From 2756af85704a47dbe648718255141a71c1cd1e5b Mon Sep 17 00:00:00 2001
From: kelinfoxy <67766943+kelinfoxy@users.noreply.github.com>
Date: Tue, 17 Mar 2026 22:16:03 -0400
Subject: [PATCH] update core stack

---
 docker-templates/backrest/docker-compose.yml |  2 +-
 docker-templates/core/.env                   | 60 ++++++++++++++++----
 docker-templates/core/docker-compose.yml     | 30 +++++-----
 3 files changed, 65 insertions(+), 27 deletions(-)

diff --git a/docker-templates/backrest/docker-compose.yml b/docker-templates/backrest/docker-compose.yml
index 98a6ba5..9efe511 100644
--- a/docker-templates/backrest/docker-compose.yml
+++ b/docker-templates/backrest/docker-compose.yml
@@ -49,7 +49,7 @@ x-dockge:
     - ${LOCAL_URL}
 
 x-arcane:
-  icon: ${ICON_URL}
+  icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/svg/backrest.svg
   urls:
     - https://${PROXY_URL}
     - ${LOCAL_URL}
diff --git a/docker-templates/core/.env b/docker-templates/core/.env
index 7ec7d14..a6e92b4 100644
--- a/docker-templates/core/.env
+++ b/docker-templates/core/.env
@@ -1,18 +1,56 @@
-# Core Stack Environment Variables
+# #######################################################
+# Templating variables, not used by compose file directly
+SERVER_NAME=
+SERVER_IP=
+SUBDOMAIN=
+ICON_URL=https://cdn.jsdelivr.net/gh/selfhst/icons@main/svg/traefik.svg
+
+# Include Server Name in Proxy URL? Choose one.
+
+# PROXY_URL=${SERVICE_NAME}.${SERVER_NAME}.${SUBDOMAIN}.duckdns.org
+# PROXY_URL=${SERVICE_NAME}.${SUBDOMAIN}.duckdns.org
+
+# #############################################################################
+# Compose file variables
 
 TZ=America/New_York
 PUID=1000
 PGID=1000
-SERVER_IP=192.168.4.4
-SERVER_HOSTNAME=jasper
-DOMAIN=kelinreij.duckdns.org
 
-DUCKDNS_SUBDOMAINS=kelinreij
-DUCKDNS_TOKEN=41ef7faa-fc93-41d2-a32f-340fd2b75b2f
+LOCAL_URL=http://${SERVER_IP}:${EXTERNAL_PORT}
+
+DUCKDNS_SUBDOMAINS=
+DUCKDNS_TOKEN=
+
+AUTHELIA_JWT_SECRET=
+AUTHELIA_SESSION_SECRET=
+AUTHELIA_STORAGE_ENCRYPTION_KEY=
+AUTHELIA_ADMIN_PASSWORD_HASH=
+
+TRAEFIK_HOST_LABEL=traefik.http.routers.traefik.rule=Host(`traefik.${SUBDOMAIN}.duckdns.org`)
+AUTHELIA_HOST_LABEL=traefik.http.routers.authelia.rule=Host(`auth.${SUBDOMAIN}.duckdns.org`)
+AUTHELIA_FORWARD_AUTH_LABEL=traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${SUBDOMAIN}.duckdns.org/
+# #############################################################
+# Container Labels
+
+# DO NOT enclose label values in single quotes
+# If the value needs to include single quotes use backticks instead
+
+# For example HOST_LABEL=traefik.http.routers.${SERVICE_NAME}.rule=Host(`${PROXY_URL}`)
+# Notice the use of backticks instead of single quotes around ${PROXY_URL}
+
+TRAEFIK_ENABLE_LABEL=traefik.enable=true
+HOST_LABEL=traefik.http.routers.${SERVICE_NAME}.rule=Host(`${PROXY_URL}`)
+ICON_LABEL=com.getarcaneapp.arcane.icon=${ICON_URL}
+LOADBALANCER_LABEL=traefik.http.services.${SERVICE_NAME}.loadbalancer.server.port=${INTERNAL_PORT}
+
+TRAEFIK_NETWORK_LABEL=traefik.docker.network=traefik-network
+ENTRYPOINT_LABEL=traefik.http.routers.${SERVICE_NAME}.entrypoints=websecure
+CERT_LABEL=traefik.http.routers.${SERVICE_NAME}.tls.certresolver=letsencrypt
+
+AUTHELIA_LABEL=traefik.http.routers.${SERVICE_NAME}.middlewares=authelia@docker
+WATCHTOWER_ENABLE_LABEL=com.centurylinklabs.watchtower.enable=true
+
+
 
-PIHOLE_PASSWORD=Tiberi0u$
 
-AUTHELIA_JWT_SECRET=f6e604660a5b0cc9b6e506374c1de1309e7fb7999fae330701b3ffeb8c874a8f7cb55781186e72c81f46edba4fe6874020d5edc00562bfcbf7b555e5a483e025
-AUTHELIA_SESSION_SECRET=27a9a3b300b73de99537488c56133ab062b5b7d6474063db18942314a6b0dc045ee0f42b2f8a526afb12e2a1480e1539087b4a5a67334fe825116739adf27c1b
-AUTHELIA_STORAGE_ENCRYPTION_KEY=b9a5374a75524340001bb715dc35b666dbf2288ab2cef5181a4d1ec8ec7c4ed16cab1ab9dfd981341d4b55b86b3d4b61be7f568cae896c38c08e02cd758b1cd4
-AUTHELIA_ADMIN_PASSWORD_HASH==19=65536,t=3,p=4+A+otnHSpfW0Xr7uXV3XZ9sy7YxaI
\ No newline at end of file
diff --git a/docker-templates/core/docker-compose.yml b/docker-templates/core/docker-compose.yml
index 62db358..8f75ffb 100644
--- a/docker-templates/core/docker-compose.yml
+++ b/docker-templates/core/docker-compose.yml
@@ -40,10 +40,9 @@ services:
       - homelab-network
     labels:
       - com.getarcaneapp.arcane.icon=https://cdn.jsdelivr.net/gh/selfhst/icons@main/svg/traefik.svg
-      - 'homelab.category=core'
-      - 'homelab.description=Reverse proxy and SSL termination'
+      # - 'traefik.http.routers.traefik.rule=Host(`traefik.kelinreij.duckdns.org`)'
+      - ${TRAEFIK_HOST_LABEL}
       - 'traefik.enable=true'
-      - 'traefik.http.routers.traefik.rule=Host(`traefik.kelinreij.duckdns.org`)'
       - 'traefik.http.routers.traefik.entrypoints=websecure'
       - 'traefik.http.routers.traefik.tls.certresolver=letsencrypt'
       - 'traefik.http.routers.traefik.middlewares=authelia@docker'
@@ -66,15 +65,16 @@ services:
       - homelab-network
     labels:
       - com.getarcaneapp.arcane.icon=https://cdn.jsdelivr.net/gh/selfhst/icons@main/svg/authelia.svg
-      - 'homelab.category=core'
-      - 'homelab.description=Single sign-on authentication'
+      # - 'traefik.http.routers.authelia.rule=Host(`auth.kelinreij.duckdns.org`)'
+      - ${AUTHELIA_HOST_LABEL}
       - 'traefik.enable=true'
-      - 'traefik.http.routers.authelia.rule=Host(`auth.kelinreij.duckdns.org`)'
+      
       - 'traefik.http.routers.authelia.entrypoints=websecure'
       - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
       - 'traefik.http.routers.authelia.service=authelia'
       - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
-      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/'
+      # - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/'
+      - ${AUTHELIA_FORWARD_AUTH_LABEL}
       - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret'
       - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
 
@@ -86,15 +86,15 @@ networks:
 
 x-dockge:
   urls:
-    - https://auth.kelinreij.duckdns.org
-    - http://192.168.4.4:9091
-    - https://traefik.kelinreij.duckdns.org
-    - http://192.168.4.4:8080
+    - https://auth.${SUBDOMAIN}.duckdns.org
+    - http://${SERVER_IP}:9091
+    - https://traefik.${SUBDOMAIN}.duckdns.org
+    - http://${SERVER_IP}:8080
 
 x-arcane:
   icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/svg/traefik.svg
   urls:
-    - https://auth.kelinreij.duckdns.org
-    - http://192.168.4.4:9091
-    - https://traefik.kelinreij.duckdns.org
-    - http://192.168.4.4:8080
\ No newline at end of file
+    - https://auth.${SUBDOMAIN}.duckdns.org
+    - http://${SERVER_IP}:9091
+    - https://traefik.${SUBDOMAIN}.duckdns.org
+    - http://${SERVER_IP}:8080
\ No newline at end of file