Refactor Docker Swarm stack configurations for local deployment

Updated multiple stack files to use local hostnames instead of external domains, simplified Traefik configuration, and reorganized Authentik service location. Changes improve local development setup and reduce complexity. Key changes: - Simplified .gitignore to exclude entire conf/ directory - Updated Traefik labels across services to use .swarm.home domains - Removed Cloudflare cert resolver references for local TLS - Moved Authentik from apps/ to core/ directory structure - Removed Traefik labels from n8n and paperless services - Updated Traefik stack to use simplified port bindings - Added timezone environment variable to adminer and outline 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-07 01:38:44 +00:00
parent bc67ba5341
commit c5b0c67ca7
9 changed files with 29 additions and 70 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1 @@
-conf/traefik-conf/dynamic.yml
+conf/
 stacks/apps/vikunja/config.yml
 stacks/core/traefik/stack.yml.backup-20251103-150708
 stacks/core/traefik/TrustCA-Instructions.md
 .gitignore
 conf/traefik-local-conf/dynamic.yml
 conf/traefik-conf/static.yml
--- a/stacks/apps/adminer/stack.yml
+++ b/stacks/apps/adminer/stack.yml
@@ -6,6 +6,7 @@ services:
    environment:
    - ADMINER_DEFAULT_SERVER=10.0.4.10
    - ADMINER_DESIGN=nette
    - TZ=America/New_York
    healthcheck:
      test: [ "CMD", "php", "-r", "if (file_get_contents('http://localhost:8080')) exit(0); exit(1);" ]
      interval: 30s
@@ -22,12 +23,11 @@ services:
      labels:
      # Local route
      - traefik.enable=true
      - traefik.http.routers.adminer.rule=Host(`miner.frostlabs.me`)
      - traefik.http.routers.adminer.entrypoints=websecure
      - traefik.http.routers.adminer.tls.certresolver=cloudflare
      - traefik.http.routers.adminer.middlewares=tailscale-whitelist@file
      - traefik.http.services.adminer.loadbalancer.server.port=8080
      - traefik.swarm.network=homelab
      - traefik.http.routers.adminer.rule=Host(`miner.swarm.home`)
      - traefik.http.routers.adminer.entrypoints=web,websecure
      - traefik.http.routers.adminer.tls=true
      - traefik.http.services.adminer.loadbalancer.server.port=8080
 networks:
  homelab:
    external: true
--- a/stacks/apps/n8n/stack.yml
+++ b/stacks/apps/n8n/stack.yml
@@ -30,14 +30,6 @@ services:
          memory: 2G
        reservations:
          memory: 512M
      labels:
      - "traefik.enable=true"
      - "traefik.swarm.network=homelab"
      - "traefik.http.routers.n8n.rule=Host(`n8n.bitfrost.me`)"
      - "traefik.http.routers.n8n.entrypoints=websecure"
      - "traefik.http.routers.n8n.tls.certresolver=cloudflare"
      - "traefik.http.routers.n8n.service=n8n"
      - "traefik.http.services.n8n.loadbalancer.server.port=5678"
 networks:
  homelab:
--- a/stacks/apps/outline/stack.yml
+++ b/stacks/apps/outline/stack.yml
@@ -8,6 +8,7 @@ services:
    - DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline
    - REDIS_URL=redis://redis:6379
    - URL=https://flow.frostlabs.me
    - TZ=America/New_York
    - PORT=3000
    - FILE_STORAGE=local
    - FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data
@@ -39,10 +40,9 @@ services:
      labels:
      - "traefik.enable=true"
      - "traefik.swarm.network=homelab"
-      - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)"
+      - "traefik.http.routers.outline.rule=Host(`flow.swarm.home`)"
      - "traefik.http.routers.outline.entrypoints=websecure"
      - "traefik.http.routers.outline.tls=true"
      - "traefik.http.routers.outline.tls.certresolver=cloudflare"
      - "traefik.http.services.outline.loadbalancer.server.port=3000"
    depends_on:
    - redis
--- a/stacks/apps/paperless/stack.yml
+++ b/stacks/apps/paperless/stack.yml
@@ -66,13 +66,6 @@ services:
          cpus: '2.0'
        reservations:
          memory: 1G
      labels:
      - "traefik.enable=true"
      - "traefik.http.routers.paperless.rule=Host(`docs.frostlabs.me`)"
      - "traefik.http.routers.paperless.entrypoints=websecure"
      - "traefik.http.routers.paperless.tls.certresolver=cloudflare"
      - "traefik.http.services.paperless.loadbalancer.server.port=8000"
      - "traefik.swarm.network=homelab"
    depends_on:
    - paperless_redis
--- a/stacks/apps/uptime/stack.yml
+++ b/stacks/apps/uptime/stack.yml
@@ -7,6 +7,8 @@ services:
    - TZ=America/New_York
    networks:
    - homelab
    ports:
    - 3001:3001
    healthcheck:
      test: [ "CMD", "node", "/app/extra/healthcheck.js" ]
      interval: 30s
@@ -29,11 +31,11 @@ services:
        order: start-first
      labels:
      - "traefik.enable=true"
      - "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)"
      - "traefik.http.routers.uptime-kuma.entrypoints=websecure"
      - "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare"
      - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
      - "traefik.swarm.network=homelab"
      - "traefik.http.routers.uptime-kuma.rule=Host(`status.swarm.home)"
      - "traefik.http.routers.uptime-kuma.entrypoints=web,websecure"
      - "traefik.http.routers.uptime-kuma.tls=true
      - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
 networks:
  homelab:
--- a/stacks/core/authentik/stack.yml
+++ b/stacks/core/authentik/stack.yml
@@ -60,11 +60,12 @@ services:
          memory: 512M
      labels:
      - "traefik.enable=true"
      - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
      - "traefik.http.routers.authentik.entrypoints=websecure"
      - "traefik.http.routers.authentik.tls.certresolver=cloudflare"
      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
      - "traefik.swarm.network=homelab"
      - "traefik.http.routers.authentik.rule=Host(`auth.swam.home`)"
      - "traefik.http.routers.authentik.entrypoints=web,websecure"
      - "traefik.http.routers.authentik.tls=true"
      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
    depends_on:
    - redis
--- a/stacks/core/portainer/stack.yml
+++ b/stacks/core/portainer/stack.yml
@@ -17,10 +17,9 @@ services:
      labels:
      - "traefik.enable=true"
      - "traefik.swarm.network=homelab"
-      - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
+      - "traefik.http.routers.portainer.rule=Host(`portainer.swarm.home`)"
-      - "traefik.http.routers.portainer.entrypoints=websecure"
+      - "traefik.http.routers.portainer.entrypoints=web,websecure"
-      - "traefik.http.routers.portainer.tls.certresolver=cloudflare"
+      - "traefik.http.routers.portainer.tls=true"
      - "traefik.http.routers.portainer.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
  agent:
--- a/stacks/core/traefik/stack.yml
+++ b/stacks/core/traefik/stack.yml
@@ -1,27 +1,18 @@
 services:
  traefik:
-    image: traefik:v3.5
+    image: traefik:v3.5.4
    # Remove all command arguments - using static config file instead
    ports:
-    - target: 80
+    - 80:80
-      published: 80
+    - 443:443
-      mode: host
+    - 8080:8080
    - target: 443
      published: 443
      mode: host
    - target: 8443
      published: 8443
      mode: host
    - target: 8080
      published: 8082
      mode: host
    environment:
    - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
-    - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
+    #
    - /home/doc/projects/swarm/conf/traefik-conf/static.yml:/etc/traefik/traefik.yml:ro
-    - /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
+    - /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:rw
    secrets:
    - cloudflare_api_token
    networks:
@@ -37,20 +28,7 @@ services:
      replicas: 1
      placement:
        constraints:
-        - node.hostname == p0
+          - node.hostname == p0
      resources:
        limits:
          memory: 512M
          cpus: '0.5'
        reservations:
          memory: 256M
      labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`proxy.frostlabs.me`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
 networks:
  homelab: