Initial commit: homelab infrastructure wiki

- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning

platform-config/overview.md

@@ -0,0 +1,83 @@
+---
+project:
+  name: Platform Configuration
+  status: active
+  category: configuration
+  source: live-verification
+  created: 2026-01-06
+  updated: 2026-04-19
+  description: Docker, Traefik, and container orchestration configuration
+  tags: [configuration, platform, docker, traefik]
+---
+
+# Platform Configuration
+
+Docker, Traefik, and container orchestration configuration files.
+
+## Traefik Configuration
+
+Two Traefik instances provide ingress:
+
+| Instance | Host | Role | Version |
+|----------|------|------|---------|
+| ubuntu Traefik | 192.168.50.61 | Primary router | v3.6.7 |
+| grizzley Traefik | 192.168.50.84 | Edge ACME + ingress | v3.6.7 |
+
+### Dynamic Config Files (ubuntu)
+
+Located in `homelab/ubuntu/traefik/config/dynamic/`:
+
+| File | Services Routed |
+|------|----------------|
+| `canonical-hosts.yml` | Grizzley ingress proxy, PVE OpenCode |
+| `gitea.yml` | gitea.tophermayor.com |
+| `homeassistant.yml` | ha.tophermayor.com |
+| `immich.yml` | immich.tophermayor.com |
+| `jellyfin.yml` | jellyfin.tophermayor.com |
+| `jellyseerr.yml` | jellyseerr.tophermayor.com |
+| `media-stack.yml` | Sonarr, Radarr, SABnzbd, Prowlarr, qBittorrent, Lidarr, Readarr (via gluetun) |
+| `middlewares.yml` | 30+ middleware definitions |
+| `opencode.yml` | opencode.tophermayor.com |
+| `proxmox.yml` | proxmox.local.tophermayor.com |
+| `stremio.yml` | stremio.local.tophermayor.com |
+| `traefik-dashboard.yml` | traefik.local.tophermayor.com |
+| `truenas.yml` | truenas.local.tophermayor.com |
+| `vaultwarden.yml` | vaultwarden.tophermayor.com |
+| `wildcard-certs.yml` | TLS certificate file references |
+
+### Common Middlewares
+
+| Middleware | Purpose |
+|------------|---------|
+| `local-only@file` | Restrict to local network IPs |
+| `authentik-auth@file` | SSO authentication |
+| `security-headers@file` | Add security headers |
+| `crowdsec-bouncer@file` | Rate limiting and threat protection |
+
+## Docker Networks
+
+| Network | Scope | Purpose |
+|---------|-------|---------|
+| `proxy-net` | External | Traefik-routed services |
+| `app-net` | External | Internal backend communication |
+| `authentik-internal` | Bridge | SSO isolation |
+| `monitoring-internal` | Bridge | Metrics/logs isolation |
+| `immich-internal` | Bridge | Immich DB/Redis/ML |
+| `traefik-proxy` | Bridge (grizzley) | Grizzley edge Traefik |
+| `media-net` | External | Media stack isolation |
+
+## Container Labels
+
+Standard Traefik labels:
+```yaml
+labels:
+  - "traefik.enable=true"
+  - "traefik.http.services.<service>.loadbalancer.server.port=8096"
+  - "traefik.http.routers.<router>.rule=Host(`service.tophermayor.com`)"
+  - "traefik.http.routers.<router>.tls.certresolver=cloudflare"
+```
+
+## Related
+
+- [[../homelab/architecture.md|Homelab Architecture]]
+- [[project.md|Platform Config Project]]

platform-config/project.md

@@ -0,0 +1,41 @@
+---
+project:
+  name: Platform Configuration
+  status: active
+  category: configuration
+  source: live-verification
+  created: 2026-01-06
+  updated: 2026-04-19
+  description: Docker, Traefik, and container orchestration configuration
+  tags: [configuration, docker, traefik]
+---
+
+# Platform Configuration
+
+## Overview
+
+Docker, Traefik, and container orchestration configuration files.
+
+## Components
+
+### Traefik
+- Two instances: ubuntu (primary) + grizzley (edge ACME)
+- 15+ dynamic route files
+- Cloudflare DNS challenge for wildcard certs
+
+### Docker Networks
+- `proxy-net` — Traefik-routed services
+- `app-net` — Internal backend communication
+- `monitoring-internal` — Metrics isolation
+
+## Related Documentation
+
+- [[overview.md|Configuration Overview]] — Detailed config documentation
+
+## Tasks
+```dataview
+TASK
+FROM "platform-config/tasks"
+WHERE !completed
+SORT file.name ASC
+```