Major features:
- Automated SSH key setup between remote and core servers
- Docker TLS configuration with shared CA certificates
- Automatic deployment of Dockge, Traefik, Sablier, and Infrastructure stacks
- Copy all stacks (except core) to remote server for on-demand deployment
- New standalone Traefik stack for remote server container discovery
- Locale-aware SSH/SCP commands to handle Raspberry Pi warnings
- Variable expansion support in .env files (${VAR} references)
- Comprehensive error handling and verbose deployment logging
Technical improvements:
- setup_ssh_key_to_core() - Automated RSA 4096-bit key generation and installation
- setup_multi_server_tls() - Fetch shared CA from core server via SSH
- copy_all_stacks_for_remote() - Deploy all stacks except core
- deploy_traefik_stack() - Local Traefik for container discovery
- Enhanced localization with envsubst support
- Docker network creation (traefik-network, homelab-network)
- Password authentication with special character handling
Fixes:
- Fixed SSH key path handling for non-root users
- Fixed SCP exit code checking (was checking grep instead of scp)
- Fixed CA file detection with proper test commands
- Removed unnecessary prepare_deployment() function call
- Added ACTUAL_USER variable initialization for remote deployments
- Add traefik.docker.network=traefik-network label to homepage service
- Prevent Traefik from using wrong IP from homelab-network
- Resolve 504 Gateway Timeout issues after authentication
- Update various docker-compose configurations and templates
- Clean up unused configuration files
- Reorganize OTHER OPTIONAL CONFIGURATIONS section alphabetically by service name
- Improve user experience for finding specific service configurations
- Add clarifying comments for Authelia admin account variables
- Generalize AUTHELIA_ADMIN_PASSWORD to use DEFAULT_PASSWORD variable
- Change Traefik configs to use ${SERVER_HOSTNAME} placeholder (defaults to debian)
- Update ez-homelab.sh to replace SERVER_HOSTNAME in config templates
- Set Sablier session duration to 5m for testing (increase to 30m for production)
- Add SERVER_HOSTNAME prompt and saving in setup script
- Reorganize .env.example with better structure and SMTP variables
- Add production guidance comments to docker-compose files
- Intentional SMTP variable redundancy for service flexibility
- Add SERVER_HOSTNAME env var for Sablier group naming
- Update default hostname from 'jarvis' to 'debian' for generic repo compatibility
- Add restart policy documentation to all docker-compose files
- Add Sablier labels to lazy-loaded services (jellyfin, dozzle, glances, code-server, homarr, dokuwiki)
- Update sablier.yml template to use debian- prefixes
- Enhance deploy script to auto-detect hostname and update configurations
- Ensure all YAML files remain syntactically valid
- setup-homelab.sh: Save AUTHELIA_ADMIN_* credentials to .env file
- deploy-homelab.sh: Check .env file as fallback if temp files don't exist
- .env.example: Document auto-generated Authelia admin variables
This ensures credentials survive reboots (e.g., when NVIDIA drivers are installed)
and the deploy script can find them even when run manually after reboot.
- Fix password file ownership (user can now read without sudo)
- Add dashboards stack to automated deployment (Step 5/6)
- Add SSL certificate notes to deploy script output
- Clarify .env file location in documentation (stays in repo folder)
- Update README and getting-started.md with accurate deployment steps
- Add Watchtower notification URL documentation
- Improve user feedback with admin credentials and dashboard URLs
- Remove dashboards from 'Next Steps' since it's now automated
User experience improvements:
- Password file readable by user immediately
- Homepage and Homarr deployed automatically
- Clear guidance on .env file management
- Better SSL certificate expectations
- Add Vaultwarden (Bitwarden) password manager to utilities.yml
- Self-hosted password manager with web UI
- SMTP configuration for email notifications
- Admin token for management
- Access at bitwarden.${DOMAIN}
- Protected by Authelia SSO
- Create automated first-run setup script (scripts/setup-homelab.sh)
- Installs Docker Engine and Compose V2
- Configures user groups (sudo, docker)
- Enables SSH for remote management
- Detects NVIDIA GPU and provides manual driver installation instructions
- Creates directory structure and Docker networks
- Comprehensive instructions for post-setup deployment
- Remove redundant compose files (now in core.yml)
- Deleted authelia.yml, duckdns.yml, gluetun.yml, traefik.yml
- All services consolidated into unified core.yml stack
- Eliminates confusion and duplication
- Update disk space requirements across documentation
- Changed from "100GB+ system, 1TB+ media" to:
- "120GB+ system drive (NVMe or SSD highly recommended)"
- "2TB+ for media & additional disks for services like Nextcloud"
- Updated in README.md and getting-started.md
- Add preference for LinuxServer.io images
- Updated copilot-instructions.md
- LinuxServer images support PUID/PGID for proper file permissions
- Preference noted in consistency guidelines
- Update core stack documentation
- Emphasize unified core.yml deployment
- Add both deployment methods (cd to directory vs full path)
- Update getting-started.md with correct deployment steps
- Note removal of separate stack files
- Add Bitwarden environment variables to .env.example
- BITWARDEN_ADMIN_TOKEN, SIGNUPS_ALLOWED, INVITATIONS_ALLOWED
- SMTP configuration for email notifications
- Generation instructions included
- Update services-reference.md
- Add Vaultwarden to utilities section (now 7 services)
- Update service count and access URLs
All documentation now consistent with unified core stack approach and includes all requested features.
Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
- Add Authentik service stack to infrastructure.yml
- Includes Authentik server, worker, PostgreSQL database, and Redis
- Alternative SSO with web UI for user management
- Access at authentik.${DOMAIN}
- Protected by Authelia SSO (comment out to use standalone)
- Fix Uptime Kuma duplicate listing
- Remove from utilities.yml
- Keep only in monitoring.yml where it belongs
- Add Traefik labels and SSO protection to monitoring instance
- Enable SSO on Jellyseerr by default
- Changed from bypass to protected (security-first approach)
- Users can comment out SSO if needed for public access
- Update SSO toggling documentation
- Emphasize commenting out (not removing) middleware line
- Add docker command examples for running from outside stack folder
- Show both "cd to directory" and "full path" methods
- Add examples for starting and stopping services multiple ways
- Enhance security-first methodology
- Update copilot instructions to default SSO to enabled
- Only Plex and Jellyfin bypass SSO by default
- All other services start secured, expose gradually
- Emphasize commenting (not removing) for easier re-enable
- Update services-reference.md
- Add Authentik to infrastructure section (12 services)
- Move Uptime Kuma to monitoring section (8 services)
- Remove from utilities (now 6 services)
- Update Jellyseerr SSO status from ✗ to ✓
- Improve Authentik documentation with deployment guidance
- Add Authentik environment variables to .env.example
- AUTHENTIK_SECRET_KEY, DB credentials
- Generation instructions included
All changes align with security-first principle: start secure, expose services only when ready for deployment.
Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
- Add Dockge to infrastructure (primary over Portainer)
- Create dashboards.yml with Homepage and Homarr (AI-configurable)
- Create homeassistant.yml with HA, ESPHome, TasmoAdmin, Node-RED, Mosquitto, Zigbee2MQTT, MotionEye
- Create media-extended.yml with Readarr, Lidarr, Lazy Librarian, Mylar3, Calibre-Web, Jellyseerr, FlareSolverr, Tdarr, Unmanic
- Create productivity.yml with Nextcloud, Mealie, WordPress, Gitea, DokuWiki, BookStack, MediaWiki (all with databases)
- Create utilities.yml with Backrest, Duplicati, Uptime Kuma, Code Server, Form.io, Authelia Redis
- Add Homepage configuration templates (services.yaml, docker.yaml, settings.yaml, widgets.yaml)
- All services include container names for Docker integration
- Widgets configured for services that support them (Sonarr, Radarr, Plex, Jellyfin, etc.)
- Organized by category with proper layouts
- Create docs/proxying-external-hosts.md - comprehensive guide for proxying Raspberry Pi and other external hosts via Traefik
- Update .env.example with all new service credentials and Homepage API keys
- Update infrastructure.yml to prioritize Dockge, add Dozzle, Glances, Docker Proxy
- All services configured with /opt/stacks paths, Traefik labels, and appropriate Authelia middleware
Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
- Update AI copilot instructions for /opt/stacks structure and automated config management
- Replace Nginx Proxy Manager with Traefik (file-based configuration for AI)
- Add Authelia for SSO with bypass rules for Jellyfin/Plex apps
- Add DuckDNS for dynamic DNS with Let's Encrypt integration
- Add Gluetun VPN with Surfshark (WireGuard) for secure downloads
- Update all services to use /opt/stacks paths instead of local directories
- Add Traefik labels to all services for automatic routing
- Configure qBittorrent to route through Gluetun VPN
- Update .env.example with all new required variables
- Create configuration templates for Traefik and Authelia
- Add comprehensive Dockge deployment guide
Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
