Refactor Docker Swarm stack configurations for local deployment

Updated multiple stack files to use local hostnames instead of external domains, simplified Traefik configuration, and reorganized Authentik service location. Changes improve local development setup and reduce complexity.

Key changes:
- Simplified .gitignore to exclude entire conf/ directory
- Updated Traefik labels across services to use .swarm.home domains
- Removed Cloudflare cert resolver references for local TLS
- Moved Authentik from apps/ to core/ directory structure
- Removed Traefik labels from n8n and paperless services
- Updated Traefik stack to use simplified port bindings
- Added timezone environment variable to adminer and outline

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

stacks/apps/adminer/stack.yml

@@ -6,6 +6,7 @@ services:
     environment:
     - ADMINER_DEFAULT_SERVER=10.0.4.10
     - ADMINER_DESIGN=nette
+    - TZ=America/New_York
     healthcheck:
       test: [ "CMD", "php", "-r", "if (file_get_contents('http://localhost:8080')) exit(0); exit(1);" ]
       interval: 30s
@@ -22,12 +23,11 @@ services:
       labels:
       # Local route
       - traefik.enable=true
-      - traefik.http.routers.adminer.rule=Host(`miner.frostlabs.me`)
-      - traefik.http.routers.adminer.entrypoints=websecure
-      - traefik.http.routers.adminer.tls.certresolver=cloudflare
-      - traefik.http.routers.adminer.middlewares=tailscale-whitelist@file
-      - traefik.http.services.adminer.loadbalancer.server.port=8080
       - traefik.swarm.network=homelab
+      - traefik.http.routers.adminer.rule=Host(`miner.swarm.home`)
+      - traefik.http.routers.adminer.entrypoints=web,websecure
+      - traefik.http.routers.adminer.tls=true
+      - traefik.http.services.adminer.loadbalancer.server.port=8080
 networks:
   homelab:
     external: true

stacks/apps/authentik/stack.yml

@@ -1,111 +0,0 @@
-services:
-  redis:
-    image: redis:alpine
-    command: --save 60 1 --loglevel warning
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/authentik/redis:/data
-    ports:
-    - 6379:6379
-    networks:
-    - homelab
-    healthcheck:
-      test: [ "CMD", "redis-cli", "ping" ]
-      interval: 30s
-      timeout: 5s
-      retries: 3
-      start_period: 10s
-    deploy:
-      replicas: 1
-      resources:
-        limits:
-          memory: 512M
-        reservations:
-          memory: 128M
-
-  authentik_server:
-    image: ghcr.io/goauthentik/server:2025.10.0
-    command: server
-    environment:
-      AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
-      AUTHENTIK_REDIS__HOST: "redis"
-      AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
-      AUTHENTIK_POSTGRESQL__PORT: "5432"
-      AUTHENTIK_POSTGRESQL__USER: "admin"
-      AUTHENTIK_POSTGRESQL__NAME: "authentik"
-      AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
-      # Optional: Set error reporting (set to false for privacy)
-      AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
-    secrets:
-    - auth-key
-    - postgres-master
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/authentik/media:/media
-    - /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
-    - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-    - homelab
-    healthcheck:
-      test: [ "CMD-SHELL", "ak healthcheck" ]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 90s
-    deploy:
-      replicas: 1
-      resources:
-        limits:
-          memory: 1G
-          cpus: '1.0'
-        reservations:
-          memory: 512M
-      labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
-      - "traefik.http.routers.authentik.entrypoints=websecure"
-      - "traefik.http.routers.authentik.tls.certresolver=cloudflare"
-      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
-      - "traefik.swarm.network=homelab"
-    depends_on:
-    - redis
-
-  authentik_worker:
-    image: ghcr.io/goauthentik/server:2025.10.0
-    command: worker
-    environment:
-      AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
-      AUTHENTIK_REDIS__HOST: "redis"
-      AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
-      AUTHENTIK_POSTGRESQL__PORT: "5432"
-      AUTHENTIK_POSTGRESQL__USER: "admin"
-      AUTHENTIK_POSTGRESQL__NAME: "authentik"
-      AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
-      # Optional: Set error reporting (set to false for privacy)
-      AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
-    secrets:
-    - auth-key
-    - postgres-master
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/authentik/media:/media
-    - /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
-    - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-    - homelab
-    deploy:
-      replicas: 1
-      resources:
-        limits:
-          memory: 1G
-          cpus: '1.0'
-        reservations:
-          memory: 512M
-    depends_on:
-    - redis
-
-networks:
-  homelab:
-    external: true
-secrets:
-  postgres-master:
-    external: true
-  auth-key:
-    external: true

stacks/apps/n8n/stack.yml

@@ -30,14 +30,6 @@ services:
           memory: 2G
         reservations:
           memory: 512M
-      labels:
-      - "traefik.enable=true"
-      - "traefik.swarm.network=homelab"
-      - "traefik.http.routers.n8n.rule=Host(`n8n.bitfrost.me`)"
-      - "traefik.http.routers.n8n.entrypoints=websecure"
-      - "traefik.http.routers.n8n.tls.certresolver=cloudflare"
-      - "traefik.http.routers.n8n.service=n8n"
-      - "traefik.http.services.n8n.loadbalancer.server.port=5678"
 
 networks:
   homelab:

stacks/apps/outline/stack.yml

@@ -8,6 +8,7 @@ services:
     - DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline
     - REDIS_URL=redis://redis:6379
     - URL=https://flow.frostlabs.me
+    - TZ=America/New_York
     - PORT=3000
     - FILE_STORAGE=local
     - FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data
@@ -39,10 +40,9 @@ services:
       labels:
       - "traefik.enable=true"
       - "traefik.swarm.network=homelab"
-      - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)"
+      - "traefik.http.routers.outline.rule=Host(`flow.swarm.home`)"
       - "traefik.http.routers.outline.entrypoints=websecure"
       - "traefik.http.routers.outline.tls=true"
-      - "traefik.http.routers.outline.tls.certresolver=cloudflare"
       - "traefik.http.services.outline.loadbalancer.server.port=3000"
     depends_on:
     - redis

stacks/apps/paperless/stack.yml

@@ -66,13 +66,6 @@ services:
           cpus: '2.0'
         reservations:
           memory: 1G
-      labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.paperless.rule=Host(`docs.frostlabs.me`)"
-      - "traefik.http.routers.paperless.entrypoints=websecure"
-      - "traefik.http.routers.paperless.tls.certresolver=cloudflare"
-      - "traefik.http.services.paperless.loadbalancer.server.port=8000"
-      - "traefik.swarm.network=homelab"
     depends_on:
     - paperless_redis
 

stacks/apps/uptime/stack.yml

@@ -7,6 +7,8 @@ services:
     - TZ=America/New_York
     networks:
     - homelab
+    ports:
+    - 3001:3001
     healthcheck:
       test: [ "CMD", "node", "/app/extra/healthcheck.js" ]
       interval: 30s
@@ -29,11 +31,11 @@ services:
         order: start-first
       labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)"
-      - "traefik.http.routers.uptime-kuma.entrypoints=websecure"
-      - "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare"
-      - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
       - "traefik.swarm.network=homelab"
+      - "traefik.http.routers.uptime-kuma.rule=Host(`status.swarm.home)"
+      - "traefik.http.routers.uptime-kuma.entrypoints=web,websecure"
+      - "traefik.http.routers.uptime-kuma.tls=true
+      - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
 
 networks:
   homelab: