feat: Add comprehensive restart policy documentation and Sablier lazy loading support

- Add SERVER_HOSTNAME env var for Sablier group naming
- Update default hostname from 'jarvis' to 'debian' for generic repo compatibility
- Add restart policy documentation to all docker-compose files
- Add Sablier labels to lazy-loaded services (jellyfin, dozzle, glances, code-server, homarr, dokuwiki)
- Update sablier.yml template to use debian- prefixes
- Enhance deploy script to auto-detect hostname and update configurations
- Ensure all YAML files remain syntactically valid

docker-compose/alternatives/docker-compose.yml

@@ -3,10 +3,16 @@
 # Deploy manually through Dockge if you want to use these alternatives
 # Place in /opt/stacks/alternatives/docker-compose.yml
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
 services:
   # Portainer - Docker management UI (Alternative to Dockge)
   # Access at: https://portainer.${DOMAIN}
   # NOTE: Dockge is the default Docker management UI. Deploy Portainer only if you prefer its interface
+  # Docker management interface should always run when deployed
   portainer:
     image: portainer/portainer-ce:2.19.4
     container_name: portainer
@@ -33,6 +39,7 @@ services:
   # Access at: https://authentik.${DOMAIN}
   # NOTE: Authelia is the default SSO. Deploy Authentik only if you need a web UI for user management
   # WARNING: Do not run both Authelia and Authentik at the same time
+  # SSO service should always run when deployed as alternative to Authelia
   authentik-server:
     image: ghcr.io/goauthentik/server:2024.2.0
     container_name: authentik-server
@@ -66,6 +73,7 @@ services:
       - authentik-redis
 
   # Authentik Worker - Background task processor
+  # SSO background worker should always run when Authentik is deployed
   authentik-worker:
     image: ghcr.io/goauthentik/server:2024.2.0
     container_name: authentik-worker
@@ -93,6 +101,7 @@ services:
       - authentik-redis
 
   # Authentik Database - PostgreSQL
+  # Database must always run for Authentik to function
   authentik-db:
     image: postgres:16-alpine
     container_name: authentik-db
@@ -115,6 +124,7 @@ services:
       retries: 5
 
   # Authentik Redis - Cache and message queue
+  # Cache service must always run for Authentik performance
   authentik-redis:
     image: redis:7-alpine
     container_name: authentik-redis
@@ -136,6 +146,7 @@ services:
   # Plex Media Server - Alternative to Jellyfin
   # Access at: https://plex.yourdomain.duckdns.org
   # NOTE: No Authelia - allows app access from Roku, Fire TV, mobile, etc.
+  # Media server should always run when deployed as alternative to Jellyfin
   plex:
     image: plexinc/pms-docker:1.40.0.7998-f68041501
     container_name: plex

docker-compose/core/docker-compose.yml

@@ -1,3 +1,16 @@
+# Core Infrastructure Services
+# These services form the foundation of the homelab and should always be running
+# Place in /opt/stacks/core/docker-compose.yml
+
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
+# Service Access URLs:
+# - Traefik Dashboard: https://traefik.${DOMAIN}
+# - Authelia: https://auth.${DOMAIN}
+
 x-dockge:
   urls:
     - https://auth.${DOMAIN}
@@ -5,6 +18,7 @@ x-dockge:
 services:
   
   duckdns:
+    # Dynamic DNS service - must always run to maintain domain resolution
     image: lscr.io/linuxserver/duckdns:latest
     container_name: duckdns
     restart: unless-stopped
@@ -20,6 +34,7 @@ services:
       - traefik-network
   
   traefik:
+    # Reverse proxy and SSL termination - core routing service, must always run
     image: traefik:v3
     container_name: traefik
     restart: unless-stopped
@@ -49,6 +64,7 @@ services:
       - "x-dockge.url=https://traefik.${DOMAIN}"
 
   authelia:
+    # Single sign-on authentication service - must always run for user authentication
     image: authelia/authelia:latest
     container_name: authelia
     restart: unless-stopped
@@ -74,6 +90,7 @@ services:
       - x-dockge.url=https://auth.${DOMAIN}
 
   # Sablier - Lazy loading service for Docker containers
+  # Controls startup/shutdown of lazy-loaded services, must always run
   sablier-service:
     image: sablierapp/sablier:latest
     container_name: sablier-service

docker-compose/dashboards/docker-compose.yml

@@ -2,6 +2,11 @@
 # Homepage and Homarr for homelab dashboards
 # Place in /opt/stacks/dashboards/docker-compose.yml
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
 # Service Access URLs:
 # - Homepage: https://home.${DOMAIN}
 # - Homarr: https://homarr.${DOMAIN}
@@ -9,6 +14,7 @@
 services:
   # Homepage - Application dashboard (AI-configurable via YAML)
   # Access at: https://home.${DOMAIN}
+  # Dashboard service should always run for quick access to service overview
   homepage:
     image: ghcr.io/gethomepage/homepage:latest
     deploy:
@@ -46,6 +52,7 @@ services:
 
   # Homarr - Modern dashboard
   # Access at: https://homarr.${DOMAIN}
+  # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
   homarr:
     image: ghcr.io/ajnart/homarr:latest
     deploy:
@@ -72,6 +79,9 @@ services:
     labels:
       - "homelab.category=dashboard"
       - "homelab.description=Modern homelab dashboard"
+      - "sablier.enable=true"
+      - "sablier.group=${SERVER_HOSTNAME:-debian}-homarr"
+      - "sablier.start-on-demand=true"
       - "traefik.enable=true"
       - "traefik.http.routers.homarr.rule=Host(`homarr.${DOMAIN}`)"
       - "traefik.http.routers.homarr.entrypoints=websecure"

docker-compose/dockge/docker-compose.yml

@@ -2,12 +2,18 @@
 # Docker Compose Stack Manager
 # Place in /opt/dockge/docker-compose.yml
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
 # Service Access URLs:
 # - Dockge: https://dockge.${DOMAIN}
 
 services:
   # Dockge - Docker Compose Stack Manager (PRIMARY - preferred over Portainer)
   # Access at: https://dockge.${DOMAIN}
+  # Stack management interface should always run for container management
   dockge:
     image: louislam/dockge:1
     deploy:

docker-compose/infrastructure/docker-compose.yml

@@ -4,6 +4,11 @@
 # NOTE: Traefik, Authelia, DuckDNS, and Gluetun have their own separate stacks
 # See /opt/stacks/traefik/, /opt/stacks/authelia/, etc.
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
 # Service Access URLs:
 # - Portainer: https://portainer.${DOMAIN}
 # - Pi-hole: https://pihole.${DOMAIN}
@@ -13,6 +18,7 @@
 
 services:
   dockerproxy:
+    # Docker socket proxy for security - provides safe Docker API access, must always run
     image: tecnativa/docker-socket-proxy:latest
     container_name: dockerproxy
     privileged: true
@@ -33,6 +39,7 @@ services:
 
   # Pi-hole - Network-wide ad blocker and DNS server
   # Access at: https://pihole.${DOMAIN}
+  # DNS service must always run for network-wide ad blocking
   pihole:
     image: pihole/pihole:2024.01.0
     deploy:
@@ -76,14 +83,6 @@ services:
       - "traefik.http.services.pihole.loadbalancer.server.port=80"
       - "x-dockge.url=https://pihole.${DOMAIN}"
 
-  # Watchtower - Automatic container updates
-  # TEMPORARILY DISABLED: Docker API version incompatibility with Docker 29.x
-  # Watchtower versions have API compatibility issues:
-  # - v1.7.1: Uses API v1.25 (too old for Docker 29.x which requires min v1.44)
-  # - v1.7.2+/latest: Has issues with API negotiation
-  # Issue tracked for resolution in future release
-  # To enable: Uncomment service below and run: docker compose up -d watchtower
-  # 
   # Watchtower - Automatic container updates
   # Monitors and updates Docker containers to latest versions
   # Runs daily at 4 AM
@@ -108,6 +107,7 @@ services:
 
   # Dozzle - Real-time Docker log viewer
   # Access at: https://dozzle.${DOMAIN}
+  # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
   dozzle:
     image: amir20/dozzle:latest
     deploy:
@@ -133,6 +133,9 @@ services:
     labels:
       - "homelab.category=infrastructure"
       - "homelab.description=Real-time Docker log viewer"
+      - "sablier.enable=true"
+      - "sablier.group=${SERVER_HOSTNAME:-debian}-dozzle"
+      - "sablier.start-on-demand=true"
       - "traefik.enable=true"
       - "traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)"
       - "traefik.http.routers.dozzle.entrypoints=websecure"
@@ -142,6 +145,7 @@ services:
 
   # Glances - System monitoring
   # Access at: https://glances.${DOMAIN}
+  # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
   glances:
     image: nicolargo/glances:latest-full
     deploy:
@@ -167,6 +171,9 @@ services:
     labels:
       - "homelab.category=infrastructure"
       - "homelab.description=System and Docker monitoring"
+      - "sablier.enable=true"
+      - "sablier.group=${SERVER_HOSTNAME:-debian}-glances"
+      - "sablier.start-on-demand=true"
       - "traefik.enable=true"
       - "traefik.http.routers.glances.rule=Host(`glances.${DOMAIN}`)"
       - "traefik.http.routers.glances.entrypoints=websecure"
@@ -176,6 +183,7 @@ services:
 
   # Code Server - VS Code in browser
   # Access at: https://code.${DOMAIN}
+  # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
   code-server:
     image: lscr.io/linuxserver/code-server:latest
     deploy:
@@ -205,6 +213,9 @@ services:
     labels:
       - "homelab.category=infrastructure"
       - "homelab.description=VS Code in browser"
+      - "sablier.enable=true"
+      - "sablier.group=${SERVER_HOSTNAME:-debian}-code-server"
+      - "sablier.start-on-demand=true"
       - "traefik.enable=true"
       - "traefik.http.routers.code-server.rule=Host(`code.${DOMAIN}`)"
       - "traefik.http.routers.code-server.entrypoints=websecure"

docker-compose/media-management/docker-compose.yml

@@ -2,6 +2,11 @@
 # Content automation and library management (*arr apps, transcoders, etc.)
 # Place in /opt/stacks/media-management/docker-compose.yml
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
 # Service Access URLs:
 # - Sonarr: https://sonarr.${DOMAIN}
 # - Radarr: https://radarr.${DOMAIN}

docker-compose/media/docker-compose.yml

@@ -2,6 +2,10 @@
 # Default Services for media management and streaming
 # Place in /opt/stacks/media/docker-compose.yml
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
 
 # Service Access URLs:
 # - Jellyfin: https://jellyfin.${DOMAIN} (no SSO - app access)
@@ -12,6 +16,7 @@ services:
   # Jellyfin - Open-source media streaming server
   # Access at: https://jellyfin.yourdomain.duckdns.org
   # NOTE: No Authelia - allows app access from Roku, Fire TV, mobile, etc.
+  # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
   jellyfin:
     image: jellyfin/jellyfin:10.8.13
     deploy:
@@ -43,6 +48,9 @@ services:
     labels:
       - "homelab.category=media"
       - "homelab.description=Open-source media streaming server"
+      - "sablier.enable=true"
+      - "sablier.group=${SERVER_HOSTNAME:-debian}-jellyfin"
+      - "sablier.start-on-demand=true"
       # Traefik labels - NO Authelia for app access
       - "traefik.enable=true"
       - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)"
@@ -51,7 +59,6 @@ services:
       - "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt"
       - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
       - "x-dockge.url=https://jellyfin.${DOMAIN}"
-      - "x-dockge.url=https://jellyfin.${DOMAIN}"
 
   # Calibre-Web - Ebook reader and server
   # Access at: https://calibre.${DOMAIN}

docker-compose/monitoring/docker-compose.yml

@@ -2,6 +2,11 @@
 # Services for monitoring your homelab infrastructure
 # Place in /opt/stacks/monitoring/docker-compose.yml
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
 # Service Access URLs:
 # - Prometheus: http://server-ip:9090 (or configure Traefik)
 # - Grafana: http://server-ip:3000 (or configure Traefik)

docker-compose/productivity/docker-compose.yml

@@ -1,6 +1,11 @@
 # Productivity and Content Management Services
 # Place in /opt/stacks/productivity/docker-compose.yml
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
 # Service Access URLs:
 # - Nextcloud: https://nextcloud.${DOMAIN}
 # - Mealie: https://mealie.${DOMAIN}
@@ -13,6 +18,7 @@
 services:
   # Nextcloud - File sync and collaboration
   # Access at: https://nextcloud.${DOMAIN}
+  # File storage service should always run for continuous sync
   nextcloud:
     image: nextcloud:28
     deploy:
@@ -208,6 +214,7 @@ services:
 
   # DokuWiki - Wiki without database
   # Access at: https://wiki.${DOMAIN}
+  # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
   dokuwiki:
     image: lscr.io/linuxserver/dokuwiki:latest
     container_name: dokuwiki
@@ -224,6 +231,9 @@ services:
     labels:
       - "homelab.category=productivity"
       - "homelab.description=File-based wiki"
+      - "sablier.enable=true"
+      - "sablier.group=${SERVER_HOSTNAME:-debian}-dokuwiki"
+      - "sablier.start-on-demand=true"
       - "traefik.enable=true"
       - "traefik.http.routers.dokuwiki.rule=Host(`dokuwiki.${DOMAIN}`)"
       - "traefik.http.routers.dokuwiki.entrypoints=websecure"

docker-compose/utilities/docker-compose.yml

@@ -1,6 +1,11 @@
 # Backup and Utility Services
 # Place in /opt/stacks/utilities/docker-compose.yml
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
 # Service Access URLs:
 # - Backrest: https://backrest.${DOMAIN}
 # - Duplicati: https://duplicati.${DOMAIN}

docker-compose/vpn/docker-compose.yml

@@ -2,12 +2,18 @@
 # VPN client and VPN-routed download clients
 # Place in /opt/stacks/vpn/docker-compose.yml
 
+# RESTART POLICY GUIDE:
+# - unless-stopped: Core infrastructure services that should always run
+# - no: Services with Sablier lazy loading (start on-demand)
+# - See individual service comments for specific reasoning
+
 # Service Access URLs:
 # - qBittorrent: https://qbit.${DOMAIN}
 
 services:
   # Gluetun - VPN client (Surfshark)
   # Routes download clients through VPN for security
+  # VPN service should always run to maintain secure connections
   gluetun:
     image: qmcgaw/gluetun:latest
     container_name: gluetun