diff --git a/ai/llama-cpp/docker-compose.yml b/ai/llama-cpp/docker-compose.yml
new file mode 100644
index 0000000..30dad2b
--- /dev/null
+++ b/ai/llama-cpp/docker-compose.yml
@@ -0,0 +1,38 @@
+services:
+  llama-cpp:
+    image: ghcr.io/ggml-org/llama.cpp:server-cuda
+    container_name: llama-cpp
+    restart: unless-stopped
+    networks:
+      - traefik
+    volumes:
+      - /pwspool/software/llama-cpp/models:/models
+    # We moved your environment variables here to guarantee they are applied
+    command: 
+      - "--model"
+      - "/models/Qwen3.5-35B-A3B-UD-IQ2_XXS.gguf"
+      - "--host"
+      - "0.0.0.0"
+      - "--port"
+      - "8080"
+      - "--n-gpu-layers"
+      - "99"
+      - "--ctx-size"
+      - "8192"
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: all
+              capabilities: [gpu]
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.llama.rule=Host(`llm.whitney.rip`)"
+      - "traefik.http.routers.llama.entrypoints=websecure"
+      - "traefik.http.routers.llama.tls.certresolver=lets-encrypt"
+      - "traefik.http.services.llama.loadbalancer.server.port=8080"
+
+networks:
+  traefik:
+    external: true
diff --git a/software/workflow/n8n/.env.example b/ai/n8n/.env.example
similarity index 100%
rename from software/workflow/n8n/.env.example
rename to ai/n8n/.env.example
diff --git a/software/workflow/n8n/.gitignore b/ai/n8n/.gitignore
similarity index 100%
rename from software/workflow/n8n/.gitignore
rename to ai/n8n/.gitignore
diff --git a/software/workflow/n8n/README.md b/ai/n8n/README.md
similarity index 100%
rename from software/workflow/n8n/README.md
rename to ai/n8n/README.md
diff --git a/software/workflow/n8n/docker-compose.yml b/ai/n8n/docker-compose.yml
similarity index 97%
rename from software/workflow/n8n/docker-compose.yml
rename to ai/n8n/docker-compose.yml
index 03c509d..de8511c 100644
--- a/software/workflow/n8n/docker-compose.yml
+++ b/ai/n8n/docker-compose.yml
@@ -51,4 +51,6 @@ services:
       POSTGRES_DB: ${DB_POSTGRESDB_DATABASE}
     volumes:
       - /pwspool/software/n8n/data:/var/lib/postgresql/data
+    labels:
+      - traefik.enable=false
 
diff --git a/media/plex/docker-compose.yml b/media/plex/docker-compose.yml
index 3a81452..2db8328 100644
--- a/media/plex/docker-compose.yml
+++ b/media/plex/docker-compose.yml
@@ -23,11 +23,11 @@ services:
       - /pwspool/archive/plex/downloads:/downloads
     ports:
       - "32400:32400"
-    #labels:
-    #  - traefik.enable=true
-    #  - traefik.http.routers.plex.rule=Host(`watch.whitney.rip`)
-    #  - traefik.http.routers.plex.tls=true
-    #  - traefik.http.routers.plex.tls.certresolver=lets-encrypt
-    #  - traefik.http.services.plex.loadbalancer.server.port=32400
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.plex.rule=Host(`watch.whitney.rip`)
+      - traefik.http.routers.plex.tls=true
+      - traefik.http.routers.plex.tls.certresolver=lets-encrypt
+      - traefik.http.services.plex.loadbalancer.server.port=32400
 
 
diff --git a/productivity/karakeep/docker-compose.yml b/productivity/karakeep/docker-compose.yml
index 1ee1c14..cdac44a 100644
--- a/productivity/karakeep/docker-compose.yml
+++ b/productivity/karakeep/docker-compose.yml
@@ -35,6 +35,8 @@ services:
       - --remote-debugging-address=0.0.0.0
       - --remote-debugging-port=9222
       - --hide-scrollbars
+    labels:
+      - traefik.enable=false
 
   meilisearch:
     image: getmeili/meilisearch:latest
@@ -46,6 +48,8 @@ services:
       - karakeep
     volumes:
       - meilisearch:/meili_data
+    labels:
+      - traefik.enable=false
 
 volumes:
   meilisearch:
diff --git a/productivity/mailserver/docker-compose.yml b/productivity/mailserver/docker-compose.yml
new file mode 100644
index 0000000..ee7cba0
--- /dev/null
+++ b/productivity/mailserver/docker-compose.yml
@@ -0,0 +1,53 @@
+networks:
+  traefik:
+    external: true
+
+services:
+  stalwart:
+    image: stalwartlabs/mail-server:latest
+    container_name: stalwart-mail
+    restart: unless-stopped
+    networks:
+      - traefik-public
+    environment:
+      - STALWART_URL=https://mail.whitney.rip
+    volumes:
+      - /pwspool/software/mailserver/stalwart/data:/opt/stalwart-mail
+      # Map the dumped certificates from the sidecar
+      - /pwspool/software/mailserver/stalwart/certs:/opt/stalwart-mail/etc/certs:ro
+    labels:
+      - "traefik.enable=true"
+      # HTTP - Admin UI & Webmail (JMAP)
+      - "traefik.http.routers.mail-ui.rule=Host(`mail.whitney.rip`)"
+      - "traefik.http.routers.mail-ui.entrypoints=websecure"
+      - "traefik.http.routers.mail-ui.tls.certresolver=lets-encrypt"
+      - "traefik.http.services.mail-ui.loadbalancer.server.port=8080"
+
+      # TCP - SMTP (Submission 587)
+      - "traefik.tcp.routers.mail-smtp.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.mail-smtp.entrypoints=submission"
+      - "traefik.tcp.routers.mail-smtp.service=mail-smtp-svc"
+      - "traefik.tcp.services.mail-smtp-svc.loadbalancer.server.port=587"
+      # Enable PROXY protocol so Stalwart sees the real client IP
+      - "traefik.tcp.services.mail-smtp-svc.loadbalancer.proxyProtocol.version=2"
+
+      # TCP - IMAPS (993)
+      - "traefik.tcp.routers.mail-imaps.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.mail-imaps.entrypoints=imaps"
+      - "traefik.tcp.routers.mail-imaps.service=mail-imaps-svc"
+      - "traefik.tcp.services.mail-imaps-svc.loadbalancer.server.port=993"
+      - "traefik.tcp.services.mail-imaps-svc.loadbalancer.proxyProtocol.version=2"
+
+  # 2. Certificate Dumper (Converts Traefik's JSON to .pem files)
+  cert-dumper:
+    image: ldez/traefik-certs-dumper:v2.8.1
+    container_name: mail-cert-dumper
+    volumes:
+      # Depends on location of acme.json file in traefik docker config.
+      - /home/jr/olomana-repo/software-development/traefik/acme.json:/app/acme.json:ro
+      - /pwspool/software/mailserver/stalwart/certs:/app/certs:rw
+    command: >
+      file --watch 
+      --domain "mail.whitney.rip" 
+      --dest /app/certs
+
diff --git a/productivity/penpot/docker-compose.yml b/productivity/penpot/docker-compose.yml
index 438a6e9..15caba5 100644
--- a/productivity/penpot/docker-compose.yml
+++ b/productivity/penpot/docker-compose.yml
@@ -16,7 +16,7 @@ services:
       - "traefik.http.routers.penpot.rule=Host(`blueprint.whitney.rip`)"
       - "traefik.http.routers.penpot.entrypoints=websecure"
       - "traefik.http.routers.penpot.tls=true"
-      - "traefik.http.routers.penpot.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.penpot.tls.certresolver=lets-encrypt"
       - "traefik.http.services.penpot.loadbalancer.server.port=8080"
     depends_on:
       - penpot-backend
diff --git a/productivity/planka/docker-compose.yml b/productivity/planka/docker-compose.yml
index 129c621..1f7b8ae 100644
--- a/productivity/planka/docker-compose.yml
+++ b/productivity/planka/docker-compose.yml
@@ -43,4 +43,6 @@ services:
       interval: 10s
       timeout: 5s
       retries: 5
+    labels:
+      - traefik.enable=false
 
diff --git a/utility/linkwarden/docker-compose.yml b/utility/linkwarden/docker-compose.yml
index fedb4a5..b741f3b 100644
--- a/utility/linkwarden/docker-compose.yml
+++ b/utility/linkwarden/docker-compose.yml
@@ -14,6 +14,8 @@ services:
       - linkwarden
     volumes:
       - /pwspool/software/linkwarden/db:/var/lib/postgresql/data
+    labels:
+      - traefik.enable=false
   linkwarden:
     container_name: linkwarden
     env_file: properties.env
@@ -42,4 +44,6 @@ services:
       - linkwarden 
     volumes:
       - /pwspool/software/linkwarden/meili_data:/meili_data
+    labels:
+      - traefik.enable=false