kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Update EZ-Homelab configurations and documentation

Browse Source 
- Update .env.example with latest environment variables
- Enhance homepage dashboard configurations and templates
- Improve Traefik routing templates for external hosts
- Update docker-compose files for dashboards and infrastructure
- Add comprehensive TUI documentation and PRD
- Add new Homelab-Audit documentation
- Remove outdated release notes
This commit is contained in:
kelinfoxy
2026-01-28 21:56:33 -05:00
parent bb19aeb9b1
commit 7b4f562c68
70 changed files with 5982 additions and 828 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
config-templates/homepage/custom.css
View File

@@ -1,7 +1,15 @@
.information-widgets {
max-width: 1500px;
}
.services-group {
max-width: 250px;
}
#services {
margin: 0px;
}
.service {
height: 70px;
max-height: 80px;
@@ -9,7 +17,7 @@
margin-right: 3px;
}
#services {
#services #bookmarks {
margin: 0px 0px 0px 20px;
}
@@ -20,4 +28,4 @@
.bookmark-group {
min-width: 250px;
max-width: 250px;
}
}

22
config-templates/homepage/docker.yaml
View File

@@ -1,8 +1,18 @@
# Homepage Configuration - Docker Integration
# Copy to /opt/stacks/homepage/config/docker.yaml
# Enables auto-discovery of containers and status monitoring
# Docker socket (via proxy for security)
my-docker:
socket: /var/run/docker.sock
---
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/docker/
# my-docker:
# host: 127.0.0.1
# port: 2375
# my-docker:
# socket: /var/run/docker.sock
# home-assistant:
# host: 192.168.4.5
# port: 2375
#${SERVER_HOSTNAME}:
# host: 192.168.4.11
# port: 2375

226
config-templates/homepage/services.yaml
View File

@@ -5,277 +5,287 @@
- Homepage:
icon: homepage.png
href: https://homepage.${DOMAIN}
description: This Dashboard
container: homepage
description: Hosted on Raspberry Pi
- Homepage - ${REMOTE_SERVER_HOSTNAME}:
icon: homepage.png
href: https://homepage.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: ${REMOTE_SERVER_HOSTNAME} - Application Dashboard
- Homarr:
icon: homarr.png
href: https://homarr.${DOMAIN}
description: Alternative Dashboard
container: homarr
- Homarr - ${REMOTE_SERVER_HOSTNAME}:
icon: homarr.png
href: https://homarr.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: ${REMOTE_SERVER_HOSTNAME} - Alternative Dashboard
- Dockge - ${SERVER_HOSTNAME}:
icon: dockge.png
href: https://${SERVER_HOSTNAME}.${DOMAIN}
description: Main Server
- Dockge - ${REMOTE_SERVER_HOSTNAME}:
icon: dockge.png
href: https://${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: Raspberry Pi Authentication Server
- Core:
- Dockge:
icon: dockge.png
href: https://dockge.${SERVER_HOSTNAME}.${DOMAIN}
description: Docker Compose Manager
container: dockge
- Traefik:
icon: traefik.png
href: https://traefik.${DOMAIN}
description: Reverse Proxy & SSL
container: traefik
- Authelia:
icon: authelia.png
href: https://auth.${DOMAIN}
description: Authentication Portal
container: authelia
- Infrastructure:
- Dozzle:
icon: dozzle.png
href: https://dozzle.${SERVER_HOSTNAME}.${DOMAIN}
description: Real-time Log Viewer
container: dozzle
- Glances:
icon: glances.png
href: https://glances.${SERVER_HOSTNAME}.${DOMAIN}
description: System Monitoring
container: glances
description: Authentication SSO Portal
- Pi-hole:
icon: pi-hole.png
href: https://pihole.${DOMAIN}
description: Network-wide Ad Blocking
container: pihole
# Available to Install - Grouped by Stack
- Monitoring Stack:
- Dozzle:
icon: dozzle.png
href: https://dozzle.${SERVER_HOSTNAME}.${DOMAIN}
description: ${SERVER_HOSTNAME} - Real-time Log Viewer
- Dozzle:
icon: dozzle.png
href: https://dozzle.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: ${REMOTE_SERVER_HOSTNAME} - Real-time Log Viewer
- Glances - ${SERVER_HOSTNAME}:
icon: glances.png
href: https://glances.${SERVER_HOSTNAME}.${DOMAIN}
description: ${SERVER_HOSTNAME} - System Monitoring
- Glances - ${REMOTE_SERVER_HOSTNAME}:
icon: glances.png
href: https://glances.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: ${REMOTE_SERVER_HOSTNAME} - System Monitoring
- Uptime Kuma:
icon: uptime-kuma.png
href: https://uptime-kuma.${DOMAIN}
description: Uptime Monitoring
- Grafana - ${REMOTE_SERVER_HOSTNAME}:
icon: grafana.png
href: https://grafana.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: ${REMOTE_SERVER_HOSTNAME} - Metrics Dashboard
- Prometheus - ${REMOTE_SERVER_HOSTNAME}:
icon: prometheus.png
href: https://prometheus.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: ${REMOTE_SERVER_HOSTNAME} - Metrics Collection
- Uptime Kuma - ${REMOTE_SERVER_HOSTNAME}:
icon: uptime-kuma.png
href: https://status.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: ${REMOTE_SERVER_HOSTNAME} - Uptime Monitoring
- Media:
- Jellyfin:
icon: jellyfin.png
href: https://jellyfin.${DOMAIN}
description: Open Source Media Server
container: jellyfin
- Jellyseerr:
icon: jellyseerr.png
href: https://jellyseerr.${DOMAIN}
description: Media Request Manager
container: jellyseerr
- Calibre-Web:
icon: calibre-web.png
href: https://calibre.${DOMAIN}
description: Ebook Library
container: calibre-web
- Media Management:
- Sonarr:
icon: sonarr.png
href: https://sonarr.${DOMAIN}
description: TV Shows Automation
container: sonarr
- Radarr:
icon: radarr.png
href: https://radarr.${DOMAIN}
description: Movies Automation
container: radarr
- Prowlarr:
icon: prowlarr.png
href: https://prowlarr.${DOMAIN}
description: Indexer Manager
container: prowlarr
- Readarr:
icon: readarr.png
href: https://readarr.${DOMAIN}
description: Books Automation
container: readarr
- Lidarr:
icon: lidarr.png
href: https://lidarr.${DOMAIN}
description: Music Automation
container: lidarr
- Mylar3:
icon: mylar.png
href: https://mylar.${DOMAIN}
description: Comics Manager
container: mylar3
- qBittorrent:
icon: qbittorrent.png
href: https://qbit.${DOMAIN}
description: Torrent Client
container: qbittorrent
- Tdarr:
icon: tdarr.png
href: https://tdarr.${DOMAIN}
description: Media Transcoding
container: tdarr
- Home Automation:
- Home Assistant:
icon: home-assistant.png
href: https://ha.${DOMAIN}
href: https://hass.${DOMAIN}
description: Home Automation Platform
container: homeassistant
- ESPHome:
icon: esphome.png
href: https://esphome.${DOMAIN}
description: ESP Device Manager
container: esphome
- Node-RED:
icon: node-red.png
href: https://nodered.${DOMAIN}
description: Flow-based Automation
container: nodered
- Zigbee2MQTT:
icon: zigbee2mqtt.png
href: https://zigbee.${DOMAIN}
description: Zigbee Bridge
container: zigbee2mqtt
- Mosquitto:
icon: mosquitto.png
href: https://mqtt.${DOMAIN}
description: MQTT Broker
container: mosquitto
- Productivity:
- Nextcloud:
icon: nextcloud.png
href: https://nextcloud.${DOMAIN}
description: Cloud Storage & Collaboration
container: nextcloud
- Gitea:
icon: gitea.png
href: https://gitea.${DOMAIN}
description: Git Repository
container: gitea
- Mealie:
icon: mealie.png
href: https://mealie.${DOMAIN}
description: Recipe Manager
container: mealie
- WordPress:
icon: wordpress.png
href: https://wordpress.${DOMAIN}
description: CMS Platform
container: wordpress
- Wikis:
- BookStack:
icon: bookstack.png
href: https://bookstack.${DOMAIN}
description: Wiki Platform
container: bookstack
- DokuWiki:
icon: dokuwiki.png
href: https://dokuwiki.${DOMAIN}
description: Simple Wiki
container: dokuwiki
- MediaWiki:
- Mediawiki:
icon: mediawiki.png
href: https://mediawiki.${DOMAIN}
description: Wikipedia Engine
container: mediawiki
- Monitoring Stack:
- Grafana:
icon: grafana.png
href: https://grafana.${DOMAIN}
description: Metrics Dashboard
container: grafana
- Prometheus:
icon: prometheus.png
href: https://prometheus.${DOMAIN}
description: Metrics Collection
container: prometheus
- Uptime Kuma:
icon: uptime-kuma.png
href: https://uptime-kuma.${DOMAIN}
description: Uptime Monitoring
container: uptime-kuma
- cAdvisor:
icon: cadvisor.png
href: https://cadvisor.${DOMAIN}
description: Container Metrics
container: cadvisor
description: Collaborative Wiki
- Development:
- VS Code Server:
icon: vscode.png
href: https://code.${DOMAIN}
description: Browser-based IDE
container: code-server
- Jupyter:
icon: jupyter.png
href: https://jupyter.${DOMAIN}
description: Data Science Notebooks
container: jupyter
- Backups:
- Backrest:
icon: mdi-backup-restore
href: https://backrest.${DOMAIN}
description: Backup Solution
container: backrest
- Duplicati:
icon: duplicati.png
href: https://duplicati.${DOMAIN}
description: Backup Software
container: duplicati
- Downloaders:
- qBittorrent:
icon: qbittorrent.png
href: https://qbit.${DOMAIN}
description: Torrent Client
- Transcoders:
- Tdarr:
icon: tdarr.png
href: https://tdarr.${DOMAIN}
description: Media Transcoding
- Unmanic:
icon: unmanic.png
href: https://unmanic.${DOMAIN}
description: Media Transcoder
- Utilities:
- Vaultwarden:
icon: vaultwarden.png
href: https://vault.${DOMAIN}
description: Password Manager
container: vaultwarden
- Formio:
icon: mdi-form-select
href: https://formio.${DOMAIN}
description: Form Builder
container: formio
- Backup:
- Backrest:
icon: mdi-backup-restore
href: https://backrest.${DOMAIN}
description: Backup Solution
- Backrest - ${REMOTE_SERVER_HOSTNAME}:
icon: mdi-backup-restore
href: https://backrest.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: ${REMOTE_SERVER_HOSTNAME} - Backup Solution
- Duplicati:
icon: duplicati.png
href: https://duplicati.${DOMAIN}
description: Backup Software
- Duplicati - ${REMOTE_SERVER_HOSTNAME}:
icon: duplicati.png
href: https://duplicati.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}
description: ${REMOTE_SERVER_HOSTNAME} - Backup Software
- Metrics:
- Grafana:
icon: grafana.png
href: https://grafana.${DOMAIN}
description: Metrics Dashboard
- Prometheus:
icon: prometheus.png
href: https://prometheus.${DOMAIN}
description: Metrics Collection
- cAdvisor:
icon: cadvisor.png
href: https://cadvisor.${DOMAIN}
description: Container Metrics
- Alternatives:
- Portainer:
icon: portainer.png
href: https://portainer.${DOMAIN}
description: Container Management UI
container: portainer
- Authentik:
icon: authentik.png
href: https://authentik.${DOMAIN}
description: Alternative Auth Provider
container: authentik
- Plex:
icon: plex.png
href: https://plex.${DOMAIN}
description: Media Server
container: plex

14
config-templates/homepage/settings.yaml
View File

@@ -1,11 +1,7 @@
---
# Homepage Settings
# For all configuration options: https://gethomepage.dev/configs/settings/
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/settings/
title: AI Homelab Dashboard
theme: dark
color: slate
headerStyle: boxed
providers:
openweathermap: openweathermapapikey
weatherapi: weatherapiapikey

4
config-templates/homepage/widgets.yaml
View File

@@ -1,6 +1,6 @@
---
# Homepage Widgets Configuration
# Service widgets omitted per user request
# For configuration options and examples, please see:
# https://gethomepage.dev/configs/info-widgets/
- resources:
cpu: true

562
config-templates/traefik/dynamic/external-host-production.yml
View File

@@ -1,599 +1,399 @@
http:
routers:
backrest-${SERVER_HOSTNAME}:
rule: "Host(`backrest.${DOMAIN}`)"
# Remote Server Services (${REMOTE_SERVER_HOSTNAME})
dockge-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`dockge.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: backrest-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-backrest@file
- authelia@docker
bookstack-${SERVER_HOSTNAME}:
rule: "Host(`bookstack.${DOMAIN}`)"
entryPoints:
- websecure
service: bookstack-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-bookstack@file
- authelia@docker
vaultwarden-${SERVER_HOSTNAME}:
rule: "Host(`vault.${DOMAIN}`)"
entryPoints:
- websecure
service: vaultwarden-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
# SSO disabled for browser extension and mobile app compatibility
# middlewares:
# - sablier-${SERVER_HOSTNAME}-vaultwarden@file
calibre-web-${SERVER_HOSTNAME}:
rule: "Host(`calibre.${DOMAIN}`)"
entryPoints:
- websecure
service: calibre-web-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-calibre-web@file
- authelia@docker
code-${SERVER_HOSTNAME}:
rule: "Host(`code.${DOMAIN}`)"
entryPoints:
- websecure
service: code-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-code-server@file
- authelia@docker
dockge-${SERVER_HOSTNAME}:
rule: "Host(`jarvis.${DOMAIN}`)"
entryPoints:
- websecure
service: dockge-${SERVER_HOSTNAME}
service: dockge-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
dockhand-${SERVER_HOSTNAME}:
rule: "Host(`dockhand.${DOMAIN}`)"
dozzle-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`dozzle.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: dockhand-${SERVER_HOSTNAME}
service: dozzle-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
dokuwiki-${SERVER_HOSTNAME}:
rule: "Host(`dokuwiki.${DOMAIN}`)"
glances-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`glances.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: dokuwiki-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-dokuwiki@file
- authelia@docker
dozzle-${SERVER_HOSTNAME}:
rule: "Host(`dozzle.${SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: dozzle-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-dozzle@file
- authelia@docker
duplicati-${SERVER_HOSTNAME}:
rule: "Host(`duplicati.${DOMAIN}`)"
entryPoints:
- websecure
service: duplicati-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-duplicati@file
- authelia@docker
formio-${SERVER_HOSTNAME}:
rule: "Host(`formio.${DOMAIN}`)"
entryPoints:
- websecure
service: formio-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-formio@file
- authelia@docker
gitea-${SERVER_HOSTNAME}:
rule: "Host(`gitea.${DOMAIN}`)"
entryPoints:
- websecure
service: gitea-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-gitea@file
- authelia@docker
glances-${SERVER_HOSTNAME}:
rule: "Host(`glances.jarvis.${DOMAIN}`)"
entryPoints:
- websecure
service: glances-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-glances@file
- authelia@docker
homepage-${SERVER_HOSTNAME}:
rule: "Host(`homepage.jarvis.${DOMAIN}`)"
entryPoints:
- websecure
service: homepage-${SERVER_HOSTNAME}
service: glances-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
homarr-${SERVER_HOSTNAME}:
rule: "Host(`homarr.${DOMAIN}`)"
backrest-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`backrest.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: homarr-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
- sablier-${SERVER_HOSTNAME}-homarr@file
jellyfin-${SERVER_HOSTNAME}:
rule: "Host(`jellyfin.${DOMAIN}`)"
entryPoints:
- websecure
service: jellyfin-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-jellyfin@file
# No authelia middleware for media apps
jupyter-${SERVER_HOSTNAME}:
rule: "Host(`jupyter.${DOMAIN}`)"
entryPoints:
- websecure
service: jupyter-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-jupyter@file
- authelia@docker
kopia-${SERVER_HOSTNAME}:
rule: "Host(`kopia.${DOMAIN}`)"
entryPoints:
- websecure
service: kopia-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-kopia@file
- authelia@docker
mealie-${SERVER_HOSTNAME}:
rule: "Host(`mealie.${DOMAIN}`)"
entryPoints:
- websecure
service: mealie-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-mealie@file
- authelia@docker
motioneye-${SERVER_HOSTNAME}:
rule: "Host(`motioneye.${DOMAIN}`)"
entryPoints:
- websecure
service: motioneye-${SERVER_HOSTNAME}
service: backrest-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
mediawiki-${SERVER_HOSTNAME}:
rule: "Host(`mediawiki.${DOMAIN}`)"
duplicati-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`duplicati.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: mediawiki-${SERVER_HOSTNAME}
service: duplicati-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-mediawiki@file
- authelia@docker
nextcloud-${SERVER_HOSTNAME}:
rule: "Host(`nextcloud.${DOMAIN}`)"
homepage-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`homepage.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: nextcloud-${SERVER_HOSTNAME}
service: homepage-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-nextcloud@file
- authelia@docker
openkm-${SERVER_HOSTNAME}:
rule: "Host(`openkm.${DOMAIN}`)"
homarr-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`homarr.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: openkm-${SERVER_HOSTNAME}
service: homarr-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-openkm@file
- authelia@docker
openwebui-${SERVER_HOSTNAME}:
rule: "Host(`openwebui.${DOMAIN}`)"
grafana-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`grafana.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: openwebui-${SERVER_HOSTNAME}
service: grafana-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-openwebui@file
- authelia@docker
qbittorrent-${SERVER_HOSTNAME}:
rule: "Host(`torrents.${DOMAIN}`)"
prometheus-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`prometheus.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: qbittorrent-${SERVER_HOSTNAME}
service: prometheus-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-arr@file
- authelia@docker
tdarr-${SERVER_HOSTNAME}:
rule: "Host(`tdarr.${DOMAIN}`)"
uptime-kuma-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`status.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
entryPoints:
- websecure
service: tdarr-${SERVER_HOSTNAME}
service: uptime-kuma-${REMOTE_SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-arr@file
- authelia@docker
unmanic-${SERVER_HOSTNAME}:
rule: "Host(`unmanic.${DOMAIN}`)"
entryPoints:
- websecure
service: unmanic-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-unmanic@file
- authelia@docker
wordpress-${SERVER_HOSTNAME}:
rule: "Host(`knot-u.${DOMAIN}`)"
entryPoints:
- websecure
service: wordpress-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-wordpress@file
- authelia@file
# Arr Services (no SSO for media apps)
jellyseerr-${SERVER_HOSTNAME}:
rule: "Host(`jellyseerr.${DOMAIN}`)"
entryPoints:
- websecure
service: jellyseerr-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-arr@file
- authelia@docker
prowlarr-${SERVER_HOSTNAME}:
rule: "Host(`prowlarr.${DOMAIN}`)"
entryPoints:
- websecure
service: prowlarr-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-arr@file
- authelia@docker
radarr-${SERVER_HOSTNAME}:
rule: "Host(`radarr.${DOMAIN}`)"
entryPoints:
- websecure
service: radarr-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-arr@file
- authelia@docker
sonarr-${SERVER_HOSTNAME}:
rule: "Host(`sonarr.${DOMAIN}`)"
entryPoints:
- websecure
service: sonarr-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-arr@file
- authelia@docker
lidarr-${SERVER_HOSTNAME}:
rule: "Host(`lidarr.${DOMAIN}`)"
entryPoints:
- websecure
service: lidarr-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-arr@file
- authelia@docker
readarr-${SERVER_HOSTNAME}:
rule: "Host(`readarr.${DOMAIN}`)"
entryPoints:
- websecure
service: readarr-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-arr@file
- authelia@docker
mylar3-${SERVER_HOSTNAME}:
rule: "Host(`mylar3.${DOMAIN}`)"
entryPoints:
- websecure
service: mylar3-${SERVER_HOSTNAME}
tls:
certResolver: letsencrypt
middlewares:
- sablier-${SERVER_HOSTNAME}-arr@file
- authelia@docker
# Service Definitions
services:
backrest-${SERVER_HOSTNAME}:
loadBalancer:
servers:
- url: "http://192.168.4.11:9898"
- url: "http://${SERVER_IP}:9898"
passHostHeader: true
vaultwarden-${SERVER_HOSTNAME}:
loadBalancer:
servers:
- url: "http://192.168.4.11:8091"
- url: "http://${SERVER_IP}:8091"
passHostHeader: true
bookstack-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:6875"
- url: "http://${SERVER_IP}:6875"
passHostHeader: true
calibre-web-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8083"
- url: "http://${SERVER_IP}:8083"
passHostHeader: true
code-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8079"
- url: "http://${SERVER_IP}:8079"
passHostHeader: true
dockge-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:5001"
- url: "http://${SERVER_IP}:5001"
passHostHeader: true
dockhand-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:3003"
- url: "http://${SERVER_IP}:3003"
passHostHeader: true
dokuwiki-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8087"
- url: "http://${SERVER_IP}:8087"
passHostHeader: true
dozzle-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8085"
- url: "http://${SERVER_IP}:8085"
passHostHeader: true
duplicati-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8200"
- url: "http://${SERVER_IP}:8200"
passHostHeader: true
ez-assistant-${SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:18789" # Internal IP of ${SERVER_HOSTNAME} server
passHostHeader: true
formio-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:3002"
- url: "http://${SERVER_IP}:3002"
passHostHeader: true
gitea-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:3010"
- url: "http://${SERVER_IP}:3010"
passHostHeader: true
glances-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:61208"
- url: "http://${SERVER_IP}:61208"
passHostHeader: true
homarr-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:7575"
- url: "http://${SERVER_IP}:7575"
passHostHeader: true
homepage-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:3000"
- url: "http://${SERVER_IP}:3000"
passHostHeader: true
jellyfin-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8096"
- url: "http://${SERVER_IP}:8096"
passHostHeader: true
jupyter-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8890"
- url: "http://${SERVER_IP}:8890"
passHostHeader: true
kopia-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:51515"
- url: "http://${SERVER_IP}:51515"
passHostHeader: true
mealie-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:9000"
- url: "http://${SERVER_IP}:9000"
passHostHeader: true
mediawiki-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8086"
- url: "http://${SERVER_IP}:8086"
passHostHeader: true
motioneye-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8081"
- url: "http://${SERVER_IP}:8081"
passHostHeader: true
nextcloud-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8089"
- url: "http://${SERVER_IP}:8089"
passHostHeader: true
openkm-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:18080"
- url: "http://${SERVER_IP}:18080"
passHostHeader: true
openwebui-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:3000"
- url: "http://${SERVER_IP}:3000"
passHostHeader: true
qbittorrent-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8081"
- url: "http://${SERVER_IP}:8081"
passHostHeader: true
tdarr-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8265"
- url: "http://${SERVER_IP}:8265"
passHostHeader: true
unmanic-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8889"
- url: "http://${SERVER_IP}:8889"
passHostHeader: true
wordpress-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8088"
- url: "http://${SERVER_IP}:8088"
passHostHeader: true
# Arr Services
jellyseerr-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:5055"
- url: "http://${SERVER_IP}:5055"
passHostHeader: true
prowlarr-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:9696"
- url: "http://${SERVER_IP}:9696"
passHostHeader: true
radarr-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:7878"
- url: "http://${SERVER_IP}:7878"
passHostHeader: true
sonarr-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8989"
- url: "http://${SERVER_IP}:8989"
passHostHeader: true
lidarr-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8686"
- url: "http://${SERVER_IP}:8686"
passHostHeader: true
readarr-${SERVER_HOSTNAME}:
loadBalancer:
loadbalancer:
servers:
- url: "http://192.168.4.11:8787"
- url: "http://${SERVER_IP}:8787"
passHostHeader: true
mylar3-${SERVER_HOSTNAME}:
loadBalancer:
servers:
- url: "http://192.168.4.11:8090"
- url: "http://${SERVER_IP}:8090"
passHostHeader: true
# Remote Server Service Definitions (${REMOTE_SERVER_HOSTNAME})
dockge-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:5001"
passHostHeader: true
dozzle-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:8085"
passHostHeader: true
glances-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:61208"
passHostHeader: true
backrest-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:9898"
passHostHeader: true
duplicati-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:8200"
passHostHeader: true
homepage-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:3000"
passHostHeader: true
homarr-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:7575"
passHostHeader: true
grafana-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:3000"
passHostHeader: true
prometheus-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:9090"
passHostHeader: true
uptime-kuma-${REMOTE_SERVER_HOSTNAME}:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:3001"
passHostHeader: true
# Middleware Definitions
middlewares:
ez-assistant-websocket:
headers:
accessControlAllowHeaders:
- "Connection"
- "Upgrade"
accessControlAllowMethods:
- "GET"
- "POST"
- "OPTIONS"
accessControlMaxAge: 86400

121
config-templates/traefik/dynamic/sablier.yml
View File

@@ -319,3 +319,124 @@ http:
displayName: wordpress
theme: ghost
show-details-by-default: true
# Remote Server (${REMOTE_SERVER_HOSTNAME}) Sablier Middlewares
sablier-${REMOTE_SERVER_HOSTNAME}-dockge:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-dockge
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Dockge (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-dozzle:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-dozzle
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Dozzle (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-glances:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-glances
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Glances (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-backrest:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-backrest
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Backrest (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-duplicati:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-duplicati
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Duplicati (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-homepage:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-homepage
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Homepage (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-homarr:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-homarr
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Homarr (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-grafana:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-grafana
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Grafana (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-prometheus:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-prometheus
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Prometheus (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-uptime-kuma:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-uptime-kuma
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Uptime Kuma (${REMOTE_SERVER_HOSTNAME})
theme: ghost
show-details-by-default: true

59
config-templates/traefik/traefik.yml
View File

@@ -1,56 +1,43 @@
# Traefik Static Configuration
# Copy to /opt/stacks/traefik/traefik.yml
global:
checkNewVersion: true
sendAnonymousUsage: false
experimental:
plugins:
sablier:
moduleName: github.com/sablierapp/sablier-traefik-plugin
version: v1.1.0
api:
dashboard: true
insecure: false # Dashboard accessible via Traefik route with Authelia
providers:
docker:
exposedByDefault: false
file:
directory: /dynamic
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
tls:
certResolver: letsencrypt
traefik:
address: ":8080"
certificatesResolvers:
letsencrypt:
acme:
email: ACME_EMAIL_PLACEHOLDER # Will be replaced by deploy script
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
storage: /acme.json
# For testing: Use staging to avoid production rate limits
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org)
# Works with DuckDNS - requires DUCKDNS_TOKEN in environment
dnsChallenge:
provider: duckdns
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false # Only expose services with traefik.enable=true
network: traefik-network
file:
directory: /dynamic
watch: true
email: ${DEFAULT_EMAIL}
storage: /letsencrypt/acme.json
log:
level: INFO # DEBUG, INFO, WARN, ERROR
filePath: /var/log/traefik/traefik.log
level: DEBUG
accessLog:
filePath: /var/log/traefik/access.log
bufferingSize: 100
format: json
api:
dashboard: true
insecure: true
ping:
manualRouting: true