From c5b0c67ca7559c1c48f25b6ffcd4a2b87a3224a3 Mon Sep 17 00:00:00 2001 From: John Date: Fri, 7 Nov 2025 01:38:44 +0000 Subject: [PATCH] Refactor Docker Swarm stack configurations for local deployment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updated multiple stack files to use local hostnames instead of external domains, simplified Traefik configuration, and reorganized Authentik service location. Changes improve local development setup and reduce complexity. Key changes: - Simplified .gitignore to exclude entire conf/ directory - Updated Traefik labels across services to use .swarm.home domains - Removed Cloudflare cert resolver references for local TLS - Moved Authentik from apps/ to core/ directory structure - Removed Traefik labels from n8n and paperless services - Updated Traefik stack to use simplified port bindings - Added timezone environment variable to adminer and outline 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .gitignore | 8 +---- stacks/apps/adminer/stack.yml | 10 +++---- stacks/apps/n8n/stack.yml | 8 ----- stacks/apps/outline/stack.yml | 4 +-- stacks/apps/paperless/stack.yml | 7 ----- stacks/apps/uptime/stack.yml | 10 ++++--- stacks/{apps => core}/authentik/stack.yml | 9 +++--- stacks/core/portainer/stack.yml | 7 ++--- stacks/core/traefik/stack.yml | 36 +++++------------------ 9 files changed, 29 insertions(+), 70 deletions(-) rename stacks/{apps => core}/authentik/stack.yml (93%) diff --git a/.gitignore b/.gitignore index 2e9a90d..3b7e381 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1 @@ -conf/traefik-conf/dynamic.yml -stacks/apps/vikunja/config.yml -stacks/core/traefik/stack.yml.backup-20251103-150708 -stacks/core/traefik/TrustCA-Instructions.md -.gitignore -conf/traefik-local-conf/dynamic.yml -conf/traefik-conf/static.yml +conf/ diff --git a/stacks/apps/adminer/stack.yml b/stacks/apps/adminer/stack.yml index 6948ab3..7befc6f 100644 --- a/stacks/apps/adminer/stack.yml +++ b/stacks/apps/adminer/stack.yml @@ -6,6 +6,7 @@ services: environment: - ADMINER_DEFAULT_SERVER=10.0.4.10 - ADMINER_DESIGN=nette + - TZ=America/New_York healthcheck: test: [ "CMD", "php", "-r", "if (file_get_contents('http://localhost:8080')) exit(0); exit(1);" ] interval: 30s @@ -22,12 +23,11 @@ services: labels: # Local route - traefik.enable=true - - traefik.http.routers.adminer.rule=Host(`miner.frostlabs.me`) - - traefik.http.routers.adminer.entrypoints=websecure - - traefik.http.routers.adminer.tls.certresolver=cloudflare - - traefik.http.routers.adminer.middlewares=tailscale-whitelist@file - - traefik.http.services.adminer.loadbalancer.server.port=8080 - traefik.swarm.network=homelab + - traefik.http.routers.adminer.rule=Host(`miner.swarm.home`) + - traefik.http.routers.adminer.entrypoints=web,websecure + - traefik.http.routers.adminer.tls=true + - traefik.http.services.adminer.loadbalancer.server.port=8080 networks: homelab: external: true diff --git a/stacks/apps/n8n/stack.yml b/stacks/apps/n8n/stack.yml index 69313a0..08cccc6 100644 --- a/stacks/apps/n8n/stack.yml +++ b/stacks/apps/n8n/stack.yml @@ -30,14 +30,6 @@ services: memory: 2G reservations: memory: 512M - labels: - - "traefik.enable=true" - - "traefik.swarm.network=homelab" - - "traefik.http.routers.n8n.rule=Host(`n8n.bitfrost.me`)" - - "traefik.http.routers.n8n.entrypoints=websecure" - - "traefik.http.routers.n8n.tls.certresolver=cloudflare" - - "traefik.http.routers.n8n.service=n8n" - - "traefik.http.services.n8n.loadbalancer.server.port=5678" networks: homelab: diff --git a/stacks/apps/outline/stack.yml b/stacks/apps/outline/stack.yml index e72a627..fde2ac8 100644 --- a/stacks/apps/outline/stack.yml +++ b/stacks/apps/outline/stack.yml @@ -8,6 +8,7 @@ services: - DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline - REDIS_URL=redis://redis:6379 - URL=https://flow.frostlabs.me + - TZ=America/New_York - PORT=3000 - FILE_STORAGE=local - FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data @@ -39,10 +40,9 @@ services: labels: - "traefik.enable=true" - "traefik.swarm.network=homelab" - - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)" + - "traefik.http.routers.outline.rule=Host(`flow.swarm.home`)" - "traefik.http.routers.outline.entrypoints=websecure" - "traefik.http.routers.outline.tls=true" - - "traefik.http.routers.outline.tls.certresolver=cloudflare" - "traefik.http.services.outline.loadbalancer.server.port=3000" depends_on: - redis diff --git a/stacks/apps/paperless/stack.yml b/stacks/apps/paperless/stack.yml index 849ee3b..05ee30a 100644 --- a/stacks/apps/paperless/stack.yml +++ b/stacks/apps/paperless/stack.yml @@ -66,13 +66,6 @@ services: cpus: '2.0' reservations: memory: 1G - labels: - - "traefik.enable=true" - - "traefik.http.routers.paperless.rule=Host(`docs.frostlabs.me`)" - - "traefik.http.routers.paperless.entrypoints=websecure" - - "traefik.http.routers.paperless.tls.certresolver=cloudflare" - - "traefik.http.services.paperless.loadbalancer.server.port=8000" - - "traefik.swarm.network=homelab" depends_on: - paperless_redis diff --git a/stacks/apps/uptime/stack.yml b/stacks/apps/uptime/stack.yml index 3fea11b..cb8d644 100644 --- a/stacks/apps/uptime/stack.yml +++ b/stacks/apps/uptime/stack.yml @@ -7,6 +7,8 @@ services: - TZ=America/New_York networks: - homelab + ports: + - 3001:3001 healthcheck: test: [ "CMD", "node", "/app/extra/healthcheck.js" ] interval: 30s @@ -29,11 +31,11 @@ services: order: start-first labels: - "traefik.enable=true" - - "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)" - - "traefik.http.routers.uptime-kuma.entrypoints=websecure" - - "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare" - - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001" - "traefik.swarm.network=homelab" + - "traefik.http.routers.uptime-kuma.rule=Host(`status.swarm.home)" + - "traefik.http.routers.uptime-kuma.entrypoints=web,websecure" + - "traefik.http.routers.uptime-kuma.tls=true + - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001" networks: homelab: diff --git a/stacks/apps/authentik/stack.yml b/stacks/core/authentik/stack.yml similarity index 93% rename from stacks/apps/authentik/stack.yml rename to stacks/core/authentik/stack.yml index b2e39ba..f651d7f 100644 --- a/stacks/apps/authentik/stack.yml +++ b/stacks/core/authentik/stack.yml @@ -60,11 +60,12 @@ services: memory: 512M labels: - "traefik.enable=true" - - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)" - - "traefik.http.routers.authentik.entrypoints=websecure" - - "traefik.http.routers.authentik.tls.certresolver=cloudflare" - - "traefik.http.services.authentik.loadbalancer.server.port=9000" - "traefik.swarm.network=homelab" + - "traefik.http.routers.authentik.rule=Host(`auth.swam.home`)" + - "traefik.http.routers.authentik.entrypoints=web,websecure" + - "traefik.http.routers.authentik.tls=true" + - "traefik.http.services.authentik.loadbalancer.server.port=9000" + depends_on: - redis diff --git a/stacks/core/portainer/stack.yml b/stacks/core/portainer/stack.yml index 5ab1fa4..3997370 100644 --- a/stacks/core/portainer/stack.yml +++ b/stacks/core/portainer/stack.yml @@ -17,10 +17,9 @@ services: labels: - "traefik.enable=true" - "traefik.swarm.network=homelab" - - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)" - - "traefik.http.routers.portainer.entrypoints=websecure" - - "traefik.http.routers.portainer.tls.certresolver=cloudflare" - - "traefik.http.routers.portainer.service=portainer" + - "traefik.http.routers.portainer.rule=Host(`portainer.swarm.home`)" + - "traefik.http.routers.portainer.entrypoints=web,websecure" + - "traefik.http.routers.portainer.tls=true" - "traefik.http.services.portainer.loadbalancer.server.port=9000" agent: diff --git a/stacks/core/traefik/stack.yml b/stacks/core/traefik/stack.yml index cd3e779..0c5c1c7 100644 --- a/stacks/core/traefik/stack.yml +++ b/stacks/core/traefik/stack.yml @@ -1,27 +1,18 @@ services: traefik: - image: traefik:v3.5 + image: traefik:v3.5.4 # Remove all command arguments - using static config file instead ports: - - target: 80 - published: 80 - mode: host - - target: 443 - published: 443 - mode: host - - target: 8443 - published: 8443 - mode: host - - target: 8080 - published: 8082 - mode: host + - 80:80 + - 443:443 + - 8080:8080 environment: - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates + # - /home/doc/projects/swarm/conf/traefik-conf/static.yml:/etc/traefik/traefik.yml:ro - - /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro + - /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:rw secrets: - cloudflare_api_token networks: @@ -37,20 +28,7 @@ services: replicas: 1 placement: constraints: - - node.hostname == p0 - resources: - limits: - memory: 512M - cpus: '0.5' - reservations: - memory: 256M - labels: - - "traefik.enable=true" - - "traefik.http.routers.traefik.rule=Host(`proxy.frostlabs.me`)" - - "traefik.http.routers.traefik.entrypoints=websecure" - - "traefik.http.routers.traefik.tls.certresolver=cloudflare" - - "traefik.http.routers.traefik.service=api@internal" - - "traefik.http.services.traefik.loadbalancer.server.port=8080" + - node.hostname == p0 networks: homelab: