- Generate shared CA during core deployment for consistent trust across servers
- Modify setup_docker_tls() to use shared CA instead of per-server CAs
- Update share_certs_with_core() to copy shared CA from core server
- Re-enable TLS verification (DOCKER_TLS_VERIFY=1) in Sablier
- Fix Sablier certificate mounting for proper TLS connection
- Add docker-tls/ to .gitignore to prevent certificate leaks
- Update documentation for shared CA approach
- Add config directory copying to setup_stacks_for_dockge() function
- Add config directory copying to infrastructure deployment
- Fixes monitoring stack (prometheus/loki/promtail) config file issues
- Ensures all service configs are properly deployed
All stacks now have their configuration files copied during setup.
- Resolve port conflicts: TasmoAdmin (8084), Form.io (3002), Gitea (3010)
- Add missing Authelia SSO and Sablier lazy loading to utilities stack
- Standardize Form.io labels to match TRAEFIK CONFIGURATION guidelines
- Reorganize ports-in-use.md with stack-based table and proper column order
- Remove Dokuwiki deployment from ez-homelab.sh (already in productivity stack)
- Update service restart policies for lazy loading compatibility
- Replace all ${VARIABLE:-default} with ${VARIABLE} in compose files
- Ensure explicit variable requirements without default values
- Updated 10 docker-compose.yml files across all stacks
- Made reset-ondemand-services.sh executable
- Stop and remove ALL containers (not just specific stacks)
- Remove ALL Docker images, volumes, and networks
- Completely remove /opt/stacks and /opt/dockge directories
- Updated warnings to reflect thorough cleanup
- Maintains safety checks and user confirmation
- Change Traefik configs to use ${SERVER_HOSTNAME} placeholder (defaults to debian)
- Update ez-homelab.sh to replace SERVER_HOSTNAME in config templates
- Set Sablier session duration to 5m for testing (increase to 30m for production)
- Add SERVER_HOSTNAME prompt and saving in setup script
- Reorganize .env.example with better structure and SMTP variables
- Add production guidance comments to docker-compose files
- Intentional SMTP variable redundancy for service flexibility
- Script now properly detects if Docker is installed and user is in docker group
- Prevents forcing logout/login when Docker is already properly configured
- Only runs system_setup when actually needed
- Update ez-homelab.sh Step 3: Check if Docker is installed before attempting installation
- Update ez-homelab.sh Step 4: Check if Docker Compose is installed before attempting installation
- Update setup-homelab.sh Step 3: Improve Docker check to verify service status and start if needed
- Both scripts now skip installation and notify when components are already available
- Maintains backward compatibility and proper service management
- Add replace_env_vars() function to automatically scan and replace patterns
- Function checks all config files (.yml, .yaml, .conf, .json) for variables
- Replaces variables found in .env file with their values
- Warns about variables referenced in templates but missing from .env
- Applied to both core deployment and stack setup for Dockge
- Maintains backward compatibility with existing hardcoded replacements
- Makes deployment script maintenance-free for new services
- Add SERVER_HOSTNAME env var for Sablier group naming
- Update default hostname from 'jarvis' to 'debian' for generic repo compatibility
- Add restart policy documentation to all docker-compose files
- Add Sablier labels to lazy-loaded services (jellyfin, dozzle, glances, code-server, homarr, dokuwiki)
- Update sablier.yml template to use debian- prefixes
- Enhance deploy script to auto-detect hostname and update configurations
- Ensure all YAML files remain syntactically valid
- Add unified ez-homelab.sh script with guided menu interface
- Create dedicated Dockge stack in /opt/dockge for clean isolation
- Move dockerproxy from core to infrastructure stack
- Fix Authelia configuration with proper variable placeholders
- Update all compose files to use variables
- Enhance script with comprehensive variable replacement
- Fix sed delimiter conflicts and middleware issues
- Add proper step numbering and error handling
- Prepare all stacks for Dockge management
- Update README with new deployment instructions
- Remove redundant .yml files from main docker-compose folder
- Update deploy script to use folder-based structure for all stacks
- Update documentation to reflect new folder-based organization
- Standardize all stacks to use docker-compose.yml in individual folders
This eliminates confusion between file-based and folder-based structures,
making the repository more maintainable and consistent.
- Skip password confirmation prompt if DEFAULT_PASSWORD is already set and valid
- Remove redundant placeholder values from is_placeholder function
- Clean up temporary and permanent credential files after deployment to avoid redundancy with .env
- Add acme.json to .gitignore to prevent accidental commits
- Modify reset script to preserve certificates in repo folder before cleanup
- Modify setup script to restore certificates to correct location
- Update step numbering in reset script (now 7 steps)
- Maintain proper file permissions and ownership for certificates
- setup-homelab.sh: Fixed syntax errors, placeholder detection, and hardcoded paths
- deploy-homelab.sh: Refactored from inline code to function-based structure
- Both scripts now use consistent function organization for better readability
- Enhanced credential handling and error checking
- All scripts validated for syntax correctness
Fixes:
- docker-compose/infrastructure.yml:
- Uncommented Watchtower service
- Updated image from 1.7.1 to latest
- Changed DOCKER_API_VERSION from 1.44 to 1.52 (current Docker version)
- Added default empty value for WATCHTOWER_NOTIFICATION_URL
- scripts/deploy-homelab.sh:
- Removed "temporarily disabled" note
- Added Watchtower to infrastructure stack list
- docs/services-overview.md:
- Updated infrastructure stack count from 7 to 8
- Added Watchtower to service list
Watchtower now runs successfully with scheduled updates at 4 AM daily
Changes:
- scripts/setup-homelab.sh: Remove interactive deployment prompt
- Users must now run deploy script manually
- Simplifies both scripts (no sudo workarounds needed)
- Clearer two-step process: setup then deploy
- Documentation updates:
- README.md: Updated step 3-4 with manual deployment
- docs/getting-started.md: Removed step 6 (log out), clarified steps
- docs/manual-setup.md: Added sudo to deploy command
- docs/troubleshooting/COMMON-ISSUES.md: Added sudo to all deploy commands
Rationale:
- Automatic deployment via 'su -' cannot work with sudo requirement
- Manual two-step process is clearer and more reliable
- Setup focuses on configuration, deploy focuses on services
- setup-homelab.sh: Save AUTHELIA_ADMIN_* credentials to .env file
- deploy-homelab.sh: Check .env file as fallback if temp files don't exist
- .env.example: Document auto-generated Authelia admin variables
This ensures credentials survive reboots (e.g., when NVIDIA drivers are installed)
and the deploy script can find them even when run manually after reboot.
- setup-homelab.sh: Store temp files in /opt/stacks/.setup-temp instead of /tmp
- deploy-homelab.sh: Read credentials from new persistent location
- reset-test-environment.sh: Clean up new temp directory
This fixes the issue where credentials were inaccessible when deploy script
runs via 'su -' (login shell) from setup script, as /tmp files created by
root are not accessible across the su boundary.
- getting-started.md: Moved checklist before Simple Setup, removed Round 4 section
- authelia-customization.md: Updated Authentik reference to alternatives stack
- services-overview.md: Added clickable links to all stack compose files
- setup-homelab.sh: Added prompt to run deployment script after setup (defaults to yes)
- traefik.yml: Changed default to DNS challenge for wildcard certificates (DuckDNS)
All documentation now reflects wildcard certificate usage with DNS challenge.
Critical fix for argon2 password hash preservation:
- Root cause: Bash variable expansion of $ characters in argon2id hashes
- Solution: Write hash directly from Docker output to file, bypass bash variables entirely
- setup-homelab.sh: Stream Docker output directly to /tmp/authelia_password_hash.tmp
- deploy-homelab.sh: Read hash file in Python to avoid any bash expansion
- Result: Password hash correctly preserved with full $argon2id$v=19$m=... format
Other changes:
- Added DOCKER_API_VERSION=1.44 env var for watchtower (API compatibility)
- Watchtower still has issues with Docker 29.1.4 - keeping version pinned for investigation
Tested on Debian 12 with Docker 29.1.4:
✅ All 11 critical containers healthy
✅ Authelia authentication working correctly
✅ Password hash preserved through entire deployment workflow
⚠️ Watchtower restart loop (non-critical, under investigation)
Issue: sed with | delimiter still has problems with $ in argon2 hash
Attempted fix: Escape special characters before sed replacement
Note: Manual sed with double quotes works, suggesting escaping strategy
may need refinement. Need to test if this resolves the issue.
Issue: Heredoc variable expansion was mangling password hashes containing $ characters
Solution: Use quoted heredoc ('EOF') with placeholders, then sed replace
The unquoted heredoc was interpreting $ in the argon2 hash as shell variable
expansion, corrupting the hash format.
