Implement Dockge structure with Traefik, Authelia, DuckDNS, and Gluetun VPN

- Update AI copilot instructions for /opt/stacks structure and automated config management - Replace Nginx Proxy Manager with Traefik (file-based configuration for AI) - Add Authelia for SSO with bypass rules for Jellyfin/Plex apps - Add DuckDNS for dynamic DNS with Let's Encrypt integration - Add Gluetun VPN with Surfshark (WireGuard) for secure downloads - Update all services to use /opt/stacks paths instead of local directories - Add Traefik labels to all services for automatic routing - Configure qBittorrent to route through Gluetun VPN - Update .env.example with all new required variables - Create configuration templates for Traefik and Authelia - Add comprehensive Dockge deployment guide Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
2026-01-12 00:13:55 +00:00
parent 6083da7036
commit f9a34fe9c7
13 changed files with 1082 additions and 112 deletions
--- a/.env.example
+++ b/.env.example
@@ -12,12 +12,41 @@ TZ=America/New_York
 # Server IP address
 SERVER_IP=192.168.1.100

+# Domain Configuration
+DOMAIN=yourdomain.duckdns.org  # Your DuckDNS domain
+
 # Directory Paths
-USERDIR=/home/username/homelab
-MEDIADIR=/mnt/media
-DOWNLOADDIR=/mnt/downloads
+USERDIR=/opt/stacks
+MEDIADIR=/mnt/media           # Large media files on separate drive
+DOWNLOADDIR=/mnt/downloads    # Downloads on separate drive
 PROJECTDIR=/home/username/projects

+# DuckDNS Configuration
+DUCKDNS_TOKEN=your-duckdns-token
+DUCKDNS_SUBDOMAINS=yourdomain  # Without .duckdns.org
+
+# Let's Encrypt / ACME
+ACME_EMAIL=your-email@example.com
+
+# Authelia Secrets (generate with: openssl rand -hex 64)
+AUTHELIA_JWT_SECRET=your-jwt-secret-here-64-chars
+AUTHELIA_SESSION_SECRET=your-session-secret-here-64-chars
+AUTHELIA_STORAGE_ENCRYPTION_KEY=your-encryption-key-here-64-chars
+
+# SMTP for Authelia Notifications (optional)
+SMTP_USERNAME=your-email@example.com
+SMTP_PASSWORD=your-smtp-password
+
+# VPN Configuration (Surfshark)
+# Get WireGuard details from Surfshark dashboard
+SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
+SURFSHARK_ADDRESSES=10.14.0.2/16
+VPN_COUNTRY=Netherlands  # Preferred VPN server location
+
+# Alternative: OpenVPN credentials (if not using WireGuard)
+# SURFSHARK_USERNAME=your-surfshark-username
+# SURFSHARK_PASSWORD=your-surfshark-password
+
 # Plex Configuration
 PLEX_CLAIM=claim-xxxxxxxxxx

@@ -45,4 +74,7 @@ PIHOLE_PASSWORD=changeme
 # Watchtower Notifications (optional)
 # WATCHTOWER_NOTIFICATION_URL=

+# Cloudflare API (optional, for DNS challenge)
+# CF_DNS_API_TOKEN=your-cloudflare-api-token
+
 # Add your own variables below