-----|---------|-----|---------------|
-| **[[services:media:jellyfin|Jellyfin]]** | `https://jellyfin.yourdomain.duckdns.org` | Media streaming server | ✗ | [[services:media:jellyfin|Details]] |
-| **[[services:media:calibre-web|Calibre-Web]]** | `https://calibre.yourdomain.duckdns.org` | eBook web interface | ✓ | [[services:media:calibre-web|Details]] |
-| **[[services:media:qbittorrent|qBittorrent]]** | `https://qbit.yourdomain.duckdns.org` | Torrent client (VPN) | ✓ | [[services:media:qbittorrent|Details]] |
-
-===== Media Management =====
-
-**Download automation and organization.**
-
-| Service | URL | Purpose | SSO |
-|---------|-----|---------|-----|
-| **Sonarr** | `https://sonarr.yourdomain.duckdns.org` | TV automation | ✓ |
-| **Radarr** | `https://radarr.yourdomain.duckdns.org` | Movie automation | ✓ |
-| **Prowlarr** | `https://prowlarr.yourdomain.duckdns.org` | Indexer manager | ✓ |
-| **Readarr** | `https://readarr.yourdomain.duckdns.org` | Book automation | ✓ |
-| **Lidarr** | `https://lidarr.yourdomain.duckdns.org` | Music automation | ✓ |
-| **Lazy Librarian** | `https://lazylibrarian.yourdomain.duckdns.org` | Book manager | ✓ |
-| **Mylar3** | `https://mylar.yourdomain.duckdns.org` | Comic manager | ✓ |
-| **Jellyseerr** | `https://jellyseerr.yourdomain.duckdns.org` | Media requests | ✓ |
-| **FlareSolverr** | - | Cloudflare bypass | - |
-| **Tdarr Server** | `https://tdarr.yourdomain.duckdns.org` | Transcoding | ✓ |
-| **Tdarr Node** | - | Transcoding worker | - |
-| **Unmanic** | `https://unmanic.yourdomain.duckdns.org` | Library optimizer | ✓ |
-| **Bazarr** | `https://bazarr.yourdomain.duckdns.org` | Subtitle manager | ✓ |
-
-===== Productivity Services =====
-
-**Office, collaboration, and content management.**
-
-| Service | URL | Purpose | SSO | Database |
-|---------|-----|---------|-----|----------|
-| **Nextcloud** | `https://nextcloud.yourdomain.duckdns.org` | File sync | ✓ | MariaDB |
-| **Mealie** | `https://mealie.yourdomain.duckdns.org` | Recipe manager | ✗ | - |
-| **WordPress** | `https://blog.yourdomain.duckdns.org` | Blog platform | ✗ | MariaDB |
-| **Gitea** | `https://git.yourdomain.duckdns.org` | Git service | ✓ | PostgreSQL |
-| **DokuWiki** | `https://wiki.yourdomain.duckdns.org` | Documentation | ✓ | - |
-| **BookStack** | `https://docs.yourdomain.duckdns.org` | Documentation | ✓ | MariaDB |
-| **MediaWiki** | `https://mediawiki.yourdomain.duckdns.org` | Wiki platform | ✓ | MariaDB |
-| **Form.io** | `https://forms.yourdomain.duckdns.org` | Form builder | ✓ | MongoDB |
-
-===== Home Automation =====
-
-**Smart home integration and monitoring.**
-
-| Service | URL | Purpose | SSO |
-|---------|-----|---------|-----|
-| **Home Assistant** | `https://ha.yourdomain.duckdns.org` | Home automation | ✗ |
-| **ESPHome** | `https://esphome.yourdomain.duckdns.org` | ESP firmware | ✓ |
-| **TasmoAdmin** | `https://tasmoadmin.yourdomain.duckdns.org` | Tasmota manager | ✓ |
-| **Node-RED** | `https://nodered.yourdomain.duckdns.org` | Automation flows | ✓ |
-| **Mosquitto** | - | MQTT broker | - |
-| **Zigbee2MQTT** | `https://zigbee2mqtt.yourdomain.duckdns.org` | Zigbee bridge | ✓ |
-| **MotionEye** | `https://motioneye.yourdomain.duckdns.org` | Video surveillance | ✓ |
-
-===== Monitoring Services =====
-
-**Observability, metrics, and alerting.**
-
-| Service | URL | Purpose | SSO |
-|---------|-----|---------|-----|
-| **Prometheus** | `https://prometheus.yourdomain.duckdns.org` | Metrics collection | ✓ |
-| **Grafana** | `https://grafana.yourdomain.duckdns.org` | Dashboard platform | ✓ |
-| **Loki** | - | Log aggregation | - |
-| **Promtail** | - | Log shipping | - |
-| **Node Exporter** | - | System metrics | - |
-| **cAdvisor** | - | Container metrics | - |
-| **Uptime Kuma** | `https://status.yourdomain.duckdns.org` | Status monitoring | ✓ |
-
-===== Utility Services =====
-
-**Backup, password management, and miscellaneous.**
-
-| Service | URL | Purpose | SSO |
-|---------|-----|---------|-----|
-| **Vaultwarden** | `https://bitwarden.yourdomain.duckdns.org` | Password manager | ✗ |
-| **Backrest** | `https://backrest.yourdomain.duckdns.org` | Backup manager | ✓ |
-| **Duplicati** | `https://duplicati.yourdomain.duckdns.org` | Encrypted backups | ✓ |
-| **FreshRSS** | `https://rss.yourdomain.duckdns.org` | RSS reader | ✓ |
-| **Wallabag** | `https://wallabag.yourdomain.duckdns.org` | Read-it-later | ✓ |
-| **Authelia Redis** | - | Session storage | - |
-
-===== Development Services =====
-
-**Development tools and environments.**
-
-| Service | URL | Purpose | SSO |
-|---------|-----|---------|-----|
-| **GitLab CE** | `https://gitlab.yourdomain.duckdns.org` | DevOps platform | ✓ |
-| **PostgreSQL** | - | SQL database | - |
-| **Redis** | - | In-memory store | - |
-| **pgAdmin** | `https://pgadmin.yourdomain.duckdns.org` | Database admin | ✓ |
-| **Jupyter Lab** | `https://jupyter.yourdomain.duckdns.org` | Notebooks | ✓ |
-| **Code Server** | `https://code.yourdomain.duckdns.org` | VS Code | ✓ |
-
-===== Alternative Services =====
-
-**Alternative implementations and additional options.**
-
-| Service | URL | Purpose | SSO | Database |
-|---------|-----|---------|-----|----------|
-| **Plex** | `https://plex.yourdomain.duckdns.org` | Media server (Alt) | ✗ | - |
-| **Portainer** | `https://portainer.yourdomain.duckdns.org` | Container manager | ✓ | - |
-| **Authentik** | `https://authentik.yourdomain.duckdns.org` | SSO platform | ✓ | PostgreSQL |
-| **Authentik Worker** | - | Background tasks | - | - |
-| **Authentik DB** | - | Authentik database | - | - |
-| **Authentik Redis** | - | Caching | - | - |
-
-**Legend:** ✓ = Protected by Authelia SSO | ✗ = Bypasses SSO | - = No web interface
-
-===== Service Management =====
-
-**Deploying Services:**
-
-**Via Dockge (Recommended):**
-  1. Access `https://dockge.yourdomain.duckdns.org`
-  2. Click **"Add Stack"**
-  3. Choose **"From Docker Compose"**
-  4. Select compose file from repository
-  5. Click **"Deploy"**
-
-**Via Command Line:**
-```bash
-# Deploy media services
-docker compose -f docker-compose/media.yml up -d
-
-# Deploy productivity stack
-docker compose -f docker-compose/productivity.yml up -d
-```
-
-**Managing Services:**
-```bash
-# View service status
-docker compose -f docker-compose/stack.yml ps
-
-# View logs
-docker compose -f docker-compose/stack.yml logs -f service-name
-
-# Restart service
-docker compose -f docker-compose/stack.yml restart service-name
-
-# Stop service
-docker compose -f docker-compose/stack.yml stop service-name
-```
-
-===== SSO Configuration =====
-
-**Enabling SSO Protection:**
-```yaml
-labels:
-  - "traefik.http.routers.service.middlewares=authelia@docker"
-```
-
-**Disabling SSO (for media apps):**
-```yaml
-# Comment out the middleware line
-# - "traefik.http.routers.service.middlewares=authelia@docker"
-```
-
-**Bypass Rules in Authelia:**
-```yaml
-access_control:
-  rules:
-    - domain: jellyfin.yourdomain.duckdns.org
-      policy: bypass
-    - domain: plex.yourdomain.duckdns.org
-      policy: bypass
-```
-
-===== Resource Management =====
-
-**Default Resource Limits:**
-```yaml
-deploy:
-  resources:
-    limits:
-      cpus: '2.0'
-      memory: 4G
-    reservations:
-      cpus: '0.5'
-      memory: 1G
-```
-
-**Service Categories:**
-  * **Core**: 0.1-0.5 CPU, 64MB-256MB RAM
-  * **Web Services**: 1-2 CPU, 1-4GB RAM
-  * **Media Services**: 2-4 CPU, 4-8GB RAM
-  * **Databases**: 1-2 CPU, 2-4GB RAM
-
-===== Storage Requirements =====
-
-**Configuration Storage (/opt/stacks/):**
-  * Small configs and metadata
-  * Automatic backups
-  * Version controlled
-
-**Data Storage (/mnt/):**
-  * Large media libraries
-  * User uploaded content
-  * Database files
-
-**Backup Storage:**
-  * Configuration backups
-  * User data archives
-  * SSL certificates
-
-===== Troubleshooting =====
-
-**Service Won't Start:**
-```bash
-# Check logs
-docker compose -f docker-compose/stack.yml logs service-name
-
-# Validate configuration
-docker compose -f docker-compose/stack.yml config
-
-# Check resource usage
-docker stats
-```
-
-**Access Issues:**
-  * Verify Traefik labels
-  * Check Authelia policies
-  * Confirm DNS resolution
-  * Test SSL certificates
-
-**Performance Problems:**
-  * Monitor resource usage
-  * Check network connectivity
-  * Review service logs
-  * Adjust resource limits
-
-**Next:** Explore individual [[services:core:start|Core Services]] or learn about [[troubleshooting:start|Troubleshooting]].
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/services/utilities/start.txt b/config-templates/dokuwiki/data/pages/services/utilities/start.txt
deleted file mode 100644
index 1136c5d..0000000
--- a/config-templates/dokuwiki/data/pages/services/utilities/start.txt
+++ /dev/null
@@ -1,63 +0,0 @@
-====== Utilities Services ======
-
-This section covers utility and development tools for your homelab.
-
-===== Available Services =====
-
-**Code Server** - VS Code in the browser
-  * Access: https://code.${DOMAIN}
-  * Description: Web-based VS Code for development and file editing
-  * Stack: utilities.yml
-
-**File Browser** - Web file manager
-  * Access: https://files.${DOMAIN}
-  * Description: Simple web interface for managing files
-  * Stack: utilities.yml
-
-**Speedtest Tracker** - Internet speed monitoring
-  * Access: https://speedtest.${DOMAIN}
-  * Description: Automated internet speed tests with history
-  * Stack: utilities.yml
-
-**SmokePing** - Network latency monitoring
-  * Access: https://smokeping.${DOMAIN}
-  * Description: Network latency and packet loss monitoring
-  * Stack: utilities.yml
-
-**NetData** - Real-time system monitoring
-  * Access: https://netdata.${DOMAIN}
-  * Description: Real-time health monitoring and performance metrics
-  * Stack: utilities.yml
-
-**Restic Rest Server** - Backup repository server
-  * Description: REST server for Restic backups
-  * Stack: utilities.yml
-
-**Duplicati** - Backup solution
-  * Access: https://backup.${DOMAIN}
-  * Description: Encrypted backup to various storage providers
-  * Stack: utilities.yml
-
-**Kopia** - Fast and secure backups
-  * Access: https://kopia.${DOMAIN}
-  * Description: Fast, secure, and efficient backup solution
-  * Stack: utilities.yml
-
-===== Quick Start =====
-
-1. Deploy the utilities stack:
-   docker-compose -f utilities.yml up -d
-
-2. Access services via their respective URLs
-
-3. Configure backup destinations and schedules
-
-4. Set up monitoring alerts if needed
-
-===== Integration =====
-
-Utilities services integrate with:
-  * **Traefik** - Automatic SSL and routing
-  * **Authelia** - SSO authentication
-  * **File systems** - Direct access to host storage
-  * **External services** - Cloud storage for backups
diff --git a/config-templates/dokuwiki/data/pages/sidebar.txt b/config-templates/dokuwiki/data/pages/sidebar.txt
deleted file mode 100644
index c1bb6c7..0000000
--- a/config-templates/dokuwiki/data/pages/sidebar.txt
+++ /dev/null
@@ -1,84 +0,0 @@
-====== Navigation ======
-
-**AI-Homelab Wiki**
-
-==== Getting Started ====
-  * [[getting_started:start|Overview]]
-  * [[getting_started:prerequisites|Prerequisites]]
-  * [[getting_started:setup|Automated Setup]]
-  * [[getting_started:deployment|Deployment]]
-  * [[getting_started:access|Access Services]]
-  * [[getting_started:security|Security Setup]]
-
-==== Architecture ====
-  * [[architecture:overview|System Overview]]
-  * [[architecture:networking|Network Architecture]]
-  * [[architecture:security|Security Model]]
-  * [[architecture:storage|Storage Strategy]]
-  * [[architecture:backup|Backup Strategy]]
-
-==== Services ====
-  * [[services:start|Service Overview]]
-  * **Core Infrastructure**
-    * [[services:core:traefik|Traefik]]
-    * [[services:core:authelia|Authelia]]
-    * [[services:core:duckdns|DuckDNS]]
-    * [[services:core:gluetun|Gluetun]]
-    * [[services:core:sablier|Sablier]]
-  * **Infrastructure**
-    * [[services:infrastructure:dockge|Dockge]]
-    * [[services:infrastructure:pihole|Pi-hole]]
-    * [[services:infrastructure:dozzle|Dozzle]]
-    * [[services:infrastructure:glances|Glances]]
-  * **Media Services**
-    * [[services:media:jellyfin|Jellyfin]]
-    * [[services:media:plex|Plex]]
-    * [[services:media:qbittorrent|qBittorrent]]
-    * [[services:media:sonarr|Sonarr]]
-    * [[services:media:radarr|Radarr]]
-  * **Productivity**
-    * [[services:productivity:nextcloud|Nextcloud]]
-    * [[services:productivity:gitea|Gitea]]
-    * [[services:productivity:bookstack|BookStack]]
-  * **Monitoring**
-    * [[services:monitoring:grafana|Grafana]]
-    * [[services:monitoring:prometheus|Prometheus]]
-    * [[services:monitoring:uptime_kuma|Uptime Kuma]]
-  * **Utilities**
-    * [[services:utilities:backrest|Backrest]]
-    * [[services:utilities:duplicati|Duplicati]]
-    * [[services:utilities:vaultwarden|Vaultwarden]]
-
-==== Backup & Recovery ====
-  * [[backup_recovery:start|Overview]]
-  * [[backup_recovery:backrest|Backrest (Default)]]
-  * [[backup_recovery:duplicati|Duplicati (Alternative)]]
-  * [[backup_recovery:strategy|Backup Strategy]]
-  * [[backup_recovery:restoration|Restoration]]
-
-==== Troubleshooting ====
-  * [[troubleshooting:start|Common Issues]]
-  * [[troubleshooting:deployment|Deployment Problems]]
-  * [[troubleshooting:services|Service Issues]]
-  * [[troubleshooting:networking|Network Problems]]
-  * [[troubleshooting:ssl|SSL Certificate Issues]]
-
-==== Development ====
-  * [[development:start|Contributing]]
-  * [[development:copilot|AI Copilot Integration]]
-  * [[development:customization|Customization]]
-  * [[development:deployment|Advanced Deployment]]
-
-==== Reference ====
-  * [[reference:start|Quick Reference]]
-  * [[reference:commands|Command Reference]]
-  * [[reference:environment|Environment Variables]]
-  * [[reference:ports|Port Reference]]
-  * [[reference:scripts|Deployment Scripts]]
-
-==== External Links ====
-  * [[https://github.com/kelinfoxy/AI-Homelab|GitHub Repository]]
-  * [[https://github.com/kelinfoxy/AI-Homelab/issues|Issue Tracker]]
-  * [[https://github.com/kelinfoxy/AI-Homelab/discussions|Discussions]]
-  * [[https://doc.traefik.io/traefik/|Traefik Documentation]]
-  * [[https://www.authelia.com/|Authelia Documentation]]
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/start.txt b/config-templates/dokuwiki/data/pages/start.txt
deleted file mode 100644
index a29f2a8..0000000
--- a/config-templates/dokuwiki/data/pages/start.txt
+++ /dev/null
@@ -1,105 +0,0 @@
-====== AI-Homelab Documentation Wiki ======
-
-===== Welcome to AI-Homelab =====
-
-**AI-Homelab** is a production-ready homelab infrastructure that deploys 70+ services through a file-based, AI-manageable architecture using Dockge for visual management.
-
-**Key Features:**
-  * **Automated SSL** - Wildcard certificates via Let's Encrypt
-  * **Single Sign-On** - Authelia authentication across all services
-  * **VPN Routing** - Secure downloads through Gluetun
-  * **Lazy Loading** - Sablier enables on-demand container startup
-  * **Resource Limits** - Prevent resource exhaustion
-  * **AI Management** - GitHub Copilot integration for service management
-
-**Quick Access:**
-  * [[getting_started:start|🚀 Getting Started]] - Setup and deployment guide
-  * [[architecture:overview|🏗️ Architecture]] - System design and components
-  * [[services:start|📦 Services]] - All available services and stacks
-  * [[backup_recovery:start|💾 Backup & Recovery]] - Data protection strategies
-  * [[troubleshooting:start|🔧 Troubleshooting]] - Common issues and solutions
-  * [[development:start|👨‍💻 Development]] - Contributing and customization
-
-===== Quick Start Checklist =====
-
-Complete these steps to get your homelab running:
-
-  * [ ] [[getting_started:prerequisites|Review prerequisites and requirements]]
-  * [ ] [[getting_started:setup|Run automated setup script]]
-  * [ ] [[getting_started:deployment|Deploy core infrastructure]]
-  * [ ] [[getting_started:access|Access your services]]
-  * [ ] [[getting_started:security|Configure security (2FA, access rules)]]
-  * [ ] [[services:deployment|Deploy additional services as needed]]
-
-===== Architecture Overview =====
-
-**Core Components:**
-  * **[[services:core:traefik|Traefik]]** - Reverse proxy with automatic SSL
-  * **[[services:core:authelia|Authelia]]** - Single sign-on authentication
-  * **[[services:core:duckdns|DuckDNS]]** - Dynamic DNS updates
-  * **[[services:core:gluetun|Gluetun]]** - VPN client for secure downloads
-  * **[[services:core:sablier|Sablier]]** - Lazy loading service
-
-**Service Categories:**
-  * **[[services:infrastructure:start|Infrastructure]]** - Management and monitoring tools
-  * **[[services:media:start|Media]]** - Streaming, automation, and content management
-  * **[[services:productivity:start|Productivity]]** - Collaboration and workflow tools
-  * **[[services:monitoring:start|Monitoring]]** - Observability and alerting
-  * **[[services:utilities:start|Utilities]]** - Backup, security, and system tools
-
-===== Service Access =====
-
-After deployment, access your services at:
-
-^ Service ^ URL ^ Authentication ^
-| **Dockge** | https://dockge.{{DOMAIN}} | Authelia SSO |
-| **Homepage** | https://home.{{DOMAIN}} | Authelia SSO |
-| **Traefik Dashboard** | https://traefik.{{DOMAIN}} | Authelia SSO |
-| **Authelia Login** | https://auth.{{DOMAIN}} | Direct access |
-
-===== Getting Help =====
-
-**Documentation Navigation:**
-  * Use the sidebar for quick navigation
-  * Search functionality is available in the top-right
-  * All pages include cross-references to related topics
-
-**Community Resources:**
-  * [[https://github.com/kelinfoxy/AI-Homelab|GitHub Repository]]
-  * [[https://github.com/kelinfoxy/AI-Homelab/issues|Issue Tracker]]
-  * [[https://github.com/kelinfoxy/AI-Homelab/discussions|Discussions]]
-
-**AI Assistance:**
-  * This wiki is designed to work with AI agents
-  * Use GitHub Copilot in VS Code for intelligent management
-  * See [[development:copilot|Copilot Instructions]] for details
-
-===== Recent Updates =====
-
-**January 20, 2026:**
-  * Updated service count to 70+ services
-  * Enhanced Sablier lazy loading documentation
-  * Improved backup strategy with Backrest as default
-  * Standardized service documentation format
-  * Added comprehensive troubleshooting guides
-
-**Key Improvements:**
-  * Better navigation and cross-linking
-  * Comprehensive service documentation
-  * Enhanced security configurations
-  * Improved deployment automation
-
-===== Navigation =====
-
-{{:navigation-tree.png?300|Documentation Structure}}
-
-**Main Sections:**
-  * [[getting_started:start|Getting Started]] - Setup and deployment
-  * [[architecture:start|Architecture]] - System design
-  * [[services:start|Services]] - Available services
-  * [[backup_recovery:start|Backup & Recovery]] - Data protection
-  * [[troubleshooting:start|Troubleshooting]] - Problem solving
-  * [[development:start|Development]] - Contributing and customization
-  * [[reference:start|Reference]] - Quick reference guides
-
-This wiki serves as the comprehensive documentation hub for AI-Homelab. All content is maintained and regularly updated to reflect the latest features and best practices.
\ No newline at end of file
diff --git a/config-templates/dokuwiki/data/pages/troubleshooting/start.txt b/config-templates/dokuwiki/data/pages/troubleshooting/start.txt
deleted file mode 100644
index d62322e..0000000
--- a/config-templates/dokuwiki/data/pages/troubleshooting/start.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-====== Troubleshooting ======
-
-Coming soon...
diff --git a/config-templates/dokuwiki/docker-compose.yml b/config-templates/dokuwiki/docker-compose.yml
deleted file mode 100644
index c6e9a3c..0000000
--- a/config-templates/dokuwiki/docker-compose.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-# Dokuwiki - Self-hosted Wiki Platform
-# Place in /opt/stacks/productivity/dokuwiki/docker-compose.yml
-
-services:
-  dokuwiki:
-    image: lscr.io/linuxserver/dokuwiki:latest
-    container_name: dokuwiki
-    restart: unless-stopped
-    networks:
-      - traefik-network
-    ports:
-      - "80:80"
-    volumes:
-      - ./config:/config
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - TZ=${TZ}
-    labels:
-      - "homelab.category=productivity"
-      - "homelab.description=Self-hosted wiki platform"
-      - "traefik.enable=true"
-      - "traefik.http.routers.dokuwiki.rule=Host(`wiki.${DOMAIN}`)"
-      - "traefik.http.routers.dokuwiki.entrypoints=websecure"
-      - "traefik.http.routers.dokuwiki.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.dokuwiki.middlewares=authelia@docker"
-      - "traefik.http.services.dokuwiki.loadbalancer.server.port=80"
-      - "x-dockge.url=https://wiki.${DOMAIN}"
-
-volumes:
-  dokuwiki-config:
-
-networks:
-  traefik-network:
-    external: true
\ No newline at end of file
diff --git a/config-templates/homepage/bookmarks.yaml b/config-templates/homepage/bookmarks.yaml
deleted file mode 100644
index 68e770e..0000000
--- a/config-templates/homepage/bookmarks.yaml
+++ /dev/null
@@ -1,493 +0,0 @@
----
-# Homepage Bookmarks - Comprehensive EZ-Homelab Resources
-
-- EZ-Homelab Project:
-    - EZ-Homelab GitHub:
-        - icon: github.png
-          href: https://github.com/kelinfoxy/EZ-Homelab
-          description: EZ-Homelab Repository & Documentation
-    - EZ-Homelab Wiki:
-        - icon: si-readthedocs
-          href: https://github.com/kelinfoxy/EZ-Homelab/wiki
-          description: Comprehensive Documentation Wiki
-    - Homepage Dashboard:
-        - icon: homepage.png
-          href: https://gethomepage.dev
-          description: Homepage Dashboard Documentation
-
-- Infrastructure & Core Services:
-    - Traefik:
-        - icon: si-traefikproxy
-          href: https://traefik.io
-          description: Traefik Reverse Proxy
-        - icon: github.png
-          href: https://github.com/traefik/traefik
-          description: Traefik GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/_/traefik
-          description: Traefik Docker Image
-    - Authelia:
-        - icon: si-authelia
-          href: https://www.authelia.com
-          description: Authelia SSO Authentication
-        - icon: github.png
-          href: https://github.com/authelia/authelia
-          description: Authelia GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/authelia/authelia
-          description: Authelia Docker Image
-    - DuckDNS:
-        - icon: si-duckduckgo
-          href: https://www.duckdns.org
-          description: Dynamic DNS Service
-    - Docker:
-        - icon: docker.png
-          href: https://www.docker.com
-          description: Docker Official Website
-        - icon: docker.png
-          href: https://hub.docker.com
-          description: Docker Hub Registry
-        - icon: si-docker
-          href: https://docs.docker.com
-          description: Docker Documentation
-    - Portainer:
-        - icon: si-portainer
-          href: https://www.portainer.io
-          description: Portainer Container Management
-        - icon: github.png
-          href: https://github.com/portainer/portainer
-          description: Portainer GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/portainer/portainer-ce
-          description: Portainer Docker Image
-    - Pi-hole:
-        - icon: si-raspberrypi
-          href: https://pi-hole.net
-          description: Pi-hole Network-wide Ad Blocking
-        - icon: github.png
-          href: https://github.com/pi-hole/pi-hole
-          description: Pi-hole GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/pihole/pihole
-          description: Pi-hole Docker Image
-    - LinuxServer.io:
-        - icon: si-linux
-          href: https://www.linuxserver.io
-          description: LinuxServer.io Container Images
-        - icon: github.png
-          href: https://github.com/linuxserver
-          description: LinuxServer GitHub Organization
-
-- Media Services:
-    - Plex:
-        - icon: si-plex
-          href: https://www.plex.tv
-          description: Plex Media Server
-        - icon: github.png
-          href: https://github.com/plexinc/pms-docker
-          description: Plex Docker GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/plexinc/pms-docker
-          description: Plex Docker Image
-    - Jellyfin:
-        - icon: si-jellyfin
-          href: https://jellyfin.org
-          description: Jellyfin Media Server (Open Source)
-        - icon: github.png
-          href: https://github.com/jellyfin/jellyfin
-          description: Jellyfin GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/jellyfin/jellyfin
-          description: Jellyfin Docker Image
-    - Sonarr:
-        - icon: si-sonarr
-          href: https://sonarr.tv
-          description: Sonarr TV Show Manager
-        - icon: github.png
-          href: https://github.com/Sonarr/Sonarr
-          description: Sonarr GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/sonarr
-          description: Sonarr Docker Image
-    - Radarr:
-        - icon: si-radarr
-          href: https://radarr.video
-          description: Radarr Movie Manager
-        - icon: github.png
-          href: https://github.com/Radarr/Radarr
-          description: Radarr GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/radarr
-          description: Radarr Docker Image
-    - Prowlarr:
-        - icon: si-prowlarr
-          href: https://prowlarr.com
-          description: Prowlarr Indexer Manager
-        - icon: github.png
-          href: https://github.com/Prowlarr/Prowlarr
-          description: Prowlarr GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/prowlarr
-          description: Prowlarr Docker Image
-    - qBittorrent:
-        - icon: si-qbittorrent
-          href: https://www.qbittorrent.org
-          description: qBittorrent Torrent Client
-        - icon: github.png
-          href: https://github.com/qbittorrent/qBittorrent
-          description: qBittorrent GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/qbittorrent
-          description: qBittorrent Docker Image
-    - Readarr:
-        - icon: si-readarr
-          href: https://readarr.com
-          description: Readarr Book Manager
-        - icon: github.png
-          href: https://github.com/Readarr/Readarr
-          description: Readarr GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/readarr
-          description: Readarr Docker Image
-    - Lidarr:
-        - icon: si-lidarr
-          href: https://lidarr.audio
-          description: Lidarr Music Manager
-        - icon: github.png
-          href: https://github.com/Lidarr/Lidarr
-          description: Lidarr GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/lidarr
-          description: Lidarr Docker Image
-    - Jellyseerr:
-        - icon: si-jellyseerr
-          href: https://jellyseerr.dev
-          description: Jellyseerr Media Requests
-        - icon: github.png
-          href: https://github.com/Fallenbagel/jellyseerr
-          description: Jellyseerr GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/fallenbagel/jellyseerr
-          description: Jellyseerr Docker Image
-    - Tdarr:
-        - icon: si-tdarr
-          href: https://tdarr.io
-          description: Tdarr Media Transcoding
-        - icon: github.png
-          href: https://github.com/HaveAGitGat/Tdarr
-          description: Tdarr GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/haveagitgat/tdarr
-          description: Tdarr Docker Image
-    - Unmanic:
-        - icon: si-unmanic
-          href: https://docs.unmanic.app
-          description: Unmanic Media Optimizer
-        - icon: github.png
-          href: https://github.com/Unmanic/unmanic
-          description: Unmanic GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/josh5/unmanic
-          description: Unmanic Docker Image
-    - Calibre-Web:
-        - icon: si-calibre
-          href: https://github.com/janeczku/calibre-web
-          description: Calibre-Web Ebook Reader
-        - icon: github.png
-          href: https://github.com/janeczku/calibre-web
-          description: Calibre-Web GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/calibre-web
-          description: Calibre-Web Docker Image
-
-- Productivity & Collaboration:
-    - Nextcloud:
-        - icon: si-nextcloud
-          href: https://nextcloud.com
-          description: Nextcloud File Sync & Collaboration
-        - icon: github.png
-          href: https://github.com/nextcloud/server
-          description: Nextcloud GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/nextcloud
-          description: Nextcloud Docker Image
-    - Gitea:
-        - icon: si-gitea
-          href: https://gitea.io
-          description: Gitea Git Service
-        - icon: github.png
-          href: https://github.com/go-gitea/gitea
-          description: Gitea GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/gitea/gitea
-          description: Gitea Docker Image
-    - BookStack:
-        - icon: si-bookstack
-          href: https://www.bookstackapp.com
-          description: BookStack Documentation Platform
-        - icon: github.png
-          href: https://github.com/BookStackApp/BookStack
-          description: BookStack GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/bookstack
-          description: BookStack Docker Image
-    - DokuWiki:
-        - icon: si-dokuwiki
-          href: https://www.dokuwiki.org
-          description: DokuWiki File-based Wiki
-        - icon: github.png
-          href: https://github.com/dokuwiki/dokuwiki
-          description: DokuWiki GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/dokuwiki
-          description: DokuWiki Docker Image
-    - MediaWiki:
-        - icon: si-mediawiki
-          href: https://www.mediawiki.org
-          description: MediaWiki Wiki Platform
-        - icon: github.png
-          href: https://github.com/wikimedia/mediawiki
-          description: MediaWiki GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/mediawiki
-          description: MediaWiki Docker Image
-    - WordPress:
-        - icon: si-wordpress
-          href: https://wordpress.org
-          description: WordPress Blog/CMS Platform
-        - icon: github.png
-          href: https://github.com/WordPress/WordPress
-          description: WordPress GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/wordpress
-          description: WordPress Docker Image
-    - Mealie:
-        - icon: si-mealie
-          href: https://hay-kot.github.io/mealie
-          description: Mealie Recipe Manager
-        - icon: github.png
-          href: https://github.com/hay-kot/mealie
-          description: Mealie GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/hkotel/mealie
-          description: Mealie Docker Image
-    - Form.io:
-        - icon: si-formio
-          href: https://www.form.io
-          description: Form.io Form Builder
-        - icon: github.png
-          href: https://github.com/formio/formio
-          description: Form.io GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/formio/formio-enterprise
-          description: Form.io Docker Image
-
-- Home Automation:
-    - Home Assistant:
-        - icon: si-homeassistant
-          href: https://www.home-assistant.io
-          description: Home Assistant Smart Home Platform
-        - icon: github.png
-          href: https://github.com/home-assistant/core
-          description: Home Assistant GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/homeassistant
-          description: Home Assistant Docker Image
-    - ESPHome:
-        - icon: si-esphome
-          href: https://esphome.io
-          description: ESPHome ESP32/ESP8266 Firmware
-        - icon: github.png
-          href: https://github.com/esphome/esphome
-          description: ESPHome GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/esphome/esphome
-          description: ESPHome Docker Image
-    - Node-RED:
-        - icon: si-nodered
-          href: https://nodered.org
-          description: Node-RED Flow-based Programming
-        - icon: github.png
-          href: https://github.com/node-red/node-red
-          description: Node-RED GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/nodered/node-red
-          description: Node-RED Docker Image
-    - Zigbee2MQTT:
-        - icon: si-zigbee2mqtt
-          href: https://www.zigbee2mqtt.io
-          description: Zigbee2MQTT Zigbee Bridge
-        - icon: github.png
-          href: https://github.com/Koenkk/zigbee2mqtt
-          description: Zigbee2MQTT GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/koenkk/zigbee2mqtt
-          description: Zigbee2MQTT Docker Image
-    - MotionEye:
-        - icon: si-motioneye
-          href: https://github.com/motioneye-project/motioneye
-          description: MotionEye Video Surveillance
-        - icon: github.png
-          href: https://github.com/motioneye-project/motioneye
-          description: MotionEye GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/motioneye
-          description: MotionEye Docker Image
-    - TasmoAdmin:
-        - icon: si-tasmota
-          href: https://github.com/reloxx13/TasmoAdmin
-          description: TasmoAdmin Tasmota Device Manager
-        - icon: github.png
-          href: https://github.com/reloxx13/TasmoAdmin
-          description: TasmoAdmin GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/raymondmm/tasmoadmin
-          description: TasmoAdmin Docker Image
-
-- Development & Utilities:
-    - Code Server:
-        - icon: si-visualstudiocode
-          href: https://github.com/coder/code-server
-          description: Code Server (VS Code in Browser)
-        - icon: github.png
-          href: https://github.com/coder/code-server
-          description: Code Server GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/code-server
-          description: Code Server Docker Image
-    - Jupyter Lab:
-        - icon: si-jupyter
-          href: https://jupyter.org
-          description: Jupyter Lab Notebooks
-        - icon: github.png
-          href: https://github.com/jupyterlab/jupyterlab
-          description: Jupyter Lab GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/jupyterlab
-          description: Jupyter Lab Docker Image
-    - Vaultwarden:
-        - icon: si-bitwarden
-          href: https://github.com/dani-garcia/vaultwarden
-          description: Vaultwarden Password Manager
-        - icon: github.png
-          href: https://github.com/dani-garcia/vaultwarden
-          description: Vaultwarden GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/vaultwarden/server
-          description: Vaultwarden Docker Image
-    - Duplicati:
-        - icon: si-duplicati
-          href: https://www.duplicati.com
-          description: Duplicati Backup Solution
-        - icon: github.png
-          href: https://github.com/duplicati/duplicati
-          description: Duplicati GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/duplicati
-          description: Duplicati Docker Image
-    - pgAdmin:
-        - icon: si-postgresql
-          href: https://www.pgadmin.org
-          description: pgAdmin PostgreSQL Management
-        - icon: github.png
-          href: https://github.com/pgadmin-org/pgadmin4
-          description: pgAdmin GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/dpage/pgadmin4
-          description: pgAdmin Docker Image
-    - GitLab CE:
-        - icon: si-gitlab
-          href: https://about.gitlab.com
-          description: GitLab DevOps Platform
-        - icon: github.png
-          href: https://gitlab.com/gitlab-org/gitlab
-          description: GitLab GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/gitlab/gitlab-ce
-          description: GitLab CE Docker Image
-
-- Monitoring & Observability:
-    - Grafana:
-        - icon: si-grafana
-          href: https://grafana.com
-          description: Grafana Visualization Platform
-        - icon: github.png
-          href: https://github.com/grafana/grafana
-          description: Grafana GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/grafana/grafana
-          description: Grafana Docker Image
-    - Prometheus:
-        - icon: si-prometheus
-          href: https://prometheus.io
-          description: Prometheus Metrics Collection
-        - icon: github.png
-          href: https://github.com/prometheus/prometheus
-          description: Prometheus GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/prom/prometheus
-          description: Prometheus Docker Image
-    - Uptime Kuma:
-        - icon: si-uptimekuma
-          href: https://uptime.kuma.pet
-          description: Uptime Kuma Status Monitoring
-        - icon: github.png
-          href: https://github.com/louislam/uptime-kuma
-          description: Uptime Kuma GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/louislam/uptime-kuma
-          description: Uptime Kuma Docker Image
-    - Glances:
-        - icon: si-glances
-          href: https://nicolargo.github.io/glances
-          description: Glances System Monitoring
-        - icon: github.png
-          href: https://github.com/nicolargo/glances
-          description: Glances GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/linuxserver/glances
-          description: Glances Docker Image
-    - Dozzle:
-        - icon: si-dozzle
-          href: https://dozzle.dev
-          description: Dozzle Docker Log Viewer
-        - icon: github.png
-          href: https://github.com/amir20/dozzle
-          description: Dozzle GitHub
-        - icon: docker.png
-          href: https://hub.docker.com/r/amir20/dozzle
-          description: Dozzle Docker Image
-
-- External Resources & Communities:
-    - Awesome Docker Compose:
-        - icon: docker.png
-          href: https://awesome-docker-compose.com
-          description: Curated Docker Compose Examples
-    - Servarr Wiki:
-        - icon: si-servarr
-          href: https://wiki.servarr.com
-          description: Servarr Applications Documentation
-    - Docker Compose Documentation:
-        - icon: docker.png
-          href: https://docs.docker.com/compose
-          description: Docker Compose Official Docs
-    - Let's Encrypt:
-        - icon: si-letsencrypt
-          href: https://letsencrypt.org
-          description: Free SSL Certificates
-    - Awesome Selfhosted:
-        - icon: si-awesome
-          href: https://awesome-selfhosted.net
-          description: Self-hosted Software List
-    - Homelab Wiki:
-        - icon: si-wikipedia
-          href: https://homelab.wiki
-          description: Homelab Community Wiki
-    - Reddit r/selfhosted:
-        - icon: si-reddit
-          href: https://reddit.com/r/selfhosted
-          description: Self-hosted Community
-    - Reddit r/homelab:
-        - icon: si-reddit
-          href: https://reddit.com/r/homelab
-          description: Homelab Community
diff --git a/config-templates/homepage/custom.css b/config-templates/homepage/custom.css
deleted file mode 100644
index 760f301..0000000
--- a/config-templates/homepage/custom.css
+++ /dev/null
@@ -1,31 +0,0 @@
-.information-widgets {
-    max-width: 1500px;
-}
-
-.services-group {
-    max-width: 250px;
-}
-
-#services {
-    margin: 0px;
-}
-
-.service {
-    height: 70px;
-    max-height: 80px;
-    margin-bottom: 0px;
-    margin-right: 3px;
-}
-
-#services #bookmarks {
-    margin: 0px 0px 0px 20px;
-}
-
-.text-sm {
-    font-size: 16px;
-}
-
-.bookmark-group {
-    min-width: 250px;
-    max-width: 250px;
-}
diff --git a/config-templates/homepage/custom.js b/config-templates/homepage/custom.js
deleted file mode 100644
index e69de29..0000000
diff --git a/config-templates/homepage/docker.yaml b/config-templates/homepage/docker.yaml
deleted file mode 100644
index 8666f25..0000000
--- a/config-templates/homepage/docker.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-# For configuration options and examples, please see:
-# https://gethomepage.dev/configs/docker/
-
-# my-docker:
-#   host: 127.0.0.1
-#   port: 2375
-
-# my-docker:
-#  socket: /var/run/docker.sock
-  
-# home-assistant:
-#  host: 192.168.4.5
-#  port: 2375
-
-#jasper:
-#  host: 192.168.4.11
-#  port: 2375
diff --git a/config-templates/homepage/kubernetes.yaml b/config-templates/homepage/kubernetes.yaml
deleted file mode 100644
index aca6e82..0000000
--- a/config-templates/homepage/kubernetes.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# sample kubernetes config
diff --git a/config-templates/homepage/proxmox.yaml b/config-templates/homepage/proxmox.yaml
deleted file mode 100644
index 90aacd7..0000000
--- a/config-templates/homepage/proxmox.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-# pve:
-#   url: https://proxmox.host.or.ip:8006
-#   token: username@pam!Token ID
-#   secret: secret
diff --git a/config-templates/homepage/services.yaml b/config-templates/homepage/services.yaml
deleted file mode 100644
index 73eb849..0000000
--- a/config-templates/homepage/services.yaml
+++ /dev/null
@@ -1,291 +0,0 @@
----
-# Currently Installed Services - Grouped by Stack
-
-- Dashboards:
-    - Homepage:
-        icon: homepage.png
-        href: https://homepage.kelinreij.duckdns.org
-        description: Hosted on Raspberry Pi
-
-    - Homepage - your-remote-server :
-        icon: homepage.png
-        href: https://homepage.your-remote-server .kelinreij.duckdns.org
-        description: your-remote-server  - Application Dashboard
-
-    - Homarr:
-        icon: homarr.png
-        href: https://homarr.kelinreij.duckdns.org
-        description: Alternative Dashboard
-
-    - Homarr - your-remote-server :
-        icon: homarr.png
-        href: https://homarr.your-remote-server .kelinreij.duckdns.org
-        description: your-remote-server  - Alternative Dashboard
-
-    - Dockge - jasper:
-        icon: dockge.png
-        href: https://jasper.kelinreij.duckdns.org
-        description: Main Server
- 
-    - Dockge - your-remote-server :
-        icon: dockge.png
-        href: https://your-remote-server .kelinreij.duckdns.org
-        description: Raspberry Pi Authentication Server
-
-- Core:
-    - Traefik:
-        icon: traefik.png
-        href: https://traefik.kelinreij.duckdns.org
-        description: Reverse Proxy & SSL
-
-    - Authelia:
-        icon: authelia.png
-        href: https://auth.kelinreij.duckdns.org
-        description: Authentication SSO Portal
-
-    - Pi-hole:
-        icon: pi-hole.png
-        href: https://pihole.kelinreij.duckdns.org
-        description: Network-wide Ad Blocking
-
-- Monitoring Stack:
-    - Dozzle:
-        icon: dozzle.png
-        href: https://dozzle.jasper.kelinreij.duckdns.org
-        description: jasper - Real-time Log Viewer
-
-    - Dozzle:
-        icon: dozzle.png
-        href: https://dozzle.your-remote-server .kelinreij.duckdns.org
-        description: your-remote-server  - Real-time Log Viewer
-
-    - Glances - jasper:
-        icon: glances.png
-        href: https://glances.jasper.kelinreij.duckdns.org
-        description: jasper - System Monitoring
-
-    - Glances - your-remote-server :
-        icon: glances.png
-        href: https://glances.your-remote-server .kelinreij.duckdns.org
-        description: your-remote-server  - System Monitoring
-
-    - Uptime Kuma:
-        icon: uptime-kuma.png
-        href: https://uptime-kuma.kelinreij.duckdns.org
-        description: Uptime Monitoring
-
-    - Grafana - your-remote-server :
-        icon: grafana.png
-        href: https://grafana.your-remote-server .kelinreij.duckdns.org
-        description: your-remote-server  - Metrics Dashboard
-
-    - Prometheus - your-remote-server :
-        icon: prometheus.png
-        href: https://prometheus.your-remote-server .kelinreij.duckdns.org
-        description: your-remote-server  - Metrics Collection
-
-    - Uptime Kuma - your-remote-server :
-        icon: uptime-kuma.png
-        href: https://status.your-remote-server .kelinreij.duckdns.org
-        description: your-remote-server  - Uptime Monitoring
-
-- Media:
-    - Jellyfin:
-        icon: jellyfin.png
-        href: https://jellyfin.kelinreij.duckdns.org
-        description: Open Source Media Server
-
-    - Jellyseerr:
-        icon: jellyseerr.png
-        href: https://jellyseerr.kelinreij.duckdns.org
-        description: Media Request Manager
-
-    - Calibre-Web:
-        icon: calibre-web.png
-        href: https://calibre.kelinreij.duckdns.org
-        description: Ebook Library
-
-- Media Management:
-    - Sonarr:
-        icon: sonarr.png
-        href: https://sonarr.kelinreij.duckdns.org
-        description: TV Shows Automation
-
-    - Radarr:
-        icon: radarr.png
-        href: https://radarr.kelinreij.duckdns.org
-        description: Movies Automation
-
-    - Prowlarr:
-        icon: prowlarr.png
-        href: https://prowlarr.kelinreij.duckdns.org
-        description: Indexer Manager
-
-    - Readarr:
-        icon: readarr.png
-        href: https://readarr.kelinreij.duckdns.org
-        description: Books Automation
-
-    - Lidarr:
-        icon: lidarr.png
-        href: https://lidarr.kelinreij.duckdns.org
-        description: Music Automation
-
-    - Mylar3:
-        icon: mylar.png
-        href: https://mylar.kelinreij.duckdns.org
-        description: Comics Manager
-
-- Home Automation:
-    - Home Assistant:
-        icon: home-assistant.png
-        href: https://hass.kelinreij.duckdns.org
-        description: Home Automation Platform
-
-    - ESPHome:
-        icon: esphome.png
-        href: https://esphome.kelinreij.duckdns.org
-        description: ESP Device Manager
-
-    - Node-RED:
-        icon: node-red.png
-        href: https://nodered.kelinreij.duckdns.org
-        description: Flow-based Automation
-
-    - Zigbee2MQTT:
-        icon: zigbee2mqtt.png
-        href: https://zigbee.kelinreij.duckdns.org
-        description: Zigbee Bridge
-
-    - Mosquitto:
-        icon: mosquitto.png
-        href: https://mqtt.kelinreij.duckdns.org
-        description: MQTT Broker
-
-- Productivity:
-    - Nextcloud:
-        icon: nextcloud.png
-        href: https://nextcloud.kelinreij.duckdns.org
-        description: Cloud Storage & Collaboration
-
-    - Gitea:
-        icon: gitea.png
-        href: https://gitea.kelinreij.duckdns.org
-        description: Git Repository
-
-    - Mealie:
-        icon: mealie.png
-        href: https://mealie.kelinreij.duckdns.org
-        description: Recipe Manager
-
-    - WordPress:
-        icon: wordpress.png
-        href: https://wordpress.kelinreij.duckdns.org
-        description: CMS Platform
-
-- Wikis:
-    - BookStack:
-        icon: bookstack.png
-        href: https://bookstack.kelinreij.duckdns.org
-        description: Wiki Platform
-
-    - DokuWiki:
-        icon: dokuwiki.png
-        href: https://dokuwiki.kelinreij.duckdns.org
-        description: Simple Wiki
-        
-    - Mediawiki:
-        icon: mediawiki.png
-        href: https://mediawiki.kelinreij.duckdns.org
-        description: Collaborative Wiki
-
-- Development:
-    - VS Code Server:
-        icon: vscode.png
-        href: https://code.kelinreij.duckdns.org
-        description: Browser-based IDE
-
-    - Jupyter:
-        icon: jupyter.png
-        href: https://jupyter.kelinreij.duckdns.org
-        description: Data Science Notebooks
-
-- Downloaders:
-    - qBittorrent:
-        icon: qbittorrent.png
-        href: https://qbit.kelinreij.duckdns.org
-        description: Torrent Client
-    - Transcoders:
-        - Tdarr:
-            icon: tdarr.png
-            href: https://tdarr.kelinreij.duckdns.org
-            description: Media Transcoding
-
-        - Unmanic:
-            icon: unmanic.png
-            href: https://unmanic.kelinreij.duckdns.org
-            description: Media Transcoder
-        
-- Utilities:
-    - Vaultwarden:
-        icon: vaultwarden.png
-        href: https://vault.kelinreij.duckdns.org
-        description: Password Manager
-
-    - Formio:
-        icon: mdi-form-select
-        href: https://formio.kelinreij.duckdns.org
-        description: Form Builder
-
-- Backup:
-    - Backrest:
-        icon: mdi-backup-restore
-        href: https://backrest.kelinreij.duckdns.org
-        description: Backup Solution
-
-    - Backrest - your-remote-server :
-        icon: mdi-backup-restore
-        href: https://backrest.your-remote-server .kelinreij.duckdns.org
-        description: your-remote-server  - Backup Solution
-
-    - Duplicati:
-        icon: duplicati.png
-        href: https://duplicati.kelinreij.duckdns.org
-        description: Backup Software
-
-    - Duplicati - your-remote-server :
-        icon: duplicati.png
-        href: https://duplicati.your-remote-server .kelinreij.duckdns.org
-        description: your-remote-server  - Backup Software
-
-- Metrics:
-    - Grafana:
-        icon: grafana.png
-        href: https://grafana.kelinreij.duckdns.org
-        description: Metrics Dashboard
-
-    - Prometheus:
-        icon: prometheus.png
-        href: https://prometheus.kelinreij.duckdns.org
-        description: Metrics Collection
-        
-    - cAdvisor:
-        icon: cadvisor.png
-        href: https://cadvisor.kelinreij.duckdns.org
-        description: Container Metrics
-        
-- Alternatives:
-    - Portainer:
-        icon: portainer.png
-        href: https://portainer.kelinreij.duckdns.org
-        description: Container Management UI
-
-    - Authentik:
-        icon: authentik.png
-        href: https://authentik.kelinreij.duckdns.org
-        description: Alternative Auth Provider
-
-    - Plex:
-        icon: plex.png
-        href: https://plex.kelinreij.duckdns.org
-        description: Media Server
diff --git a/config-templates/homepage/settings.yaml b/config-templates/homepage/settings.yaml
deleted file mode 100644
index 2e828c0..0000000
--- a/config-templates/homepage/settings.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# For configuration options and examples, please see:
-# https://gethomepage.dev/configs/settings/
-
-providers:
-  openweathermap: openweathermapapikey
-  weatherapi: weatherapiapikey
diff --git a/config-templates/homepage/widgets.yaml b/config-templates/homepage/widgets.yaml
deleted file mode 100644
index ff02225..0000000
--- a/config-templates/homepage/widgets.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-# For configuration options and examples, please see:
-# https://gethomepage.dev/configs/info-widgets/
-
-- resources:
-    cpu: true
-    memory: true
-    disk: /
-
-- datetime:
-    text_size: xl
-    format:
-      dateStyle: long
-      timeStyle: short
-      hourCycle: h23
-
-- greeting:
-    text_size: 4xl
-    text: EZ Homelab
diff --git a/config-templates/loki/loki-config.yml b/config-templates/loki/loki-config.yml
deleted file mode 100644
index 2d7c57c..0000000
--- a/config-templates/loki/loki-config.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-# Loki Configuration Template
-# Copy this file to ./config/loki/loki-config.yml
-
-auth_enabled: false
-
-server:
-  http_listen_port: 3100
-  grpc_listen_port: 9096
-
-common:
-  path_prefix: /loki
-  storage:
-    filesystem:
-      chunks_directory: /loki/chunks
-      rules_directory: /loki/rules
-  replication_factor: 1
-  ring:
-    instance_addr: 127.0.0.1
-    kvstore:
-      store: inmemory
-
-schema_config:
-  configs:
-    - from: 2020-10-24
-      store: boltdb-shipper
-      object_store: filesystem
-      schema: v11
-      index:
-        prefix: index_
-        period: 24h
-
-ruler:
-  alertmanager_url: http://localhost:9093
-
-# Retention configuration (delete logs older than 30 days)
-limits_config:
-  retention_period: 720h  # 30 days
-
-# Compactor to delete old data
-compactor:
-  working_directory: /loki/compactor
-  shared_store: filesystem
-  compaction_interval: 10m
-  retention_enabled: true
-  retention_delete_delay: 2h
-  retention_delete_worker_count: 150
diff --git a/config-templates/prometheus/prometheus.yml b/config-templates/prometheus/prometheus.yml
deleted file mode 100644
index ab3ee50..0000000
--- a/config-templates/prometheus/prometheus.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-# Prometheus Configuration Template
-# Copy this file to ./config/prometheus/prometheus.yml
-
-global:
-  scrape_interval: 15s
-  evaluation_interval: 15s
-  external_labels:
-    monitor: 'homelab'
-
-# Alertmanager configuration (optional)
-# alerting:
-#   alertmanagers:
-#     - static_configs:
-#         - targets:
-#           - alertmanager:9093
-
-# Load rules once and periodically evaluate them
-# rule_files:
-#   - "alerts/*.yml"
-
-# Scrape configurations
-scrape_configs:
-  # Prometheus itself
-  - job_name: 'prometheus'
-    static_configs:
-      - targets: ['localhost:9090']
-
-  # Node Exporter - System metrics
-  - job_name: 'node-exporter'
-    static_configs:
-      - targets: ['node-exporter:9100']
-        labels:
-          instance: 'homelab-server'
-
-  # cAdvisor - Container metrics
-  - job_name: 'cadvisor'
-    static_configs:
-      - targets: ['cadvisor:8080']
-        labels:
-          instance: 'homelab-server'
-
-  # Add your own services here
-  # Example: Monitor a service with /metrics endpoint
-  # - job_name: 'my-service'
-  #   static_configs:
-  #     - targets: ['my-service:8080']
-  #       labels:
-  #         instance: 'homelab-server'
-  #         service: 'my-service'
diff --git a/config-templates/promtail/promtail-config.yml b/config-templates/promtail/promtail-config.yml
deleted file mode 100644
index 19f4f24..0000000
--- a/config-templates/promtail/promtail-config.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-# Promtail Configuration Template
-# Copy this file to ./config/promtail/promtail-config.yml
-
-server:
-  http_listen_port: 9080
-  grpc_listen_port: 0
-
-positions:
-  filename: /tmp/positions.yaml
-
-clients:
-  - url: http://loki:3100/loki/api/v1/push
-
-scrape_configs:
-  # Docker container logs
-  - job_name: docker
-    static_configs:
-      - targets:
-          - localhost
-        labels:
-          job: docker
-          __path__: /var/lib/docker/containers/*/*-json.log
-
-    pipeline_stages:
-      # Parse Docker JSON logs
-      - json:
-          expressions:
-            output: log
-            stream: stream
-            attrs: attrs
-      
-      # Extract container name from path
-      - regex:
-          expression: '/var/lib/docker/containers/(?P<container_id>[^/]+)/.*'
-          source: filename
-      
-      # Add labels
-      - labels:
-          stream:
-          container_id:
-      
-      # Output the log line
-      - output:
-          source: output
-
-  # System logs (optional)
-  # - job_name: system
-  #   static_configs:
-  #     - targets:
-  #         - localhost
-  #       labels:
-  #         job: varlogs
-  #         __path__: /var/log/*.log
diff --git a/config-templates/redis/redis.conf b/config-templates/redis/redis.conf
deleted file mode 100644
index d6990bb..0000000
--- a/config-templates/redis/redis.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-# Redis Configuration Template
-# Copy this file to ./config/redis/redis.conf
-
-# Network
-bind 0.0.0.0
-protected-mode yes
-port 6379
-
-# General
-daemonize no
-supervised no
-pidfile /var/run/redis_6379.pid
-loglevel notice
-logfile ""
-
-# Persistence - AOF (Append Only File)
-appendonly yes
-appendfilename "appendonly.aof"
-appendfsync everysec
-no-appendfsync-on-rewrite no
-auto-aof-rewrite-percentage 100
-auto-aof-rewrite-min-size 64mb
-
-# Persistence - RDB (Snapshotting)
-save 900 1
-save 300 10
-save 60 10000
-stop-writes-on-bgsave-error yes
-rdbcompression yes
-rdbchecksum yes
-dbfilename dump.rdb
-dir /data
-
-# Memory Management
-maxmemory 256mb
-maxmemory-policy allkeys-lru
-
-# Security
-# requirepass yourpassword  # Uncomment and set a strong password
-
-# Limits
-maxclients 10000
diff --git a/config-templates/traefik/dynamic/external-host-homeassistant.yml b/config-templates/traefik/dynamic/external-host-homeassistant.yml
deleted file mode 100644
index 783903c..0000000
--- a/config-templates/traefik/dynamic/external-host-homeassistant.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-http:
-  routers:
-    # Individual Services
-    homeassistant:
-      rule: "Host(`hass.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: homeassistant
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-  services:
-    # Individual Services
-    homeassistant:
-      loadBalancer:
-        servers:
-          - url: "http://${HOMEASSISTANT_IP}:8123"
-        passHostHeader: true
diff --git a/config-templates/traefik/dynamic/local-host-production.yml b/config-templates/traefik/dynamic/local-host-production.yml
deleted file mode 100644
index 13f7a49..0000000
--- a/config-templates/traefik/dynamic/local-host-production.yml
+++ /dev/null
@@ -1,399 +0,0 @@
-http:
-  routers:
-# Remote Server Services (${REMOTE_SERVER_HOSTNAME})
-    dockge-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`dockge.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: dockge-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-    dozzle-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`dozzle.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: dozzle-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-    glances-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`glances.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: glances-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-    backrest-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`backrest.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: backrest-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-    duplicati-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`duplicati.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: duplicati-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-    homepage-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`homepage.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: homepage-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-    homarr-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`homarr.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: homarr-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-    grafana-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`grafana.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: grafana-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-    prometheus-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`prometheus.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: prometheus-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-    uptime-kuma-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`status.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
-      entryPoints:
-        - websecure
-      service: uptime-kuma-${REMOTE_SERVER_HOSTNAME}
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - authelia@docker
-
-# Service Definitions
-  services:
-    backrest-${SERVER_HOSTNAME}:
-      loadBalancer:
-        servers:
-          - url: "http://${SERVER_IP}:9898"
-        passHostHeader: true
-
-    vaultwarden-${SERVER_HOSTNAME}:
-      loadBalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8091"
-        passHostHeader: true
-
-    bookstack-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:6875"
-        passHostHeader: true
-
-    calibre-web-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8083"
-        passHostHeader: true
-
-    code-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8079"
-        passHostHeader: true
-
-    dockge-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:5001"
-        passHostHeader: true
-
-    dockhand-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:3003"
-        passHostHeader: true
-
-    dokuwiki-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8087"
-        passHostHeader: true
-
-    dozzle-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8085"
-        passHostHeader: true
-
-    duplicati-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8200"
-        passHostHeader: true
-
-    ez-assistant-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:18789"  # Internal IP of ${SERVER_HOSTNAME} server
-        passHostHeader: true
-
-    formio-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:3002"
-        passHostHeader: true
-
-    gitea-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:3010"
-        passHostHeader: true
-
-    glances-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:61208"
-        passHostHeader: true
-
-    homarr-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:7575"
-        passHostHeader: true
-
-    homepage-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:3000"
-        passHostHeader: true
-
-    jellyfin-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8096"
-        passHostHeader: true
-
-    jupyter-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8890"
-        passHostHeader: true
-
-    kopia-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:51515"
-        passHostHeader: true
-
-    mealie-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:9000"
-        passHostHeader: true
-
-    mediawiki-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8086"
-        passHostHeader: true
-
-    motioneye-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8081"
-        passHostHeader: true
-
-    nextcloud-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8089"
-        passHostHeader: true
-
-    openkm-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:18080"
-        passHostHeader: true
-
-    openwebui-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:3000"
-        passHostHeader: true
-
-    qbittorrent-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8081"
-        passHostHeader: true
-
-    tdarr-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8265"
-        passHostHeader: true
-
-    unmanic-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8889"
-        passHostHeader: true
-
-    wordpress-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8088"
-        passHostHeader: true
-
-    # Arr Services
-
-    jellyseerr-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:5055"
-        passHostHeader: true
-
-    prowlarr-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:9696"
-        passHostHeader: true
-
-    radarr-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:7878"
-        passHostHeader: true
-
-    sonarr-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8989"
-        passHostHeader: true
-
-    lidarr-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8686"
-        passHostHeader: true
-
-    readarr-${SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8787"
-        passHostHeader: true
-
-    mylar3-${SERVER_HOSTNAME}:
-      loadBalancer:
-        servers:
-          - url: "http://${SERVER_IP}:8090"
-        passHostHeader: true
-
-
-
-
-# Remote Server Service Definitions (${REMOTE_SERVER_HOSTNAME})
-    dockge-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:5001"
-        passHostHeader: true
-
-    dozzle-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:8085"
-        passHostHeader: true
-
-    glances-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:61208"
-        passHostHeader: true
-
-    backrest-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:9898"
-        passHostHeader: true
-
-    duplicati-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:8200"
-        passHostHeader: true
-
-    homepage-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:3000"
-        passHostHeader: true
-
-    homarr-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:7575"
-        passHostHeader: true
-
-    grafana-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:3000"
-        passHostHeader: true
-
-    prometheus-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:9090"
-        passHostHeader: true
-
-    uptime-kuma-${REMOTE_SERVER_HOSTNAME}:
-      loadbalancer:
-        servers:
-          - url: "http://${REMOTE_SERVER_IP}:3001"
-        passHostHeader: true
-
-# Middleware Definitions
-  middlewares:
-    ez-assistant-websocket:
-      headers:
-        accessControlAllowHeaders:
-          - "Connection"
-          - "Upgrade"
-        accessControlAllowMethods:
-          - "GET"
-          - "POST"
-          - "OPTIONS"
-        accessControlMaxAge: 86400
diff --git a/config-templates/traefik/dynamic/routes.yml b/config-templates/traefik/dynamic/routes.yml
deleted file mode 100644
index cdaf10e..0000000
--- a/config-templates/traefik/dynamic/routes.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-# Traefik Dynamic Configuration
-# Copy to /opt/stacks/traefik/dynamic/routes.yml
-# Add custom routes here that aren't defined via Docker labels
-
-http:
-  routers:
-    # Example custom route
-    # custom-service:
-    #   rule: "Host(`custom.example.com`)"
-    #   entryPoints:
-    #     - websecure
-    #   middlewares:
-    #     - authelia@docker
-    #   tls:
-    #     certResolver: letsencrypt
-    #   service: custom-service
-  
-  services:
-    # Example custom service
-    # custom-service:
-    #   loadBalancer:
-    #     servers:
-    #       - url: "http://192.168.1.100:8080"
-  
-  middlewares:
-    # Additional middlewares can be defined here
-    # Example: Rate limiting
-    # rate-limit:
-    #   rateLimit:
-    #     average: 100
-    #     burst: 50
diff --git a/config-templates/traefik/dynamic/sablier.yml b/config-templates/traefik/dynamic/sablier.yml
deleted file mode 100644
index 8c3908a..0000000
--- a/config-templates/traefik/dynamic/sablier.yml
+++ /dev/null
@@ -1,454 +0,0 @@
-# Session duration set to 5m for testing. Increase to 30m for production.
-http:
-  middlewares:
-    authelia:
-      forwardauth:
-        address: http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/
-        authResponseHeaders:
-          - X-Secret
-        trustForwardHeader: true
-
-    sablier-${SERVER_HOSTNAME}-arr:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-arr
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Arr Apps
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-backrest:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-backrest
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Backrest
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-vaultwarden:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-vaultwarden
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Vaultwarden
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-bookstack:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-bookstack
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Bookstack
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-calibre-web:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-calibre-web
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Calibre Web
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-code-server:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-code-server
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Code Server
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-dozzle:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-dozzle
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: dozzle
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-dokuwiki:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-dokuwiki
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: DokuWiki
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-duplicati:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-duplicati
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Duplicati
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-assistant:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-assistant
-          sessionDuration: 30m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: EZ-Assistant
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-formio:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-formio
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: FormIO
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-gitea:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-gitea
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Gitea
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-glances:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-glances
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Glances
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-homarr:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-homarr
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Homarr
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-jellyfin:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-jellyfin
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Jellyfin
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-jupyter:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-jupyter
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Jupyter
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-komodo:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-komodo
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Komodo
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-kopia:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-kopia
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Kopia
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-mealie:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-mealie
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Mealie
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-mediawiki:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-mediawiki
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: mediawiki
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-nextcloud:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-nextcloud
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: NextCloud
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-openkm:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-openkm
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: OpenKM
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-openwebui:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-openwebui
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: OpenWebUI
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-pulse:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-pulse
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Pulse
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-tdarr:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-tdarr
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Tdarr
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-unmanic:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-unmanic
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Unmanic
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${SERVER_HOSTNAME}-wordpress:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-wordpress
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: wordpress
-            theme: ghost
-            show-details-by-default: true
-
-    # Remote Server (${REMOTE_SERVER_HOSTNAME}) Sablier Middlewares
-    sablier-${REMOTE_SERVER_HOSTNAME}-dockge:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-dockge
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Dockge (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${REMOTE_SERVER_HOSTNAME}-dozzle:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-dozzle
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Dozzle (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${REMOTE_SERVER_HOSTNAME}-glances:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-glances
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Glances (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${REMOTE_SERVER_HOSTNAME}-backrest:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-backrest
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Backrest (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${REMOTE_SERVER_HOSTNAME}-duplicati:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-duplicati
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Duplicati (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${REMOTE_SERVER_HOSTNAME}-homepage:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-homepage
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Homepage (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${REMOTE_SERVER_HOSTNAME}-homarr:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-homarr
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Homarr (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${REMOTE_SERVER_HOSTNAME}-grafana:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-grafana
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Grafana (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${REMOTE_SERVER_HOSTNAME}-prometheus:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-prometheus
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Prometheus (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
-
-    sablier-${REMOTE_SERVER_HOSTNAME}-uptime-kuma:
-      plugin:
-        sablier:
-          sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-uptime-kuma
-          sessionDuration: 5m
-          ignoreUserAgent: curl
-          dynamic:
-            displayName: Uptime Kuma (${REMOTE_SERVER_HOSTNAME})
-            theme: ghost
-            show-details-by-default: true
diff --git a/config-templates/traefik/traefik.yml b/config-templates/traefik/traefik.yml
deleted file mode 100644
index 4ca22cb..0000000
--- a/config-templates/traefik/traefik.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-# Traefik Static Configuration
-# Copy to /opt/stacks/traefik/traefik.yml
-
-experimental:
-  plugins:
-    sablier:
-      moduleName: github.com/sablierapp/sablier-traefik-plugin
-      version: v1.1.0
-
-providers:
-  docker:
-    exposedByDefault: false
-  file:
-    directory: /dynamic
-
-entryPoints:
-  web:
-    address: ":80"
-  websecure:
-    address: ":443"
-  traefik:
-    address: ":8080"
-
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      dnsChallenge:
-        provider: duckdns
-      email: ${DEFAULT_EMAIL}
-      storage: /letsencrypt/acme.json
-
-log:
-  level: DEBUG
-
-accessLog:
-  format: json
-
-api:
-  dashboard: true
-  insecure: true
-
-ping:
-  manualRouting: true
\ No newline at end of file
diff --git a/docker-compose/core/authelia/config/users_database.yml b/docker-compose/core/authelia/config/users_database.yml
index 17858f7..8538fd4 100644
--- a/docker-compose/core/authelia/config/users_database.yml
+++ b/docker-compose/core/authelia/config/users_database.yml
@@ -3,10 +3,10 @@
 ###############################################################
 
 users:
-  kelin:
-    displayname: "kelin"
-    password: "$argon2id$v=19$m=65536,t=3,p=4$e97MzVuvteD5VfHT+Kw9Ew$NnK63ABYKRm5d8nWG7Z8dbRBJfhhHjaf71zQ354KSN4"
-    email: kelinshomelab@gmail.com
+  admin:
+    displayname: "admin"
+    password: "generate-with-openssl-rand-hex-64"
+    email: admin@example.com
     groups:
       - admins
       - users
diff --git a/docker-compose/core/docker-compose.yml b/docker-compose/core/docker-compose.yml
index 117f762..e02eeb0 100644
--- a/docker-compose/core/docker-compose.yml
+++ b/docker-compose/core/docker-compose.yml
@@ -15,8 +15,8 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=America/New_York
-      - SUBDOMAINS=kelinreij
-      - TOKEN=41ef7faa-fc93-41d2-a32f-340fd2b75b2f
+      - SUBDOMAINS=yourdomain
+      - TOKEN=your-duckdns-token
     volumes:
       - ./duckdns/config:/config
     networks:
@@ -29,7 +29,7 @@ services:
     restart: unless-stopped
     command: ['--configFile=/config/traefik.yml']
     environment:
-      - DUCKDNS_TOKEN=41ef7faa-fc93-41d2-a32f-340fd2b75b2f
+      - DUCKDNS_TOKEN=your-duckdns-token
     ports:
       - 80:80
       - 443:443
@@ -48,7 +48,7 @@ services:
       - 'homelab.category=core'
       - 'homelab.description=Reverse proxy and SSL termination'
       - 'traefik.enable=true'
-      - 'traefik.http.routers.traefik.rule=Host(`traefik.kelinreij.duckdns.org`)'
+      - 'traefik.http.routers.traefik.rule=Host(`traefik.yourdomain.duckdns.org`)'
       - 'traefik.http.routers.traefik.entrypoints=websecure'
       - 'traefik.http.routers.traefik.tls.certresolver=letsencrypt'
       - 'traefik.http.routers.traefik.middlewares=authelia@docker'
@@ -56,7 +56,7 @@ services:
 
   authelia:
     # Single sign-on authentication service - must always run for user authentication
-    image: authelia/authelia:4.37.5
+    image: authelia/authelia:latest
     container_name: authelia
     restart: unless-stopped
     environment:
@@ -80,54 +80,23 @@ services:
       # If Traefik is on a remote server: these labels are NOT USED; 
       #   configure external yml files in /traefik/dynamic folder instead.
       - 'traefik.enable=true'
-      - 'traefik.http.routers.authelia.rule=Host(`auth.kelinreij.duckdns.org`)'
+      - 'traefik.http.routers.authelia.rule=Host(`auth.yourdomain.duckdns.org`)'
       - 'traefik.http.routers.authelia.entrypoints=websecure'
       - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
       - 'traefik.http.routers.authelia.service=authelia'
       - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
       # Authelia forward auth middleware configuration
-      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/'
+      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.yourdomain.duckdns.org/'
       - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret'
       - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
 
-  # Sablier - Lazy loading service for Docker containers
-  # Controls startup/shutdown of lazy-loaded services, must always run
-  # REQUIREMENTS FOR DOCKER API ACCESS:
-  # 1. Docker daemon must be configured to listen on TCP port 2376 with TLS
-  # 2. DOCKER_HOST environment variable must point to accessible Docker API endpoint
-  # 3. Firewall must allow TCP connections to Docker API port (2376)
-  # 4. TLS certificates must be mounted and environment variables set
-  # 5. Ensure dockerproxy service is running and accessible
-  sablier-service:
-    image: sablierapp/sablier:latest
-    container_name: sablier-service
-    restart: unless-stopped
-    networks:
-      - traefik-network
-    environment:
-      - SABLIER_PROVIDER=docker
-      - SABLIER_DOCKER_API_VERSION=1.51
-      - SABLIER_DOCKER_NETWORK=traefik-network
-      - SABLIER_LOG_LEVEL=debug
-      - DOCKER_HOST=tcp://192.168.4.11:2376
-      - DOCKER_TLS_VERIFY=1
-      - DOCKER_CERT_PATH=/certs
-    volumes:
-      - ./shared-ca:/certs:ro
-    ports:
-      - 10000:10000
-    labels:
-      # Service metadata
-      - 'homelab.category=core'
-      - 'homelab.description=Lazy loading service for Docker containers'
-
 networks:
   traefik-network:
     external: true
 
 x-dockge:
   urls:
-    - https://auth.kelinreij.duckdns.org
-    - http://192.168.4.11:9091
-    - https://traefik.kelinreij.duckdns.org
-    - http://192.168.4.11:8080
+    - https://auth.yourdomain.duckdns.org
+    - http://192.168.1.100:9091
+    - https://traefik.yourdomain.duckdns.org
+    - http://192.168.1.100:8080
diff --git a/docker-compose/core/traefik/traefik.yml b/docker-compose/core/traefik/traefik.yml
index a7aa1c6..01297a1 100644
--- a/docker-compose/core/traefik/traefik.yml
+++ b/docker-compose/core/traefik/traefik.yml
@@ -27,7 +27,7 @@ entryPoints:
 certificatesResolvers:
   letsencrypt:
     acme:
-      email: kelinshomelab@gmail.com  # Your email for Let's Encrypt notifications
+      email: admin@example.com  # Your email for Let's Encrypt notifications
       caServer: https://acme-v02.api.letsencrypt.org/directory  # Use staging for testing
       storage: /letsencrypt/acme.json
       # DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org)
diff --git a/docker-compose/sablier/README.md b/docker-compose/sablier/README.md
new file mode 100644
index 0000000..73f9e16
--- /dev/null
+++ b/docker-compose/sablier/README.md
@@ -0,0 +1,78 @@
+# Sablier Stack
+
+This stack deploys [Sablier](https://github.com/acouvreur/sablier), a service that provides lazy loading (on-demand startup) for Docker containers.
+
+## Overview
+
+Sablier monitors Docker containers and can automatically start them when they receive traffic through Traefik, then stop them after a period of inactivity. This is useful for:
+- Reducing resource usage on servers with limited RAM/CPU
+- Managing seasonal or infrequently-used services
+- Extending the capacity of small servers (like Raspberry Pi)
+
+## Multi-Server Architecture
+
+Each server in your homelab should have its own Sablier instance:
+- **Core Server**: Manages lazy loading for core services
+- **Remote Servers**: Each runs Sablier to control local containers
+
+Sablier only connects to the local Docker socket (`/var/run/docker.sock`) on its own server.
+
+## Features
+
+- **Web Dashboard**: Access at `https://sablier.yourdomain.duckdns.org`
+- **Protected by Authelia**: SSO authentication required
+- **Local Control**: Only manages containers on the same server
+- **Traefik Integration**: Uses Traefik middlewares for automatic container startup
+
+## Usage
+
+### Enable Lazy Loading on a Container
+
+Add these labels to any service in your docker-compose files:
+
+```yaml
+services:
+  myservice:
+    image: myapp:latest
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.myservice.rule=Host(`myservice.yourdomain.duckdns.org`)"
+      - "traefik.http.routers.myservice.entrypoints=websecure"
+      - "traefik.http.routers.myservice.tls=true"
+      - "traefik.http.routers.myservice.middlewares=sablier-myservice@docker"
+      
+      # Sablier middleware configuration
+      - "traefik.http.middlewares.sablier-myservice.plugin.sablier.names=myservice"
+      - "traefik.http.middlewares.sablier-myservice.plugin.sablier.sablierUrl=http://sablier:10000"
+      - "traefik.http.middlewares.sablier-myservice.plugin.sablier.sessionDuration=5m"
+```
+
+### Configuration Options
+
+- `names`: Container name(s) to manage (comma-separated for multiple)
+- `sablierUrl`: URL of the Sablier service (use `http://sablier:10000` for local)
+- `sessionDuration`: How long to keep the container running after last request (e.g., `5m`, `1h`)
+
+## Deployment
+
+This stack is automatically deployed:
+- On the **core server** after core infrastructure deployment
+- On **remote servers** during remote server setup
+
+Manual deployment:
+```bash
+cd /opt/stacks/sablier
+docker compose up -d
+```
+
+## Resources
+
+- CPU: ~10-20 MB RAM per instance
+- Storage: Minimal (~50 MB)
+- Network: Internal Docker network only
+
+## Documentation
+
+- [Sablier GitHub](https://github.com/acouvreur/sablier)
+- [Sablier Documentation](https://acouvreur.github.io/sablier/)
+- [Traefik Plugin Configuration](https://doc.traefik.io/traefik/plugins/sablier/)
diff --git a/docker-compose/sablier/docker-compose.yml b/docker-compose/sablier/docker-compose.yml
new file mode 100644
index 0000000..77f3eee
--- /dev/null
+++ b/docker-compose/sablier/docker-compose.yml
@@ -0,0 +1,24 @@
+services:
+  sablier:
+    image: acouvreur/sablier:1.7.0
+    container_name: sablier
+    restart: unless-stopped
+    networks:
+      - traefik-network
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.sablier.rule=Host(`sablier.{{DUCKDNS_DOMAIN}}`)"
+      - "traefik.http.routers.sablier.entrypoints=websecure"
+      - "traefik.http.routers.sablier.tls=true"
+      - "traefik.http.routers.sablier.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.sablier.middlewares=authelia@file"
+      - "traefik.http.services.sablier.loadbalancer.server.port=10000"
+    command:
+      - start
+      - --provider.name=docker
+
+networks:
+  traefik-network:
+    external: true
diff --git a/docs/implementation-plan-corrections.md b/docs/implementation-plan-corrections.md
new file mode 100644
index 0000000..e1ad581
--- /dev/null
+++ b/docs/implementation-plan-corrections.md
@@ -0,0 +1,202 @@
+# Implementation Plan Corrections
+
+## User Feedback Summary
+
+### 1. Remove `prompt_for_server_role()` Function
+**Issue**: Unnecessary function - should integrate with existing validation  
+**Solution**: Use existing menu structure (Option 2: Deploy Core, Option 3: Deploy Additional Server) and integrate role detection into existing `validate_and_prompt_variables()` function via dynamic REQUIRED_VARS
+
+### 2. Remove `validate_env_file()` Function  
+**Issue**: Duplicates existing REQUIRED_VARS mechanism  
+**Solution**: Enhance existing system:
+- Add `set_required_vars_for_deployment(type)` function to dynamically set REQUIRED_VARS
+- Reuse existing `validate_and_prompt_variables()` (line 562) - already validates and prompts
+- No new validation function needed
+
+### 3. config-templates Folder is Deprecated
+**Issue**: Plan references `config-templates/` which should be deleted  
+**Solution**: All working configs are in `docker-compose/` folder
+- Update references: `docker-compose/core/traefik/traefik.yml` (not config-templates)
+- Delete config-templates folder if still exists
+
+### 4. .env Editing Should Be Optional
+**Issue**: Plan suggests users manually edit .env in step 4.2  
+**Solution**: 
+- Script ALWAYS prompts for ALL required variables for the deployment option
+- When user selects Option 3 (Deploy Additional Server):
+  - Call `set_required_vars_for_deployment("remote")`
+  - Sets REQUIRED_VARS to include: REMOTE_SERVER_IP, REMOTE_SERVER_HOSTNAME, REMOTE_SERVER_USER
+  - Call `validate_and_prompt_variables()` - prompts for all
+  - Save complete .env via `save_env_file()`
+
+### 5. Deploy Scripts Should Auto-Backup
+**Issue**: Migration path has manual backup steps  
+**Solution**:
+- Deploy scripts MUST backup automatically before changes
+- **Critical**: Verify backups are from `/opt/stacks/*/` (deployed location), NOT `~/EZ-Homelab/docker-compose/*/` (repo source)
+- Expected backup pattern: `/opt/stacks/core/traefik.backup.TIMESTAMP/`
+  where TIMESTAMP is like YY_MM_DD_hh_mm 
+- Review all deploy functions for correct backup logic
+
+### 6. Traefik Dynamic Folder Files Need Replacement
+**Issue**: Existing `external-host-*.yml` files are for old method  
+**Solution**:
+- During core deployment, replace entire `traefik/dynamic/` folder contents
+- New files:
+  - `sablier.yml` (updated middleware format)
+  - Auto-generated provider-specific configs
+- Deploy script should:
+  1. Backup `/opt/stacks/core/traefik/dynamic/` to timestamped folder
+  2. Copy new configs from `docker-compose/core/traefik/dynamic/`
+  3. Process variables via `localize_config_file()`
+
+---
+
+## Corrected Function List
+
+### Functions to ADD (New):
+
+**In common.sh:**
+- `detect_server_role()` - Check .env to determine core vs remote
+- `generate_traefik_provider_config()` - Generate YAML for remote provider
+- `generate_sablier_middleware_config()` - Generate YAML for remote Sablier
+- `add_remote_server_to_traefik()` - Register remote server with core
+
+**In ez-homelab.sh:**
+- `check_docker_installed()` - Silent Docker check with timeout (Pi-safe)
+- `set_required_vars_for_deployment(type)` - Set REQUIRED_VARS dynamically
+- `deploy_remote_server()` - Deploy Docker TLS + Sablier on remote servers
+
+### Functions to MODIFY (Existing):
+
+**In ez-homelab.sh:**
+- `REQUIRED_VARS` (line 398) - Make dynamic via `set_required_vars_for_deployment()`
+- `main()` - Add Docker pre-check, call `set_required_vars_for_deployment()` before validation
+- `deploy_core()` - Auto-deploy Sablier stack after core stack
+- `validate_and_prompt_variables()` (line 562) - NO CHANGES (already does what we need)
+
+### Functions NOT NEEDED:
+- ~~`prompt_for_server_role()`~~ - Use existing menu structure
+- ~~`validate_env_file()`~~ - Use existing REQUIRED_VARS mechanism
+
+---
+
+## Corrected Workflow
+
+### Option 2: Deploy Core (Existing Option)
+```bash
+main() {
+    case $DEPLOY_CHOICE in
+        2)
+            # Deploy Core
+            set_required_vars_for_deployment "core"  # NEW
+            validate_and_prompt_variables            # EXISTING - reuse
+            save_env_file                            # EXISTING
+            DEPLOY_CORE=true
+            # In deploy_core(): auto-deploy Sablier after core
+            ;;
+```
+
+### Option 3: Deploy Additional Server (New Option)
+```bash
+        3)
+            # Deploy Additional Server
+            set_required_vars_for_deployment "remote"  # NEW - sets REQUIRED_VARS
+            validate_and_prompt_variables              # EXISTING - prompts for all
+            save_env_file                              # EXISTING
+            deploy_remote_server                       # NEW function
+            ;;
+```
+
+### REQUIRED_VARS Dynamic Setting
+```bash
+set_required_vars_for_deployment() {
+    local deployment_type="${1:-core}"
+    
+    if [ "$deployment_type" == "core" ]; then
+        REQUIRED_VARS=("SERVER_IP" "SERVER_HOSTNAME" "DUCKDNS_SUBDOMAINS" "DUCKDNS_TOKEN" "DOMAIN" "DEFAULT_USER" "DEFAULT_PASSWORD" "DEFAULT_EMAIL")
+    elif [ "$deployment_type" == "remote" ]; then
+        REQUIRED_VARS=("SERVER_IP" "SERVER_HOSTNAME" "REMOTE_SERVER_IP" "REMOTE_SERVER_HOSTNAME" "REMOTE_SERVER_USER" "DEFAULT_USER" "DEFAULT_EMAIL")
+    fi
+}
+```
+
+---
+
+## Corrected File Structure
+
+### Repo Source Files (docker-compose/):
+```
+docker-compose/
+├── core/
+│   ├── docker-compose.yml          # Remove Sablier section
+│   ├── traefik/
+│   │   ├── traefik.yml             # Static config with provider template
+│   │   └── dynamic/
+│   │       ├── sablier.yml         # Updated middleware configs
+│   │       └── (other dynamic configs)
+│   └── authelia/
+├── sablier/                        # NEW STACK
+│   ├── docker-compose.yml          # Container name: sablier
+│   └── README.md                   # Stack documentation
+└── (other stacks)/
+```
+
+### Deployed Files (/opt/stacks/):
+```
+/opt/stacks/
+├── core/                           # Core stack only (no Sablier)
+│   ├── docker-compose.yml
+│   ├── traefik/
+│   │   ├── config/traefik.yml
+│   │   └── dynamic/
+│   │       ├── sablier.yml
+│   │       └── (auto-generated provider configs)
+│   └── shared-ca/                  # Shared CA certificates
+├── sablier/                        # Sablier stack (all servers)
+│   ├── docker-compose.yml
+│   └── .env                        # Environment variables (copied from repo)
+└── (other stacks)/
+```
+
+---
+
+## Critical Backup Check
+
+**Problem**: Deploy scripts may backup from repo instead of deployed location
+
+**Incorrect (if found)**:
+```bash
+# DON'T do this - backs up repo source, not deployed config
+cp -r ~/EZ-Homelab/docker-compose/core/traefik ~/backups/
+```
+
+**Correct**:
+```bash
+# DO this - backs up deployed configuration
+# Format: traefik.backup.YY_MM_DD_hh_mm
+cp -r /opt/stacks/core/traefik /opt/stacks/core/traefik.backup.$(date +%y_%m_%d_%H_%M)
+```
+
+**Action**: Review `deploy_core()` and all deploy functions for correct backup paths
+
+---
+
+## Implementation Priority
+
+1. ✅ **Delete** `config-templates/` folder
+2. ✅ **Verify** deploy scripts backup from `/opt/stacks/` not repo
+3. ✅ **Add** `set_required_vars_for_deployment()` function
+4. ✅ **Add** `check_docker_installed()` function
+5. ✅ **Modify** `main()` to use dynamic REQUIRED_VARS
+6. ✅ **Create** `docker-compose/sablier/` stack
+7. ✅ **Remove** Sablier from `docker-compose/core/docker-compose.yml`
+8. ✅ **Add** common.sh functions for multi-server support
+9. ✅ **Add** `deploy_remote_server()` function
+10. ✅ **Update** `docker-compose/core/traefik/dynamic/` files
+
+---
+
+*Corrections Version: 1.0*  
+*Date: February 4, 2026*  
+*Based on: User feedback on implementation plan v2.0*
diff --git a/docs/multi-server-implementation-plan.md b/docs/multi-server-implementation-plan.md
new file mode 100644
index 0000000..d512760
--- /dev/null
+++ b/docs/multi-server-implementation-plan.md
@@ -0,0 +1,1401 @@
+# Multi-Server Traefik and Sablier Implementation Plan
+
+## Executive Summary
+
+This document outlines the implementation plan for enabling label-based automatic routing and lazy loading across multiple servers in the EZ-Homelab infrastructure. The goals are to:
+
+1. **Traefik Multi-Server Setup**: Enable Traefik on the core server to automatically discover and route to Docker services on remote servers using labels, eliminating manual YAML file maintenance.
+2. **Per-Server Sablier Deployment**: Deploy Sablier instances on each server to control local lazy loading, eliminating docker-proxy dependencies for Sablier control.
+
+## System Constraints
+
+**Development/Test Environment**: Raspberry Pi 4 (4GB RAM)
+- **Critical**: Avoid memory-intensive operations that could hang the system
+- **Strategy**: Use lightweight validation, avoid large file operations in memory, implement timeouts
+- **Monitoring**: Check process resource usage before long-running operations
+
+## Current State Analysis
+
+### Working Components (DO NOT MODIFY)
+- ✅ Prerequisites installation (Docker, packages)
+- ✅ Core stack deployment (DuckDNS, Traefik, Authelia)
+- ✅ TLS certificate generation for docker-proxy
+- ✅ Variable replacement in labels (`localize_compose_labels`)
+- ✅ Variable replacement in config files (`localize_config_file`, `localize_users_database_file`)
+- ✅ Image tags and service configurations
+
+### Current Architecture
+
+#### Traefik Configuration
+- **Static Config** (`traefik.yml`): Single Docker provider (local socket)
+- **Dynamic Config** (`dynamic/*.yml`): Manual YAML files for external hosts
+- **Problem**: Each non-local service requires manual YAML file creation in `/opt/stacks/core/traefik/dynamic/external-host-*.yml`
+
+#### Sablier Configuration
+- **Current**: Single Sablier instance on core server
+- **Remote Control**: Uses `DOCKER_HOST=tcp://remote-ip:2376` with TLS
+- **Problem**: Centralized control requires docker-proxy on all servers; single point of failure
+
+#### TLS Infrastructure
+- **Already Working**: `setup_docker_tls()` function generates:
+  - CA certificates
+  - Server certificates
+  - Client certificates
+  - Configures Docker daemon for TLS on port 2376
+
+## Proposed Architecture
+
+### Overview
+```
+┌─────────────────────────────────────────────────────────────────┐
+│  Router (Ports 80/443 forwarded to Core Server)                 │
+└──────────────────────────┬──────────────────────────────────────┘
+                           │
+                           ▼
+┌─────────────────────────────────────────────────────────────────┐
+│  CORE SERVER                                                     │
+│  ┌────────────────────────────────────────────────────────────┐ │
+│  │ Traefik (Multiple Docker Providers)                        │ │
+│  │  • Local Docker Provider: /var/run/docker.sock            │ │
+│  │  • Remote Provider 1: tcp://remote1-ip:2376 (TLS)         │ │
+│  │  • Remote Provider 2: tcp://remote2-ip:2376 (TLS)         │ │
+│  │  • Auto-discovers all containers with traefik.enable=true │ │
+│  └────────────────────────────────────────────────────────────┘ │
+│  ┌────────────────────────────────────────────────────────────┐ │
+│  │ Sablier (Local Control Only)                               │ │
+│  │  • DOCKER_HOST: unix:///var/run/docker.sock               │ │
+│  │  • Controls only core server containers                    │ │
+│  └────────────────────────────────────────────────────────────┘ │
+│  ┌────────────────────────────────────────────────────────────┐ │
+│  │ Shared CA: /opt/stacks/core/shared-ca/                     │ │
+│  │  • ca.pem, ca-key.pem (distributed to all servers)        │ │
+│  └────────────────────────────────────────────────────────────┘ │
+└─────────────────────────────────────────────────────────────────┘
+                           │
+                ┌──────────┴──────────┐
+                ▼                     ▼
+┌──────────────────────────┐  ┌──────────────────────────┐
+│  REMOTE SERVER 1         │  │  REMOTE SERVER 2         │
+│  ┌────────────────────┐  │  │  ┌────────────────────┐  │
+│  │ Docker Daemon      │  │  │  │ Docker Daemon      │  │
+│  │ Port: 2376 (TLS)   │  │  │  │ Port: 2376 (TLS)   │  │
+│  │ Uses shared CA     │  │  │  │ Uses shared CA     │  │
+│  └────────────────────┘  │  │  └────────────────────┘  │
+│  ┌────────────────────┐  │  │  ┌────────────────────┐  │
+│  │ Sablier (Local)    │  │  │  │ Sablier (Local)    │  │
+│  │ Controls local     │  │  │  │ Controls local     │  │
+│  │ containers only    │  │  │  │ containers only    │  │
+│  └────────────────────┘  │  │  └────────────────────┘  │
+└──────────────────────────┘  └──────────────────────────┘
+```
+
+### Key Changes
+
+#### 1. Traefik Multi-Provider Configuration
+**Location**: `/opt/stacks/core/traefik/config/traefik.yml`
+
+**Change**: Modify `providers.docker` section to support multiple endpoints
+
+```yaml
+providers:
+  docker:
+    # Local Docker provider (always present)
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    network: "traefik-network"
+    watch: true
+    
+  # Additional remote Docker providers (added dynamically)
+  docker-remote1:
+    endpoint: "tcp://REMOTE1_IP:2376"
+    exposedByDefault: false
+    network: "traefik-network"
+    watch: true
+    tls:
+      ca: "/certs/ca.pem"
+      cert: "/certs/client-cert.pem"
+      key: "/certs/client-key.pem"
+      insecureSkipVerify: false
+      
+  # Pattern repeats for each remote server
+```
+
+**Note**: Traefik v3 supports multiple Docker providers with different names. Each remote server gets its own provider definition.
+
+#### 2. Sablier Per-Server Deployment
+**Current**: One Sablier in core stack with remote docker-proxy  
+**Proposed**: Sablier as separate stack, deployed on each server (core, remote1, remote2, etc.)
+
+**Sablier Stack** (identical on all servers):
+```yaml
+# /opt/stacks/sablier/docker-compose.yml
+services:
+  sablier:
+    image: sablierapp/sablier:latest
+    container_name: sablier
+    restart: unless-stopped
+    networks:
+      - traefik-network
+    environment:
+      - SABLIER_PROVIDER=docker
+      - DOCKER_HOST=unix:///var/run/docker.sock  # Local only
+      - SABLIER_DOCKER_NETWORK=traefik-network
+      - SABLIER_LOG_LEVEL=info
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    ports:
+      - 10000:10000  # Accessible from core Traefik for middleware
+
+networks:
+  traefik-network:
+    external: true
+```
+
+**Key Change**: Sablier moved from core stack to dedicated stack for consistency across servers
+
+**Sablier Middleware Labels** (per service):
+```yaml
+labels:
+  - "sablier.enable=true"
+  - "sablier.group=${SERVER_HOSTNAME}-servicename"
+  - "traefik.http.routers.service.middlewares=sablier-${SERVER_HOSTNAME}-servicename@file,authelia@docker"
+```
+
+**Note**: Container name changed from `sablier-service` to `sablier` for consistency
+
+**Dynamic Sablier Middleware Config** (per server):
+```yaml
+# /opt/stacks/core/traefik/dynamic/sablier-remote1.yml
+http:
+  middlewares:
+    sablier-remote1-service:
+      plugin:
+        sablier:
+          sablierUrl: http://REMOTE1_IP:10000  # Points to remote Sablier
+          group: remote1-service
+          sessionDuration: 30m
+```
+
+## Implementation Plan
+
+### Phase 1: Shared CA Infrastructure (Already Complete)
+
+**Status**: ✅ Already implemented in `generate_shared_ca()` and `setup_multi_server_tls()`
+
+**Components**:
+- `generate_shared_ca()`: Creates `/opt/stacks/core/shared-ca/` with ca.pem and ca-key.pem
+- `setup_multi_server_tls()`: Fetches shared CA from core server via SSH/SCP
+- `setup_docker_tls()`: Uses shared CA to generate server/client certs
+
+**No changes needed** - this infrastructure already supports multi-server TLS.
+
+---
+
+### Phase 2: Script Enhancements
+
+#### 2.1 New Functions in `scripts/common.sh`
+
+**Purpose**: Shared utilities for multi-server management
+
+```bash
+# Function: detect_server_role
+# Purpose: Determine if this is a core server or remote server
+# Logic:
+#   - Checks if CORE_SERVER_IP is set in .env
+#   - If empty or matches SERVER_IP: this is core
+#   - If different: this is remote
+# Returns: "core" or "remote"
+detect_server_role() {
+    local server_ip="${SERVER_IP}"
+    local core_ip="${CORE_SERVER_IP:-}"
+    
+    if [ -z "$core_ip" ] || [ "$core_ip" == "$server_ip" ]; then
+        echo "core"
+    else
+        echo "remote"
+    fi
+}
+
+# Function: generate_traefik_provider_config
+# Purpose: Generate a Traefik Docker provider block for a remote server
+# Input: $1 = provider name (e.g., "docker-remote1")
+#        $2 = remote server IP
+#        $3 = TLS certs directory
+# Output: YAML snippet for traefik.yml providers section
+# Usage: Called when adding a new remote server to core
+generate_traefik_provider_config() {
+    local provider_name="$1"
+    local remote_ip="$2"
+    local tls_dir="$3"
+    
+    cat <<EOF
+  ${provider_name}:
+    endpoint: "tcp://${remote_ip}:2376"
+    exposedByDefault: false
+    network: "traefik-network"
+    watch: true
+    tls:
+      ca: "${tls_dir}/ca.pem"
+      cert: "${tls_dir}/client-cert.pem"
+      key: "${tls_dir}/client-key.pem"
+      insecureSkipVerify: false
+EOF
+}
+
+# Function: generate_sablier_middleware_config
+# Purpose: Generate Sablier middleware config for a remote server
+# Input: $1 = server hostname
+#        $2 = remote server IP
+#        $3 = service name
+# Output: YAML file in /opt/stacks/core/traefik/dynamic/
+# Usage: Auto-generate middleware configs for remote Sablier instances
+generate_sablier_middleware_config() {
+    local server_hostname="$1"
+    local remote_ip="$2"
+    local service_name="$3"
+    
+    local output_file="/opt/stacks/core/traefik/dynamic/sablier-${server_hostname}-${service_name}.yml"
+    
+    cat > "$output_file" <<EOF
+# Auto-generated Sablier middleware for ${server_hostname}
+# Generated: $(date)
+http:
+  middlewares:
+    sablier-${server_hostname}-${service_name}:
+      plugin:
+        sablier:
+          sablierUrl: http://${remote_ip}:10000
+          group: ${server_hostname}-${service_name}
+          sessionDuration: 30m
+          ignoreUserAgent: curl
+          dynamic:
+            displayName: ${service_name^}  # Capitalize first letter
+            theme: ghost
+            show-details-by-default: true
+EOF
+    
+    log_success "Generated Sablier middleware: $output_file"
+}
+
+# Function: add_remote_server_to_traefik
+# Purpose: Add a new remote server to core Traefik configuration
+# Input: $1 = remote server hostname
+#        $2 = remote server IP
+# Process:
+#   1. Generate provider config block
+#   2. Append to traefik.yml (if not already present)
+#   3. Generate Sablier middleware template
+#   4. Restart Traefik to apply changes
+# Usage: Called on core server when adding a new remote
+add_remote_server_to_traefik() {
+    local remote_hostname="$1"
+    local remote_ip="$2"
+    local traefik_config="/opt/stacks/core/traefik/config/traefik.yml"
+    local provider_name="docker-${remote_hostname}"
+    
+    log_info "Adding remote server ${remote_hostname} (${remote_ip}) to Traefik..."
+    
+    # Check if provider already exists
+    if grep -q "  ${provider_name}:" "$traefik_config"; then
+        log_warning "Provider ${provider_name} already exists in Traefik config"
+        return 0
+    fi
+    
+    # Generate provider config
+    local provider_config=$(generate_traefik_provider_config \
+        "$provider_name" \
+        "$remote_ip" \
+        "/certs")
+    
+    # Append to traefik.yml under providers section
+    # Note: Requires careful YAML formatting
+    # Find the line with "providers:" and append after the last provider
+    awk -v config="$provider_config" '
+        /^providers:/ { in_providers=1; print; next }
+        in_providers && /^[^ ]/ { print config; in_providers=0 }
+        { print }
+        END { if (in_providers) print config }
+    ' "$traefik_config" > "${traefik_config}.tmp"
+    
+    mv "${traefik_config}.tmp" "$traefik_config"
+    
+    log_success "Added provider ${provider_name} to Traefik config"
+    
+    # Generate base Sablier middleware config
+    generate_sablier_middleware_config "$remote_hostname" "$remote_ip" "example"
+    
+    log_warning "Restart Traefik for changes to take effect: docker compose -f /opt/stacks/core/docker-compose.yml restart traefik"
+}
+```
+
+#### 2.2 Enhancements to Existing Functions in `scripts/ez-homelab.sh`
+
+**Purpose**: Enhance existing validation and workflow functions
+
+```bash
+# Function: check_docker_installed (NEW)
+# Purpose: Silently check if Docker is installed and running
+# Returns: 0 if Docker ready, 1 if not
+# Note: Lightweight check to avoid hanging on limited resources (Pi 4 4GB)
+check_docker_installed() {
+    # Quick check without spawning heavy processes
+    if command -v docker >/dev/null 2>&1; then
+        # Verify Docker daemon is responsive (with timeout)
+        if timeout 3 docker ps >/dev/null 2>&1; then
+            return 0
+        fi
+    fi
+    return 1
+}
+
+# Modification to REQUIRED_VARS (EXISTING - line 398)
+# Purpose: Make REQUIRED_VARS dynamic based on deployment type
+# Current: REQUIRED_VARS=("SERVER_IP" "SERVER_HOSTNAME" "DUCKDNS_SUBDOMAINS" "DUCKDNS_TOKEN" "DOMAIN" "DEFAULT_USER" "DEFAULT_PASSWORD" "DEFAULT_EMAIL")
+# Enhancement: Add function to set required vars based on deployment choice
+set_required_vars_for_deployment() {
+    local deployment_type="${1:-core}"
+    
+    if [ "$deployment_type" == "core" ]; then
+        # Core deployment requires DuckDNS and domain variables
+        REQUIRED_VARS=("SERVER_IP" "SERVER_HOSTNAME" "DUCKDNS_SUBDOMAINS" "DUCKDNS_TOKEN" "DOMAIN" "DEFAULT_USER" "DEFAULT_PASSWORD" "DEFAULT_EMAIL")
+    elif [ "$deployment_type" == "remote" ]; then
+        # Remote deployment requires remote server connection variables
+        REQUIRED_VARS=("SERVER_IP" "SERVER_HOSTNAME" "REMOTE_SERVER_IP" "REMOTE_SERVER_HOSTNAME" "REMOTE_SERVER_USER" "DEFAULT_USER" "DEFAULT_EMAIL")
+    fi
+}
+
+# Enhancement to validate_and_prompt_variables() (EXISTING - line 562)
+# Purpose: Existing function already validates and prompts for missing variables
+# No changes needed - this function already:
+#   1. Checks if each var in REQUIRED_VARS is valid
+#   2. Prompts user for invalid/missing values
+#   3. Loops until all valid
+# Simply call set_required_vars_for_deployment() before calling this function
+
+# Function: register_remote_server_with_core
+# Purpose: After deploying remote server, register it with core Traefik
+# Process:
+#   1. Use variables from .env (REMOTE_SERVER_IP, REMOTE_SERVER_USER, etc.)
+#   2. Only prompt for missing/invalid values
+#   3. SSH to core server and run registration
+#   4. Restart Traefik to apply changes
+# Usage: Called at end of remote server deployment
+# Note: Uses existing .env variables to minimize user interaction
+register_remote_server_with_core() {
+    log_info "Registering this server with core Traefik..."
+    
+    # Load variables from .env
+    local remote_ip="${REMOTE_SERVER_IP:-}"
+    local remote_hostname="${REMOTE_SERVER_HOSTNAME:-}"
+    local remote_user="${REMOTE_SERVER_USER:-${ACTUAL_USER}}"
+    local remote_password="${REMOTE_SERVER_PASSWORD:-}"
+    
+    # Validate and prompt only for missing values
+    if [ -z "$remote_ip" ] || [[ "$remote_ip" == your.* ]]; then
+        read -p "Core server IP address: " remote_ip
+        sed -i "s|^REMOTE_SERVER_IP=.*|REMOTE_SERVER_IP=$remote_ip|" "$REPO_DIR/.env"
+    fi
+    
+    if [ -z "$remote_hostname" ] || [[ "$remote_hostname" == your-* ]]; then
+        read -p "Core server hostname [$(echo $remote_ip | tr '.' '-')]: " remote_hostname
+        remote_hostname=${remote_hostname:-$(echo $remote_ip | tr '.' '-')}
+        sed -i "s|^REMOTE_SERVER_HOSTNAME=.*|REMOTE_SERVER_HOSTNAME=$remote_hostname|" "$REPO_DIR/.env"
+    fi
+    
+    if [ -z "$remote_user" ]; then
+        read -p "SSH username for core server [${ACTUAL_USER}]: " remote_user
+        remote_user=${remote_user:-$ACTUAL_USER}
+        sed -i "s|^REMOTE_SERVER_USER=.*|REMOTE_SERVER_USER=$remote_user|" "$REPO_DIR/.env"
+    fi
+    
+    echo ""
+    echo "Registering with core server: ${remote_user}@${remote_ip} (${remote_hostname})"
+    read -p "Proceed? (y/n) [y]: " register_choice
+    register_choice=${register_choice:-y}
+    
+    if [ "$register_choice" != "y" ]; then
+        log_warning "Skipping registration. Manual steps:"
+        echo "  1. SSH to core: ssh ${remote_user}@${remote_ip}"
+        echo "  2. Run: cd ~/EZ-Homelab && source scripts/common.sh"
+        echo "  3. Run: add_remote_server_to_traefik ${SERVER_HOSTNAME} ${SERVER_IP}"
+        echo "  4. Restart Traefik: docker compose -f /opt/stacks/core/docker-compose.yml restart traefik"
+        return 0
+    fi
+    
+    # Test SSH connection with timeout (Pi resource constraint)
+    log_info "Testing SSH connection..."
+    if ! timeout 10 ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no \
+         "${remote_user}@${remote_ip}" "echo 'SSH OK'" 2>/dev/null; then
+        log_error "Cannot connect to core server via SSH"
+        log_warning "Check: SSH keys configured, core server reachable, user has access"
+        return 1
+    fi
+    
+    # Execute registration on core server (with timeout for Pi)
+    log_info "Executing registration on core server..."
+    timeout 30 ssh "${remote_user}@${remote_ip}" bash <<EOF
+cd ~/EZ-Homelab
+source scripts/common.sh
+add_remote_server_to_traefik "${SERVER_HOSTNAME}" "${SERVER_IP}"
+docker compose -f /opt/stacks/core/docker-compose.yml restart traefik
+EOF
+    
+    if [ $? -eq 0 ]; then
+        log_success "Server registered with core Traefik"
+        log_success "Services with traefik.enable=true will now auto-route"
+    else
+        log_error "Registration failed or timed out"
+        log_warning "Try manual registration (see above)"
+    fi
+}
+```
+
+#### 2.3 Modifications to Core Stack Compose File
+
+**Changes**: Remove Sablier from core stack (moved to separate stack)
+
+**Location**: `docker-compose/core/docker-compose.yml`
+
+**Action**: Delete the `sablier-service` section entirely from core compose file
+
+**Rationale**: 
+- Sablier will be deployed as a separate stack (`/opt/stacks/sablier/`)
+- Keeps core stack focused on routing/auth (DuckDNS, Traefik, Authelia)
+- Allows consistent Sablier deployment across core and remote servers
+- No script modifications needed - changes are in repo compose files
+
+#### 2.4 New Sablier Stack
+
+**Location**: `docker-compose/sablier/docker-compose.yml`
+
+```yaml
+# Sablier Stack - Lazy Loading Service
+# Deploy on ALL servers (core and remote) for local container control
+#
+# This stack is identical on all servers - no configuration differences needed
+# Sablier controls only containers on the local server via Docker socket
+
+services:
+  sablier:
+    image: sablierapp/sablier:latest
+    container_name: sablier
+    restart: unless-stopped
+    networks:
+      - traefik-network
+    environment:
+      - SABLIER_PROVIDER=docker
+      - SABLIER_DOCKER_API_VERSION=1.51
+      - SABLIER_DOCKER_NETWORK=traefik-network
+      - SABLIER_LOG_LEVEL=info
+      # Local Docker socket only - no remote access needed
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    ports:
+      - "10000:10000"
+    labels:
+      - "homelab.category=infrastructure"
+      - "homelab.description=Lazy loading service for local containers"
+
+networks:
+  traefik-network:
+    external: true
+
+x-dockge:
+  urls:
+    - http://${SERVER_IP}:10000
+```
+
+**Deployment**: 
+- Core server: Deployed automatically after core stack
+- Remote servers: Deployed automatically during remote setup
+```
+
+#### 2.5 New Deployment Function for Remote Server
+
+**Purpose**: Deploy remote server infrastructure (Docker TLS + Sablier)
+
+```bash
+# Function: deploy_remote_server
+# Purpose: Deploy Docker TLS and Sablier on remote servers
+# Process:
+#   1. Validate required variables using existing mechanism
+#   2. Setup Docker TLS using shared CA from core
+#   3. Deploy Sablier stack (from repo compose file)
+#   4. Configure firewall for port 2376
+#   5. Register with core Traefik
+# Note: Optimized for Pi 4 - uses timeouts and lightweight operations
+deploy_remote_server() {
+    log_info "Deploying remote server infrastructure..."
+    
+    # Set required variables for remote deployment
+    set_required_vars_for_deployment "remote"
+    
+    # Use existing validation and prompting function
+    # This will check all variables in REQUIRED_VARS and prompt for missing/invalid ones
+    validate_and_prompt_variables
+    
+    # Save updated configuration
+    save_env_file
+    
+    log_info "  - Docker TLS (port 2376)"
+    log_info "  - Sablier stack (lazy loading)"
+    echo ""
+    
+    # Ensure shared CA is fetched from core
+    if [ ! -f "/opt/stacks/core/shared-ca/ca.pem" ]; then
+        log_info "Fetching shared CA from core server..."
+        setup_multi_server_tls
+        if [ $? -ne 0 ]; then
+            log_error "Failed to fetch shared CA from core server"
+            log_warning "Ensure core server is accessible and has shared CA"
+            return 1
+        fi
+    fi
+    
+    # Setup Docker TLS with shared CA
+    setup_docker_tls
+    
+    # Deploy Sablier stack (using repo compose file, not generated)
+    log_info "Deploying Sablier stack..."
+    sudo mkdir -p /opt/stacks/sablier
+    sudo chown "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/sablier
+    
+    # Copy compose file from repo
+    sudo cp "$REPO_DIR/docker-compose/sablier/docker-compose.yml" /opt/stacks/sablier/docker-compose.yml
+    sudo cp "$REPO_DIR/.env" /opt/stacks/sablier/.env
+    sudo chown "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/sablier/docker-compose.yml
+    sudo chown "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/sablier/.env
+    
+    # Remove sensitive variables from Sablier .env
+    sed -i '/^AUTHELIA_/d' /opt/stacks/sablier/.env
+    
+    # Deploy (with timeout for Pi resource constraint)
+    cd /opt/stacks/sablier
+    timeout 60 docker compose up -d || {
+        log_error "Sablier deployment timed out or failed"
+        return 1
+    }
+    
+    log_success "Sablier stack deployed"
+    
+    # Configure firewall for Docker API access
+    if command -v ufw >/dev/null 2>&1; then
+        log_info "Configuring firewall for Docker API access..."
+        sudo ufw allow from "${CORE_SERVER_IP}" to any port 2376 proto tcp
+        log_success "Firewall configured"
+    fi
+    
+    # Register with core Traefik
+    register_remote_server_with_core
+    
+    echo ""
+    log_success "Remote server setup complete!"
+    echo ""
+    echo "Next steps:"
+    echo "  1. Deploy additional stacks (media, productivity, etc.)"
+    echo "  2. Use Traefik labels as usual - routing is automatic"
+    echo "  3. Use Sablier labels for lazy loading local services"
+    echo ""
+}
+```
+
+#### 2.6 Enhanced Main Workflow in `scripts/ez-homelab.sh`
+
+**Changes**: Keep existing menu, add smart pre-checks and use existing validation
+
+```bash
+# Main workflow enhancement - called at script start
+main() {
+    # ... existing args parsing ...
+    
+    # STEP 1: Silent Docker check (lightweight for Pi)
+    if ! check_docker_installed; then
+        # Docker not installed - only show prerequisites option
+        echo ""
+        echo "=================================================="
+        echo "  EZ-Homelab Setup"
+        echo "=================================================="
+        echo ""
+        echo "Docker is not installed or not running."
+        echo ""
+        echo "  1) Install Prerequisites (Docker, packages)"
+        echo "  2) Exit"
+        echo ""
+        read -p "Selection: " pre_choice
+        
+        case $pre_choice in
+            1)
+                prepare_deployment
+                # After install, restart script to show full menu
+                exec "$0" "$@"
+                ;;
+            2)
+                exit 0
+                ;;
+            *)
+                log_error "Invalid selection"
+                exit 1
+                ;;
+        esac
+    fi
+    
+    # STEP 2: Docker installed - show existing main menu
+    show_main_menu
+    
+    read -p "Selection: " DEPLOY_CHOICE
+    
+    case $DEPLOY_CHOICE in
+        1)
+            # Install prerequisites (if needed)
+            ;;
+        2)
+            # Deploy Core
+            # Set required variables for core deployment
+            set_required_vars_for_deployment "core"
+            # Use existing validation function - prompts for missing/invalid vars
+            validate_and_prompt_variables
+            # Save configuration
+            save_env_file
+            DEPLOY_CORE=true
+            ;;
+        3)
+            # Deploy Additional Server (Remote)
+            # Set required variables for remote deployment
+            set_required_vars_for_deployment "remote"
+            # Use existing validation function - prompts for all required remote vars
+            validate_and_prompt_variables
+            # Save configuration
+            save_env_file
+            # Deploy remote infrastructure
+            deploy_remote_server
+            ;;
+        # ... rest of existing menu options ...
+    esac
+    
+    # ... rest of existing main logic ...
+}
+
+**Key Points**:
+- **Reuses existing code**: `validate_and_prompt_variables()` already handles validation and prompting
+- **Dynamic requirements**: `set_required_vars_for_deployment()` adjusts REQUIRED_VARS based on deployment type
+- **No manual .env editing**: Script always prompts for missing/invalid variables
+- **Existing logic preserved**: No changes to prompt_for_variable() or validation logic
+```
+
+**Key Changes**:
+- **Pre-check**: Silent Docker check before showing menu
+- **Minimal Menu**: If no Docker, only show "Install Prerequisites"
+- **Keep Existing**: Main menu unchanged (user's requirement)
+- **Smart Validation**: Check .env before core/remote deployments
+- **Existing Prompts**: Reuse `validate_and_prompt_variables` function
+- **Pi-Friendly**: All checks use timeouts and lightweight operations
+```
+
+---
+
+### Phase 3: Configuration Files
+
+#### 3.1 Updated `docker-compose/core/traefik/traefik.yml`
+
+**Changes**: Add commented template for remote providers
+
+**Note**: The `config-templates/` folder is deprecated. All working configs are in `docker-compose/` folder.
+
+```yaml
+# Traefik Static Configuration
+# Source: docker-compose/core/traefik/traefik.yml
+
+experimental:
+  plugins:
+    sablier:
+      moduleName: github.com/sablierapp/sablier-traefik-plugin
+      version: v1.1.0
+
+providers:
+  # Local Docker provider (always enabled)
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    network: "traefik-network"
+    watch: true
+  
+  # REMOTE DOCKER PROVIDERS
+  # Uncomment and configure for each remote server in your homelab
+  # These are auto-added by the add_remote_server_to_traefik function
+  # when deploying remote servers
+  
+  # Example remote provider (auto-generated):
+  # docker-remote1:
+  #   endpoint: "tcp://192.168.1.100:2376"
+  #   exposedByDefault: false
+  #   network: "traefik-network"
+  #   watch: true
+  #   tls:
+  #     ca: "/certs/ca.pem"
+  #     cert: "/certs/client-cert.pem"
+  #     key: "/certs/client-key.pem"
+  #     insecureSkipVerify: false
+
+  # File provider for dynamic configuration
+  file:
+    directory: /dynamic
+    watch: true
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+  traefik:
+    address: ":8080"
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      dnsChallenge:
+        provider: duckdns
+      email: ${DEFAULT_EMAIL}
+      storage: /letsencrypt/acme.json
+
+log:
+  level: DEBUG
+
+accessLog:
+  format: json
+
+api:
+  dashboard: true
+  insecure: true
+
+ping:
+  manualRouting: true
+```
+
+#### 3.2 Updated Core `docker-compose.yml`
+
+**Changes**: Remove Sablier section entirely (moved to separate stack)
+
+**Action**: Delete the entire `sablier-service` section from `docker-compose/core/docker-compose.yml`
+
+**Rationale**: 
+- Sablier is now a separate, reusable stack
+- Core stack focuses on: DuckDNS, Traefik, Authelia only
+- Sablier deployed separately on all servers (core and remote)
+
+#### 3.3 New Sablier Stack Template
+
+**Location**: `docker-compose/sablier/docker-compose.yml`
+
+```yaml
+# Sablier Stack - Lazy Loading Service
+# Deploy on ALL servers (core and remote) for local container control
+#
+# This stack is identical on all servers - no configuration differences needed
+# Sablier controls only containers on the local server via Docker socket
+#
+# Deployment:
+#   - Core server: Deployed automatically after core stack
+#   - Remote servers: Deployed automatically during remote setup
+
+services:
+  sablier:
+    image: sablierapp/sablier:latest
+    container_name: sablier
+    restart: unless-stopped
+    networks:
+      - traefik-network
+    environment:
+      - SABLIER_PROVIDER=docker
+      - SABLIER_DOCKER_API_VERSION=1.51
+      - SABLIER_DOCKER_NETWORK=traefik-network
+      - SABLIER_LOG_LEVEL=info
+      # Local Docker socket only - no remote Docker access needed
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    ports:
+      - "10000:10000"
+    labels:
+      - "homelab.category=infrastructure"
+      - "homelab.description=Lazy loading service for local containers"
+      # No Traefik routing labels - accessed directly by Traefik plugin
+
+networks:
+  traefik-network:
+    external: true
+
+x-dockge:
+  urls:
+    - http://${SERVER_IP}:10000
+```
+
+**Key Change**: Container name `sablier` (not `sablier-service`) for consistency
+
+---
+
+### Phase 4: Deployment Workflow
+
+#### 4.1 Core Server Setup (First Server)
+
+**User Actions**:
+```bash
+# 1. Clone repository and run setup
+cd ~/EZ-Homelab
+./scripts/ez-homelab.sh
+
+# 2. If Docker not installed:
+#    - Script shows limited menu: "1) Install Prerequisites"
+#    - Select option 1, script installs Docker
+#    - Script restarts and shows full menu
+
+# 3. Select "2) Deploy Core"
+#    - Script validates .env
+#    - If invalid/missing: runs configuration wizard
+#    - Deploys: DuckDNS, Traefik, Authelia
+#    - Generates shared CA in /opt/stacks/core/shared-ca/
+#    - Automatically deploys Sablier stack
+
+# 4. Select "3) Infrastructure" (optional)
+#    - Dockge, Portainer, etc.
+
+# 5. Deploy other stacks as needed
+```
+
+**Script Behavior**:
+- Pre-check: Silently checks Docker (lightweight, Pi-safe)
+- If no Docker: Shows only "Install Prerequisites" option
+- If Docker present: Shows full existing menu (unchanged)
+- Option 2 (Deploy Core):
+  - Validates .env for core variables
+  - Runs existing prompt function if needed
+  - Deploys core stack (DuckDNS, Traefik, Authelia)
+  - Automatically deploys Sablier stack after core
+  - Role detection: REMOTE_SERVER_IP empty or equals SERVER_IP → Core server
+
+#### 4.2 Remote Server Setup (Additional Servers)
+
+**User Actions**:
+```bash
+# 1. Clone repository and run setup on remote server
+cd ~/EZ-Homelab
+./scripts/ez-homelab.sh
+
+# 2. If Docker not installed:
+#    - Script shows limited menu: "1) Install Prerequisites"
+#    - Select option 1, script installs Docker
+#    - Script restarts and shows full menu
+
+# 3. Select "3) Deploy Additional Server"
+#    - Script prompts for all required variables:
+#      * SERVER_IP (this server's IP)
+#      * SERVER_HOSTNAME (this server's hostname)
+#      * REMOTE_SERVER_IP (core server IP)
+#      * REMOTE_SERVER_HOSTNAME (core server hostname)
+#      * REMOTE_SERVER_USER (SSH user on core)
+#      * DEFAULT_USER (default user)
+#      * DEFAULT_EMAIL (default email)
+#    - Script validates each value
+#    - Saves to .env file
+
+# Note: Editing .env manually is optional - script will prompt for everything
+
+# 4. After configuration:
+#    - Script validates .env for remote variables
+#    - If missing/invalid: prompts only for those variables
+#    - Fetches shared CA from core server via SSH (with timeout)
+#    - Configures Docker TLS (port 2376)
+#    - Deploys Sablier stack (local control)
+#    - Prompts to register with core Traefik
+
+# 5. Registration (semi-automatic):
+#    - Uses REMOTE_SERVER_* variables from .env
+#    - Only prompts for missing values
+#    - SSH to core server (with 10s timeout - Pi-safe)
+#    - Runs add_remote_server_to_traefik on core
+#    - Restarts Traefik on core
+
+# 6. Deploy additional stacks via Dockge
+#    - Use standard Traefik labels
+#    - Services auto-route through core
+```
+
+**Script Behavior**:
+- Pre-check: Docker installed (same as core)
+- Option 3 (Deploy Additional Server):
+  - Sets REQUIRED_VARS to include remote server variables:
+    * SERVER_IP, SERVER_HOSTNAME (this server)
+    * REMOTE_SERVER_IP, REMOTE_SERVER_HOSTNAME, REMOTE_SERVER_USER (core server)
+    * DEFAULT_USER, DEFAULT_EMAIL
+  - Calls existing `validate_and_prompt_variables()` function
+  - Prompts for ALL variables in REQUIRED_VARS (validates and prompts if missing/invalid)
+  - Saves complete configuration to .env
+  - Fetches shared CA via SSH (timeout 30s for Pi)
+  - Configures Docker TLS with shared CA
+  - Deploys Sablier stack from repo compose file
+  - Registration: uses saved .env variables
+  - All operations have timeouts (Pi resource constraint)
+
+#### 4.3 Label-Based Service Deployment
+
+**Example Service on Remote Server**:
+
+```yaml
+services:
+  sonarr:
+    image: lscr.io/linuxserver/sonarr:latest
+    container_name: sonarr
+    restart: unless-stopped
+    networks:
+      - traefik-network
+    environment:
+      - PUID=1000
+      - PGID=1000
+    volumes:
+      - ./sonarr/config:/config
+      - /mnt/media:/media
+    labels:
+      # TRAEFIK ROUTING (automatic via core Traefik)
+      - "traefik.enable=true"
+      - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)"
+      - "traefik.http.routers.sonarr.entrypoints=websecure"
+      - "traefik.http.routers.sonarr.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.sonarr.middlewares=authelia@docker"
+      - "traefik.http.services.sonarr.loadbalancer.server.port=8989"
+      
+      # SABLIER LAZY LOADING (local Sablier control)
+      - "sablier.enable=true"
+      - "sablier.group=${SERVER_HOSTNAME}-arr"
+      # Middleware points to remote Sablier via dynamic config
+      # Generated by add_remote_server_to_traefik function
+
+networks:
+  traefik-network:
+    external: true
+```
+
+**How it works**:
+1. Container starts on remote server (e.g., `remote1`)
+2. Traefik on core server discovers it via `docker-remote1` provider
+3. Traefik reads labels and creates router: `sonarr.domain.com` → `http://remote1-ip:8989`
+4. SSL certificate issued by core Traefik (Let's Encrypt)
+5. Sablier middleware points to `http://remote1-ip:10000` for lazy loading
+6. User accesses `sonarr.domain.com` → Routes through core → Reaches remote container
+
+**No manual YAML files required** - everything is label-driven!
+
+---
+
+### Phase 5: Testing Strategy
+
+#### 5.1 Unit Tests
+
+**Test 1: Server Role Detection**
+```bash
+# Test: Core server detection
+export SERVER_IP="192.168.1.10"
+export CORE_SERVER_IP=""
+result=$(detect_server_role)
+assert_equals "$result" "core"
+
+# Test: Remote server detection
+export CORE_SERVER_IP="192.168.1.10"
+export SERVER_IP="192.168.1.20"
+result=$(detect_server_role)
+assert_equals "$result" "remote"
+```
+
+**Test 2: Traefik Provider Generation**
+```bash
+# Test: Provider config generation
+config=$(generate_traefik_provider_config "docker-remote1" "192.168.1.20" "/certs")
+assert_contains "$config" "docker-remote1:"
+assert_contains "$config" "tcp://192.168.1.20:2376"
+```
+
+#### 5.2 Integration Tests
+
+**Test 1: Core Server Deployment**
+1. Deploy core stack on fresh Debian VM
+2. Verify Traefik has single local Docker provider
+3. Verify Sablier uses local Docker socket
+4. Check shared CA exists: `/opt/stacks/core/shared-ca/ca.pem`
+
+**Test 2: Remote Server Deployment**
+1. Deploy remote infrastructure on second VM
+2. Verify Docker TLS listening on port 2376
+3. Verify Sablier uses local Docker socket
+4. Verify registration added provider to core Traefik
+5. Test: `docker -H tcp://remote-ip:2376 --tlsverify ps` from core
+
+**Test 3: Label-Based Routing**
+1. Deploy test service on remote with Traefik labels
+2. Verify Traefik discovers service (check dashboard)
+3. Verify DNS resolves: `nslookup test.domain.com`
+4. Verify HTTPS access: `curl https://test.domain.com`
+5. Check certificate issued by core Traefik
+
+**Test 4: Lazy Loading**
+1. Deploy service with Sablier labels on remote
+2. Stop service manually
+3. Access via browser
+4. Verify Sablier loading page appears
+5. Verify service starts within 30 seconds
+6. Verify service accessible after start
+
+#### 5.3 Rollback Testing
+
+**Test: Manual Provider Removal**
+```bash
+# Remove provider from traefik.yml
+sed -i '/docker-remote1:/,/insecureSkipVerify: false/d' \
+    /opt/stacks/core/traefik/config/traefik.yml
+
+# Restart Traefik
+docker compose -f /opt/stacks/core/docker-compose.yml restart traefik
+
+# Verify remote services no longer accessible
+curl -I https://remote-service.domain.com  # Should fail
+```
+
+---
+
+## Migration Path
+
+### For Existing Deployments
+
+**Scenario**: User has existing EZ-Homelab with manual external host YAML files
+
+#### Step 1: Verify Automatic Backups
+
+**Important**: The deploy scripts should automatically backup configurations before making changes.
+
+**Current Backup Location Check**:
+```bash
+# Verify deploy-core.sh backs up from /opt/stacks/core/ (correct)
+# NOT from ~/EZ-Homelab/docker-compose/core/ (incorrect - repo source files)
+
+# Expected backup in deploy_core():
+# cp -r /opt/stacks/core/traefik /opt/stacks/core/traefik.backup.$(date +%Y%m%d-%H%M%S)
+```
+
+**Action Required**: Review `scripts/ez-homelab.sh` deploy functions to ensure:
+- Backups are created from `/opt/stacks/*/` (deployed location)
+- NOT from `~/EZ-Homelab/docker-compose/*/` (repo source)
+- Timestamped backups for rollback capability
+
+**If Backups Not Working**:
+```bash
+# Manual backup as safety measure
+cp -r /opt/stacks/core/traefik /opt/stacks/core/traefik.backup.$(date +%Y%m%d-%H%M%S)
+```
+
+#### Step 2: Update Core Server
+```bash
+# Pull latest repository changes
+cd ~/EZ-Homelab
+git pull
+
+# Important: Traefik dynamic folder files need replacement
+# Old method files (external-host-*.yml) will be replaced with:
+#   - Updated sablier.yml (with per-server middleware configs)
+#   - Auto-generated provider-specific configs
+
+# Run deployment to update configs
+./scripts/ez-homelab.sh
+# Select: 2) Deploy Core (will update all configs)
+```
+
+#### Step 3: Configure Remote Servers
+For each remote server that currently has manual YAML entries:
+
+```bash
+# 1. SSH to remote server
+ssh remote-server
+
+# 2. Setup Docker TLS
+./scripts/ez-homelab.sh
+# Select: Install Prerequisites → Configure Docker TLS
+
+# 3. Deploy remote infrastructure
+./scripts/ez-homelab.sh
+# Select: Deploy Remote Infrastructure
+
+# 4. Verify registration
+# Check core Traefik logs for provider discovery
+```
+
+#### Step 4: Migrate Services
+For each service currently using external YAML:
+
+```bash
+# 1. Add Traefik labels to docker-compose.yml on remote
+labels:
+  - "traefik.enable=true"
+  - "traefik.http.routers.service.rule=Host(`service.${DOMAIN}`)"
+  # ... other labels
+
+# 2. Redeploy service
+docker compose up -d
+
+# 3. Verify Traefik discovers service
+# Check Traefik dashboard
+
+# 4. Remove manual YAML file
+rm /opt/stacks/core/traefik/dynamic/external-host-service.yml
+
+# 5. Restart Traefik
+docker compose -f /opt/stacks/core/docker-compose.yml restart traefik
+```
+
+#### Step 5: Cleanup and Verification
+```bash
+# Note: Old external-host-*.yml files are replaced during core deployment
+# The deploy script should:
+#   1. Backup existing /opt/stacks/core/traefik/dynamic/
+#   2. Copy new config files from repo: docker-compose/core/traefik/dynamic/
+#   3. Process variables in new configs
+
+# Verify new config structure:
+ls -la /opt/stacks/core/traefik/dynamic/
+# Expected files:
+#   - sablier.yml (updated with new middleware format)
+#   - Any auto-generated provider configs
+
+# Old backups available at:
+# /opt/stacks/core/traefik.backup.TIMESTAMP/
+
+# Restart Traefik to apply changes
+docker compose -f /opt/stacks/core/docker-compose.yml restart traefik
+
+# Verify Traefik discovers local services
+docker logs traefik | grep -i "provider.docker"
+```
+
+---
+
+## Documentation Updates
+
+### Files to Update
+
+1. **AGENT_INSTRUCTIONS.md**
+   - Update "Service Creation with Traefik on a different server Template" section
+   - Remove manual YAML instructions
+   - Add "Multi-Server Label-Based Routing" section
+
+2. **docs/getting-started.md**
+   - Add "Multi-Server Setup" section
+   - Document core vs remote server deployment
+
+3. **docs/proxying-external-hosts.md**
+   - Update title: "Multi-Server Docker Services"
+   - Remove manual YAML method (legacy section)
+   - Document label-based routing
+
+4. **README.md**
+   - Update architecture diagram
+   - Add multi-server features to feature list
+
+5. **New Documentation**
+   - Create: `docs/multi-server-setup.md`
+   - Create: `docs/troubleshooting-multi-server.md`
+
+---
+
+## Risk Assessment and Mitigation
+
+### Risk 1: Breaking Existing Deployments
+**Impact**: High  
+**Probability**: Medium  
+**Mitigation**:
+- Maintain backward compatibility
+- Keep manual YAML method functional
+- Provide migration script with rollback
+- Test on fresh VMs before release
+
+### Risk 2: TLS Certificate Issues
+**Impact**: High (Docker API inaccessible)  
+**Probability**: Low (already tested)  
+**Mitigation**:
+- Shared CA already working
+- Detailed error messages in scripts
+- Fallback to local CA if core unavailable
+- Documentation for manual cert generation
+
+### Risk 3: Network Connectivity Issues
+**Impact**: Medium  
+**Probability**: Medium  
+**Mitigation**:
+- Test SSH connectivity before operations
+- Provide manual registration steps
+- Firewall configuration warnings
+- Network troubleshooting guide
+
+### Risk 4: Traefik Configuration Corruption
+**Impact**: High (all routing broken)  
+**Probability**: Low  
+**Mitigation**:
+- Backup traefik.yml before modifications
+- Validate YAML syntax before applying
+- Atomic file operations (write to .tmp, then mv)
+- Automatic rollback on validation failure
+
+### Risk 5: Sablier Cross-Server Confusion
+**Impact**: Low (services don't wake up)  
+**Probability**: Medium  
+**Mitigation**:
+- Clear naming: `sablier-${SERVER_HOSTNAME}-service`
+- Separate middleware configs per server
+- Documentation on group naming conventions
+- Validation function to check Sablier reachability
+
+---
+
+## Success Criteria
+
+### Phase 1: Core Functionality
+- ✅ Core server deploys with local Traefik + Sablier
+- ✅ Remote server deploys with Docker TLS + local Sablier
+- ✅ Remote server auto-registers with core Traefik
+- ✅ Service with Traefik labels on remote auto-routes
+- ✅ Service with Sablier labels on remote lazy loads
+
+### Phase 2: User Experience
+- ✅ Zero manual YAML editing for standard services
+- ✅ One-time registration per remote server
+- ✅ Clear error messages and recovery steps
+- ✅ Migration path for existing deployments
+
+### Phase 3: Documentation
+- ✅ Updated AGENT_INSTRUCTIONS.md
+- ✅ Multi-server setup guide
+- ✅ Troubleshooting documentation
+- ✅ Example service configurations
+
+### Phase 4: Testing
+- ✅ Fresh deployment on 2-server lab passes all tests
+- ✅ Migration from single-server passes all tests
+- ✅ Rollback procedures validated
+- ✅ No regression in existing functionality
+
+---
+
+## Implementation Timeline
+
+### Week 1: Core Functions
+- Day 1-2: Implement `common.sh` functions
+- Day 3-4: Update `ez-homelab.sh` with role detection
+- Day 5: Test core and remote deployments separately
+
+### Week 2: Integration
+- Day 1-2: Implement registration workflow
+- Day 3: Update config templates
+- Day 4-5: Integration testing (2-server setup)
+
+### Week 3: Documentation and Polish
+- Day 1-2: Update all documentation
+- Day 3: Create migration guide
+- Day 4: User acceptance testing
+- Day 5: Bug fixes and refinement
+
+### Week 4: Release
+- Day 1-2: Final testing on fresh VMs
+- Day 3: Create release notesfrom .env |
+| `generate_traefik_provider_config()` | common.sh | Generate provider YAML |
+| `generate_sablier_middleware_config()` | common.sh | Generate middleware YAML |
+| `add_remote_server_to_traefik()` | common.sh | Register remote with core |
+| `check_docker_installed()` | ez-homelab.sh | Check Docker (with timeout for Pi) |
+| `validate_env_file()` | ez-homelab.sh | Validate .env for deployment type |
+| `register_remote_server_with_core()` | ez-homelab.sh | SSH registration (uses .env vars) |
+| `deploy_remote_server()` | ez-homelab.sh | Deploy remote server (TLS + Sablier)
+
+### A. Function Reference
+
+**New Functions**:
+
+| Function | File | Purpose |
+|----------|------|---------|
+| `detect_server_role()` | common.sh | Determine core vs remote |
+| `generate_traefik_provider_config()` | common.sh | Generate provider YAML |
+| `generate_sablier_middleware_config()` | common.sh | Generate middleware YAML |
+| `add_remote_server_to_traefik()` | common.sh | Register remote with core |
+| `prompt_for_server_role()` | ez-homelab.sh | Interactive role selection |
+| `register_remote_server_with_core()` | ez-homelab.sh | SSH registration workflow |
+| `deploy_remote_infrastructure()` | ez-homelab.sh | Deploy remote stack |
+
+### B. File Locations Reference
+
+| File | Purpose | Server |
+|------|---------|--------|
+| `/opt/stacks/core/shared-ca/ca.pem` | Shared CA certificate | Core |
+| `/opt/stacks/core/traefik/config/traefik.yml` | Traefik static config | Core |
+| `/opt/stacks/core/traefik/dynamic/sablier-*.yml` | Sablier middlewares | Core |
+| `/home/user/EZ-Homelab/docker-tls/` | TLS certs for Docker API | All |
+| `/opt/stacks/sablier/` | Sablier stack | All servers |
+
+### C. Port Reference
+
+| Port | Service | Direction |
+|------|---------|-----------|
+| 80 | Traefik HTTP | Inbound (core) |
+| 443 | Traefik HTTPS | Inbound (core) |
+| 2376 | Docker API (TLS) | Core → Remote |
+| 10000 | Sablier API | Traefik → Sablier |
+| 9091 | Authelia | Internal (core) |
+
+---
+
+## Conclusion
+
+This implementation plan provides a comprehensive roadmap for achieving label-based automatic routing and lazy loading across multiple servers. The approach maintains backward compatibility, leverages existing working infrastructure (TLS setup), and provides clear migration paths for existing deployments.
+
+**Key Benefits**:
+- ✅ Zero manual YAML editing for standard services
+- ✅ Scalable to unlimited remote servers
+- ✅ Decentralized Sablier (no single point of failure)
+- ✅ Minimal core server changes (one-time per remote)
+- ✅ Full label-driven automation
+- ✅ Pi-friendly: Timeouts and lightweight checks prevent system hangs
+- ✅ Reuses existing menu structure and prompting logic
+- ✅ .env-driven: Minimal user interaction via smart defaults
+
+**Next Steps**:
+1. Review and approve this plan
+2. Begin Phase 1 implementation (core functions)
+3. Test on development VMs
+4. Iterate based on testing results
+5. Document and release
+## Summary of Key Changes from Initial Plan
+
+### Simplified Workflow
+1. **Removed `prompt_for_server_role()`**: Uses existing menu options 2 & 3 instead
+2. **Sablier Stack Separation**: Moved from core to dedicated stack for consistency
+3. **Container Naming**: `sablier` (not `sablier-service`) across all deployments
+4. **Compose Changes in Repo**: No script overrides, changes made to source files
+
+### Enhanced User Experience
+1. **Docker Pre-Check**: Silent check before menu display
+2. **Smart Menu**: Limited menu if Docker missing, full menu if present
+3. **.env Validation**: Check required variables before each deployment type
+4. **Minimal Prompting**: Only ask for missing/invalid values
+5. **Use .env Variables**: REMOTE_SERVER_IP, REMOTE_SERVER_HOSTNAME, etc.
+
+### Pi 4 Optimizations
+1. **Timeouts**: All network operations (SSH, Docker, SCP) have timeouts
+2. **Lightweight Checks**: Avoid memory-heavy operations
+3. **Efficient Validation**: Use grep instead of loading entire files
+4. **Process Monitoring**: Prevent hanging processes on resource-constrained hardware
+
+### Implementation Priority
+1. ✅ Keep existing working code (prerequisites, core deployment)
+2. ✅ Enhance with validation and smart checks
+3. ✅ Add remote deployment as new option 3
+4. ✅ Minimal changes to existing flows
+
+---
+
+*Plan Version: 2.0 (Revised)*  
+*Date: February 4, 2026*  
+*Updated: Based on user feedback and Pi 4 constraints
+
+*Plan Version: 1.0*  
+*Date: February 4, 2026*  
+*Author: GitHub Copilot + User*
diff --git a/scripts/common.sh b/scripts/common.sh
index b91f989..f59edd5 100644
--- a/scripts/common.sh
+++ b/scripts/common.sh
@@ -215,3 +215,130 @@ run_cmd() {
         fi
     fi
 }
+# =============================================
+# MULTI-SERVER FUNCTIONS
+# =============================================
+
+# Detect server role based on deployed stacks
+detect_server_role() {
+    debug_log "Detecting server role"
+    
+    if [ -d "/opt/stacks/core" ] && [ -f "/opt/stacks/core/docker-compose.yml" ]; then
+        echo "core"
+        debug_log "Detected role: core"
+    else
+        echo "remote"
+        debug_log "Detected role: remote"
+    fi
+}
+
+# Generate Traefik provider configuration for a remote Docker host
+generate_traefik_provider_config() {
+    local server_ip="$1"
+    local server_hostname="$2"
+    local output_file="$3"
+    
+    debug_log "Generating Traefik provider config for $server_hostname ($server_ip)"
+    
+    if [ -z "$server_ip" ] || [ -z "$server_hostname" ] || [ -z "$output_file" ]; then
+        log_error "generate_traefik_provider_config requires server_ip, server_hostname, and output_file"
+        return 1
+    fi
+    
+    cat > "$output_file" <<EOF
+# Traefik Docker Provider for Remote Server: $server_hostname
+# Auto-generated by EZ-Homelab
+# Last updated: $(date '+%Y-%m-%d %H:%M:%S')
+
+providers:
+  docker:
+    endpoint: "tcp://${server_ip}:2376"
+    exposedByDefault: false
+    network: traefik-network
+    watch: true
+    tls:
+      ca: /shared-ca/ca.pem
+      cert: /shared-ca/cert.pem
+      key: /shared-ca/key.pem
+      insecureSkipVerify: false
+    # Server-specific constraints
+    defaultRule: "Host(\`{{ normalize .Name }}.${DUCKDNS_DOMAIN}\`)"
+EOF
+    
+    log_success "Generated Traefik provider config: $output_file"
+    debug_log "Provider config written to $output_file"
+}
+
+# Generate Sablier middleware configuration for remote server
+generate_sablier_middleware_config() {
+    local server_hostname="$1"
+    local server_ip="$2"
+    local output_file="$3"
+    
+    debug_log "Generating Sablier middleware config for $server_hostname ($server_ip)"
+    
+    if [ -z "$server_hostname" ] || [ -z "$server_ip" ] || [ -z "$output_file" ]; then
+        log_error "generate_sablier_middleware_config requires server_hostname, server_ip, and output_file"
+        return 1
+    fi
+    
+    cat > "$output_file" <<EOF
+# Sablier Middleware for Remote Server: $server_hostname
+# Auto-generated by EZ-Homelab
+# Last updated: $(date '+%Y-%m-%d %H:%M:%S')
+#
+# This middleware enables lazy loading for services on $server_hostname
+# Each server has its own Sablier instance managing local containers
+
+http:
+  middlewares:
+    sablier-${server_hostname}:
+      plugin:
+        sablier:
+          sablierUrl: "http://${server_ip}:10000"
+          sessionDuration: "5m"
+          dynamic:
+            theme: "hacker-terminal"
+EOF
+    
+    log_success "Generated Sablier middleware config: $output_file"
+    debug_log "Sablier middleware config written to $output_file"
+}
+
+# Register remote server with core Traefik
+add_remote_server_to_traefik() {
+    local server_ip="$1"
+    local server_hostname="$2"
+    
+    debug_log "Registering remote server $server_hostname with core Traefik"
+    
+    if [ -z "$server_ip" ] || [ -z "$server_hostname" ]; then
+        log_error "add_remote_server_to_traefik requires server_ip and server_hostname"
+        return 1
+    fi
+    
+    # Check if core stack exists
+    if [ ! -d "/opt/stacks/core" ]; then
+        log_error "Core stack not found at /opt/stacks/core - cannot register remote server"
+        return 1
+    fi
+    
+    local traefik_dynamic_dir="/opt/stacks/core/traefik/dynamic"
+    
+    # Create dynamic directory if it doesn't exist
+    if [ ! -d "$traefik_dynamic_dir" ]; then
+        log_info "Creating Traefik dynamic config directory"
+        mkdir -p "$traefik_dynamic_dir"
+    fi
+    
+    # Generate provider configuration
+    local provider_file="${traefik_dynamic_dir}/docker-provider-${server_hostname}.yml"
+    generate_traefik_provider_config "$server_ip" "$server_hostname" "$provider_file"
+    
+    # Generate Sablier middleware configuration
+    local sablier_file="${traefik_dynamic_dir}/sablier-middleware-${server_hostname}.yml"
+    generate_sablier_middleware_config "$server_hostname" "$server_ip" "$sablier_file"
+    
+    log_success "Registered remote server $server_hostname with core Traefik"
+    log_info "Traefik will auto-reload configurations within 2 seconds"
+}
\ No newline at end of file
diff --git a/scripts/ez-homelab.sh b/scripts/ez-homelab.sh
index da81d40..9011e02 100755
--- a/scripts/ez-homelab.sh
+++ b/scripts/ez-homelab.sh
@@ -206,17 +206,6 @@ localize_deployment() {
         done < <(find "$REPO_DIR/docker-compose" -name "*.yml" -o -name "*.yaml" -print0 2>/dev/null)
     fi
 
-    # Process config-templates files
-    if [ -d "$REPO_DIR/config-templates" ]; then
-        while IFS= read -r -d '' file_path; do
-            if [ -f "$file_path" ]; then
-                debug_log "Processing config template file: $file_path"
-                localize_yml_file "$file_path" false
-                processed_files=$((processed_files + 1))
-            fi
-        done < <(find "$REPO_DIR/config-templates" -name "*.yml" -o -name "*.yaml" -print0 2>/dev/null)
-    fi
-
     log_success "Deployment localization completed - processed $processed_files files"
     debug_log "Localization completed for $processed_files files"
 
@@ -909,9 +898,9 @@ deploy_core() {
     # Copy and configure Traefik config
     debug_log "Setting up Traefik configuration"
     if [ -d "/opt/stacks/core/traefik" ]; then
-        mv /opt/stacks/core/traefik /opt/stacks/core/traefik.backup.$(date +%Y%m%d_%H%M%S)
+        mv /opt/stacks/core/traefik /opt/stacks/core/traefik.backup.$(date +%y_%m_%d_%H_%M)
     fi
-    cp -r "$REPO_DIR/config-templates/traefik" /opt/stacks/core/
+    cp -r "$REPO_DIR/docker-compose/core/traefik" /opt/stacks/core/
     sudo chown -R "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/core/traefik
 
     # Move Traefik config file to the correct location for Docker mount
@@ -954,9 +943,9 @@ deploy_core() {
     # Copy and configure Authelia config
     debug_log "Setting up Authelia configuration"
     if [ -d "/opt/stacks/core/authelia" ]; then
-        mv /opt/stacks/core/authelia /opt/stacks/core/authelia.backup.$(date +%Y%m%d_%H%M%S)
+        mv /opt/stacks/core/authelia /opt/stacks/core/authelia.backup.$(date +%y_%m_%d_%H_%M)
     fi
-    cp -r "$REPO_DIR/config-templates/authelia" /opt/stacks/core/
+    cp -r "$REPO_DIR/docker-compose/core/authelia" /opt/stacks/core/
     sudo chown -R "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/core/authelia
 
     # Replace all placeholders in Authelia config files
@@ -991,6 +980,11 @@ deploy_core() {
     run_cmd docker compose up -d || true
     log_success "Core infrastructure deployed"
     echo ""
+    
+    # Deploy Sablier stack for lazy loading
+    log_info "Deploying Sablier stack for lazy loading..."
+    deploy_sablier_stack
+    echo ""
 }
 
 # Deploy infrastructure stack function
@@ -1363,6 +1357,154 @@ show_main_menu() {
     echo ""
 }
 
+# =============================================
+# MULTI-SERVER DEPLOYMENT FUNCTIONS
+# =============================================
+
+# Check if Docker is installed and accessible
+check_docker_installed() {
+    debug_log "Checking if Docker is installed"
+    
+    if ! command -v docker &> /dev/null; then
+        log_error "Docker is not installed on this system"
+        log_info "Please run Option 1 (Install Prerequisites) first"
+        return 1
+    fi
+    
+    if ! docker ps &> /dev/null; then
+        log_error "Docker is installed but not accessible"
+        log_info "Current user may not be in docker group. Try logging out and back in."
+        return 1
+    fi
+    
+    debug_log "Docker is installed and accessible"
+    return 0
+}
+
+# Set required variables based on deployment type
+set_required_vars_for_deployment() {
+    local deployment_type="$1"
+    debug_log "Setting required vars for deployment type: $deployment_type"
+    
+    case "$deployment_type" in
+        "core")
+            REQUIRED_VARS=("SERVER_IP" "SERVER_HOSTNAME" "DUCKDNS_SUBDOMAINS" "DUCKDNS_TOKEN" "DOMAIN" "DEFAULT_USER" "DEFAULT_PASSWORD" "DEFAULT_EMAIL")
+            debug_log "Set REQUIRED_VARS for core deployment"
+            ;;
+        "remote")
+            REQUIRED_VARS=("SERVER_IP" "SERVER_HOSTNAME" "DUCKDNS_DOMAIN" "DEFAULT_USER" "REMOTE_SERVER_IP" "REMOTE_SERVER_HOSTNAME" "REMOTE_SERVER_USER")
+            debug_log "Set REQUIRED_VARS for remote deployment"
+            ;;
+        *)
+            log_error "Unknown deployment type: $deployment_type"
+            return 1
+            ;;
+    esac
+}
+
+# Deploy remote server
+deploy_remote_server() {
+    log_info "Deploying Remote Server Configuration"
+    echo ""
+    
+    # Check Docker is installed
+    if ! check_docker_installed; then
+        log_error "Docker must be installed before deploying remote server"
+        return 1
+    fi
+    
+    # Ensure we have core server information
+    if [ -z "$REMOTE_SERVER_IP" ] || [ -z "$REMOTE_SERVER_HOSTNAME" ]; then
+        log_error "Remote server IP and hostname are required"
+        return 1
+    fi
+    
+    log_info "Configuring Docker TLS for remote API access..."
+    setup_docker_tls
+    
+    log_info "Fetching shared CA from core server..."
+    setup_multi_server_tls "$REMOTE_SERVER_IP" "$REMOTE_SERVER_USER"
+    
+    log_info "Deploying Sablier stack for local lazy loading..."
+    deploy_sablier_stack
+    
+    log_info "Registering this remote server with core Traefik..."
+    register_remote_server_with_core
+    
+    log_success "Remote server deployment complete!"
+    echo ""
+    echo "This server is now configured to:"
+    echo "  - Accept Docker API connections via TLS (port 2376)"
+    echo "  - Run Sablier for local container lazy loading"
+    echo "  - Have its containers discovered by core Traefik"
+    echo ""
+    echo "Services deployed on this server will automatically:"
+    echo "  - Be discovered by Traefik on the core server"
+    echo "  - Get SSL certificates via core Traefik"
+    echo "  - Be accessible at: https://servicename.${DUCKDNS_DOMAIN}"
+    echo ""
+}
+
+# Register remote server with core Traefik
+register_remote_server_with_core() {
+    debug_log "Registering remote server with core Traefik via SSH"
+    
+    if [ -z "$REMOTE_SERVER_IP" ] || [ -z "$REMOTE_SERVER_USER" ]; then
+        log_error "REMOTE_SERVER_IP and REMOTE_SERVER_USER are required"
+        return 1
+    fi
+    
+    log_info "Connecting to core server to register this remote server..."
+    
+    # SSH to core server and run registration function
+    ssh -o ConnectTimeout=10 "${REMOTE_SERVER_USER}@${REMOTE_SERVER_IP}" bash <<EOF
+        # Source common.sh to get registration function
+        source ~/EZ-Homelab/scripts/common.sh
+        
+        # Register this remote server
+        add_remote_server_to_traefik "${SERVER_IP}" "${SERVER_HOSTNAME}"
+        
+        # Restart Traefik to reload configs
+        cd /opt/stacks/core
+        docker compose restart traefik
+EOF
+    
+    if [ $? -eq 0 ]; then
+        log_success "Successfully registered with core server"
+    else
+        log_error "Failed to register with core server via SSH"
+        return 1
+    fi
+}
+
+# Deploy Sablier stack
+deploy_sablier_stack() {
+    debug_log "Deploying Sablier stack"
+    
+    local sablier_dir="/opt/stacks/sablier"
+    
+    # Create sablier stack directory
+    if [ ! -d "$sablier_dir" ]; then
+        mkdir -p "$sablier_dir"
+        sudo chown -R "$ACTUAL_USER:$ACTUAL_USER" "$sablier_dir"
+    fi
+    
+    # Copy stack files
+    cp "$REPO_DIR/docker-compose/sablier/docker-compose.yml" "$sablier_dir/"
+    cp "$REPO_DIR/.env" "$sablier_dir/"
+    sudo chown "$ACTUAL_USER:$ACTUAL_USER" "$sablier_dir/docker-compose.yml"
+    sudo chown "$ACTUAL_USER:$ACTUAL_USER" "$sablier_dir/.env"
+    
+    # Localize the docker-compose file
+    localize_compose_labels "$sablier_dir/docker-compose.yml"
+    
+    # Deploy
+    cd "$sablier_dir"
+    run_cmd docker compose up -d
+    
+    log_success "Sablier stack deployed at $sablier_dir"
+}
+
 # Show help function
 show_help() {
     echo "EZ-Homelab Setup & Deployment Script"
@@ -1611,15 +1753,42 @@ main() {
                 ;;
             2)
                 log_info "Selected: Deploy Core Server"
+                
+                # Check Docker first
+                if ! check_docker_installed; then
+                    echo ""
+                    log_error "Docker must be installed before deploying core server"
+                    log_info "Please run Option 1 (Install Prerequisites) first"
+                    echo ""
+                    read -p "Press Enter to return to main menu..."
+                    continue
+                fi
+                
                 DEPLOY_CORE=true
                 DEPLOY_INFRASTRUCTURE=true
                 DEPLOY_DASHBOARDS=true
                 SETUP_STACKS=true
+                DEPLOY_REMOTE_SERVER=false
+                
+                # Set required variables for core deployment
+                set_required_vars_for_deployment "core"
+                
                 break
                 ;;
             3)
                 log_info "Selected: Deploy Additional Server"
                 echo ""
+                
+                # Check Docker first
+                if ! check_docker_installed; then
+                    echo ""
+                    log_error "Docker must be installed before deploying remote server"
+                    log_info "Please run Option 1 (Install Prerequisites) first"
+                    echo ""
+                    read -p "Press Enter to return to main menu..."
+                    continue
+                fi
+                
                 echo "⚠️  IMPORTANT: Deploying an additional server requires an existing core server to be already deployed."
                 echo "The core server provides essential services like Traefik, Authelia, and shared TLS certificates."
                 echo ""
@@ -1632,9 +1801,14 @@ main() {
                     continue
                 fi
                 DEPLOY_CORE=false
-                DEPLOY_INFRASTRUCTURE=true
+                DEPLOY_INFRASTRUCTURE=false
                 DEPLOY_DASHBOARDS=false
-                SETUP_STACKS=true
+                SETUP_STACKS=false
+                DEPLOY_REMOTE_SERVER=true
+                
+                # Set required variables for remote deployment
+                set_required_vars_for_deployment "remote"
+                
                 break
                 ;;
             4)
@@ -1664,6 +1838,22 @@ main() {
     # Prepare deployment environment
     prepare_deployment
 
+    # Handle remote server deployment separately
+    if [ "$DEPLOY_REMOTE_SERVER" = true ]; then
+        # Prompt for configuration values
+        validate_and_prompt_variables
+        
+        # Save configuration
+        save_env_file
+        
+        # Deploy remote server
+        deploy_remote_server
+        
+        echo ""
+        log_success "Remote server deployment complete!"
+        exit 0
+    fi
+
     # Prompt for configuration values
     validate_and_prompt_variables
 
diff --git a/services to proxy.yaml b/services to proxy.yaml
deleted file mode 100644
index bec7f7c..0000000
--- a/services to proxy.yaml	
+++ /dev/null
@@ -1,33 +0,0 @@
-# This is just a list of services by ip:port that should be 
-# proxied via traefik on 192.168.4.4 (Raspberry Pi 4 4GB)
-
-bookstack: 192.168.4.11:6875
-mealie: 192.168.4.11:9000
-wordpress: 192.168.4.11:8088  Set Proxy Host to knot-u.kelinreij.duckdns.org
-backrest: 192.168.4.11:9898
-motioneye: 192.168.4.11:8081 (main web UI; additional ports 8765,9901-9904 for streams/cameras)
-dokuwiki: 192.168.4.11:8087  Set Proxy Host to wiki.kelinreij.duckdns.org
-formio: 192.168.4.11:3002   set Proxy Host to forms.kelinreij.duckdns.org
-glances: 192.168.4.11:61208
-dozzle: 192.168.4.11:8085
-dockge: 192.168.4.11:5001 set Proxy Host to jarvis.kelinreij.duckdns.org
-nextcloud: 192.168.4.11:8089 Set Proxy Host to cloud.kelinreij.duckdns.org
-kopia: 192.168.4.11:51515
-openkm: 192.168.4.11:18080
-unmanic: 192.168.4.11:8888
-gitea: 192.168.4.11:3010 (web UI; SSH on 2222)
-bitwarden: 192.168.4.11:8000
-duplicati: 192.168.4.11:8200
-
-jellyfin: 192.168.4.11:8096
-jellyseerr: 192.168.4.11:5055
-prowlarr: 192.168.4.11:9696
-radarr: 192.168.4.11:7878
-sonarr: 192.168.4.11:8989
-lidarr: 192.168.4.11:8686
-readarr: 192.168.4.11:8787
-calibre-web: 192.168.4.11:8083
-mylar3: 192.168.4.11:8090
-qbittorrent: 192.168.4.11:8080 (behind VPN)
-tdarr-server: 192.168.4.11:8265 (web UI; API on 8266)
-
diff --git a/tasks.txt b/tasks.txt
deleted file mode 100644
index 0ad27f2..0000000
--- a/tasks.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Info
-
-I am developing the EZ-Homelab repository. The focus is on the repo not the test system.
-I'm troubleshooting the ez-homelab.sh setup process. 
-
-Install notes