feat: standardize Traefik/Sablier labels across all stacks

- Add consistent # TRAEFIK CONFIGURATION headers to all services - Standardize label structure with service metadata, router config, and Sablier settings - Update dockerproxy and sablier-service with Docker API requirements documentation - Fix YAML validation issues in productivity stack - Ensure all stacks have uniform labeling for easy management Resolves Docker API connectivity issues for Sablier lazy loading
2026-01-23 17:31:23 -05:00
parent 0f6d6c1583
commit c8ffce2611
6 changed files with 59 additions and 32 deletions
--- a/docker-compose/infrastructure/docker-compose.yml
+++ b/docker-compose/infrastructure/docker-compose.yml
@@ -21,6 +21,11 @@
 services:
  dockerproxy:
    # Docker socket proxy for security - provides safe Docker API access, must always run
+    # REQUIREMENTS FOR SABLIER INTEGRATION:
+    # 1. Docker daemon must be configured to listen on TCP port 2375 (not just unix socket)
+    # 2. Firewall must allow access to port 2375 from Sablier service
+    # 3. Docker daemon config should include: "hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
+    # 4. For security, consider restricting access to specific IP ranges or using TLS
    image: tecnativa/docker-socket-proxy:latest
    container_name: dockerproxy
    privileged: true
@@ -78,16 +83,20 @@ services:
    cap_add:
      - NET_ADMIN
    labels:
+      # TRAEFIK CONFIGURATION
+      # ==========================================
+      # Service metadata
      - "homelab.category=infrastructure"
      - "homelab.description=Network-wide ad blocking and DNS"
+      # Traefik reverse proxy (comment/uncomment to disable/enable)
+      # If Traefik is on a remote server: these labels are NOT USED; 
+      #   configure external yml files in /traefik/dynamic folder instead.
      - "traefik.enable=true"
      - "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)"
      - "traefik.http.routers.pihole.entrypoints=websecure"
-      - "traefik.http.routers.pihole.tls=true"
      - "traefik.http.routers.pihole.tls.certresolver=letsencrypt"
      - "traefik.http.routers.pihole.middlewares=authelia@docker"
      - "traefik.http.services.pihole.loadbalancer.server.port=80"
-      - "x-dockge.url=https://pihole.${DOMAIN}"

  # Watchtower - Automatic container updates
  # Monitors and updates Docker containers to latest versions