Update paths and configurations for swarm infrastructure

- Update all volume paths from /home/doc/swarm-data to /home/doc/projects/swarm-data - Add Traefik local entrypoint on port 8443 with host mode networking - Add Adminer local route with Traefik labels - Configure Vikunja OIDC integration with Authentik - Add Outline stack configuration - Add traefik-local stack for local network routing - Update .gitignore with backup files and dynamic configs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-03 22:12:17 +00:00
parent b6ae643c39
commit a1af5b4c9b
13 changed files with 235 additions and 25 deletions
--- a/stacks/core/portainer/stack.yml
+++ b/stacks/core/portainer/stack.yml
@@ -3,7 +3,7 @@ services:
    image: portainer/portainer-ce:latest
    command: -H tcp://tasks.agent:9001 --tlsskipverify
    volumes:
-    - /home/doc/swarm-data/appdata/portainer:/data
+    - /home/doc/projects/swarm-data/appdata/portainer:/data
    networks:
    - homelab
    deploy:
--- a/stacks/core/traefik-local/stack.yml
+++ b/stacks/core/traefik-local/stack.yml
@@ -0,0 +1,65 @@
+services:
+  traefik-local:
+    image: traefik:v3.5
+    command:
+    - --api.dashboard=true
+    - --api.insecure=true
+    - --ping=true
+    - --entrypoints.web.address=:80
+    - --entrypoints.websecure.address=:443
+    - --entrypoints.websecure.http3=false
+    - --entrypoints.web.http.redirections.entrypoint.to=websecure
+    - --entrypoints.web.http.redirections.entrypoint.scheme=https
+    - --providers.swarm=true
+    - --providers.swarm.exposedByDefault=false
+    - --providers.swarm.network=homelab
+    - --providers.swarm.watch=true
+    - --providers.file.directory=/etc/traefik/dynamic
+    - --providers.file.watch=true
+    - --log.level=DEBUG
+    - --accesslog=true
+    ports:
+    - target: 80
+      published: 80
+      mode: host
+    - target: 443
+      published: 443
+      mode: host
+    - target: 8080
+      published: 8083
+      mode: host
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock:ro
+    - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
+    - /home/doc/projects/swarm/swarm-production/conf/traefik-local-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
+    networks:
+    - homelab
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 30s
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints:
+        - node.hostname == p1
+      resources:
+        limits:
+          memory: 512M
+          cpus: '0.5'
+        reservations:
+          memory: 256M
+      labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik-local.rule=Host(`proxy.home.frostlabs.me`)"
+      - "traefik.http.routers.traefik-local.entrypoints=websecure"
+      - "traefik.http.routers.traefik-local.tls=true"
+      - "traefik.http.routers.traefik-local.service=api@internal"
+      - "traefik.http.services.traefik-local.loadbalancer.server.port=8080"
+
+networks:
+  homelab:
+    external: true
--- a/stacks/core/traefik/stack.yml
+++ b/stacks/core/traefik/stack.yml
@@ -7,6 +7,7 @@ services:
    - --ping=true
    - --entrypoints.web.address=:80
    - --entrypoints.websecure.address=:443
+    - --entrypoints.local.address=:8443
    - --entrypoints.web.http.redirections.entrypoint.to=websecure
    - --entrypoints.web.http.redirections.entrypoint.scheme=https
    - --providers.swarm=true
@@ -22,15 +23,24 @@ services:
    - --log.level=DEBUG
    - --accesslog=true
    ports:
-    - "80:80"
-    - "443:443"
-    - "8082:8080"
+    - target: 80
+      published: 80
+      mode: host
+    - target: 443
+      published: 443
+      mode: host
+    - target: 8443
+      published: 8443
+      mode: host
+    - target: 8080
+      published: 8082
+      mode: host
    environment:
    - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
-    - /home/doc/swarm-data/appdata/traefik/certificates:/certificates
-    - /home/doc/swarm/swarm-production/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
+    - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
+    - /home/doc/projects/swarm/swarm-production/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
    secrets:
    - cloudflare_api_token
    networks: