SimpleHomelab
diff --git a/‎README.md
+81-76 b/‎README.md
+81-76
diff --git a/‎appdata/traefik2/rules/ds918/chain-basic-auth.yml
-1 b/‎appdata/traefik2/rules/ds918/chain-basic-auth.yml
-1
diff --git a/‎appdata/traefik2/rules/ds918/chain-no-auth.yml
-1 b/‎appdata/traefik2/rules/ds918/chain-no-auth.yml
-1
diff --git a/‎appdata/traefik2/rules/ds918/chain-oauth-external.yml
-1 b/‎appdata/traefik2/rules/ds918/chain-oauth-external.yml
-1
diff --git a/‎appdata/traefik2/rules/ds918/chain-oauth.yml
-1 b/‎appdata/traefik2/rules/ds918/chain-oauth.yml
-1
diff --git a/‎appdata/traefik2/rules/ds918/middlewares-basic-auth.yml
+1-1 b/‎appdata/traefik2/rules/ds918/middlewares-basic-auth.yml
+1-1
diff --git a/‎appdata/traefik2/rules/ds918/middlewares-https-redirectscheme.yml
-6 b/‎appdata/traefik2/rules/ds918/middlewares-https-redirectscheme.yml
-6
diff --git a/‎appdata/traefik2/rules/hs/app-adguard-home-authelia.yml.example
+1-1 b/‎appdata/traefik2/rules/hs/app-adguard-home-authelia.yml.example
+1-1
diff --git a/‎appdata/traefik2/rules/hs/app-adguard-home-oauth.yml.example
+1-1 b/‎appdata/traefik2/rules/hs/app-adguard-home-oauth.yml.example
+1-1
diff --git a/‎appdata/traefik2/rules/hs/app-haos-no-auth.yml.example
+1-1 b/‎appdata/traefik2/rules/hs/app-haos-no-auth.yml.example
+1-1
diff --git a/‎appdata/traefik2/rules/hs/app-pihole-oauth.yml.example
+1-1 b/‎appdata/traefik2/rules/hs/app-pihole-oauth.yml.example
+1-1
diff --git a/‎appdata/traefik2/rules/hs/app-plex-no-auth.yml.example
+1-1 b/‎appdata/traefik2/rules/hs/app-plex-no-auth.yml.example
+1-1
diff --git a/‎appdata/traefik2/rules/hs/app-proxmox-ve-oauth.yml.example
+1-1 b/‎appdata/traefik2/rules/hs/app-proxmox-ve-oauth.yml.example
+1-1
diff --git a/‎appdata/traefik2/rules/hs/app-second-domain-passthrough.yml.example
+1-1 b/‎appdata/traefik2/rules/hs/app-second-domain-passthrough.yml.example
+1-1
diff --git a/‎appdata/traefik2/rules/hs/app-tautulli-with-auth-bypass.yml.example
+2-2 b/‎appdata/traefik2/rules/hs/app-tautulli-with-auth-bypass.yml.example
+2-2
diff --git a/‎appdata/traefik2/rules/hs/app-unifi-controller-authelia.example
+1-1 b/‎appdata/traefik2/rules/hs/app-unifi-controller-authelia.example
+1-1
diff --git a/‎appdata/traefik2/rules/hs/chain-authelia.yml
-1 b/‎appdata/traefik2/rules/hs/chain-authelia.yml
-1
diff --git a/‎appdata/traefik2/rules/hs/chain-basic-auth.yml
-1 b/‎appdata/traefik2/rules/hs/chain-basic-auth.yml
-1
diff --git a/‎appdata/traefik2/rules/hs/chain-no-auth-no-crowdsec.yml
-1 b/‎appdata/traefik2/rules/hs/chain-no-auth-no-crowdsec.yml
-1
diff --git a/‎appdata/traefik2/rules/hs/chain-no-auth.yml
-1 b/‎appdata/traefik2/rules/hs/chain-no-auth.yml
-1
diff --git a/‎appdata/traefik2/rules/hs/chain-oauth-external.yml
-1 b/‎appdata/traefik2/rules/hs/chain-oauth-external.yml
-1
diff --git a/‎appdata/traefik2/rules/hs/chain-oauth-no-crowdsec.yml
-1 b/‎appdata/traefik2/rules/hs/chain-oauth-no-crowdsec.yml
-1
diff --git a/‎appdata/traefik2/rules/hs/chain-oauth.yml
-1 b/‎appdata/traefik2/rules/hs/chain-oauth.yml
-1
diff --git a/‎appdata/traefik2/rules/hs/middlewares-basic-auth.yml
+2-2 b/‎appdata/traefik2/rules/hs/middlewares-basic-auth.yml
+2-2
diff --git a/‎appdata/traefik2/rules/hs/middlewares-https-redirectscheme.yml
-6 b/‎appdata/traefik2/rules/hs/middlewares-https-redirectscheme.yml
-6
diff --git a/‎appdata/traefik2/rules/ws/chain-authelia-wp.yml
-1 b/‎appdata/traefik2/rules/ws/chain-authelia-wp.yml
-1
diff --git a/‎appdata/traefik2/rules/ws/chain-authelia.yml
-1 b/‎appdata/traefik2/rules/ws/chain-authelia.yml
-1
diff --git a/‎appdata/traefik2/rules/ws/chain-basic-auth.yml
-1 b/‎appdata/traefik2/rules/ws/chain-basic-auth.yml
-1
diff --git a/‎appdata/traefik2/rules/ws/chain-no-auth-crowdsec-wp.yml
-1 b/‎appdata/traefik2/rules/ws/chain-no-auth-crowdsec-wp.yml
-1
diff --git a/‎appdata/traefik2/rules/ws/chain-no-auth-wp.yml
-1 b/‎appdata/traefik2/rules/ws/chain-no-auth-wp.yml
-1
diff --git a/‎appdata/traefik2/rules/ws/chain-no-auth.yml
-1 b/‎appdata/traefik2/rules/ws/chain-no-auth.yml
-1
diff --git a/‎appdata/traefik2/rules/ws/chain-oauth-no-crowdsec.yml
-1 b/‎appdata/traefik2/rules/ws/chain-oauth-no-crowdsec.yml
-1
diff --git a/‎appdata/traefik2/rules/ws/chain-oauth.yml
-1 b/‎appdata/traefik2/rules/ws/chain-oauth.yml
-1
diff --git a/‎appdata/traefik2/rules/ws/middlewares-basic-auth.yml
+1-1 b/‎appdata/traefik2/rules/ws/middlewares-basic-auth.yml
+1-1
diff --git a/‎appdata/traefik2/rules/ws/middlewares-https-redirectscheme.yml
-6 b/‎appdata/traefik2/rules/ws/middlewares-https-redirectscheme.yml
-6
diff --git a/‎compose/archives/heimdall.yml
+22 b/‎compose/archives/heimdall.yml
+22
diff --git a/‎compose/archives/homepage.yml
100644100755
+22-14 b/‎compose/archives/homepage.yml
100644100755
+22-14
diff --git a/‎compose/ds918/glances.yml
+4-4 b/‎compose/ds918/glances.yml
+4-4
@@ -4,7 +4,6 @@ http:
       chain:
         middlewares:
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-basic-auth
           - middlewares-compress
@@ -4,6 +4,5 @@ http:
       chain:
         middlewares:
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-compress
@@ -4,7 +4,6 @@ http:
       chain:
         middlewares:
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-oauth-external
           - middlewares-compress
 
@@ -4,7 +4,6 @@ http:
       chain:
         middlewares:
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-oauth
           - middlewares-compress
@@ -4,5 +4,5 @@ http:
       basicAuth:
         # users:
         #   - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1"
-        usersFile: "/run/secrets/htpasswd" #be sure to mount the volume through docker-compose.yml
+        usersFile: "/run/secrets/basic_auth_credentials" 
         realm: "Traefik 2 Basic Auth"
@@ -3,7 +3,7 @@ http:
     adguard-rtr:
       rule: "Host(`ag.{{env "DOMAINNAME_HS"}}`)"
       entryPoints:
-        - https
+        - websecure
       middlewares:
         - chain-authelia
       service: adguard-svc
 
@@ -3,7 +3,7 @@ http:
     adguard-rtr:
       rule: "Host(`ag.{{env "DOMAINNAME_HS"}}`)"
       entryPoints:
-        - https
+        - websecure
       middlewares:
         - chain-oauth
       service: adguard-svc
 
@@ -3,7 +3,7 @@ http:
     haos-rtr:
       rule: "Host(`haos.{{env "DOMAINNAME_HS"}}`)" 
       entryPoints:
-        - https
+        - websecure
       middlewares:
         - chain-no-auth
       service: haos-svc
 
@@ -3,7 +3,7 @@ http:
     pihole-rtr:
       rule: "Host(`pihole.{{env "DOMAINNAME_HS"}}`)" 
       entryPoints:
-        - https
+        - websecure
       middlewares:
         - chain-oauth
         - pihole-add-admin
 
@@ -3,7 +3,7 @@ http:
     splex-rtr:
       rule: "Host(`splex.{{env "DOMAINNAME_HS"}}`)"
       entryPoints:
-        - https
+        - websecure
       middlewares:
         - chain-oauth
       service: splex-svc
 
@@ -3,7 +3,7 @@ http:
     proxmox-rtr:
       rule: "Host(`pve.{{env "DOMAINNAME_HS"}}`)"
       entryPoints:
-        - https
+        - websecure
       middlewares:
         - chain-oauth
       service: proxmox-svc
 
@@ -2,7 +2,7 @@ tcp:
   routers:
     synology-traefik-rtr:
       entryPoints:
-        - "https"
+        - websecure
       rule: "HostSNIRegexp(`{{env "DOMAINNAME_DS918"}}`, `{subdomain:[a-z]+}.{{env "DOMAINNAME_DS918"}}`)"
       service: synology-traefik-svc
       tls:
 
@@ -4,7 +4,7 @@ http:
       rule: "Host(`tautulli.{{env "DOMAINNAME_HS"}}`)"
       priority: 99
       entryPoints:
-        - https
+        - websecure
       middlewares:
         - chain-oauth
       service: tautulli-svc
@@ -13,7 +13,7 @@ http:
       rule: "Host(`tautulli.$DOMAINNAME_HS`) && (Headers(`X-Api-Key`, `$TAUTULLI_API_KEY`) || Query(`apikey`, `$TAUTULLI_API_KEY`))" 
       priority: 100
       entryPoints:
-        - https
+        - websecure
       middlewares:
         - chain-no-auth
       service: tautulli-svc
 
@@ -3,7 +3,7 @@ http:
     unifi-rtr:
       rule: "Host(`unifi.{{env "DOMAINNAME_HS"}}`)"
       entryPoints:
-        - https
+        - websecure
       middlewares:
         - chain-authelia
       service: unifi-svc
 
@@ -5,7 +5,6 @@ http:
         middlewares:
           - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-authelia
           #- middlewares-compress
@@ -5,7 +5,6 @@ http:
         middlewares:
           - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec        
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-basic-auth
           #- middlewares-compress
@@ -4,6 +4,5 @@ http:
       chain:
         middlewares:
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           #- middlewares-compress 
@@ -5,6 +5,5 @@ http:
         middlewares:
           #- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           #- middlewares-compress
@@ -5,7 +5,6 @@ http:
         middlewares:
           - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-oauth-external
           #- middlewares-compress
@@ -4,7 +4,6 @@ http:
       chain:
         middlewares:
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-oauth
           #- middlewares-compress
@@ -5,7 +5,6 @@ http:
         middlewares:
           #- middlewares-traefik-bouncer # leave this out if you are not using CrowdSec        
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-oauth
           - middlewares-compress
@@ -4,5 +4,5 @@ http:
       basicAuth:
         # users:
         #   - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1"
-        usersFile: "/shared/.htpasswd" #be sure to mount the volume through docker-compose.yml
-        realm: "Traefik 2 Basic Auth"
+        usersFile: "/run/secrets/basic_auth_credentials" 
+        realm: "Traefik 2 Basic Auth"
@@ -5,7 +5,6 @@ http:
         middlewares:
           - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers-wp
           - middlewares-authelia
           - middlewares-compress
@@ -5,7 +5,6 @@ http:
         middlewares:
           - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-authelia
           - middlewares-compress
@@ -5,7 +5,6 @@ http:
         middlewares:
           - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-basic-auth
           - middlewares-compress
@@ -5,6 +5,5 @@ http:
         middlewares:
           - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers-wp
           - middlewares-compress
@@ -5,6 +5,5 @@ http:
         middlewares:
           # - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers-wp
           - middlewares-compress
@@ -5,6 +5,5 @@ http:
         middlewares:
           # - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-compress
@@ -4,7 +4,6 @@ http:
       chain:
         middlewares:
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers-wp
           - middlewares-oauth
           - middlewares-compress
@@ -5,7 +5,6 @@ http:
         middlewares:
           - middlewares-traefik-bouncer # leave this out if you are not using CrowdSec
           - middlewares-rate-limit
-          - middlewares-https-redirectscheme
           - middlewares-secure-headers
           - middlewares-oauth
           - middlewares-compress
@@ -4,5 +4,5 @@ http:
       basicAuth:
         # users:
         #   - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1"
-        usersFile: "/run/secrets/htpasswd" #be sure to mount the volume through docker-compose.yml
+        usersFile: "/run/secrets/basic_auth_credentials" 
         realm: "Traefik 2 Basic Auth"
@@ -0,0 +1,22 @@
+  # Heimdall - Application Dashboard
+  heimdall:
+    <<: *common-keys-core # See EXTENSION FIELDS at the top
+    image: lscr.io/linuxserver/heimdall
+    container_name: heimdall
+    # ports:
+    #  - "$HEIMDALL_PORT:80" # 80 to 82 already taken by other services
+      # - "444:443" # 443 used by Traefik/Nginx Proxy Manager. Disabled because we will put Heimdall behind proxy.
+    volumes:
+      - $DOCKERDIR/appdata/heimdall:/config
+    environment:
+      <<: *default-tz-puid-pgid
+    labels:
+      - "traefik.enable=true"
+      ## HTTP Routers
+      - "traefik.http.routers.heimdall-rtr.entrypoints=https"
+      - "traefik.http.routers.heimdall-rtr.rule=Host(`$DOMAINNAME_CLOUD_SERVER`,`www.$DOMAINNAME_CLOUD_SERVER`)"
+      ## Middlewares
+      - "traefik.http.routers.heimdall-rtr.middlewares=chain-oauth@file"
+      ## HTTP Services
+      - "traefik.http.routers.heimdall-rtr.service=heimdall-svc"
+      - "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"
@@ -1,22 +1,30 @@
-  # Heimdall - Application Dashboard
-  heimdall:
-    <<: *common-keys-core # See EXTENSION FIELDS at the top
-    image: lscr.io/linuxserver/heimdall
-    container_name: heimdall
+services:
+  # Homepage - Application Dashboard
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+    profiles: ["apps", "all"]
+    networks:
+      - t2_proxy
+      - socket_proxy
     # ports:
-    #  - "$HEIMDALL_PORT:80" # 80 to 82 already taken by other services
-      # - "444:443" # 443 used by Traefik/Nginx Proxy Manager. Disabled because we will put Heimdall behind proxy.
+    #  - "3000:3000" 
     volumes:
-      - $DOCKERDIR/appdata/heimdall:/config
+      - $DOCKERDIR/appdata/homepage:/app/config
     environment:
-      <<: *default-tz-puid-pgid
+      TZ: $TZ
+      PUID: $PUID
+      PGID: $PGID
     labels:
       - "traefik.enable=true"
       ## HTTP Routers
-      - "traefik.http.routers.heimdall-rtr.entrypoints=https"
-      - "traefik.http.routers.heimdall-rtr.rule=Host(`$DOMAINNAME_CLOUD_SERVER`,`www.$DOMAINNAME_CLOUD_SERVER`)"
+      - "traefik.http.routers.homepage-rtr.entrypoints=websecure"
+      - "traefik.http.routers.homepage-rtr.rule=Host(`$DOMAINNAME_1`,`www.$DOMAINNAME_1`)" # Both domain.com and www.domain.com
       ## Middlewares
-      - "traefik.http.routers.heimdall-rtr.middlewares=chain-oauth@file"
+      - "traefik.http.routers.homepage-rtr.middlewares=chain-no-auth@file"
       ## HTTP Services
-      - "traefik.http.routers.heimdall-rtr.service=heimdall-svc"
-      - "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"
+      - "traefik.http.routers.homepage-rtr.service=homepage-svc"
+      - "traefik.http.services.homepage-svc.loadbalancer.server.port=3000"
@@ -10,7 +10,7 @@ services:
     # privileged: true # Only for VM
     # network_mode: host
     networks:
-      - t2_proxy
+      - traefik_proxy
       - socket_proxy
       - default
     ports:
@@ -28,11 +28,11 @@ services:
       DOCKER_HOST: tcp://socket-proxy:2375
     labels:
       - "traefik.enable=true"
-      ## HTTP Routers
+      # HTTP Routers
       - "traefik.http.routers.glances-rtr.entrypoints=https"
       - "traefik.http.routers.glances-rtr.rule=Host(`glances.$DOMAINNAME_DS918`)"
-      ## Middlewares
+      # Middlewares
       - "traefik.http.routers.glances-rtr.middlewares=chain-oauth@file"
-      ## HTTP Services
+      # HTTP Services
       - "traefik.http.routers.glances-rtr.service=glances-svc"
       - "traefik.http.services.glances-svc.loadbalancer.server.port=61208"