2026-03-26 05:53:17 -07:00
12 changed files with 15 additions and 123 deletions
--- a/ai/llama-cpp/docker-compose.yml
+++ b/ai/llama-cpp/docker-compose.yml
@ -1,38 +0,0 @@
-services:
-  llama-cpp:
-    image: ghcr.io/ggml-org/llama.cpp:server-cuda
-    container_name: llama-cpp
-    restart: unless-stopped
-    networks:
-      - traefik
-    volumes:
-      - /pwspool/software/llama-cpp/models:/models
-    # We moved your environment variables here to guarantee they are applied
-    command: 
-      - "--model"
-      - "/models/Qwen3.5-35B-A3B-UD-IQ2_XXS.gguf"
-      - "--host"
-      - "0.0.0.0"
-      - "--port"
-      - "8080"
-      - "--n-gpu-layers"
-      - "99"
-      - "--ctx-size"
-      - "8192"
-    deploy:
-      resources:
-        reservations:
-          devices:
-            - driver: nvidia
-              count: all
-              capabilities: [gpu]
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.llama.rule=Host(`llm.whitney.rip`)"
-      - "traefik.http.routers.llama.entrypoints=websecure"
-      - "traefik.http.routers.llama.tls.certresolver=lets-encrypt"
-      - "traefik.http.services.llama.loadbalancer.server.port=8080"
-
-networks:
-  traefik:
-    external: true
--- a/media/plex/docker-compose.yml
+++ b/media/plex/docker-compose.yml
@ -23,11 +23,11 @@ services:
      - /pwspool/archive/plex/downloads:/downloads
    ports:
      - "32400:32400"
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.plex.rule=Host(`watch.whitney.rip`)
-      - traefik.http.routers.plex.tls=true
-      - traefik.http.routers.plex.tls.certresolver=lets-encrypt
-      - traefik.http.services.plex.loadbalancer.server.port=32400
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.plex.rule=Host(`watch.whitney.rip`)
+    #  - traefik.http.routers.plex.tls=true
+    #  - traefik.http.routers.plex.tls.certresolver=lets-encrypt
+    #  - traefik.http.services.plex.loadbalancer.server.port=32400


--- a/productivity/karakeep/docker-compose.yml
+++ b/productivity/karakeep/docker-compose.yml
@ -35,8 +35,6 @@ services:
      - --remote-debugging-address=0.0.0.0
      - --remote-debugging-port=9222
      - --hide-scrollbars
-    labels:
-      - traefik.enable=false

  meilisearch:
    image: getmeili/meilisearch:latest
@ -48,8 +46,6 @@ services:
      - karakeep
    volumes:
      - meilisearch:/meili_data
-    labels:
-      - traefik.enable=false

 volumes:
  meilisearch:
--- a/productivity/mailserver/docker-compose.yml
+++ b/productivity/mailserver/docker-compose.yml
@ -1,53 +0,0 @@
-networks:
-  traefik:
-    external: true
-
-services:
-  stalwart:
-    image: stalwartlabs/mail-server:latest
-    container_name: stalwart-mail
-    restart: unless-stopped
-    networks:
-      - traefik-public
-    environment:
-      - STALWART_URL=https://mail.whitney.rip
-    volumes:
-      - /pwspool/software/mailserver/stalwart/data:/opt/stalwart-mail
-      # Map the dumped certificates from the sidecar
-      - /pwspool/software/mailserver/stalwart/certs:/opt/stalwart-mail/etc/certs:ro
-    labels:
-      - "traefik.enable=true"
-      # HTTP - Admin UI & Webmail (JMAP)
-      - "traefik.http.routers.mail-ui.rule=Host(`mail.whitney.rip`)"
-      - "traefik.http.routers.mail-ui.entrypoints=websecure"
-      - "traefik.http.routers.mail-ui.tls.certresolver=lets-encrypt"
-      - "traefik.http.services.mail-ui.loadbalancer.server.port=8080"
-
-      # TCP - SMTP (Submission 587)
-      - "traefik.tcp.routers.mail-smtp.rule=HostSNI(`*`)"
-      - "traefik.tcp.routers.mail-smtp.entrypoints=submission"
-      - "traefik.tcp.routers.mail-smtp.service=mail-smtp-svc"
-      - "traefik.tcp.services.mail-smtp-svc.loadbalancer.server.port=587"
-      # Enable PROXY protocol so Stalwart sees the real client IP
-      - "traefik.tcp.services.mail-smtp-svc.loadbalancer.proxyProtocol.version=2"
-
-      # TCP - IMAPS (993)
-      - "traefik.tcp.routers.mail-imaps.rule=HostSNI(`*`)"
-      - "traefik.tcp.routers.mail-imaps.entrypoints=imaps"
-      - "traefik.tcp.routers.mail-imaps.service=mail-imaps-svc"
-      - "traefik.tcp.services.mail-imaps-svc.loadbalancer.server.port=993"
-      - "traefik.tcp.services.mail-imaps-svc.loadbalancer.proxyProtocol.version=2"
-
-  # 2. Certificate Dumper (Converts Traefik's JSON to .pem files)
-  cert-dumper:
-    image: ldez/traefik-certs-dumper:v2.8.1
-    container_name: mail-cert-dumper
-    volumes:
-      # Depends on location of acme.json file in traefik docker config.
-      - /home/jr/olomana-repo/software-development/traefik/acme.json:/app/acme.json:ro
-      - /pwspool/software/mailserver/stalwart/certs:/app/certs:rw
-    command: >
-      file --watch 
-      --domain "mail.whitney.rip" 
-      --dest /app/certs
-
--- a/productivity/penpot/docker-compose.yml
+++ b/productivity/penpot/docker-compose.yml
@ -16,7 +16,7 @@ services:
      - "traefik.http.routers.penpot.rule=Host(`blueprint.whitney.rip`)"
      - "traefik.http.routers.penpot.entrypoints=websecure"
      - "traefik.http.routers.penpot.tls=true"
-      - "traefik.http.routers.penpot.tls.certresolver=lets-encrypt"
+      - "traefik.http.routers.penpot.tls.certresolver=letsencrypt"
      - "traefik.http.services.penpot.loadbalancer.server.port=8080"
    depends_on:
      - penpot-backend
--- a/productivity/planka/docker-compose.yml
+++ b/productivity/planka/docker-compose.yml
@ -43,6 +43,4 @@ services:
      interval: 10s
      timeout: 5s
      retries: 5
-    labels:
-      - traefik.enable=false

--- a/software-development/traefik/README.md
+++ b/software-development/traefik/README.md
@ -5,35 +5,30 @@ Traefik is my load balancer.

 ## Setup

-### Folder Structure
+### Files
 Create/Fill in the following files in a `traefik/` directory under this one using the provided templates:
 - `traefik.toml`
 - `traefik-dynamic.toml`.

-Before the first run, create `acme.json` with the initial contents `{}`. Make sure it has permission code 600 (`chmod 600 acme.json`), incorrect permissions will break traefik.
+The file `traefik/acme.json` will be generated on first run. Make sure it eventually gets permission code 600. You might need to create a blank file before the first run.

 ### Volumes
 In addition to the above files, make sure the docker socket is mounted:
 - `/var/run/docker.sock:/var/run/docker.sock:ro`

-## Notes
+## Reminders
+The file `acme.json` can be weird when it comes to permissions. It will be generated on first run.  
+Ensure it is permission code 600.

-### Adjustments
+## Adjustments
 By default there are 60s upload, download, and idle timeouts. Adjust them by modifying `traefik.toml`:
-```yaml
+```
 [entryPoints.websecure.transport.respondingTimeouts]
    readTimeout = "512s"
    writeTimeout = "512s"
    idleTimeout = "512s"
 ```

-### References
+## References
 https://doc.traefik.io/traefik/getting-started/quick-start/  
 https://doc.traefik.io/traefik/user-guides/docker compose/basic-example/
-
-## Runbook
-```bash
-docker compose down && docker system prune && docker compose up -d && docker logs -f traefik
-```
-
-
--- a/software/workflow/n8n/.env.example
+++ b/software/workflow/n8n/.env.example
--- a/software/workflow/n8n/.gitignore
+++ b/software/workflow/n8n/.gitignore
--- a/software/workflow/n8n/README.md
+++ b/software/workflow/n8n/README.md
--- a/software/workflow/n8n/docker-compose.yml
+++ b/software/workflow/n8n/docker-compose.yml
@ -51,6 +51,4 @@ services:
      POSTGRES_DB: ${DB_POSTGRESDB_DATABASE}
    volumes:
      - /pwspool/software/n8n/data:/var/lib/postgresql/data
-    labels:
-      - traefik.enable=false

--- a/utility/linkwarden/docker-compose.yml
+++ b/utility/linkwarden/docker-compose.yml
@ -14,8 +14,6 @@ services:
      - linkwarden
    volumes:
      - /pwspool/software/linkwarden/db:/var/lib/postgresql/data
-    labels:
-      - traefik.enable=false
  linkwarden:
    container_name: linkwarden
    env_file: properties.env
@ -44,6 +42,4 @@ services:
      - linkwarden 
    volumes:
      - /pwspool/software/linkwarden/meili_data:/meili_data
-    labels:
-      - traefik.enable=false