kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: standardize Traefik/Sablier labels across all stacks

Browse Source 
- Add consistent # TRAEFIK CONFIGURATION headers to all services
- Standardize label structure with service metadata, router config, and Sablier settings
- Update dockerproxy and sablier-service with Docker API requirements documentation
- Fix YAML validation issues in productivity stack
- Ensure all stacks have uniform labeling for easy management

Resolves Docker API connectivity issues for Sablier lazy loading
This commit is contained in:
EZ-Homelab
2026-01-23 17:31:23 -05:00
parent 0f6d6c1583
commit c8ffce2611
6 changed files with 59 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docker-compose/core/docker-compose.yml
View File

@@ -106,6 +106,12 @@ services:
# Sablier - Lazy loading service for Docker containers
# Controls startup/shutdown of lazy-loaded services, must always run
# REQUIREMENTS FOR DOCKER API ACCESS:
# 1. Docker daemon must be configured to listen on TCP port 2375
# 2. DOCKER_HOST environment variable must point to accessible Docker API endpoint
# 3. Firewall must allow TCP connections to Docker API port (default 2375)
# 4. For production, consider using TLS for Docker API communication
# 5. Ensure dockerproxy service is running and accessible
sablier-service:
image: sablierapp/sablier:latest
container_name: sablier-service
@@ -114,7 +120,7 @@ services:
- traefik-network
environment:
- SABLIER_PROVIDER=docker
- SABLIER_DOCKER_API_VERSION=1.53
- SABLIER_DOCKER_API_VERSION=1.51
- SABLIER_DOCKER_NETWORK=traefik-network
- SABLIER_LOG_LEVEL=debug
- DOCKER_HOST=tcp://192.168.4.11:2375

9
docker-compose/dockge/docker-compose.yml
View File

@@ -41,15 +41,20 @@ services:
- DOCKGE_STACKS_DIR=/opt/stacks
- DOCKGE_ENABLE_CONSOLE=true
labels:
# TRAEFIK CONFIGURATION
# ==========================================
# Service metadata
- "homelab.category=infrastructure"
- "homelab.description=Docker Compose stack manager (PRIMARY)"
# Traefik reverse proxy (comment/uncomment to disable/enable)
# If Traefik is on a remote server: these labels are NOT USED;
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)"
- "traefik.http.routers.dockge.entrypoints=websecure"
- "traefik.http.routers.dockge.tls=true"
- "traefik.http.routers.dockge.tls.certresolver=letsencrypt"
- "traefik.http.routers.dockge.middlewares=authelia@docker"
- "traefik.http.services.dockge.loadbalancer.server.port=5001"
- "x-dockge.url=https://dockge.${DOMAIN}"
networks:
homelab-network:

13
docker-compose/infrastructure/docker-compose.yml
View File

@@ -21,6 +21,11 @@
services:
dockerproxy:
# Docker socket proxy for security - provides safe Docker API access, must always run
# REQUIREMENTS FOR SABLIER INTEGRATION:
# 1. Docker daemon must be configured to listen on TCP port 2375 (not just unix socket)
# 2. Firewall must allow access to port 2375 from Sablier service
# 3. Docker daemon config should include: "hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
# 4. For security, consider restricting access to specific IP ranges or using TLS
image: tecnativa/docker-socket-proxy:latest
container_name: dockerproxy
privileged: true
@@ -78,16 +83,20 @@ services:
cap_add:
- NET_ADMIN
labels:
# TRAEFIK CONFIGURATION
# ==========================================
# Service metadata
- "homelab.category=infrastructure"
- "homelab.description=Network-wide ad blocking and DNS"
# Traefik reverse proxy (comment/uncomment to disable/enable)
# If Traefik is on a remote server: these labels are NOT USED;
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)"
- "traefik.http.routers.pihole.entrypoints=websecure"
- "traefik.http.routers.pihole.tls=true"
- "traefik.http.routers.pihole.tls.certresolver=letsencrypt"
- "traefik.http.routers.pihole.middlewares=authelia@docker"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "x-dockge.url=https://pihole.${DOMAIN}"
# Watchtower - Automatic container updates
# Monitors and updates Docker containers to latest versions

23
docker-compose/media/docker-compose.yml
View File

@@ -55,23 +55,21 @@ services:
# Uncomment for hardware transcoding
# devices:
# - /dev/dri:/dev/dri
# TRAEFIK CONFIGURATION
labels:
# TRAEFIK & SABLIER CONFIGURATION
# ==========================================
# Service metadata
- "com.centurylinklabs.watchtower.enable=true"
- "homelab.category=media"
- "homelab.description=Open-source media streaming server"
# Traefik reverse proxy (comment/uncomment to disable/enable)
# If Traefik is on a remote server: these labels are NOT USED;
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
# Router configuration
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt"
# - "traefik.http.routers.jellyfin.middlewares=authelia@docker" # Disabled for app access
# Service configuration
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
# Sablier lazy loading (enabled by default - comment out to disable)
# Sablier configuration
- "sablier.enable=true"
- "sablier.group=${SERVER_HOSTNAME:-debian}-jellyfin"
- "sablier.start-on-demand=true"
@@ -106,22 +104,21 @@ services:
- PGID=${PGID:-1000}
- TZ=${TZ:-America/New_York}
- DOCKER_MODS=linuxserver/mods:universal-calibre
# TRAEFIK CONFIGURATION
labels:
# TRAEFIK & SABLIER CONFIGURATION
# ==========================================
# Service metadata
- "com.centurylinklabs.watchtower.enable=true"
- "homelab.category=media"
- "homelab.description=Ebook reader and library management"
# Traefik reverse proxy (comment/uncomment to disable/enable)
# If Traefik is on a remote server: these labels are NOT USED;
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
# Router configuration
- "traefik.http.routers.calibre.rule=Host(`calibre.${DOMAIN}`)"
- "traefik.http.routers.calibre.entrypoints=websecure"
- "traefik.http.routers.calibre.tls.certresolver=letsencrypt"
- "traefik.http.routers.calibre.middlewares=authelia@docker"
# Service configuration
- "traefik.http.services.calibre.loadbalancer.server.port=8083"
# Sablier lazy loading (disabled by default - uncomment to enable)
# Sablier configuration (disabled by default)
# - "sablier.enable=true"
# - "sablier.group=${SERVER_HOSTNAME:-debian}-calibre-web"
# - "sablier.start-on-demand=true"

27
docker-compose/productivity/docker-compose.yml
View File

@@ -77,7 +77,6 @@ services:
- "sablier.start-on-demand=true"
nextcloud-db:
restart: unless-stopped
image: mariadb:10.11
container_name: nextcloud-db
restart: no
@@ -176,7 +175,6 @@ services:
- "sablier.start-on-demand=true"
wordpress-db:
restart: unless-stopped
image: mariadb:10.11
container_name: wordpress-db
restart: no
@@ -249,7 +247,6 @@ services:
- "sablier.start-on-demand=true"
gitea-db:
restart: unless-stopped
image: postgres:14-alpine
container_name: gitea-db
restart: no
@@ -351,7 +348,6 @@ services:
- "sablier.start-on-demand=true"
bookstack-db:
restart: unless-stopped
image: mariadb:10.11
container_name: bookstack-db
restart: no
@@ -411,7 +407,6 @@ services:
- "sablier.start-on-demand=true"
mediawiki-db:
restart: unless-stopped
image: mariadb:10.11
container_name: mediawiki-db
restart: no
@@ -456,14 +451,20 @@ services:
# - NVIDIA_VISIBLE_DEVICES=all
# - NVIDIA_DRIVER_CAPABILITIES=compute,utility
labels:
- homelab.category=productivity
- homelab.description=Jupyter Lab for data science and ML
- traefik.enable=true
- traefik.http.routers.jupyter.rule=Host(`jupyter.${DOMAIN}`)
- traefik.http.routers.jupyter.entrypoints=websecure
- traefik.http.routers.jupyter.tls.certresolver=letsencrypt
- traefik.http.routers.jupyter.middlewares=authelia@docker
- traefik.http.services.jupyter.loadbalancer.server.port=8888
# TRAEFIK CONFIGURATION
# ==========================================
# Service metadata
- "homelab.category=productivity"
- "homelab.description=Jupyter Lab for data science and ML"
# Traefik reverse proxy (comment/uncomment to disable/enable)
# If Traefik is on a remote server: these labels are NOT USED;
# configure external yml files in /traefik/dynamic folder instead.
- "traefik.enable=true"
- "traefik.http.routers.jupyter.rule=Host(`jupyter.${DOMAIN}`)"
- "traefik.http.routers.jupyter.entrypoints=websecure"
- "traefik.http.routers.jupyter.tls.certresolver=letsencrypt"
- "traefik.http.routers.jupyter.middlewares=authelia@docker"
- "traefik.http.services.jupyter.loadbalancer.server.port=8888"
volumes:
nextcloud-db-data:

11
docker-compose/vpn/docker-compose.yml
View File

@@ -41,15 +41,24 @@ services:
- OPENVPN_PASSWORD=${SURFSHARK_PASSWORD}
- SERVER_COUNTRIES=${VPN_SERVER_COUNTRIES:-Netherlands}
- TZ=${TZ}
# TRAEFIK CONFIGURATION
labels:
# Service metadata
- "com.centurylinklabs.watchtower.enable=true"
- "homelab.category=downloaders"
- "homelab.description=VPN client for secure downloads"
- "traefik.enable=true"
# Router configuration
- "traefik.http.routers.qbittorrent.rule=Host(`qbit.${DOMAIN}`)"
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
- "traefik.http.routers.qbittorrent.tls=true"
- "traefik.http.routers.qbittorrent.middlewares=authelia@docker"
- "traefik.http.services.qbittorrent.loadbalancer.server.port=8080"
# Service configuration
- "traefik.http.services.qbittorrent.loadbalancer.server.port=8081"
# Sablier configuration
- "sablier.enable=true"
- "sablier.group=qbittorrent"
- "sablier.sessionDuration=1h"
# qBittorrent - Torrent client
# Routes through Gluetun VPN