TopherMayor/hermes-ice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hermes-ice/platform-config/overview.md
Hermes Agent e4d91aadf9 Initial commit: homelab infrastructure wiki 
- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning
2026-05-24 16:08:40 -07:00

2.7 KiB
Raw Permalink Blame History

project
project
name status category source created updated description tags
Platform Configuration active configuration live-verification 2026-01-06 2026-04-19 Docker, Traefik, and container orchestration configuration
configuration
platform
docker
traefik

Platform Configuration

Docker, Traefik, and container orchestration configuration files.

Traefik Configuration

Two Traefik instances provide ingress:

Instance Host Role Version
ubuntu Traefik 192.168.50.61 Primary router v3.6.7
grizzley Traefik 192.168.50.84 Edge ACME + ingress v3.6.7

Dynamic Config Files (ubuntu)

Located in homelab/ubuntu/traefik/config/dynamic/:

File Services Routed
canonical-hosts.yml Grizzley ingress proxy, PVE OpenCode
gitea.yml gitea.tophermayor.com
homeassistant.yml ha.tophermayor.com
immich.yml immich.tophermayor.com
jellyfin.yml jellyfin.tophermayor.com
jellyseerr.yml jellyseerr.tophermayor.com
media-stack.yml Sonarr, Radarr, SABnzbd, Prowlarr, qBittorrent, Lidarr, Readarr (via gluetun)
middlewares.yml 30+ middleware definitions
opencode.yml opencode.tophermayor.com
proxmox.yml proxmox.local.tophermayor.com
stremio.yml stremio.local.tophermayor.com
traefik-dashboard.yml traefik.local.tophermayor.com
truenas.yml truenas.local.tophermayor.com
vaultwarden.yml vaultwarden.tophermayor.com
wildcard-certs.yml TLS certificate file references

Common Middlewares

Middleware Purpose
local-only@file Restrict to local network IPs
authentik-auth@file SSO authentication
security-headers@file Add security headers
crowdsec-bouncer@file Rate limiting and threat protection

Docker Networks

Network Scope Purpose
proxy-net External Traefik-routed services
app-net External Internal backend communication
authentik-internal Bridge SSO isolation
monitoring-internal Bridge Metrics/logs isolation
immich-internal Bridge Immich DB/Redis/ML
traefik-proxy Bridge (grizzley) Grizzley edge Traefik
media-net External Media stack isolation

Container Labels

Standard Traefik labels:

labels:
  - "traefik.enable=true"
  - "traefik.http.services.<service>.loadbalancer.server.port=8096"
  - "traefik.http.routers.<router>.rule=Host(`service.tophermayor.com`)"
  - "traefik.http.routers.<router>.tls.certresolver=cloudflare"

Related

Reference in New Issue View Git Blame Copy Permalink