Update Homepage dashboard and deployment scripts

- Homepage: Reorganize services by stack instead of by category - Homepage: Add comprehensive Available to Install sections for all stacks - Homepage: Update config templates with {{HOMEPAGE_VAR_DOMAIN}} placeholder - Homepage: Change layout from row to column style - Scripts: Add sudo requirement to deploy-homelab.sh - Scripts: Replace NVIDIA driver installation with official installer method - Scripts: Add build prerequisites and nouveau blacklisting - Docs: Add AI Automation Guidelines section to docker-guidelines.md - Docs: Document Homepage auto-update requirements and workflow - Config: Add bookmarks.yaml template for Homepage - Config: Add alternatives.yml compose file (Portainer, Authentik) - Config: Update .env.example and authelia configuration
2026-01-13 00:04:43 -05:00
parent 37a093189e
commit bbcc4c19c9
12 changed files with 1159 additions and 571 deletions
--- a/docker-compose/alternatives.yml
+++ b/docker-compose/alternatives.yml
@@ -0,0 +1,149 @@
+# Alternative Services Stack
+# This stack contains alternative/optional services that are not deployed by default
+# Deploy manually through Dockge if you want to use these alternatives
+# Place in /opt/stacks/alternatives/docker-compose.yml
+
+services:
+  # Portainer - Docker management UI (Alternative to Dockge)
+  # Access at: https://portainer.${DOMAIN}
+  # NOTE: Dockge is the default Docker management UI. Deploy Portainer only if you prefer its interface
+  portainer:
+    image: portainer/portainer-ce:2.19.4
+    container_name: portainer
+    restart: unless-stopped
+    networks:
+      - homelab-network
+      - traefik-network
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer-data:/data
+    security_opt:
+      - no-new-privileges:true
+    labels:
+      - "homelab.category=alternatives"
+      - "homelab.description=Docker container management UI (Alternative to Dockge)"
+      - "traefik.enable=true"
+      - "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN}`)"
+      - "traefik.http.routers.portainer.entrypoints=websecure"
+      - "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.portainer.middlewares=authelia@docker"
+      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+
+  # Authentik - Alternative SSO/Identity Provider with Web UI
+  # Access at: https://authentik.${DOMAIN}
+  # NOTE: Authelia is the default SSO. Deploy Authentik only if you need a web UI for user management
+  # WARNING: Do not run both Authelia and Authentik at the same time
+  authentik-server:
+    image: ghcr.io/goauthentik/server:2024.2.0
+    container_name: authentik-server
+    restart: unless-stopped
+    command: server
+    networks:
+      - homelab-network
+      - traefik-network
+    volumes:
+      - /opt/stacks/authentik/media:/media
+      - /opt/stacks/authentik/custom-templates:/templates
+    environment:
+      - AUTHENTIK_REDIS__HOST=authentik-redis
+      - AUTHENTIK_POSTGRESQL__HOST=authentik-db
+      - AUTHENTIK_POSTGRESQL__USER=${AUTHENTIK_DB_USER:-authentik}
+      - AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DB_NAME:-authentik}
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${AUTHENTIK_DB_PASSWORD}
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=false
+    labels:
+      - "homelab.category=alternatives"
+      - "homelab.description=SSO/Identity provider with web UI (Alternative to Authelia)"
+      - "traefik.enable=true"
+      - "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)"
+      - "traefik.http.routers.authentik.entrypoints=websecure"
+      - "traefik.http.routers.authentik.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.authentik.middlewares=authelia@docker"
+      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
+    depends_on:
+      - authentik-db
+      - authentik-redis
+
+  # Authentik Worker - Background task processor
+  authentik-worker:
+    image: ghcr.io/goauthentik/server:2024.2.0
+    container_name: authentik-worker
+    restart: unless-stopped
+    command: worker
+    networks:
+      - homelab-network
+    volumes:
+      - /opt/stacks/authentik/media:/media
+      - /opt/stacks/authentik/certs:/certs
+      - /opt/stacks/authentik/custom-templates:/templates
+    environment:
+      - AUTHENTIK_REDIS__HOST=authentik-redis
+      - AUTHENTIK_POSTGRESQL__HOST=authentik-db
+      - AUTHENTIK_POSTGRESQL__USER=${AUTHENTIK_DB_USER:-authentik}
+      - AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_DB_NAME:-authentik}
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${AUTHENTIK_DB_PASSWORD}
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=false
+    labels:
+      - "homelab.category=alternatives"
+      - "homelab.description=Authentik background worker"
+    depends_on:
+      - authentik-db
+      - authentik-redis
+
+  # Authentik Database - PostgreSQL
+  authentik-db:
+    image: postgres:16-alpine
+    container_name: authentik-db
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    volumes:
+      - authentik-db-data:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${AUTHENTIK_DB_USER:-authentik}
+      - POSTGRES_PASSWORD=${AUTHENTIK_DB_PASSWORD}
+      - POSTGRES_DB=${AUTHENTIK_DB_NAME:-authentik}
+    labels:
+      - "homelab.category=alternatives"
+      - "homelab.description=Authentik database"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${AUTHENTIK_DB_USER:-authentik}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  # Authentik Redis - Cache and message queue
+  authentik-redis:
+    image: redis:7-alpine
+    container_name: authentik-redis
+    restart: unless-stopped
+    networks:
+      - homelab-network
+    volumes:
+      - authentik-redis-data:/data
+    command: --save 60 1 --loglevel warning
+    labels:
+      - "homelab.category=alternatives"
+      - "homelab.description=Authentik cache and messaging"
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      interval: 10s
+      timeout: 3s
+      retries: 5
+
+volumes:
+  portainer-data:
+    driver: local
+  authentik-db-data:
+    driver: local
+  authentik-redis-data:
+    driver: local
+
+networks:
+  homelab-network:
+    external: true
+  traefik-network:
+    external: true
+
--- a/docker-compose/dashboards.yml
+++ b/docker-compose/dashboards.yml
@@ -21,13 +21,14 @@ services:
      - PUID=${PUID:-1000}
      - PGID=${PGID:-1000}
      - TZ=${TZ}
+      - HOMEPAGE_ALLOWED_HOSTS=home.${DOMAIN}
    labels:
      - "homelab.category=dashboard"
      - "homelab.description=Application dashboard (AI-configurable)"
      - "traefik.enable=true"
      - "traefik.http.routers.homepage.rule=Host(`home.${DOMAIN}`)"
      - "traefik.http.routers.homepage.entrypoints=websecure"
-      - "traefik.http.routers.homepage.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.homepage.tls=true"
      - "traefik.http.routers.homepage.middlewares=authelia@docker"
      - "traefik.http.services.homepage.loadbalancer.server.port=3000"

@@ -53,7 +54,7 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.homarr.rule=Host(`homarr.${DOMAIN}`)"
      - "traefik.http.routers.homarr.entrypoints=websecure"
-      - "traefik.http.routers.homarr.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.homarr.tls=true"
      - "traefik.http.routers.homarr.middlewares=authelia@docker"
      - "traefik.http.services.homarr.loadbalancer.server.port=7575"