updated port

.gitea/workflows/deploy.yml

@@ -0,0 +1,43 @@
+name: Deploy All Stacks to Swarm
+
+on:
+  push:
+    branches:
+    - main
+  workflow_dispatch:
+
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Deploy remaining stacks
+      run: |
+        for stack_file in *-stack.yml; do
+          stack_name="${stack_file%-stack.yml}"
+          # Skip traefik, git-runner (deploy those manually)
+          if [[ "$stack_name" != "traefik" && "$stack_name" != "git-runner" ]]; then
+            echo "🚀 Deploying ${stack_name}..."
+            docker stack deploy -c "$stack_file" "$stack_name" --prune --with-registry-auth
+          fi
+        done
+
+    - name: Deploy remaining stacks
+      run: |
+        for stack_file in *-stack.yml; do
+          stack_name="${stack_file%-stack.yml}"
+          # Skip if already deployed
+          if [[ "$stack_name" != "traefik" && "$stack_name" != "git-runner" ]]; then
+            echo "🚀 Deploying ${stack_name}..."
+            docker stack deploy -c "$stack_file" "$stack_name" --prune --with-registry-auth
+          fi
+        done
+
+    - name: List deployed stacks
+      run: |
+        echo ""
+        echo "📋 All deployed stacks:"
+        docker stack ls

.vscode/setting.json

@@ -1,32 +0,0 @@
-{
-  "files.associations": {
-    "*.yml": "yaml",
-    "*.yaml": "yaml",
-    "docker-compose*.yml": "yaml",
-    "stack.yml": "yaml"
-  },
-  "yaml.schemas": {
-    "https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json": [
-      "docker-compose*.yml",
-      "**/stacks/**/stack.yml"
-    ]
-  },
-  "yaml.format.enable": true,
-  "yaml.validate": true,
-  "editor.formatOnSave": true,
-  "editor.rulers": [80, 120],
-  "files.trimTrailingWhitespace": true,
-  "files.insertFinalNewline": true,
-  "git.autofetch": true,
-  "git.confirmSync": false,
-  "terminal.integrated.defaultProfile.windows": "PowerShell",
-  "[yaml]": {
-    "editor.insertSpaces": true,
-    "editor.tabSize": 2,
-    "editor.autoIndent": "advanced",
-    "editor.defaultFormatter": "redhat.vscode-yaml"
-  },
-  "[markdown]": {
-    "editor.defaultFormatter": "yzhang.markdown-all-in-one"
-  }
-}

adminer-stack.yml

@@ -30,4 +30,4 @@ services:
       - traefik.http.services.adminer.loadbalancer.server.port=8080
 networks:
   homelab:
-    external: true
+    external: true 

conf/traefik-conf/dynamic.yml

@@ -22,13 +22,15 @@ http:
     #-----------------------------------------------------------------------------------
   routers:
     # Local VPN-only services (*.swarm.home)
-    unraid-local:
-      rule: "Host(`unraid.swarm.home`)"
+    unraid:
+      rule: "Host(`unraid.frostlabs.me`)"
       entryPoints:
-      - web
       - websecure
       service: unraid
-      tls: {}
+      middlewares:
+        - authentik
+      tls:
+        certResolver: cloudflare
 
     # peertube:
     #   rule: "Host(`videos.frostlabs.me`)"

emby-stack.yml

@@ -21,6 +21,13 @@ services:
       start_period: 120s
     deploy:
       replicas: 1
+      labels:
+      - traefik.enable=true
+      - traefik.http.routers.emby.rule=Host(`movies.frostlabs.me`)
+      - traefik.http.routers.emby.entrypoints=websecure
+      - traefik.http.routers.emby.tls=true
+      - traefik.http.routers.emby.tls.certresolver=cloudflare
+      - traefik.http.services.emby.loadbalancer.server.port=8096
 networks:
   homelab:
-    external: true
+    external: true 

git-runner-stack.yml

@@ -0,0 +1,27 @@
+services:
+  gitea-runner:
+    image: gitea/act_runner:latest
+    hostname: "{{.Node.Hostname}}-runner"
+    environment:
+    - GITEA_INSTANCE_URL=https://git.frostlabs.me
+    - GITEA_RUNNER_REGISTRATION_TOKEN=hF9V6IIV4lj1cZVgNaZAXuXOcdVBiAQuoZdTU5Pp
+    - GITEA_RUNNER_NAME=swarm-runner-{{.Node.Hostname}}
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - gitea-runner-data:/data
+    networks:
+    - homelab # Adjust to match your Gitea network
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 3
+volumes:
+  gitea-runner-data:
+networks:
+  homelab:
+    external: true

n8n-stack.yml

@@ -42,4 +42,4 @@ services:
 
 networks:
   homelab:
-    external: true
+    external: true 

notifiarr-stack.yml

@@ -7,7 +7,7 @@ services:
     ports:
     - "5454:5454"
     volumes:
-    - /home/doc/projects/unraid-appdata/Notifiarr:/config
+    - /home/doc/projects/swarm-data/appdata/Notifiarr:/config
     - /var/run/docker.sock:/var/run/docker.sock:ro
     environment:
     - TZ=America/New_York

outline-stack.yml

@@ -79,4 +79,4 @@ networks:
     external: true
   outline_internal:
     driver: overlay
-    attachable: true
+    attachable: true 

paperless-stack.yml

@@ -79,4 +79,4 @@ secrets:
   paperless-secret-key:
     external: true
   postgres-master:
-    external: true
+    external: true 

peertube-stack.yml

@@ -104,5 +104,5 @@ networks:
 #     external: true
 #   peertube-key:
 #     external: true
-#   gmail-app-password:
+#   gmail-app-password: 
 #     external: true

prowlarr-stack.yml

@@ -10,7 +10,7 @@ services:
     - PGID=1000
     - TZ=Etc/UTC
     volumes:
-    - /home/doc/projects/unraid-appdata/postgres:/config
+    - /home/doc/projects/swarm-data/appdata/prowlarr:/config
     healthcheck:
       test: [ "CMD", "curl", "-f", "http://localhost:9696/ping" ]
       interval: 30s
@@ -22,4 +22,4 @@ services:
 
 networks:
   homelab:
-    external: true
+    external: true 

radarr-stack.yml

@@ -10,7 +10,7 @@ services:
     - PGID=1000
     - TZ=Etc/UTC
     volumes:
-    - /home/doc/projects/unraid-appdata/radarr:/config
+    - /home/doc/projects/swarm-data/appdata/radarr:/config
     - /home/doc/projects/data:/data
     healthcheck:
       test: [ "CMD", "curl", "-f", "http://localhost:7878/ping" ]

sab-stack.yml

@@ -10,7 +10,7 @@ services:
     - PGID=1000
     - TZ=Etc/UTC
     volumes:
-    - /home/doc/projects/unraid-appdata/sabnzbd:/config
+    - /home/doc/projects/swarm-data/appdata/sabnzbd:/config
     - /home/doc/projects/data/usenet:/data/usenet
     healthcheck:
       test: [ "CMD", "curl", "-f", "http://localhost:8080/api?mode=version" ]
@@ -23,4 +23,4 @@ services:
 
 networks:
   homelab:
-    external: true
+    external: true 

sonarr-stack.yml

@@ -10,7 +10,7 @@ services:
     - PGID=1000
     - TZ=Etc/UTC
     volumes:
-    - /mnt/swarm-data/sonarr:/config
+    - /home/doc/projects/swarm-data/appdata/sonarr:/config
     - /home/doc/projects/data:/data
     deploy:
       replicas: 1

stacks/apps/peertube/README.md

@@ -1,171 +0,0 @@
-# PeerTube Docker Swarm Setup
-
-## Prerequisites
-
-1. Traefik is running and configured
-2. PostgreSQL is running (`postgresSQL` service)
-3. The `homelab` network exists
-4. DNS record for `videos.frostlabs.me` points to your server
-
-## Setup Steps
-
-### 1. Create PeerTube Database
-
-Connect to your existing PostgreSQL instance and create the PeerTube database:
-
-```bash
-# Connect to PostgreSQL container
-docker exec -it $(docker ps -q -f name=postgresSQL) psql -U admin -d postgres
-
-# Create database (user 'admin' already exists with postgres-master secret)
-CREATE DATABASE peertube;
-GRANT ALL PRIVILEGES ON DATABASE peertube TO admin;
-\q
-```
-
-### 2. Create Docker Secret for PeerTube
-
-You already have the `postgres-master` secret for database access. You just need to create the PeerTube application secret:
-
-```bash
-# Generate and create the PeerTube secret
-echo "$(openssl rand -hex 32)" | docker secret create peertube-secret -
-
-# Verify the secret was created
-docker secret ls | grep peertube
-```
-
-**Note:** The stack uses your existing `postgres-master` secret for database authentication with the `admin` user.
-
-### 3. Verify Data Directory Permissions
-
-```bash
-# Check that the PeerTube appdata directory exists and has correct permissions
-ls -la /home/doc/projects/unraid-appdata/PeerTube
-
-# If needed, fix permissions (UID 999 is the PeerTube user)
-sudo chown -R 999:999 /home/doc/projects/unraid-appdata/PeerTube
-```
-
-### 4. Deploy the Stack
-
-```bash
-docker stack deploy -c stack.yml peertube
-```
-
-### 5. Monitor Deployment
-
-```bash
-# Watch the services
-docker service ls | grep peertube
-
-# Check logs
-docker service logs -f peertube_peertube
-
-# Check if healthy
-docker ps | grep peertube
-```
-
-### 6. Access PeerTube
-
-Once deployed, access PeerTube at: https://videos.frostlabs.me
-
-The first time you access it, you'll need to:
-1. Complete the setup wizard
-2. Create an admin account
-3. Configure additional settings in the admin panel
-
-## Configuration Notes
-
-### Database Connection
-- Host: `postgresSQL` (existing Postgres service)
-- Port: 5432 (internal)
-- Database: `peertube`
-- User: `admin`
-- Password: From `postgres-master` secret
-
-### Redis Connection
-- Host: `peertube-redis` (internal service)
-- Port: 6379 (default)
-
-### SMTP/Email
-- Host: `peertube-postfix` (internal service)
-- Port: 25
-- From: noreply@videos.frostlabs.me
-
-### Ports
-- **9000**: PeerTube HTTP (internal, proxied by Traefik)
-- **1935**: RTMP for live streaming (published on host)
-
-### Traefik Integration
-The stack is configured to use Traefik for:
-- SSL/TLS certificates (Let's Encrypt)
-- HTTPS on port 443
-- HTTP to HTTPS redirect
-- Domain: videos.frostlabs.me
-
-## Storage Layout
-
-All data is stored in `/home/doc/projects/unraid-appdata/PeerTube`:
-- Videos and media files
-- Thumbnails and previews
-- User uploads
-- Logs
-- Configuration
-
-## Troubleshooting
-
-### Check service status
-```bash
-docker service ps peertube_peertube --no-trunc
-```
-
-### View logs
-```bash
-docker service logs peertube_peertube
-docker service logs peertube_peertube-redis
-docker service logs peertube_peertube-postfix
-```
-
-### Database connection issues
-```bash
-# Test connection from PeerTube container
-docker exec -it $(docker ps -q -f name=peertube_peertube) sh
-nc -zv postgresSQL 5432
-```
-
-### Restart services
-```bash
-docker service update --force peertube_peertube
-```
-
-### Remove and redeploy
-```bash
-docker stack rm peertube
-# Wait for cleanup
-docker stack deploy -c stack.yml peertube
-```
-
-## Updating PeerTube
-
-```bash
-# Update the image
-docker service update --image chocobozzz/peertube:production-bookworm peertube_peertube
-
-# Or redeploy the stack
-docker stack deploy -c stack.yml peertube
-```
-
-## Security Considerations
-
-1. Change the default admin password after first login
-2. Keep PEERTUBE_SECRET secure and never commit it to version control
-3. Regularly update the PeerTube image for security patches
-4. Configure proper email settings for notifications
-5. Review and configure user registration settings in admin panel
-
-## Additional Resources
-
-- [PeerTube Documentation](https://docs.joinpeertube.org/)
-- [PeerTube Production Guide](https://docs.joinpeertube.org/install/docker)
-- [PeerTube Admin Documentation](https://docs.joinpeertube.org/admin/following-instances)

stacks/data/rsync/stack.yml

@@ -1,20 +0,0 @@
-services:
-  rsync:
-    image: alpine:latest
-    user: "0:0"
-    command: >
-      sh -c " apk add --no-cache rsync && echo '0 2 * * * rsync -av --no-perms --no-owner --no-group --exclude-from=/excludes.txt /source/ /destination/ && echo \"Sync completed at $$(date)\"' | crontab - && echo 'Backup sync started. Daily sync at 2 AM.' && crond -f -l 2"
-    deploy:
-      replicas: 1
-      restart_policy:
-        condition: on-failure
-        delay: 30s
-    volumes:
-    - /home/doc/projects/swarm-data/appdata:/source:ro
-    - /home/doc/projects/backups:/destination
-    - /home/doc/projects/swarm/conf/rsync-conf/excludes.txt:/excludes.txt:ro
-    networks:
-    - homelab
-networks:
-  homelab:
-    external: true

stacks/startup/authentik/stack.yml

@@ -1,112 +0,0 @@
-services:
-  redis:
-    image: redis:alpine
-    command: --save 60 1 --loglevel warning
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/authentik/redis:/data
-    networks:
-    - homelab
-    healthcheck:
-      test: [ "CMD", "redis-cli", "ping" ]
-      interval: 30s
-      timeout: 5s
-      retries: 3
-      start_period: 10s
-    deploy:
-      replicas: 1
-      resources:
-        limits:
-          memory: 512M
-        reservations:
-          memory: 128M
-
-  authentik_server:
-    image: ghcr.io/goauthentik/server:2025.10.0
-    command: server
-    environment:
-      AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
-      AUTHENTIK_REDIS__HOST: "redis"
-      AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
-      AUTHENTIK_POSTGRESQL__PORT: "5432"
-      AUTHENTIK_POSTGRESQL__USER: "admin"
-      AUTHENTIK_POSTGRESQL__NAME: "authentik"
-      AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
-      # Optional: Set error reporting (set to false for privacy)
-      AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
-    secrets:
-    - auth-key
-    - postgres-master
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/authentik/media:/media
-    - /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
-    - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-    - homelab
-    healthcheck:
-      test: [ "CMD-SHELL", "ak healthcheck" ]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 90s
-    deploy:
-      replicas: 1
-      resources:
-        limits:
-          memory: 1G
-          cpus: '1.0'
-        reservations:
-          memory: 512M
-      labels:
-      - "traefik.enable=true"
-      - "traefik.swarm.network=homelab"
-      # Public-facing domain with Let's Encrypt certificate
-      - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
-      - "traefik.http.routers.authentik.entrypoints=websecure"
-      - "traefik.http.routers.authentik.tls=true"
-      - "traefik.http.routers.authentik.tls.certresolver=cloudflare"
-      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
-
-    depends_on:
-    - redis
-
-  authentik_worker:
-    image: ghcr.io/goauthentik/server:2025.10.0
-    command: worker
-    environment:
-      AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
-      AUTHENTIK_REDIS__HOST: "redis"
-      AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
-      AUTHENTIK_POSTGRESQL__PORT: "5432"
-      AUTHENTIK_POSTGRESQL__USER: "admin"
-      AUTHENTIK_POSTGRESQL__NAME: "authentik"
-      AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
-      # Optional: Set error reporting (set to false for privacy)
-      AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
-    secrets:
-    - auth-key
-    - postgres-master
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/authentik/media:/media
-    - /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
-    - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-    - homelab
-    deploy:
-      replicas: 1
-      resources:
-        limits:
-          memory: 1G
-          cpus: '1.0'
-        reservations:
-          memory: 512M
-    depends_on:
-    - redis
-
-networks:
-  homelab:
-    external: true
-secrets:
-  postgres-master:
-    external: true
-  auth-key:
-    external: true

stacks/startup/portainer/stack.yml

@@ -1,36 +0,0 @@
-services:
-  portainer:
-    image: portainer/portainer-ce:latest
-    command: -H tcp://tasks.agent:9001 --tlsskipverify
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/portainer:/data
-    networks:
-    - homelab
-    ports:
-    - 9001:9000
-    deploy:
-      mode: replicated
-      replicas: 1
-      labels:
-      - "traefik.enable=true"
-      - "traefik.swarm.network=homelab"
-      # Public-facing domain with Let's Encrypt certificate
-      - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
-      - "traefik.http.routers.portainer.entrypoints=websecure"
-      - "traefik.http.routers.portainer.tls=true"
-      - "traefik.http.routers.portainer.tls.certresolver=cloudflare"
-      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
-
-  agent:
-    image: portainer/agent:latest
-    volumes:
-    - /var/run/docker.sock:/var/run/docker.sock
-    - /var/lib/docker/volumes:/var/lib/docker/volumes
-    networks:
-    - homelab
-    deploy:
-      mode: global
-
-networks:
-  homelab:
-    external: true

stacks/startup/stack.yml

@@ -1,196 +0,0 @@
-#---------------------------
-#         AUTHENTIK
-#---------------------------
-services:
-  redis:
-    image: redis:alpine
-    command: --save 60 1 --loglevel warning
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/authentik/redis:/data
-    networks:
-    - homelab
-    healthcheck:
-      test: [ "CMD", "redis-cli", "ping" ]
-      interval: 30s
-      timeout: 5s
-      retries: 3
-      start_period: 10s
-    deploy:
-      replicas: 1
-      resources:
-        limits:
-          memory: 512M
-        reservations:
-          memory: 128M
-
-  authentik_server:
-    image: ghcr.io/goauthentik/server:2025.10.0
-    command: server
-    environment:
-      AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
-      AUTHENTIK_REDIS__HOST: "redis"
-      AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
-      AUTHENTIK_POSTGRESQL__PORT: "5432"
-      AUTHENTIK_POSTGRESQL__USER: "admin"
-      AUTHENTIK_POSTGRESQL__NAME: "authentik"
-      AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
-      # Optional: Set error reporting (set to false for privacy)
-      AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
-    secrets:
-    - auth-key
-    - postgres-master
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/authentik/media:/media
-    - /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
-    - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-    - homelab
-    healthcheck:
-      test: [ "CMD-SHELL", "ak healthcheck" ]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 90s
-    deploy:
-      replicas: 1
-      resources:
-        limits:
-          memory: 1G
-          cpus: '1.0'
-        reservations:
-          memory: 512M
-      labels:
-      - "traefik.enable=true"
-      - "traefik.swarm.network=homelab"
-      # Public-facing domain with Let's Encrypt certificate
-      - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
-      - "traefik.http.routers.authentik.entrypoints=websecure"
-      - "traefik.http.routers.authentik.tls=true"
-      - "traefik.http.routers.authentik.tls.certresolver=cloudflare"
-      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
-
-    depends_on:
-    - redis
-
-  authentik_worker:
-    image: ghcr.io/goauthentik/server:2025.10.0
-    command: worker
-    environment:
-      AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
-      AUTHENTIK_REDIS__HOST: "redis"
-      AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
-      AUTHENTIK_POSTGRESQL__PORT: "5432"
-      AUTHENTIK_POSTGRESQL__USER: "admin"
-      AUTHENTIK_POSTGRESQL__NAME: "authentik"
-      AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
-      # Optional: Set error reporting (set to false for privacy)
-      AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
-    secrets:
-    - auth-key
-    - postgres-master
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/authentik/media:/media
-    - /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
-    - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-    - homelab
-    deploy:
-      replicas: 1
-      resources:
-        limits:
-          memory: 1G
-          cpus: '1.0'
-        reservations:
-          memory: 512M
-    depends_on:
-    - redis
-
-#---------------------------
-#         TRAEFIK
-#---------------------------
-  traefik:
-    image: traefik:v3.5.4
-    # Remove all command arguments - using static config file instead
-    ports:
-    - 80:80
-    - 443:443
-    - 8080:8080
-    environment:
-    - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
-    volumes:
-    - type: bind
-      source: /var/run/docker.sock
-      target: /var/run/docker.sock
-      read_only: true
-    - type: bind
-      source: /home/doc/projects/swarm-data/swarm-production/conf/traefik-conf/static.yml
-      target: /etc/traefik/traefik.yml
-      read_only: true
-    - type: bind
-      source: /home/doc/projects/swarm-data/swarm-production/conf/traefik-conf/dynamic.yml
-      target: /etc/traefik/dynamic/dynamic.yml
-    - type: bind
-      source: /home/doc/projects/swarm-data/appdata/traefik/certificates/acme.json
-      target: /certificates/acme.json
-    secrets:
-    - cloudflare_api_token
-    networks:
-    - homelab
-    healthcheck:
-      test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping" ]
-      interval: 30s
-      timeout: 5s
-      retries: 3
-      start_period: 30s
-    deploy:
-      mode: replicated
-      replicas: 1
-      placement:
-        constraints:
-        - node.hostname == p0
-
-#---------------------------
-#         TRAEFIK
-#---------------------------
-  portainer:
-    image: portainer/portainer-ce:latest
-    command: -H tcp://tasks.agent:9001 --tlsskipverify
-    volumes:
-    - /home/doc/projects/swarm-data/appdata/portainer:/data
-    networks:
-    - homelab
-    ports:
-    - 9001:9000
-    deploy:
-      mode: replicated
-      replicas: 1
-      labels:
-      - "traefik.enable=true"
-      - "traefik.swarm.network=homelab"
-      # Public-facing domain with Let's Encrypt certificate
-      - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
-      - "traefik.http.routers.portainer.entrypoints=websecure"
-      - "traefik.http.routers.portainer.tls=true"
-      - "traefik.http.routers.portainer.tls.certresolver=cloudflare"
-      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
-
-  agent:
-    image: portainer/agent:latest
-    volumes:
-    - /var/run/docker.sock:/var/run/docker.sock
-    - /var/lib/docker/volumes:/var/lib/docker/volumes
-    networks:
-    - homelab
-    deploy:
-      mode: global
-
-networks:
-  homelab:
-    external: true
-secrets:
-  postgres-master:
-    external: true
-  auth-key:
-    external: true
-  cloudflare_api_token:
-    external: true

traefik-stack.yml

@@ -5,7 +5,7 @@ services:
     ports:
     - 80:80
     - 443:443
-    - 8080:8080
+    - 8082:8080
     environment:
     - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
     volumes:
@@ -46,4 +46,4 @@ networks:
 
 secrets:
   cloudflare_api_token:
-    external: true
+    external: true