Complete personal data replacement in Traefik configs

- Replace remaining domain references in Traefik dynamic configs - Replace kelinreij.duckdns.org with yourdomain.duckdns.org in: - external-host-homeassistant.yml - local-host-production.yml - sablier.yml - markup.yml service URLs Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
Replace personal data with variables and placeholders
2026-02-05 18:41:42 +00:00 · 2026-02-05 18:40:44 +00:00 · 2026-02-05 18:35:18 +00:00 · 2026-02-05 13:13:44 -05:00 · 2026-02-05 12:36:19 -05:00 · 2026-02-05 12:12:33 -05:00
21 changed files with 925 additions and 263 deletions
--- a/docker-compose/core/authelia/config/configuration.yml
+++ b/docker-compose/core/authelia/config/configuration.yml
@@ -11,12 +11,12 @@ log:
 theme: dark
-jwt_secret: 4f263cdfa9929d007551fd5a5a6b552f7e17127cc4bb425b375a8532631d527b6b591a560a784552a33767699391973799e7472b679e7f94fcf4aca2ce5b2efc
+jwt_secret: ${AUTHELIA_JWT_SECRET}
-default_redirection_url: https://auth.kelinreij.duckdns.org
+default_redirection_url: https://auth.${DOMAIN}
 totp:
-  issuer: kelinreij.duckdns.org
+  issuer: ${DOMAIN}
  period: 30
  skew: 1
@@ -36,34 +36,34 @@ access_control:
  rules:
    # Bypass Authelia for Jellyfin (allow app access)
-    - domain: jellyfin.kelinreij.duckdns.org
+    - domain: jellyfin.${DOMAIN}
      policy: bypass
    # Bypass for Plex (allow app access)
-    - domain: plex.kelinreij.duckdns.org
+    - domain: plex.${DOMAIN}
      policy: bypass
    # Bypass for Home Assistant (has its own auth)
-    - domain: ha.kelinreij.duckdns.org
+    - domain: ha.${DOMAIN}
      policy: bypass
    # Protected: All other services require authentication
-    - domain: "*.kelinreij.duckdns.org"
+    - domain: "*.${DOMAIN}"
      policy: one_factor
    # Two-factor for admin services (optional)
    # - domain:
-    #     - "admin.kelinreij.duckdns.org"
+    #     - "admin.${DOMAIN}"
-    #     - "portainer.kelinreij.duckdns.org"
+    #     - "portainer.${DOMAIN}"
    #   policy: two_factor
 session:
  name: authelia_session
-  secret: 3ba018547a24dfd49ae55f23b5b75377ec93f5957707e2a669b0a49966df745a5b062eee3f7356e0abae21452915bdd30a32f404ec0a2a7a957c93a2fa2a94c8
+  secret: ${AUTHELIA_SESSION_SECRET}
  expiration: 24h      # Session expires after 24 hours
  inactivity: 24h      # Session expires after 24 hours of inactivity
  remember_me_duration: 1M
-  domain: kelinreij.duckdns.org
+  domain: ${DOMAIN}
 regulation:
  max_retries: 3
@@ -71,7 +71,7 @@ regulation:
  ban_time: 5m
 storage:
-  encryption_key: dd23db430500eb630e469d5cf0f77dd597649bd4d1a90c02ad673286d8eb9aa8f55435655435d40033751003fc764a173944dbc3ad89d57330e185269792a4b7
+  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
  local:
    path: /config/db.sqlite3
--- a/docker-compose/core/authelia/config/configuration.yml.template
+++ b/docker-compose/core/authelia/config/configuration.yml.template
@@ -1,87 +0,0 @@
 # Authelia Configuration
 # Copy to /opt/stacks/authelia/configuration.yml
 # IMPORTANT: Replace '${DOMAIN}' with your actual DuckDNS domain
 server:
  host: 0.0.0.0
  port: 9091
 log:
  level: info
 theme: dark
 jwt_secret: ${AUTHELIA_JWT_SECRET}
 default_redirection_url: https://auth.${DOMAIN}
 totp:
  issuer: ${DOMAIN}
  period: 30
  skew: 1
 authentication_backend:
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      key_length: 32
      salt_length: 16
      memory: 1024
      parallelism: 8
 access_control:
  default_policy: deny
  rules:
    # Bypass Authelia for Jellyfin (allow app access)
    - domain: jellyfin.${DOMAIN}
      policy: bypass
    # Bypass for Plex (allow app access)
    - domain: plex.${DOMAIN}
      policy: bypass
    # Bypass for Home Assistant (has its own auth)
    - domain: ha.${DOMAIN}
      policy: bypass
    # Bypass for development services (they have their own auth or setup)
    - domain: pgadmin.${DOMAIN}
      policy: bypass
    - domain: gitlab.${DOMAIN}
      policy: bypass
    # Protected: All other services require authentication
    - domain: "*.${DOMAIN}"
      policy: one_factor
    # Two-factor for admin services (optional)
    # - domain:
    #     - "admin.${DOMAIN}"
    #     - "portainer.${DOMAIN}"
    #   policy: two_factor
 session:
  name: authelia_session
  secret: ${AUTHELIA_SESSION_SECRET}
  expiration: 24h      # Session expires after 24 hours
  inactivity: 24h      # Session expires after 24 hours of inactivity
  remember_me_duration: 1M
  domain: ${DOMAIN}
 regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m
 storage:
  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
  local:
    path: /data/db.sqlite3
 notifier:
  # File-based notifications (for development/testing)
  filesystem:
    filename: /data/notification.txt
--- a/docker-compose/core/authelia/config/db.sqlite3
+++ b/docker-compose/core/authelia/config/db.sqlite3
--- a/docker-compose/core/authelia/config/users_database.yml
+++ b/docker-compose/core/authelia/config/users_database.yml
@@ -1,12 +0,0 @@
 ###############################################################
 #                         Users Database                      #
 ###############################################################
 users:
  admin:
    displayname: "admin"
    password: "generate-with-openssl-rand-hex-64"
    email: admin@example.com
    groups:
      - admins
      - users
--- a/docker-compose/core/authelia/config/users_database.yml.template
+++ b/docker-compose/core/authelia/config/users_database.yml.template
@@ -1,12 +0,0 @@
 ###############################################################
 #                         Users Database                      #
 ###############################################################
 users:
  ${AUTHELIA_ADMIN_USER}:
    displayname: "${AUTHELIA_ADMIN_USER}"
    password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
    email: ${AUTHELIA_ADMIN_EMAIL}
    groups:
      - admins
      - users
--- a/docker-compose/core/authelia/secrets/users_database.yml
+++ b/docker-compose/core/authelia/secrets/users_database.yml
@@ -1,19 +1,12 @@
 # yamllint disable rule:line-length
 ---
 ###############################################################
 #                         Users Database                      #
 ###############################################################
 # This file can be used if you do not have an LDAP set up.
 users:
-  authelia:
+  ${AUTHELIA_ADMIN_USER}:
-    disabled: false
+    displayname: "${AUTHELIA_ADMIN_USER}"
-    displayname: "Test User"
+    password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
-    password: "$argon2id$v=19$m=32768,t=1,p=8$eUhVT1dQa082YVk2VUhDMQ$E8QI4jHbUBt3EdsU1NFDu4Bq5jObKNx7nBKSn1EYQxk"  # Password is 'authelia'
+    email: ${AUTHELIA_ADMIN_EMAIL}
    email: authelia@authelia.com
    groups:
      - admins
-      - dev
+      - users
 ...
 # yamllint enable rule:line-length
--- a/docker-compose/core/docker-compose.yml
+++ b/docker-compose/core/docker-compose.yml
@@ -15,8 +15,8 @@ services:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
-      - SUBDOMAINS=yourdomain
+      - SUBDOMAINS=${DUCKDNS_SUBDOMAINS}
-      - TOKEN=your-duckdns-token
+      - TOKEN=${DUCKDNS_TOKEN}
    volumes:
      - ./duckdns/config:/config
    networks:
@@ -29,7 +29,7 @@ services:
    restart: unless-stopped
    command: ['--configFile=/config/traefik.yml']
    environment:
-      - DUCKDNS_TOKEN=your-duckdns-token
+      - DUCKDNS_TOKEN=${DUCKDNS_TOKEN}
    ports:
      - 80:80
      - 443:443
@@ -48,7 +48,7 @@ services:
      - 'homelab.category=core'
      - 'homelab.description=Reverse proxy and SSL termination'
      - 'traefik.enable=true'
-      - 'traefik.http.routers.traefik.rule=Host(`traefik.yourdomain.duckdns.org`)'
+      - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)'
      - 'traefik.http.routers.traefik.entrypoints=websecure'
      - 'traefik.http.routers.traefik.tls.certresolver=letsencrypt'
      - 'traefik.http.routers.traefik.middlewares=authelia@docker'
@@ -80,13 +80,13 @@ services:
      # If Traefik is on a remote server: these labels are NOT USED; 
      #   configure external yml files in /traefik/dynamic folder instead.
      - 'traefik.enable=true'
-      - 'traefik.http.routers.authelia.rule=Host(`auth.yourdomain.duckdns.org`)'
+      - 'traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)'
      - 'traefik.http.routers.authelia.entrypoints=websecure'
      - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
      - 'traefik.http.routers.authelia.service=authelia'
      - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
      # Authelia forward auth middleware configuration
-      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.yourdomain.duckdns.org/'
+      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret'
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
@@ -96,7 +96,7 @@ networks:
 x-dockge:
  urls:
-    - https://auth.yourdomain.duckdns.org
+    - https://auth.${DOMAIN}
-    - http://192.168.1.100:9091
+    - http://${SERVER_IP}:9091
-    - https://traefik.yourdomain.duckdns.org
+    - https://traefik.${DOMAIN}
-    - http://192.168.1.100:8080
+    - http://${SERVER_IP}:8080
--- a/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml
+++ b/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml
@@ -2,7 +2,7 @@ http:
  routers:
    # Individual Services
    homeassistant:
-      rule: "Host(`hass.kelinreij.duckdns.org`)"
+      rule: "Host(`hass.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: homeassistant
--- a/docker-compose/core/traefik/dynamic/local-host-production.yml
+++ b/docker-compose/core/traefik/dynamic/local-host-production.yml
@@ -2,7 +2,7 @@ http:
  routers:
 # Remote Server Services (your-remote-server)
    dockge-your-remote-server:
-      rule: "Host(`dockge.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`dockge.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: dockge-your-remote-server
@@ -12,7 +12,7 @@ http:
        - authelia@docker
    dozzle-your-remote-server:
-      rule: "Host(`dozzle.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`dozzle.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: dozzle-your-remote-server
@@ -22,7 +22,7 @@ http:
        - authelia@docker
    glances-your-remote-server:
-      rule: "Host(`glances.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`glances.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: glances-your-remote-server
@@ -32,7 +32,7 @@ http:
        - authelia@docker
    backrest-your-remote-server:
-      rule: "Host(`backrest.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`backrest.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: backrest-your-remote-server
@@ -42,7 +42,7 @@ http:
        - authelia@docker
    duplicati-your-remote-server:
-      rule: "Host(`duplicati.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`duplicati.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: duplicati-your-remote-server
@@ -52,7 +52,7 @@ http:
        - authelia@docker
    homepage-your-remote-server:
-      rule: "Host(`homepage.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`homepage.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: homepage-your-remote-server
@@ -62,7 +62,7 @@ http:
        - authelia@docker
    homarr-your-remote-server:
-      rule: "Host(`homarr.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`homarr.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: homarr-your-remote-server
@@ -72,7 +72,7 @@ http:
        - authelia@docker
    grafana-your-remote-server:
-      rule: "Host(`grafana.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`grafana.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: grafana-your-remote-server
@@ -82,7 +82,7 @@ http:
        - authelia@docker
    prometheus-your-remote-server:
-      rule: "Host(`prometheus.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`prometheus.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: prometheus-your-remote-server
@@ -92,7 +92,7 @@ http:
        - authelia@docker
    uptime-kuma-your-remote-server:
-      rule: "Host(`status.your-remote-server.kelinreij.duckdns.org`)"
+      rule: "Host(`status.your-remote-server.yourdomain.duckdns.org`)"
      entryPoints:
        - websecure
      service: uptime-kuma-your-remote-server
--- a/docker-compose/core/traefik/dynamic/sablier.yml
+++ b/docker-compose/core/traefik/dynamic/sablier.yml
@@ -3,7 +3,7 @@ http:
  middlewares:
    authelia:
      forwardauth:
-        address: http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/
+        address: http://authelia:9091/api/verify?rd=https://auth.yourdomain.duckdns.org/
        authResponseHeaders:
          - X-Secret
        trustForwardHeader: true
--- a/docker-compose/core/traefik/traefik.yml
+++ b/docker-compose/core/traefik/traefik.yml
@@ -27,7 +27,7 @@ entryPoints:
 certificatesResolvers:
  letsencrypt:
    acme:
-      email: admin@example.com  # Your email for Let's Encrypt notifications
+      email: ${DEFAULT_EMAIL}  # Your email for Let's Encrypt notifications
      caServer: https://acme-v02.api.letsencrypt.org/directory  # Use staging for testing
      storage: /letsencrypt/acme.json
      # DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org)
--- a/docker-compose/dashboards/homepage/services.yaml
+++ b/docker-compose/dashboards/homepage/services.yaml
@@ -4,253 +4,253 @@
 - Dashboards:
    - Homepage:
        icon: homepage.png
-        href: https://homepage.kelinreij.duckdns.org
+        href: https://homepage.yourdomain.duckdns.org
        description: Hosted on Raspberry Pi
    - Homarr:
        icon: homarr.png
-        href: https://homarr.kelinreij.duckdns.org
+        href: https://homarr.yourdomain.duckdns.org
        description: Alternative Dashboard
    - Dockge - jasper:
        icon: dockge.png
-        href: https://jasper.kelinreij.duckdns.org
+        href: https://jasper.yourdomain.duckdns.org
        description: Main Server
    - Dockge - your-remote-server :
        icon: dockge.png
-        href: https://your-remote-server .kelinreij.duckdns.org
+        href: https://your-remote-server .yourdomain.duckdns.org
        description: Raspberry Pi Authentication Server
 - Core:
    - Traefik:
        icon: traefik.png
-        href: https://traefik.kelinreij.duckdns.org
+        href: https://traefik.yourdomain.duckdns.org
        description: Reverse Proxy & SSL
    - Authelia:
        icon: authelia.png
-        href: https://auth.kelinreij.duckdns.org
+        href: https://auth.yourdomain.duckdns.org
        description: Authentication SSO Portal
    - Pi-hole:
        icon: pi-hole.png
-        href: https://pihole.kelinreij.duckdns.org
+        href: https://pihole.yourdomain.duckdns.org
        description: Network-wide Ad Blocking
 - Monitoring Stack:
    - Dozzle:
        icon: dozzle.png
-        href: https://dozzle.jasper.kelinreij.duckdns.org
+        href: https://dozzle.jasper.yourdomain.duckdns.org
        description: jasper - Real-time Log Viewer
    - Dozzle:
        icon: dozzle.png
-        href: https://dozzle.your-remote-server .kelinreij.duckdns.org
+        href: https://dozzle.your-remote-server .yourdomain.duckdns.org
        description: your-remote-server  - Real-time Log Viewer
    - Glances - jasper:
        icon: glances.png
-        href: https://glances.jasper.kelinreij.duckdns.org
+        href: https://glances.jasper.yourdomain.duckdns.org
        description: jasper - System Monitoring
    - Glances - your-remote-server :
        icon: glances.png
-        href: https://glances.your-remote-server .kelinreij.duckdns.org
+        href: https://glances.your-remote-server .yourdomain.duckdns.org
        description: your-remote-server  - System Monitoring
    - Uptime Kuma:
        icon: uptime-kuma.png
-        href: https://uptime-kuma.kelinreij.duckdns.org
+        href: https://uptime-kuma.yourdomain.duckdns.org
        description: Uptime Monitoring
 - Media:
    - Jellyfin:
        icon: jellyfin.png
-        href: https://jellyfin.kelinreij.duckdns.org
+        href: https://jellyfin.yourdomain.duckdns.org
        description: Open Source Media Server
    - Jellyseerr:
        icon: jellyseerr.png
-        href: https://jellyseerr.kelinreij.duckdns.org
+        href: https://jellyseerr.yourdomain.duckdns.org
        description: Media Request Manager
    - Calibre-Web:
        icon: calibre-web.png
-        href: https://calibre.kelinreij.duckdns.org
+        href: https://calibre.yourdomain.duckdns.org
        description: Ebook Library
 - Media Management:
    - Sonarr:
        icon: sonarr.png
-        href: https://sonarr.kelinreij.duckdns.org
+        href: https://sonarr.yourdomain.duckdns.org
        description: TV Shows Automation
    - Radarr:
        icon: radarr.png
-        href: https://radarr.kelinreij.duckdns.org
+        href: https://radarr.yourdomain.duckdns.org
        description: Movies Automation
    - Prowlarr:
        icon: prowlarr.png
-        href: https://prowlarr.kelinreij.duckdns.org
+        href: https://prowlarr.yourdomain.duckdns.org
        description: Indexer Manager
    - Readarr:
        icon: readarr.png
-        href: https://readarr.kelinreij.duckdns.org
+        href: https://readarr.yourdomain.duckdns.org
        description: Books Automation
    - Lidarr:
        icon: lidarr.png
-        href: https://lidarr.kelinreij.duckdns.org
+        href: https://lidarr.yourdomain.duckdns.org
        description: Music Automation
    - Mylar3:
        icon: mylar.png
-        href: https://mylar.kelinreij.duckdns.org
+        href: https://mylar.yourdomain.duckdns.org
        description: Comics Manager
 - Home Automation:
    - Home Assistant:
        icon: home-assistant.png
-        href: https://hass.kelinreij.duckdns.org
+        href: https://hass.yourdomain.duckdns.org
        description: Home Automation Platform
    - ESPHome:
        icon: esphome.png
-        href: https://esphome.kelinreij.duckdns.org
+        href: https://esphome.yourdomain.duckdns.org
        description: ESP Device Manager
    - Node-RED:
        icon: node-red.png
-        href: https://nodered.kelinreij.duckdns.org
+        href: https://nodered.yourdomain.duckdns.org
        description: Flow-based Automation
    - Zigbee2MQTT:
        icon: zigbee2mqtt.png
-        href: https://zigbee.kelinreij.duckdns.org
+        href: https://zigbee.yourdomain.duckdns.org
        description: Zigbee Bridge
    - Mosquitto:
        icon: mosquitto.png
-        href: https://mqtt.kelinreij.duckdns.org
+        href: https://mqtt.yourdomain.duckdns.org
        description: MQTT Broker
 - Productivity:
    - Nextcloud:
        icon: nextcloud.png
-        href: https://nextcloud.kelinreij.duckdns.org
+        href: https://nextcloud.yourdomain.duckdns.org
        description: Cloud Storage & Collaboration
    - Gitea:
        icon: gitea.png
-        href: https://gitea.kelinreij.duckdns.org
+        href: https://gitea.yourdomain.duckdns.org
        description: Git Repository
    - Mealie:
        icon: mealie.png
-        href: https://mealie.kelinreij.duckdns.org
+        href: https://mealie.yourdomain.duckdns.org
        description: Recipe Manager
    - WordPress:
        icon: wordpress.png
-        href: https://wordpress.kelinreij.duckdns.org
+        href: https://wordpress.yourdomain.duckdns.org
        description: CMS Platform
 - Wikis:
    - BookStack:
        icon: bookstack.png
-        href: https://bookstack.kelinreij.duckdns.org
+        href: https://bookstack.yourdomain.duckdns.org
        description: Wiki Platform
    - DokuWiki:
        icon: dokuwiki.png
-        href: https://dokuwiki.kelinreij.duckdns.org
+        href: https://dokuwiki.yourdomain.duckdns.org
        description: Simple Wiki
    - Mediawiki:
        icon: mediawiki.png
-        href: https://mediawiki.kelinreij.duckdns.org
+        href: https://mediawiki.yourdomain.duckdns.org
        description: Collaborative Wiki
 - Development:
    - VS Code Server:
        icon: vscode.png
-        href: https://code.kelinreij.duckdns.org
+        href: https://code.yourdomain.duckdns.org
        description: Browser-based IDE
    - Jupyter:
        icon: jupyter.png
-        href: https://jupyter.kelinreij.duckdns.org
+        href: https://jupyter.yourdomain.duckdns.org
        description: Data Science Notebooks
 - Downloaders:
    - qBittorrent:
        icon: qbittorrent.png
-        href: https://qbit.kelinreij.duckdns.org
+        href: https://qbit.yourdomain.duckdns.org
        description: Torrent Client
    - Transcoders:
        - Tdarr:
            icon: tdarr.png
-            href: https://tdarr.kelinreij.duckdns.org
+            href: https://tdarr.yourdomain.duckdns.org
            description: Media Transcoding
        - Unmanic:
            icon: unmanic.png
-            href: https://unmanic.kelinreij.duckdns.org
+            href: https://unmanic.yourdomain.duckdns.org
            description: Media Transcoder
 - Utilities:
    - Vaultwarden:
        icon: vaultwarden.png
-        href: https://vault.kelinreij.duckdns.org
+        href: https://vault.yourdomain.duckdns.org
        description: Password Manager
    - Formio:
        icon: mdi-form-select
-        href: https://formio.kelinreij.duckdns.org
+        href: https://formio.yourdomain.duckdns.org
        description: Form Builder
 - Backup:
    - Backrest:
        icon: mdi-backup-restore
-        href: https://backrest.kelinreij.duckdns.org
+        href: https://backrest.yourdomain.duckdns.org
        description: Backup Solution
    - Duplicati:
        icon: duplicati.png
-        href: https://duplicati.kelinreij.duckdns.org
+        href: https://duplicati.yourdomain.duckdns.org
        description: Backup Software
 - Metrics:
    - Grafana:
        icon: grafana.png
-        href: https://grafana.kelinreij.duckdns.org
+        href: https://grafana.yourdomain.duckdns.org
        description: Metrics Dashboard
    - Prometheus:
        icon: prometheus.png
-        href: https://prometheus.kelinreij.duckdns.org
+        href: https://prometheus.yourdomain.duckdns.org
        description: Metrics Collection
    - cAdvisor:
        icon: cadvisor.png
-        href: https://cadvisor.kelinreij.duckdns.org
+        href: https://cadvisor.yourdomain.duckdns.org
        description: Container Metrics
 - Alternatives:
    - Portainer:
        icon: portainer.png
-        href: https://portainer.kelinreij.duckdns.org
+        href: https://portainer.yourdomain.duckdns.org
        description: Container Management UI
    - Authentik:
        icon: authentik.png
-        href: https://authentik.kelinreij.duckdns.org
+        href: https://authentik.yourdomain.duckdns.org
        description: Alternative Auth Provider
    - Plex:
        icon: plex.png
-        href: https://plex.kelinreij.duckdns.org
+        href: https://plex.yourdomain.duckdns.org
        description: Media Server
--- a/docker-compose/infrastructure/code-server/config/.config/code-server/config.yaml
+++ b/docker-compose/infrastructure/code-server/config/.config/code-server/config.yaml
@@ -1,4 +1,4 @@
 bind-addr: 127.0.0.1:8080
 auth: password
-password: 4d6c2b20e8d2c62be2512281
+password: ${CODE_SERVER_PASSWORD}
 cert: false
--- a/docker-compose/infrastructure/docker-compose.yml
+++ b/docker-compose/infrastructure/docker-compose.yml
@@ -154,7 +154,7 @@ services:
      - 'traefik.http.routers.dozzle.tls=true'
      - 'traefik.http.routers.dozzle.middlewares=authelia@docker'
      # Service configuration
-      - 'traefik.http.services.dozzle.loadbalancer.server.port=8085'
+      - 'traefik.http.services.dozzle.loadbalancer.server.port=8080'
      # Sablier configuration
      - 'sablier.enable=true'
      - 'sablier.group=jasper-dozzle'
--- a/docker-compose/sablier/docker-compose.yml
+++ b/docker-compose/sablier/docker-compose.yml
@@ -9,7 +9,7 @@ services:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.sablier.rule=Host(`sablier.{{DUCKDNS_DOMAIN}}`)"
+      - "traefik.http.routers.sablier.rule=Host(`sablier.${DOMAIN}`)"
      - "traefik.http.routers.sablier.entrypoints=websecure"
      - "traefik.http.routers.sablier.tls=true"
      - "traefik.http.routers.sablier.tls.certresolver=letsencrypt"
--- a/docs/action-reports/2026-01-12-ssl-wildcard-certificate-setup.md
+++ b/docs/action-reports/2026-01-12-ssl-wildcard-certificate-setup.md
@@ -15,14 +15,14 @@ Services were showing "not secure" warnings in browsers despite Traefik being co
 ### 1. **Multiple Simultaneous Certificate Requests**
 - **Issue:** Each service (dockge, dozzle, glances, pihole, authelia) had `traefik.http.routers.*.tls.certresolver=letsencrypt` labels
 - **Impact:** Traefik attempted to request individual certificates for each subdomain simultaneously
- **Consequence:** DuckDNS DNS challenge can only handle ONE TXT record at `_acme-challenge.kelin-hass.duckdns.org` at a time
+- **Consequence:** DuckDNS DNS challenge can only handle ONE TXT record at `_acme-challenge.yourdomain.duckdns.org` at a time
 - **Result:** All certificate requests failed with "Incorrect TXT record" errors
 ### 2. **DNS TXT Record Conflicts**
 - **Issue:** Multiple services tried to create different TXT records at the same DNS location
 - **Example:** 
-  - Service A creates: `_acme-challenge.kelin-hass.duckdns.org` = "token1"
+  - Service A creates: `_acme-challenge.yourdomain.duckdns.org` = "token1"
-  - Service B overwrites: `_acme-challenge.kelin-hass.duckdns.org` = "token2"
+  - Service B overwrites: `_acme-challenge.yourdomain.duckdns.org` = "token2"
  - Let's Encrypt validates Service A but finds "token2" → validation fails
 - **DuckDNS Limitation:** Can only maintain ONE TXT record per domain
@@ -98,7 +98,7 @@ pihole:
 certificatesResolvers:
  letsencrypt:
    acme:
-      email: kelinfoxy@gmail.com
+      email: your-email@example.com
      storage: /acme.json
      dnsChallenge:
        provider: duckdns
@@ -129,7 +129,7 @@ chown kelin:kelin /opt/stacks/core/traefik/acme.json
 # Wait for DNS to clear
 sleep 60
-dig +short TXT _acme-challenge.kelin-hass.duckdns.org  # Verified empty
+dig +short TXT _acme-challenge.yourdomain.duckdns.org  # Verified empty
 # Deploy updated configuration
 cp /home/kelin/AI-Homelab/docker-compose/core.yml /opt/stacks/core/docker-compose.yml
@@ -189,21 +189,21 @@ cd /opt/stacks/infrastructure && docker compose -f infrastructure.yml up -d
 {
  "letsencrypt": {
    "Account": {
-      "Email": "kelinfoxy@gmail.com",
+      "Email": "your-email@example.com",
      "Registration": {
-        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/2958966636"
+        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/XXXXXXXXXX"
      }
    },
    "Certificates": [
      {
        "domain": {
-          "main": "dockge.kelin-hass.duckdns.org"
+          "main": "dockge.yourdomain.duckdns.org"
        }
      },
      {
        "domain": {
-          "main": "kelin-hass.duckdns.org",
+          "main": "yourdomain.duckdns.org",
-          "sans": ["*.kelin-hass.duckdns.org"]
+          "sans": ["*.yourdomain.duckdns.org"]
        }
      }
    ]
@@ -212,7 +212,7 @@ cd /opt/stacks/infrastructure && docker compose -f infrastructure.yml up -d
 ```
 **Certificate Details:**
- **Subject:** CN=kelin-hass.duckdns.org
+- **Subject:** CN=yourdomain.duckdns.org
 - **Issuer:** C=US, O=Let's Encrypt, CN=R12
 - **Coverage:** Wildcard certificate covering all subdomains
 - **File Size:** 23KB (up from 0 bytes)
@@ -223,12 +223,12 @@ All services running with valid SSL certificates:
 | Service | Status | URL | Certificate |
 |---------|--------|-----|-------------|
-| Traefik | ✅ Up | https://traefik.kelin-hass.duckdns.org | Valid |
+| Traefik | ✅ Up | https://traefik.yourdomain.duckdns.org | Valid |
-| Authelia | ✅ Up | https://auth.kelin-hass.duckdns.org | Valid |
+| Authelia | ✅ Up | https://auth.yourdomain.duckdns.org | Valid |
-| Dockge | ✅ Up | https://dockge.kelin-hass.duckdns.org | Valid |
+| Dockge | ✅ Up | https://dockge.yourdomain.duckdns.org | Valid |
-| Dozzle | ✅ Up | https://dozzle.kelin-hass.duckdns.org | Valid |
+| Dozzle | ✅ Up | https://dozzle.yourdomain.duckdns.org | Valid |
-| Glances | ✅ Up | https://glances.kelin-hass.duckdns.org | Valid |
+| Glances | ✅ Up | https://glances.yourdomain.duckdns.org | Valid |
-| Pi-hole | ✅ Up | https://pihole.kelin-hass.duckdns.org | Valid |
+| Pi-hole | ✅ Up | https://pihole.yourdomain.duckdns.org | Valid |
 ## Best Practices & Prevention
@@ -259,7 +259,7 @@ other-service:
 ### 2. ✅ DuckDNS DNS Challenge Limitations
 **Understand the Constraint:**
- DuckDNS can only maintain ONE TXT record at `_acme-challenge.kelin-hass.duckdns.org`
+- DuckDNS can only maintain ONE TXT record at `_acme-challenge.yourdomain.duckdns.org`
 - Multiple simultaneous challenges WILL fail
 - Use wildcard certificate to avoid this limitation
@@ -292,7 +292,7 @@ docker exec traefik tail -f /var/log/traefik/traefik.log | grep -E "acme|certifi
 docker exec traefik tail -100 /var/log/traefik/traefik.log | grep -E "error|Unable"
 # View specific domain
-docker exec traefik tail -200 /var/log/traefik/traefik.log | grep "kelin-hass.duckdns.org"
+docker exec traefik tail -200 /var/log/traefik/traefik.log | grep "yourdomain.duckdns.org"
 ```
 ### 4. ✅ Certificate Troubleshooting Workflow
@@ -307,10 +307,10 @@ cat /opt/stacks/core/traefik/acme.json | python3 -m json.tool | grep -A5 "Certif
 python3 -c "import json; d=json.load(open('/opt/stacks/core/traefik/acme.json')); print(f'Certificates: {len(d[\"letsencrypt\"][\"Certificates\"])}')"
 # 3. Test certificate being served
-echo | openssl s_client -connect auth.kelin-hass.duckdns.org:443 -servername auth.kelin-hass.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer
+echo | openssl s_client -connect auth.yourdomain.duckdns.org:443 -servername auth.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer
 # 4. Check DNS TXT records
-dig +short TXT _acme-challenge.kelin-hass.duckdns.org
+dig +short TXT _acme-challenge.yourdomain.duckdns.org
 # 5. Check Traefik logs
 docker exec traefik tail -50 /var/log/traefik/traefik.log
@@ -457,15 +457,15 @@ docker exec traefik tail -f /var/log/traefik/traefik.log
 ### Verify Certificate Command
 ```bash
-echo | openssl s_client -connect ${SUBDOMAIN}.kelin-hass.duckdns.org:443 -servername ${SUBDOMAIN}.kelin-hass.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer -dates
+echo | openssl s_client -connect ${SUBDOMAIN}.yourdomain.duckdns.org:443 -servername ${SUBDOMAIN}.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer -dates
 ```
 ### Check All Service Certificates
 ```bash
 for subdomain in auth traefik dockge dozzle glances pihole; do
-  echo "=== $subdomain.kelin-hass.duckdns.org ==="
+  echo "=== $subdomain.yourdomain.duckdns.org ==="
-  echo | openssl s_client -connect $subdomain.kelin-hass.duckdns.org:443 -servername $subdomain.kelin-hass.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer
+  echo | openssl s_client -connect $subdomain.yourdomain.duckdns.org:443 -servername $subdomain.yourdomain.duckdns.org 2>/dev/null | openssl x509 -noout -subject -issuer
  echo
 done
 ```
--- a/docs/docker-guidelines.md
+++ b/docs/docker-guidelines.md
@@ -1402,7 +1402,7 @@ Homepage configuration must be kept synchronized with deployed services. The AI
 1. **Hard-Coded URLs Required**: Homepage does NOT support variables in href links
   - Template uses `{{HOMEPAGE_VAR_DOMAIN}}` as placeholder
-   - Active config uses `kelin-hass.duckdns.org` hard-coded
+   - Active config uses `yourdomain.duckdns.org` hard-coded
   - AI must replace placeholders when deploying configs
 2. **No Container Restart Needed**: Homepage picks up config changes instantly
@@ -1427,7 +1427,7 @@ Homepage configuration must be kept synchronized with deployed services. The AI
 - Stack Name (compose-file.yml):
    - Service Name:
        icon: service.png
-        href: https://subdomain.kelin-hass.duckdns.org  # Hard-coded!
+        href: https://subdomain.yourdomain.duckdns.org  # Hard-coded!
        description: Service description
 ```
@@ -1436,7 +1436,7 @@ Homepage configuration must be kept synchronized with deployed services. The AI
 ```bash
 # When deploying from template:
 cp /home/kelin/AI-Homelab/config-templates/homepage/*.yaml /opt/stacks/homepage/config/
-sed -i 's/{{HOMEPAGE_VAR_DOMAIN}}/kelin-hass.duckdns.org/g' /opt/stacks/homepage/config/services.yaml
+sed -i 's/{{HOMEPAGE_VAR_DOMAIN}}/yourdomain.duckdns.org/g' /opt/stacks/homepage/config/services.yaml
 # No restart needed - configs load instantly
 ```
--- a/docs/troubleshooting/SSL-CERTIFICATES-DUCKDNS.md
+++ b/docs/troubleshooting/SSL-CERTIFICATES-DUCKDNS.md
@@ -7,8 +7,8 @@ Wildcard SSL certificate acquisition via DuckDNS DNS-01 challenge consistently f
 ### Why Both Domain and Wildcard are Required
 Let's Encrypt requires validation of BOTH domains when using SAN (Subject Alternative Name) certificates:
- `kelin-hass.duckdns.org` (apex domain)
+- `yourdomain.duckdns.org` (apex domain)
- `*.kelin-hass.duckdns.org` (wildcard)
+- `*.yourdomain.duckdns.org` (wildcard)
 This is a Let's Encrypt policy - you cannot obtain just the wildcard certificate. Both must be validated simultaneously.
@@ -23,13 +23,13 @@ ping -c 2 ns1.duckdns.org  # FAIL: 100% packet loss
 ping -c 2 99.79.143.35     # FAIL: 100% packet loss (direct IP)
 # DNS queries to authoritative servers - timeout
-dig @99.79.143.35 kelin-hass.duckdns.org  # FAIL: timeout
+dig @99.79.143.35 yourdomain.duckdns.org  # FAIL: timeout
-dig @35.182.183.211 kelin-hass.duckdns.org  # FAIL: timeout
+dig @35.182.183.211 yourdomain.duckdns.org  # FAIL: timeout
-dig @3.97.58.28 kelin-hass.duckdns.org  # FAIL: timeout
+dig @3.97.58.28 yourdomain.duckdns.org  # FAIL: timeout
 # Queries to recursive resolvers - SUCCESS
-dig @8.8.8.8 kelin-hass.duckdns.org  # SUCCESS
+dig @8.8.8.8 yourdomain.duckdns.org  # SUCCESS
-dig @1.1.1.1 kelin-hass.duckdns.org  # SUCCESS
+dig @1.1.1.1 yourdomain.duckdns.org  # SUCCESS
 # Traceroute analysis
 traceroute 99.79.143.35
@@ -83,15 +83,15 @@ The lego library **must** also query the authoritative nameservers directly to v
 ```
 propagation: time limit exceeded: last error: authoritative nameservers: 
 DNS call error: read udp 172.19.0.2:53666->3.97.58.28:53: i/o timeout 
-[ns=ns6.duckdns.org.:53, question='_acme-challenge.kelin-hass.duckdns.org. IN TXT']
+[ns=ns6.duckdns.org.:53, question='_acme-challenge.yourdomain.duckdns.org. IN TXT']
 ```
 **Phase 2: SOA record query failure**
 ```
 propagation: time limit exceeded: last error: could not find zone: 
-[fqdn=_acme-challenge.kelin-hass.duckdns.org.] 
+[fqdn=_acme-challenge.yourdomain.duckdns.org.] 
-unexpected response for 'kelin-hass.duckdns.org.' 
+unexpected response for 'yourdomain.duckdns.org.' 
-[question='kelin-hass.duckdns.org. IN SOA', code=SERVFAIL]
+[question='yourdomain.duckdns.org. IN SOA', code=SERVFAIL]
 ```
 ## Working Configuration (Self-Signed Certificates)
--- a/get-docker.sh
+++ b/get-docker.sh
@@ -0,0 +1,764 @@
 #!/bin/sh
 set -e
 # Docker Engine for Linux installation script.
 #
 # This script is intended as a convenient way to configure docker's package
 # repositories and to install Docker Engine, This script is not recommended
 # for production environments. Before running this script, make yourself familiar
 # with potential risks and limitations, and refer to the installation manual
 # at https://docs.docker.com/engine/install/ for alternative installation methods.
 #
 # The script:
 #
 # - Requires `root` or `sudo` privileges to run.
 # - Attempts to detect your Linux distribution and version and configure your
 #   package management system for you.
 # - Doesn't allow you to customize most installation parameters.
 # - Installs dependencies and recommendations without asking for confirmation.
 # - Installs the latest stable release (by default) of Docker CLI, Docker Engine,
 #   Docker Buildx, Docker Compose, containerd, and runc. When using this script
 #   to provision a machine, this may result in unexpected major version upgrades
 #   of these packages. Always test upgrades in a test environment before
 #   deploying to your production systems.
 # - Isn't designed to upgrade an existing Docker installation. When using the
 #   script to update an existing installation, dependencies may not be updated
 #   to the expected version, resulting in outdated versions.
 #
 # Source code is available at https://github.com/docker/docker-install/
 #
 # Usage
 # ==============================================================================
 #
 # To install the latest stable versions of Docker CLI, Docker Engine, and their
 # dependencies:
 #
 # 1. download the script
 #
 #   $ curl -fsSL https://get.docker.com -o install-docker.sh
 #
 # 2. verify the script's content
 #
 #   $ cat install-docker.sh
 #
 # 3. run the script with --dry-run to verify the steps it executes
 #
 #   $ sh install-docker.sh --dry-run
 #
 # 4. run the script either as root, or using sudo to perform the installation.
 #
 #   $ sudo sh install-docker.sh
 #
 # Command-line options
 # ==============================================================================
 #
 # --version <VERSION>
 # Use the --version option to install a specific version, for example:
 #
 #   $ sudo sh install-docker.sh --version 23.0
 #
 # --channel <stable|test>
 #
 # Use the --channel option to install from an alternative installation channel.
 # The following example installs the latest versions from the "test" channel,
 # which includes pre-releases (alpha, beta, rc):
 #
 #   $ sudo sh install-docker.sh --channel test
 #
 # Alternatively, use the script at https://test.docker.com, which uses the test
 # channel as default.
 #
 # --mirror <Aliyun|AzureChinaCloud>
 #
 # Use the --mirror option to install from a mirror supported by this script.
 # Available mirrors are "Aliyun" (https://mirrors.aliyun.com/docker-ce), and
 # "AzureChinaCloud" (https://mirror.azure.cn/docker-ce), for example:
 #
 #   $ sudo sh install-docker.sh --mirror AzureChinaCloud
 #
 # --setup-repo
 #
 # Use the --setup-repo option to configure Docker's package repositories without
 # installing Docker packages. This is useful when you want to add the repository
 # but install packages separately:
 #
 #   $ sudo sh install-docker.sh --setup-repo
 #
 # Automatic Service Start
 #
 # By default, this script automatically starts the Docker daemon and enables the docker
 # service after installation if systemd is used as init.
 #
 # If you prefer to start the service manually, use the --no-autostart option:
 #
 #   $ sudo sh install-docker.sh --no-autostart
 #
 # Note: Starting the service requires appropriate privileges to manage system services.
 #
 # ==============================================================================
 # Git commit from https://github.com/docker/docker-install when
 # the script was uploaded (Should only be modified by upload job):
 SCRIPT_COMMIT_SHA="f381ee68b32e515bb4dc034b339266aff1fbc460"
 # strip "v" prefix if present
 VERSION="${VERSION#v}"
 # The channel to install from:
 #   * stable
 #   * test
 DEFAULT_CHANNEL_VALUE="stable"
 if [ -z "$CHANNEL" ]; then
 	CHANNEL=$DEFAULT_CHANNEL_VALUE
 fi
 DEFAULT_DOWNLOAD_URL="https://download.docker.com"
 if [ -z "$DOWNLOAD_URL" ]; then
 	DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
 fi
 DEFAULT_REPO_FILE="docker-ce.repo"
 if [ -z "$REPO_FILE" ]; then
 	REPO_FILE="$DEFAULT_REPO_FILE"
 	# Automatically default to a staging repo fora
 	# a staging download url (download-stage.docker.com)
 	case "$DOWNLOAD_URL" in
 		*-stage*) REPO_FILE="docker-ce-staging.repo";;
 	esac
 fi
 mirror=''
 DRY_RUN=${DRY_RUN:-}
 REPO_ONLY=${REPO_ONLY:-0}
 NO_AUTOSTART=${NO_AUTOSTART:-0}
 while [ $# -gt 0 ]; do
 	case "$1" in
 		--channel)
 			CHANNEL="$2"
 			shift
 			;;
 		--dry-run)
 			DRY_RUN=1
 			;;
 		--mirror)
 			mirror="$2"
 			shift
 			;;
 		--version)
 			VERSION="${2#v}"
 			shift
 			;;
 		--setup-repo)
 			REPO_ONLY=1
 			shift
 			;;
 		--no-autostart)
 			NO_AUTOSTART=1
 			;;
 		--*)
 			echo "Illegal option $1"
 			;;
 	esac
 	shift $(( $# > 0 ? 1 : 0 ))
 done
 case "$mirror" in
 	Aliyun)
 		DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
 		;;
 	AzureChinaCloud)
 		DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
 		;;
 	"")
 		;;
 	*)
 		>&2 echo "unknown mirror '$mirror': use either 'Aliyun', or 'AzureChinaCloud'."
 		exit 1
 		;;
 esac
 case "$CHANNEL" in
 	stable|test)
 		;;
 	*)
 		>&2 echo "unknown CHANNEL '$CHANNEL': use either stable or test."
 		exit 1
 		;;
 esac
 command_exists() {
 	command -v "$@" > /dev/null 2>&1
 }
 # version_gte checks if the version specified in $VERSION is at least the given
 # SemVer (Maj.Minor[.Patch]), or CalVer (YY.MM) version.It returns 0 (success)
 # if $VERSION is either unset (=latest) or newer or equal than the specified
 # version, or returns 1 (fail) otherwise.
 #
 # examples:
 #
 # VERSION=23.0
 # version_gte 23.0  // 0 (success)
 # version_gte 20.10 // 0 (success)
 # version_gte 19.03 // 0 (success)
 # version_gte 26.1  // 1 (fail)
 version_gte() {
 	if [ -z "$VERSION" ]; then
 			return 0
 	fi
 	version_compare "$VERSION" "$1"
 }
 # version_compare compares two version strings (either SemVer (Major.Minor.Path),
 # or CalVer (YY.MM) version strings. It returns 0 (success) if version A is newer
 # or equal than version B, or 1 (fail) otherwise. Patch releases and pre-release
 # (-alpha/-beta) are not taken into account
 #
 # examples:
 #
 # version_compare 23.0.0 20.10 // 0 (success)
 # version_compare 23.0 20.10   // 0 (success)
 # version_compare 20.10 19.03  // 0 (success)
 # version_compare 20.10 20.10  // 0 (success)
 # version_compare 19.03 20.10  // 1 (fail)
 version_compare() (
 	set +x
 	yy_a="$(echo "$1" | cut -d'.' -f1)"
 	yy_b="$(echo "$2" | cut -d'.' -f1)"
 	if [ "$yy_a" -lt "$yy_b" ]; then
 		return 1
 	fi
 	if [ "$yy_a" -gt "$yy_b" ]; then
 		return 0
 	fi
 	mm_a="$(echo "$1" | cut -d'.' -f2)"
 	mm_b="$(echo "$2" | cut -d'.' -f2)"
 	# trim leading zeros to accommodate CalVer
 	mm_a="${mm_a#0}"
 	mm_b="${mm_b#0}"
 	if [ "${mm_a:-0}" -lt "${mm_b:-0}" ]; then
 		return 1
 	fi
 	return 0
 )
 is_dry_run() {
 	if [ -z "$DRY_RUN" ]; then
 		return 1
 	else
 		return 0
 	fi
 }
 is_wsl() {
 	case "$(uname -r)" in
 	*microsoft* ) true ;; # WSL 2
 	*Microsoft* ) true ;; # WSL 1
 	* ) false;;
 	esac
 }
 is_darwin() {
 	case "$(uname -s)" in
 	*darwin* ) true ;;
 	*Darwin* ) true ;;
 	* ) false;;
 	esac
 }
 deprecation_notice() {
 	distro=$1
 	distro_version=$2
 	echo
 	printf "\033[91;1mDEPRECATION WARNING\033[0m\n"
 	printf "    This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n" "$distro" "$distro_version"
 	echo   "    No updates or security fixes will be released for this distribution, and users are recommended"
 	echo   "    to upgrade to a currently maintained version of $distro."
 	echo
 	printf   "Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue."
 	echo
 	sleep 10
 }
 get_distribution() {
 	lsb_dist=""
 	# Every system that we officially support has /etc/os-release
 	if [ -r /etc/os-release ]; then
 		lsb_dist="$(. /etc/os-release && echo "$ID")"
 	fi
 	# Returning an empty string here should be alright since the
 	# case statements don't act unless you provide an actual value
 	echo "$lsb_dist"
 }
 start_docker_daemon() {
 	# Use systemctl if available (for systemd-based systems)
 	if command_exists systemctl; then
 		is_dry_run || >&2 echo "Using systemd to manage Docker service"
 		if (
 			is_dry_run || set -x
 			$sh_c systemctl enable --now docker.service 2>/dev/null
 		); then
 			is_dry_run || echo "INFO: Docker daemon enabled and started" >&2
 		else
 			is_dry_run || echo "WARNING: unable to enable the docker service" >&2
 		fi
 	else
 		# No service management available (container environment)
 		if ! is_dry_run; then
 			>&2 echo "Note: Running in a container environment without service management"
 			>&2 echo "Docker daemon cannot be started automatically in this environment"
 			>&2 echo "The Docker packages have been installed successfully"
 		fi
 	fi
 	>&2 echo
 }
 echo_docker_as_nonroot() {
 	if is_dry_run; then
 		return
 	fi
 	if command_exists docker && [ -e /var/run/docker.sock ]; then
 		(
 			set -x
 			$sh_c 'docker version'
 		) || true
 	fi
 	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
 	echo
 	echo "================================================================================"
 	echo
 	if version_gte "20.10"; then
 		echo "To run Docker as a non-privileged user, consider setting up the"
 		echo "Docker daemon in rootless mode for your user:"
 		echo
 		echo "    dockerd-rootless-setuptool.sh install"
 		echo
 		echo "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode."
 		echo
 	fi
 	echo
 	echo "To run the Docker daemon as a fully privileged service, but granting non-root"
 	echo "users access, refer to https://docs.docker.com/go/daemon-access/"
 	echo
 	echo "WARNING: Access to the remote API on a privileged Docker daemon is equivalent"
 	echo "         to root access on the host. Refer to the 'Docker daemon attack surface'"
 	echo "         documentation for details: https://docs.docker.com/go/attack-surface/"
 	echo
 	echo "================================================================================"
 	echo
 }
 # Check if this is a forked Linux distro
 check_forked() {
 	# Check for lsb_release command existence, it usually exists in forked distros
 	if command_exists lsb_release; then
 		# Check if the `-u` option is supported
 		set +e
 		lsb_release -a -u > /dev/null 2>&1
 		lsb_release_exit_code=$?
 		set -e
 		# Check if the command has exited successfully, it means we're in a forked distro
 		if [ "$lsb_release_exit_code" = "0" ]; then
 			# Print info about current distro
 			cat <<-EOF
 			You're using '$lsb_dist' version '$dist_version'.
 			EOF
 			# Get the upstream release info
 			lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
 			dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
 			# Print info about upstream distro
 			cat <<-EOF
 			Upstream release is '$lsb_dist' version '$dist_version'.
 			EOF
 		else
 			if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
 				if [ "$lsb_dist" = "osmc" ]; then
 					# OSMC runs Raspbian
 					lsb_dist=raspbian
 				else
 					# We're Debian and don't even know it!
 					lsb_dist=debian
 				fi
 				dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
 				case "$dist_version" in
 					13|14|forky)
 						dist_version="trixie"
 					;;
 					12)
 						dist_version="bookworm"
 					;;
 					11)
 						dist_version="bullseye"
 					;;
 					10)
 						dist_version="buster"
 					;;
 					9)
 						dist_version="stretch"
 					;;
 					8)
 						dist_version="jessie"
 					;;
 				esac
 			fi
 		fi
 	fi
 }
 do_install() {
 	echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
 	if command_exists docker; then
 		cat >&2 <<-'EOF'
 			Warning: the "docker" command appears to already exist on this system.
 			If you already have Docker installed, this script can cause trouble, which is
 			why we're displaying this warning and provide the opportunity to cancel the
 			installation.
 			If you installed the current Docker package using this script and are using it
 			again to update Docker, you can ignore this message, but be aware that the
 			script resets any custom changes in the deb and rpm repo configuration
 			files to match the parameters passed to the script.
 			You may press Ctrl+C now to abort this script.
 		EOF
 		( set -x; sleep 20 )
 	fi
 	user="$(id -un 2>/dev/null || true)"
 	sh_c='sh -c'
 	if [ "$user" != 'root' ]; then
 		if command_exists sudo; then
 			sh_c='sudo -E sh -c'
 		elif command_exists su; then
 			sh_c='su -c'
 		else
 			cat >&2 <<-'EOF'
 			Error: this installer needs the ability to run commands as root.
 			We are unable to find either "sudo" or "su" available to make this happen.
 			EOF
 			exit 1
 		fi
 	fi
 	if is_dry_run; then
 		sh_c="echo"
 	fi
 	# perform some very rudimentary platform detection
 	lsb_dist=$( get_distribution )
 	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
 	if is_wsl; then
 		echo
 		echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
 		echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop/"
 		echo
 		cat >&2 <<-'EOF'
 			You may press Ctrl+C now to abort this script.
 		EOF
 		( set -x; sleep 20 )
 	fi
 	case "$lsb_dist" in
 		ubuntu)
 			if command_exists lsb_release; then
 				dist_version="$(lsb_release --codename | cut -f2)"
 			fi
 			if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
 				dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
 			fi
 		;;
 		debian|raspbian)
 			dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
 			case "$dist_version" in
 				13)
 					dist_version="trixie"
 				;;
 				12)
 					dist_version="bookworm"
 				;;
 				11)
 					dist_version="bullseye"
 				;;
 				10)
 					dist_version="buster"
 				;;
 				9)
 					dist_version="stretch"
 				;;
 				8)
 					dist_version="jessie"
 				;;
 			esac
 		;;
 		centos|rhel)
 			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
 				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
 			fi
 		;;
 		*)
 			if command_exists lsb_release; then
 				dist_version="$(lsb_release --release | cut -f2)"
 			fi
 			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
 				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
 			fi
 		;;
 	esac
 	# Check if this is a forked Linux distro
 	check_forked
 	# Print deprecation warnings for distro versions that recently reached EOL,
 	# but may still be commonly used (especially LTS versions).
 	case "$lsb_dist.$dist_version" in
 		centos.8|centos.7|rhel.7)
 			deprecation_notice "$lsb_dist" "$dist_version"
 			;;
 		debian.buster|debian.stretch|debian.jessie)
 			deprecation_notice "$lsb_dist" "$dist_version"
 			;;
 		raspbian.buster|raspbian.stretch|raspbian.jessie)
 			deprecation_notice "$lsb_dist" "$dist_version"
 			;;
 		ubuntu.focal|ubuntu.bionic|ubuntu.xenial|ubuntu.trusty)
 			deprecation_notice "$lsb_dist" "$dist_version"
 			;;
 		ubuntu.oracular|ubuntu.mantic|ubuntu.lunar|ubuntu.kinetic|ubuntu.impish|ubuntu.hirsute|ubuntu.groovy|ubuntu.eoan|ubuntu.disco|ubuntu.cosmic)
 			deprecation_notice "$lsb_dist" "$dist_version"
 			;;
 		fedora.*)
 			if [ "$dist_version" -lt 41 ]; then
 				deprecation_notice "$lsb_dist" "$dist_version"
 			fi
 			;;
 	esac
 	# Run setup for each distro accordingly
 	case "$lsb_dist" in
 		ubuntu|debian|raspbian)
 			pre_reqs="ca-certificates curl"
 			apt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
 			(
 				if ! is_dry_run; then
 					set -x
 				fi
 				$sh_c 'apt-get -qq update >/dev/null'
 				$sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pre_reqs >/dev/null"
 				$sh_c 'install -m 0755 -d /etc/apt/keyrings'
 				$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" -o /etc/apt/keyrings/docker.asc"
 				$sh_c "chmod a+r /etc/apt/keyrings/docker.asc"
 				$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
 				$sh_c 'apt-get -qq update >/dev/null'
 			)
 			if [ "$REPO_ONLY" = "1" ]; then
 				exit 0
 			fi
 			pkg_version=""
 			if [ -n "$VERSION" ]; then
 				if is_dry_run; then
 					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
 				else
 					# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
 					pkg_pattern="$(echo "$VERSION" | sed 's/-ce-/~ce~.*/g' | sed 's/-/.*/g')"
 					search_command="apt-cache madison docker-ce | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
 					pkg_version="$($sh_c "$search_command")"
 					echo "INFO: Searching repository for VERSION '$VERSION'"
 					echo "INFO: $search_command"
 					if [ -z "$pkg_version" ]; then
 						echo
 						echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
 						echo
 						exit 1
 					fi
 					if version_gte "18.09"; then
 							search_command="apt-cache madison docker-ce-cli | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
 							echo "INFO: $search_command"
 							cli_pkg_version="=$($sh_c "$search_command")"
 					fi
 					pkg_version="=$pkg_version"
 				fi
 			fi
 			(
 				pkgs="docker-ce${pkg_version%=}"
 				if version_gte "18.09"; then
 						# older versions didn't ship the cli and containerd as separate packages
 						pkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io"
 				fi
 				if version_gte "20.10"; then
 						pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
 				fi
 				if version_gte "23.0"; then
 						pkgs="$pkgs docker-buildx-plugin"
 				fi
 				if version_gte "28.2"; then
 						pkgs="$pkgs docker-model-plugin"
 				fi
 				if ! is_dry_run; then
 					set -x
 				fi
 				$sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pkgs >/dev/null"
 			)
 			if [ "$NO_AUTOSTART" != "1" ]; then
 				start_docker_daemon
 			fi
 			echo_docker_as_nonroot
 			exit 0
 			;;
 		centos|fedora|rhel)
 			if [ "$(uname -m)" = "s390x" ]; then
 				echo "Effective v27.5, please consult RHEL distro statement for s390x support."
 				exit 1
 			fi
 			repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
 			(
 				if ! is_dry_run; then
 					set -x
 				fi
 				if command_exists dnf5; then
 					$sh_c "dnf -y -q --setopt=install_weak_deps=False install dnf-plugins-core"
 					$sh_c "dnf5 config-manager addrepo --overwrite --save-filename=docker-ce.repo --from-repofile='$repo_file_url'"
 					if [ "$CHANNEL" != "stable" ]; then
 						$sh_c "dnf5 config-manager setopt \"docker-ce-*.enabled=0\""
 						$sh_c "dnf5 config-manager setopt \"docker-ce-$CHANNEL.enabled=1\""
 					fi
 					$sh_c "dnf makecache"
 				elif command_exists dnf; then
 					$sh_c "dnf -y -q --setopt=install_weak_deps=False install dnf-plugins-core"
 					$sh_c "rm -f /etc/yum.repos.d/docker-ce.repo  /etc/yum.repos.d/docker-ce-staging.repo"
 					$sh_c "dnf config-manager --add-repo $repo_file_url"
 					if [ "$CHANNEL" != "stable" ]; then
 						$sh_c "dnf config-manager --set-disabled \"docker-ce-*\""
 						$sh_c "dnf config-manager --set-enabled \"docker-ce-$CHANNEL\""
 					fi
 					$sh_c "dnf makecache"
 				else
 					$sh_c "yum -y -q install yum-utils"
 					$sh_c "rm -f /etc/yum.repos.d/docker-ce.repo  /etc/yum.repos.d/docker-ce-staging.repo"
 					$sh_c "yum-config-manager --add-repo $repo_file_url"
 					if [ "$CHANNEL" != "stable" ]; then
 						$sh_c "yum-config-manager --disable \"docker-ce-*\""
 						$sh_c "yum-config-manager --enable \"docker-ce-$CHANNEL\""
 					fi
 					$sh_c "yum makecache"
 				fi
 			)
 			if [ "$REPO_ONLY" = "1" ]; then
 				exit 0
 			fi
 			pkg_version=""
 			if command_exists dnf; then
 				pkg_manager="dnf"
 				pkg_manager_flags="-y -q --best"
 			else
 				pkg_manager="yum"
 				pkg_manager_flags="-y -q"
 			fi
 			if [ -n "$VERSION" ]; then
 				if is_dry_run; then
 					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
 				else
 					if [ "$lsb_dist" = "fedora" ]; then
 						pkg_suffix="fc$dist_version"
 					else
 						pkg_suffix="el"
 					fi
 					pkg_pattern="$(echo "$VERSION" | sed 's/-ce-/\\\\.ce.*/g' | sed 's/-/.*/g').*$pkg_suffix"
 					search_command="$pkg_manager list --showduplicates docker-ce | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
 					pkg_version="$($sh_c "$search_command")"
 					echo "INFO: Searching repository for VERSION '$VERSION'"
 					echo "INFO: $search_command"
 					if [ -z "$pkg_version" ]; then
 						echo
 						echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
 						echo
 						exit 1
 					fi
 					if version_gte "18.09"; then
 						# older versions don't support a cli package
 						search_command="$pkg_manager list --showduplicates docker-ce-cli | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
 						cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
 					fi
 					# Cut out the epoch and prefix with a '-'
 					pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
 				fi
 			fi
 			(
 				pkgs="docker-ce$pkg_version"
 				if version_gte "18.09"; then
 					# older versions didn't ship the cli and containerd as separate packages
 					if [ -n "$cli_pkg_version" ]; then
 						pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"
 					else
 						pkgs="$pkgs docker-ce-cli containerd.io"
 					fi
 				fi
 				if version_gte "20.10"; then
 					pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
 				fi
 				if version_gte "23.0"; then
 						pkgs="$pkgs docker-buildx-plugin docker-model-plugin"
 				fi
 				if ! is_dry_run; then
 					set -x
 				fi
 				$sh_c "$pkg_manager $pkg_manager_flags install $pkgs"
 			)
 			if [ "$NO_AUTOSTART" != "1" ]; then
 				start_docker_daemon
 			fi
 			echo_docker_as_nonroot
 			exit 0
 			;;
 		sles)
 			echo "Effective v27.5, please consult SLES distro statement for s390x support."
 			exit 1
 			;;
 		*)
 			if [ -z "$lsb_dist" ]; then
 				if is_darwin; then
 					echo
 					echo "ERROR: Unsupported operating system 'macOS'"
 					echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
 					echo
 					exit 1
 				fi
 			fi
 			echo
 			echo "ERROR: Unsupported distribution '$lsb_dist'"
 			echo
 			exit 1
 			;;
 	esac
 	exit 1
 }
 # wrapped up in a function so that we have some protection against only getting
 # half the file during "curl | sh"
 do_install
--- a/markup.yml
+++ b/markup.yml
@@ -15,12 +15,12 @@ echo "╚═══════════════════════
 echo "╔═════════════════════════════════════════════════════════════╗
 echo "║  ✅ SERVER_IP: 192.168.4.4                                 ║
 echo "║  ✅ SERVER_HOSTNAME: jasper                                ║
-echo "║  ✅ DUCKDNS_SUBDOMAINS: kelinreij                          ║
+echo "║  ✅ DUCKDNS_SUBDOMAINS: yourdomain                         ║
-echo "║  ✅ DUCKDNS_TOKEN: 41ef7faa-fc93-41d2-a32f-340fd2b75b2f    ║
+echo "║  ✅ DUCKDNS_TOKEN: your-duckdns-token                      ║
-echo "║  ✅ DOMAIN: kelinreij.duckdns.org                          ║
+echo "║  ✅ DOMAIN: yourdomain.duckdns.org                         ║
-echo "║  ✅ DEFAULT_USER: kelin                                    ║
+echo "║  ✅ DEFAULT_USER: admin                                    ║
-echo "║  ✅ DEFAULT_PASSWORD: Tiberi0u$                            ║
+echo "║  ✅ DEFAULT_PASSWORD: changeme                             ║
-echo "║  ✅ DEFAULT_EMAIL: kelinshomelab@gmail.com                 ║
+echo "║  ✅ DEFAULT_EMAIL: admin@example.com                       ║
 echo "╚═════════════════════════════════════════════════════════════╝
 echo "╔═════════════════════════════════════════════════════════════╗
@@ -31,16 +31,16 @@ echo "╔═══════════════════════
 echo "║                  Deployment Complete!                       ║
 echo "║  SSL Certificates may take a few minutes to be issued.      ║
 echo "║                                                             ║
-echo "║  https://dockge.kelinreij.duckdns.org                       ║
+echo "║  https://dockge.yourdomain.duckdns.org                       ║
 echo "║  http://192.168.4.4:5001                                    ║
 echo "║                                                             ║
-echo "║  https://homepage.kelinreij.duckdns.org                     ║
+echo "║  https://homepage.yourdomain.duckdns.org                     ║
 echo "║  http://192.168.4.4:3003                                    ║
 echo "║                                                             ║
-echo "║  https://authelia.kelinreij.duckdns.org                     ║
+echo "║  https://authelia.yourdomain.duckdns.org                     ║
 echo "║  http://192.168.4.4:9091                                    ║
 echo "║                                                             ║
-echo "║  https://traefik.kelinreij.duckdns.org                      ║
+echo "║  https://traefik.yourdomain.duckdns.org                      ║
 echo "║  http://192.168.4.4:8080                                    ║
 echo "║                                                             ║
 echo "╚═════════════════════════════════════════════════════════════╝
--- a/scripts/ez-homelab.sh
+++ b/scripts/ez-homelab.sh
@@ -874,6 +874,26 @@ deploy_core() {
    sudo chown "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/core/docker-compose.yml
    sudo chown "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/core/.env
    # Fix multi-line secrets in .env file (merge split lines)
    debug_log "Fixing multi-line secrets in .env file"
    python3 << 'PYFIX'
 import sys
 with open('/opt/stacks/core/.env', 'r') as f:
    lines = f.readlines()
 new_lines = []
 i = 0
 while i < len(lines):
    if any(k in lines[i] for k in ['AUTHELIA_JWT_SECRET=', 'AUTHELIA_SESSION_SECRET=', 'AUTHELIA_STORAGE_ENCRYPTION_KEY=']):
        if i + 1 < len(lines) and '=' not in lines[i+1] and lines[i+1].strip() and not lines[i+1].strip().startswith('#'):
            new_lines.append(lines[i].rstrip('\n') + lines[i+1].lstrip())
            i += 2
            continue
    new_lines.append(lines[i])
    i += 1
 with open('/opt/stacks/core/.env', 'w') as f:
    f.writelines(new_lines)
 PYFIX
    # Escape $ characters in password hashes to prevent Docker Compose variable substitution
    sed -i '/^AUTHELIA_ADMIN_PASSWORD_HASH=/ s/\$/\\$/g' /opt/stacks/core/.env
@@ -960,13 +980,9 @@ deploy_core() {
    # Remove invalid session.cookies section from Authelia config (not supported in v4.37.5)
    debug_log "Removing invalid session.cookies section from Authelia config"
-    sed -i '/^  cookies:/,/^$/d' /opt/stacks/core/authelia/configuration.yml
+    sed -i '/^  cookies:/,/^$/d' /opt/stacks/core/authelia/config/configuration.yml
-    # Move config files to the correct location for Docker mount
+    # Ensure proper ownership of Authelia files
    debug_log "Moving Authelia config files to config directory"
    mkdir -p /opt/stacks/core/authelia/config
    mv /opt/stacks/core/authelia/configuration.yml /opt/stacks/core/authelia/config/
    mv /opt/stacks/core/authelia/users_database.yml /opt/stacks/core/authelia/config/
    sudo chown -R "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/core/authelia
    # Generate shared CA for multi-server TLS
Author	SHA1	Message	Date
copilot-swe-agent[bot]	0052fa4ddc	Complete personal data replacement in Traefik configs - Replace remaining domain references in Traefik dynamic configs - Replace kelinreij.duckdns.org with yourdomain.duckdns.org in: - external-host-homeassistant.yml - local-host-production.yml - sablier.yml - markup.yml service URLs Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>	2026-02-05 18:41:42 +00:00
copilot-swe-agent[bot]	300d870a2b	Replace personal data with variables and placeholders - Replace hardcoded password in code-server config with ${CODE_SERVER_PASSWORD} - Replace domain kelin-hass.duckdns.org with yourdomain.duckdns.org in docs - Replace domain kelinreij.duckdns.org with yourdomain.duckdns.org in homepage config - Replace personal emails with example addresses - Replace DuckDNS token and credentials in markup.yml with placeholders - Replace Let's Encrypt account numbers with placeholders Co-authored-by: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>	2026-02-05 18:40:44 +00:00
copilot-swe-agent[bot]	94b4906a6a	Initial plan	2026-02-05 18:35:18 +00:00
kelin	10aee3b3b1	Fix: Correct Dozzle port and remove unnecessary template files - Changed Dozzle service port from 8085 to 8080 (correct port) - Removed authelia config template files (no longer needed) - Removed db.sqlite3 runtime data file	2026-02-05 13:13:44 -05:00
kelin	4803d2c856	Fix: Add multi-line secret sanitization to deployment script Added Python script to automatically merge multi-line Authelia secrets (JWT_SECRET, SESSION_SECRET, STORAGE_ENCRYPTION_KEY) during core deployment. This prevents envsubst from reading truncated values when the .env file contains accidental line breaks. Fixes Authelia startup errors: - 'encryption key does not appear to be valid for this database' - Invalid URL parsing due to incomplete variable expansion	2026-02-05 12:36:19 -05:00
kelin	d4c9516e00	Fix: Generate users_database.yml in secrets folder with proper variables - Move users_database.yml template from config/ to secrets/ folder - Authelia configuration expects users file at /secrets/users_database.yml - Replace hardcoded values in configuration.yml with variables: - jwt_secret, session secret, storage encryption_key - Domain references (kelinreij.duckdns.org → ${DOMAIN}) - Update deploy script to not move config files (already in subdirectories) - Fix sed command path to target config/configuration.yml - Remove unnecessary mkdir and mv commands from deploy_core() This ensures Authelia uses the correctly generated file with user credentials.	2026-02-05 12:12:33 -05:00
kelin	a554d00fd3	Fix: Use variables instead of placeholders in docker-compose files - Replace hardcoded placeholders with Docker Compose variables - docker-compose.yml: Use ${DUCKDNS_SUBDOMAINS}, ${DUCKDNS_TOKEN}, ${DOMAIN}, ${SERVER_IP} - traefik.yml: Use ${DEFAULT_EMAIL} for ACME email - users_database.yml: Use ${AUTHELIA_ADMIN_USER}, ${AUTHELIA_ADMIN_EMAIL}, ${AUTHELIA_ADMIN_PASSWORD_HASH} - sablier/docker-compose.yml: Fix to use ${DOMAIN} instead of {{DUCKDNS_DOMAIN}} This aligns with the correct strategy: - Docker-compose files use variables (${VAR}) - .env files use placeholders or actual values	2026-02-05 11:57:42 -05:00