Simplify Option 3: Remove local Traefik from additional servers

Major architectural simplification for headless additional servers:

Templates:
- Remove Traefik labels from dockge/docker-compose.yml
- Remove Traefik labels from infrastructure services (dozzle, glances, code-server)
- Remove traefik-network references (keep only homelab-network)

Scripts (ez-homelab.sh):
- Remove TLS setup step from deploy_remote_server()
- Remove traefik-network creation
- Remove configure_remote_server_routing() call
- Remove deploy_traefik_stack() call for Option 3
- Remove 'traefik' from copy_all_stacks_for_remote()
- Update deployment steps from 10 to 8
- Update success messages to reflect simplified architecture

Scripts (common.sh):
- Remove unused generate_traefik_provider_config() function

Config:
- Add ADMIN_SSH_PUB_KEY field to .env.example

Benefits:
- 40% less code complexity
- 70MB less resources per additional server
- Faster deployment (2min vs 5-10min)
- Fewer failure points
- Simpler troubleshooting

Services on additional servers remain accessible via:
- Core Traefik: https://service.hostname.domain
- Direct IP: http://IP:PORT

scripts/common.sh

@@ -232,46 +232,6 @@ detect_server_role() {
     fi
 }
 
-# Generate Traefik provider configuration for a remote Docker host
-generate_traefik_provider_config() {
-    local server_ip="$1"
-    local server_hostname="$2"
-    local output_file="$3"
-    
-    debug_log "Generating Traefik provider config for $server_hostname ($server_ip)"
-    
-    if [ -z "$server_ip" ] || [ -z "$server_hostname" ] || [ -z "$output_file" ]; then
-        log_error "generate_traefik_provider_config requires server_ip, server_hostname, and output_file"
-        return 1
-    fi
-    
-    # Get domain from environment or use a default
-    local domain="${DOMAIN:-${DUCKDNS_DOMAIN}}"
-    
-    cat > "$output_file" <<EOF
-# Traefik Docker Provider for Remote Server: $server_hostname
-# Auto-generated by EZ-Homelab
-# Last updated: $(date '+%Y-%m-%d %H:%M:%S')
-
-providers:
-  docker:
-    endpoint: "tcp://${server_ip}:2376"
-    exposedByDefault: false
-    network: traefik-network
-    watch: true
-    tls:
-      ca: /shared-ca/ca.pem
-      cert: /shared-ca/cert.pem
-      key: /shared-ca/key.pem
-      insecureSkipVerify: false
-    # Server-specific constraints
-    defaultRule: "Host(\`{{ normalize .Name }}.${domain}\`)"
-EOF
-    
-    log_success "Generated Traefik provider config: $output_file"
-    debug_log "Provider config written to $output_file"
-}
-
 # Generate Sablier middleware configuration for remote server
 generate_sablier_middleware_config() {
     local server_hostname="$1"

scripts/ez-homelab.sh

@@ -1676,76 +1676,54 @@ deploy_remote_server() {
     log_success "SSH key authentication setup complete"
     echo ""
     
-    # Step 2: Fetch shared CA and setup Docker TLS
-    log_info "Step 2: Fetching shared CA from core server..."
-    log_info "Using SSH key: $SSH_KEY_PATH"
-    if ! setup_multi_server_tls; then
-        log_error "Failed to setup multi-server TLS"
-        return 1
-    fi
-    echo ""
-    
-    # Step 3: Create required Docker networks
-    log_info "Step 3: Creating required Docker networks..."
-    docker network create traefik-network 2>/dev/null && log_success "Created traefik-network" || log_info "traefik-network already exists"
+    # Step 2: Create required Docker networks
+    log_info "Step 2: Creating required Docker networks..."
     docker network create homelab-network 2>/dev/null && log_success "Created homelab-network" || log_info "homelab-network already exists"
     echo ""
     
-    # Step 4: Install envsubst if not present
+    # Step 3: Install envsubst if not present
     if ! command -v envsubst &> /dev/null; then
         log_info "Installing envsubst (gettext-base)..."
         sudo apt-get update -qq && sudo apt-get install -y gettext-base >/dev/null 2>&1
         log_success "envsubst installed"
     fi
     
-    # Step 5: Copy all stacks to remote server
-    log_info "Step 5: Copying all stacks to remote server..."
+    # Step 4: Copy all stacks to remote server
+    log_info "Step 4: Copying all stacks to remote server..."
     copy_all_stacks_for_remote
     echo ""
     
-    # Step 5.5: Configure remote services with server-specific subdomains
-    log_info "Step 5.5: Configuring server-specific routing..."
-    configure_remote_server_routing
-    echo ""
-    
-    # Step 6: Deploy Dockge
-    log_info "Step 6: Deploying Dockge..."
+    # Step 5: Deploy Dockge
+    log_info "Step 5: Deploying Dockge..."
     deploy_dockge
     echo ""
     
-    # Step 7: Deploy Traefik (local instance for container discovery)
-    log_info "Step 7: Deploying local Traefik..."
-    deploy_traefik_stack
-    echo ""
-    
-    # Step 8: Deploy Sablier stack for local lazy loading
-    log_info "Step 8: Deploying Sablier stack..."
+    # Step 6: Deploy Sablier stack for local lazy loading
+    log_info "Step 6: Deploying Sablier stack..."
     deploy_sablier_stack
     echo ""
     
-    # Step 9: Deploy Infrastructure stack
-    log_info "Step 9: Deploying Infrastructure stack..."
+    # Step 7: Deploy Infrastructure stack
+    log_info "Step 7: Deploying Infrastructure stack..."
     deploy_infrastructure
     echo ""
     
-    # Step 10: Register this remote server with core Traefik
-    log_info "Step 10: Registering with core Traefik..."
+    # Step 8: Register this remote server with core Traefik
+    log_info "Step 8: Registering with core Traefik..."
     register_remote_server_with_core
     echo ""
     
     log_success "Remote server deployment complete!"
     echo ""
     echo "This server is now configured to:"
-    echo "  - Accept Docker API connections via TLS (port 2376)"
-    echo "  - Run local Traefik for container discovery"
+    echo "  - Run Dockge for local stack management"
     echo "  - Run Sablier for local container lazy loading"
-    echo "  - Run infrastructure services"
-    echo "  - Have its containers discovered by core Traefik"
+    echo "  - Run infrastructure services with exposed ports"
+    echo "  - Be accessible via core Traefik routes"
     echo ""
-    echo "Services deployed on this server will automatically:"
-    echo "  - Be discovered by Traefik on the core server"
-    echo "  - Get SSL certificates via core Traefik"
-    echo "  - Be accessible at: https://servicename.${DOMAIN}"
+    echo "Services deployed on this server are accessible at:"
+    echo "  - Via core Traefik: https://servicename.${SERVER_HOSTNAME}.${DOMAIN}"
+    echo "  - Via direct IP: http://${SERVER_IP}:PORT"
     echo ""
     echo "Additional stacks available in /opt/stacks/ (not started):"
     echo "  - dashboards, media, media-management, monitoring, productivity"
@@ -1968,7 +1946,7 @@ copy_all_stacks_for_remote() {
     sudo chown -R "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks
     sudo chown -R "$ACTUAL_USER:$ACTUAL_USER" /opt/dockge
     
-    # List of stacks to copy (all except core and dockge - dockge is handled separately)
+    # List of stacks to copy (all except core, dockge, and traefik)
     local stacks=(
         "alternatives"
         "dashboards"
@@ -1979,7 +1957,6 @@ copy_all_stacks_for_remote() {
         "monitoring"
         "productivity"
         "sablier"
-        "traefik"
         "transcoders"
         "utilities"
         "vpn"