Major improvements to environment variable management:
1. Added .env.example files for ALL stacks
- Each stack now has its own .env.example with only required variables
- Variables include comments explaining their purpose
- Examples: core, dockge, infrastructure, dashboards, arcane, media, media-management, transcoders, monitoring, sablier, utilities, productivity, wikis, vpn, homeassistant, alternatives
2. Created .env.global generation
- Generates /opt/stacks/.env.global with all variables
- Strips comments and blank lines for clean output
- Available to all stacks for reference
3. Improved variable replacement strategy
- Variable replacement now ONLY targets labels and x-dockge sections in docker-compose files
- Configuration files (traefik, authelia) still get full variable replacement
- Uses Python script for precise section detection
- Preserves environment variables and volume mounts as-is
4. New deployment approach
- Each stack copies .env.example to .env
- Values populated from main ~/EZ-Homelab/.env file
- No more manual sed commands to remove unused variables
- Consistent approach across all deployment functions
5. Updated deployment functions
- deploy_dockge, deploy_core, deploy_infrastructure, deploy_dashboards, deploy_arcane, deploy_sablier_stack
- All now use process_stack_env() for clean .env handling
- All use updated localize_yml_file() for targeted variable replacement
Benefits:
- Clean, minimal .env files for each stack
- No unnecessary variables or comments in deployed .env files
- Variables in compose files preserved for Docker Compose to handle
- Easier to understand what each stack needs
- Uniform deployment approach across all stacks
Changes:
- docker-compose/core/docker-compose.yml: Added pihole service with full Traefik configuration
- docker-compose/infrastructure/docker-compose.yml: Removed pihole service
- docker-compose/dockge/docker-compose.yml.template: Deleted (no longer needed)
Pihole is now part of core infrastructure alongside Traefik, Authelia, and DuckDNS.
This ensures DNS services are always available on the core server.
Introduce multi-server architecture documentation and reorganize README content. Top-level README now documents Core vs Remote server roles, links to local docs instead of wiki pages, and highlights Traefik/Sablier multi-server behavior. docker-compose/README.md was rewritten to be a template-style reference with single- and multi-server deployment guidance, Traefik label examples, and sablier usage; dockge README was moved into docker-compose/dockge/. docker-compose/core/README.md was updated to describe core responsibilities, shared CA artifacts, and startup order for multi-server deployments. Several obsolete/duplicated docs and action reports were removed and a new multi-server deployment doc was added to centralize on-demand/remote service guidance. Overall this cleans up legacy docs and documents the multi-server workflow and TLS/shared-CA requirements.
- Changed Dozzle service port from 8085 to 8080 (correct port)
- Removed authelia config template files (no longer needed)
- Removed db.sqlite3 runtime data file
- Move users_database.yml template from config/ to secrets/ folder
- Authelia configuration expects users file at /secrets/users_database.yml
- Replace hardcoded values in configuration.yml with variables:
- jwt_secret, session secret, storage encryption_key
- Domain references (kelinreij.duckdns.org → ${DOMAIN})
- Update deploy script to not move config files (already in subdirectories)
- Fix sed command path to target config/configuration.yml
- Remove unnecessary mkdir and mv commands from deploy_core()
This ensures Authelia uses the correctly generated file with user credentials.
- Replace hardcoded placeholders with Docker Compose variables
- docker-compose.yml: Use ${DUCKDNS_SUBDOMAINS}, ${DUCKDNS_TOKEN}, ${DOMAIN}, ${SERVER_IP}
- traefik.yml: Use ${DEFAULT_EMAIL} for ACME email
- users_database.yml: Use ${AUTHELIA_ADMIN_USER}, ${AUTHELIA_ADMIN_EMAIL}, ${AUTHELIA_ADMIN_PASSWORD_HASH}
- sablier/docker-compose.yml: Fix to use ${DOMAIN} instead of {{DUCKDNS_DOMAIN}}
This aligns with the correct strategy:
- Docker-compose files use variables (${VAR})
- .env files use placeholders or actual values
- Implement multi-server Traefik + Sablier architecture
- Add label-based automatic service discovery
- Create separate Sablier stack deployment
- Add remote server deployment workflow (Option 3)
- Add 9 new functions for multi-server management
- Remove deprecated config-templates folder
- Replace hardcoded private data with placeholders
- Update backup timestamp format to YY_MM_DD_hh_mm
- Add markup.yml to .gitignore
Breaking changes:
- Removed Sablier from core docker-compose.yml (now separate stack)
- Config templates moved from config-templates/ to docker-compose/core/
- REQUIRED_VARS now dynamic based on deployment type
- Update localize_users_database_file to properly resolve nested variables in AUTHELIA_ADMIN_EMAIL
- Fix template to use correct AUTHELIA_* variables instead of DEFAULT_* variables
- Update deploy-core.sh to only process files containing variables and fix .env path
- Fix file permissions for authelia config files
- Reorganize Authelia configuration files
- Add new dynamic routing files for Traefik
- Update various service docker-compose files
- Remove outdated templates and scripts
- Add traefik.docker.network=traefik-network label to homepage service
- Prevent Traefik from using wrong IP from homelab-network
- Resolve 504 Gateway Timeout issues after authentication
- Update various docker-compose configurations and templates
- Clean up unused configuration files
- Change sablier volumes to use ./shared-ca:/certs:ro (matches script generation)
- Fix x-dockge URLs to use http:// for local access and correct variable syntax
- Ensure consistency with local working setup
- Generate shared CA during core deployment for consistent trust across servers
- Modify setup_docker_tls() to use shared CA instead of per-server CAs
- Update share_certs_with_core() to copy shared CA from core server
- Re-enable TLS verification (DOCKER_TLS_VERIFY=1) in Sablier
- Fix Sablier certificate mounting for proper TLS connection
- Add docker-tls/ to .gitignore to prevent certificate leaks
- Update documentation for shared CA approach
- Replace all ${VARIABLE:-default} with ${VARIABLE} in compose files
- Ensure explicit variable requirements without default values
- Updated 10 docker-compose.yml files across all stacks
- Made reset-ondemand-services.sh executable
- Add consistent # TRAEFIK CONFIGURATION headers to all services
- Standardize label structure with service metadata, router config, and Sablier settings
- Update dockerproxy and sablier-service with Docker API requirements documentation
- Fix YAML validation issues in productivity stack
- Ensure all stacks have uniform labeling for easy management
Resolves Docker API connectivity issues for Sablier lazy loading
- Add SERVER_HOSTNAME env var for Sablier group naming
- Update default hostname from 'jarvis' to 'debian' for generic repo compatibility
- Add restart policy documentation to all docker-compose files
- Add Sablier labels to lazy-loaded services (jellyfin, dozzle, glances, code-server, homarr, dokuwiki)
- Update sablier.yml template to use debian- prefixes
- Enhance deploy script to auto-detect hostname and update configurations
- Ensure all YAML files remain syntactically valid
- Add unified ez-homelab.sh script with guided menu interface
- Create dedicated Dockge stack in /opt/dockge for clean isolation
- Move dockerproxy from core to infrastructure stack
- Fix Authelia configuration with proper variable placeholders
- Update all compose files to use variables
- Enhance script with comprehensive variable replacement
- Fix sed delimiter conflicts and middleware issues
- Add proper step numbering and error handling
- Prepare all stacks for Dockge management
- Update README with new deployment instructions
- Added x-dockge.url=https://service. labels to all services that have Traefik routers
- Enables Dockge to display direct links to service web interfaces
- Covers all stacks: core, infrastructure, media, productivity, monitoring, utilities, etc.
- Added Traefik labels and routing to prometheus, grafana, loki, cadvisor
- Fixed Grafana ROOT_URL to use domain-based URL (https://grafana.${DOMAIN})
- Added uptime-kuma bypass rule in Authelia (needs initial setup)
- Updated all services to use traefik-network
- Synced domain from kelin-hass to kelin-casa across all configs
- Fixed missing tls=true label on uptime-kuma
- Note: Loki is API-only service (no web UI, accessed via Grafana)
- Added compose files for core, infrastructure, and dashboards stacks
- Added Traefik, Authelia, and DuckDNS configuration files
- Added dockge.managed and dockge.url labels to all services
- Updated Watchtower to latest version with DOCKER_API_VERSION=1.44
- Created comprehensive SSL certificate troubleshooting guide for DuckDNS issues
