- Update GitLab to latest image and configure for HTTPS via Traefik
- Update pgAdmin to latest image and add Traefik routing
- Update Jupyter to latest image and add Traefik routing
- Add traefik-network to all web-accessible services
- Configure unique hostnames: gitlab, pgadmin, jupyter
- Remove direct port exposure in favor of Traefik reverse proxy
- Update service descriptions and access URLs
- Remove user directives from Prometheus and Loki services to allow root access to volumes
- Add resource limits to all monitoring services (Prometheus, Grafana, Uptime Kuma, Loki)
- Fixes permission denied errors when writing to named volumes
- Reorganized sections to match deployed configuration
- Moved Dashboards under Core section
- Added Monitoring section with Grafana, Prometheus, etc.
- Added VPN Protected section with gluetun and qBittorrent
- Added Transcoders section with Tdarr
- Moved VS Code Server to Infrastructure section
- Removed duplicate Monitoring Stack section
- Fix malformed deploy.resources sections in homepage and homarr
- Ensure proper YAML indentation for reservations sections
- Apply web service resource limits (0.5 CPU, 256MB memory each)
- Validate both deployed and repository configurations
- Fix malformed deploy.resources sections in dockge, pihole, glances
- Add missing resource limits to dozzle and code-server
- Ensure proper YAML indentation for reservations sections
- Apply researched resource limits based on service types:
* Lightweight: dockge (0.5 CPU), pihole (0.25 CPU)
* Web services: dozzle, glances (0.5 CPU each)
* Heavy apps: code-server (1.5 CPU for full IDE)
- Validate both deployed and repository configurations
- Add acme.json to .gitignore to prevent accidental commits
- Modify reset script to preserve certificates in repo folder before cleanup
- Modify setup script to restore certificates to correct location
- Update step numbering in reset script (now 7 steps)
- Maintain proper file permissions and ownership for certificates
- Document safe stack removal process with proper cleanup steps
- Explain consequences of just deleting folders without stopping containers
- Add restoration instructions for accidentally removed stacks
- Include warnings about data loss and dependency checking
- Explain Let's Encrypt + DuckDNS integration
- Document staging vs production certificate servers
- Add troubleshooting guide for certificate issues
- Include best practices and validation commands
- Cover wildcard certificates and DNS challenge process
- Include commented staging caServer in config template
- Add troubleshooting section for test environment certificate conflicts
- Document rate limit avoidance strategies for development/testing
- Remove explicit DNS resolvers from dnsChallenge to fix propagation check failures
- Add note about resolvers causing issues with DuckDNS TXT record resolution
- Preserve knowledge from certificate debugging session
- Added user field with DOCKER_GID to allow homepage to read Docker socket
- Ensures container status monitoring works properly
- DOCKER_GID defaults to 999, should be set to actual docker group ID in .env
- Created new downloaders stack with Gluetun + qBittorrent unified
- Moved Gluetun from core stack to downloaders stack
- Moved qBittorrent from media-management to downloaders stack
- Uses network_mode: service:gluetun for better maintainability
- Eliminates cross-stack container ID dependencies
- Both services now start/stop together as a logical unit
- Add tls=true label to vaultwarden for HTTPS routing
- Add Traefik routing labels to Gluetun for qbittorrent access
- Move qbittorrent service to media-management stack (proper location)
- Update copilot-instructions.md with project-specific architecture details
- Clean up outdated gluetun.yml references in media.yml template
Both services now accessible via HTTPS with proper SSL certificates.
- Added Traefik labels and routing to prometheus, grafana, loki, cadvisor
- Fixed Grafana ROOT_URL to use domain-based URL (https://grafana.${DOMAIN})
- Added uptime-kuma bypass rule in Authelia (needs initial setup)
- Updated all services to use traefik-network
- Synced domain from kelin-hass to kelin-casa across all configs
- Fixed missing tls=true label on uptime-kuma
- Note: Loki is API-only service (no web UI, accessed via Grafana)
- setup-homelab.sh: Fixed syntax errors, placeholder detection, and hardcoded paths
- deploy-homelab.sh: Refactored from inline code to function-based structure
- Both scripts now use consistent function organization for better readability
- Enhanced credential handling and error checking
- All scripts validated for syntax correctness
Fixes:
- docker-compose/infrastructure.yml:
- Uncommented Watchtower service
- Updated image from 1.7.1 to latest
- Changed DOCKER_API_VERSION from 1.44 to 1.52 (current Docker version)
- Added default empty value for WATCHTOWER_NOTIFICATION_URL
- scripts/deploy-homelab.sh:
- Removed "temporarily disabled" note
- Added Watchtower to infrastructure stack list
- docs/services-overview.md:
- Updated infrastructure stack count from 7 to 8
- Added Watchtower to service list
Watchtower now runs successfully with scheduled updates at 4 AM daily
Changes:
- scripts/setup-homelab.sh: Remove interactive deployment prompt
- Users must now run deploy script manually
- Simplifies both scripts (no sudo workarounds needed)
- Clearer two-step process: setup then deploy
- Documentation updates:
- README.md: Updated step 3-4 with manual deployment
- docs/getting-started.md: Removed step 6 (log out), clarified steps
- docs/manual-setup.md: Added sudo to deploy command
- docs/troubleshooting/COMMON-ISSUES.md: Added sudo to all deploy commands
Rationale:
- Automatic deployment via 'su -' cannot work with sudo requirement
- Manual two-step process is clearer and more reliable
- Setup focuses on configuration, deploy focuses on services
- setup-homelab.sh: Save AUTHELIA_ADMIN_* credentials to .env file
- deploy-homelab.sh: Check .env file as fallback if temp files don't exist
- .env.example: Document auto-generated Authelia admin variables
This ensures credentials survive reboots (e.g., when NVIDIA drivers are installed)
and the deploy script can find them even when run manually after reboot.
- setup-homelab.sh: Store temp files in /opt/stacks/.setup-temp instead of /tmp
- deploy-homelab.sh: Read credentials from new persistent location
- reset-test-environment.sh: Clean up new temp directory
This fixes the issue where credentials were inaccessible when deploy script
runs via 'su -' (login shell) from setup script, as /tmp files created by
root are not accessible across the su boundary.
- Updated Getting Started Checklist with clone repo as first step
- Clarified deployment script description
- Added VS Code SSH tip in Simple Setup
- Enhanced VS Code integration section
- Added Debloat/custom service section with AI agent guidance
- README.md: Updated Traefik feature to mention wildcard certificates via DNS challenge
- README.md: Added wildcard cert note to deployment script section
- getting-started.md: Explicitly mention wildcard certificate generation in deploy step
All documentation now clearly states the project uses wildcard SSL certificates with DNS challenge.
- getting-started.md: Moved checklist before Simple Setup, removed Round 4 section
- authelia-customization.md: Updated Authentik reference to alternatives stack
- services-overview.md: Added clickable links to all stack compose files
- setup-homelab.sh: Added prompt to run deployment script after setup (defaults to yes)
- traefik.yml: Changed default to DNS challenge for wildcard certificates (DuckDNS)
All documentation now reflects wildcard certificate usage with DNS challenge.
- README.md: Fixed .env step order, updated to 60+ services
- getting-started.md: Service count updates, credential clarifications, moved Manual Setup to separate file
- manual-setup.md: Created comprehensive manual setup guide
- authelia-customization.md: Moved Authelia customization from services-overview
- services-overview.md: Added clickable links to service docs, removed disabled section and Quick Deployment
- quick-reference.md: Linked to scripts/README.md instead of duplicating content
- Removed services-reference.md as requested
Changes:
- Updated infrastructure.yaml section (6 active services)
- Moved Portainer and Authentik to alternatives.yaml section
- Added note about Watchtower being disabled (Docker API issue)
- Clarified which services are deployed by default vs available
- Corrected stack organization to match actual deployment
