2026-03-26 14:03:19 -07:00
12 changed files with 15 additions and 123 deletions
--- a/ai/llama-cpp/docker-compose.yml
+++ b/ai/llama-cpp/docker-compose.yml
@ -1,38 +0,0 @@
 services:
  llama-cpp:
    image: ghcr.io/ggml-org/llama.cpp:server-cuda
    container_name: llama-cpp
    restart: unless-stopped
    networks:
      - traefik
    volumes:
      - /pwspool/software/llama-cpp/models:/models
    # We moved your environment variables here to guarantee they are applied
    command: 
      - "--model"
      - "/models/Qwen3.5-35B-A3B-UD-IQ2_XXS.gguf"
      - "--host"
      - "0.0.0.0"
      - "--port"
      - "8080"
      - "--n-gpu-layers"
      - "99"
      - "--ctx-size"
      - "8192"
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: all
              capabilities: [gpu]
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.llama.rule=Host(`llm.whitney.rip`)"
      - "traefik.http.routers.llama.entrypoints=websecure"
      - "traefik.http.routers.llama.tls.certresolver=lets-encrypt"
      - "traefik.http.services.llama.loadbalancer.server.port=8080"
 networks:
  traefik:
    external: true
--- a/media/plex/docker-compose.yml
+++ b/media/plex/docker-compose.yml
@ -23,11 +23,11 @@ services:
      - /pwspool/archive/plex/downloads:/downloads
    ports:
      - "32400:32400"
-    labels:
+    #labels:
-      - traefik.enable=true
+    #  - traefik.enable=true
-      - traefik.http.routers.plex.rule=Host(`watch.whitney.rip`)
+    #  - traefik.http.routers.plex.rule=Host(`watch.whitney.rip`)
-      - traefik.http.routers.plex.tls=true
+    #  - traefik.http.routers.plex.tls=true
-      - traefik.http.routers.plex.tls.certresolver=lets-encrypt
+    #  - traefik.http.routers.plex.tls.certresolver=lets-encrypt
-      - traefik.http.services.plex.loadbalancer.server.port=32400
+    #  - traefik.http.services.plex.loadbalancer.server.port=32400
--- a/productivity/karakeep/docker-compose.yml
+++ b/productivity/karakeep/docker-compose.yml
@ -35,8 +35,6 @@ services:
      - --remote-debugging-address=0.0.0.0
      - --remote-debugging-port=9222
      - --hide-scrollbars
    labels:
      - traefik.enable=false
  meilisearch:
    image: getmeili/meilisearch:latest
@ -48,8 +46,6 @@ services:
      - karakeep
    volumes:
      - meilisearch:/meili_data
    labels:
      - traefik.enable=false
 volumes:
  meilisearch:
--- a/productivity/mailserver/docker-compose.yml
+++ b/productivity/mailserver/docker-compose.yml
@ -1,53 +0,0 @@
 networks:
  traefik:
    external: true
 services:
  stalwart:
    image: stalwartlabs/mail-server:latest
    container_name: stalwart-mail
    restart: unless-stopped
    networks:
      - traefik-public
    environment:
      - STALWART_URL=https://mail.whitney.rip
    volumes:
      - /pwspool/software/mailserver/stalwart/data:/opt/stalwart-mail
      # Map the dumped certificates from the sidecar
      - /pwspool/software/mailserver/stalwart/certs:/opt/stalwart-mail/etc/certs:ro
    labels:
      - "traefik.enable=true"
      # HTTP - Admin UI & Webmail (JMAP)
      - "traefik.http.routers.mail-ui.rule=Host(`mail.whitney.rip`)"
      - "traefik.http.routers.mail-ui.entrypoints=websecure"
      - "traefik.http.routers.mail-ui.tls.certresolver=lets-encrypt"
      - "traefik.http.services.mail-ui.loadbalancer.server.port=8080"
      # TCP - SMTP (Submission 587)
      - "traefik.tcp.routers.mail-smtp.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.mail-smtp.entrypoints=submission"
      - "traefik.tcp.routers.mail-smtp.service=mail-smtp-svc"
      - "traefik.tcp.services.mail-smtp-svc.loadbalancer.server.port=587"
      # Enable PROXY protocol so Stalwart sees the real client IP
      - "traefik.tcp.services.mail-smtp-svc.loadbalancer.proxyProtocol.version=2"
      # TCP - IMAPS (993)
      - "traefik.tcp.routers.mail-imaps.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.mail-imaps.entrypoints=imaps"
      - "traefik.tcp.routers.mail-imaps.service=mail-imaps-svc"
      - "traefik.tcp.services.mail-imaps-svc.loadbalancer.server.port=993"
      - "traefik.tcp.services.mail-imaps-svc.loadbalancer.proxyProtocol.version=2"
  # 2. Certificate Dumper (Converts Traefik's JSON to .pem files)
  cert-dumper:
    image: ldez/traefik-certs-dumper:v2.8.1
    container_name: mail-cert-dumper
    volumes:
      # Depends on location of acme.json file in traefik docker config.
      - /home/jr/olomana-repo/software-development/traefik/acme.json:/app/acme.json:ro
      - /pwspool/software/mailserver/stalwart/certs:/app/certs:rw
    command: >
      file --watch 
      --domain "mail.whitney.rip" 
      --dest /app/certs
--- a/productivity/penpot/docker-compose.yml
+++ b/productivity/penpot/docker-compose.yml
@ -16,7 +16,7 @@ services:
      - "traefik.http.routers.penpot.rule=Host(`blueprint.whitney.rip`)"
      - "traefik.http.routers.penpot.entrypoints=websecure"
      - "traefik.http.routers.penpot.tls=true"
-      - "traefik.http.routers.penpot.tls.certresolver=lets-encrypt"
+      - "traefik.http.routers.penpot.tls.certresolver=letsencrypt"
      - "traefik.http.services.penpot.loadbalancer.server.port=8080"
    depends_on:
      - penpot-backend
--- a/productivity/planka/docker-compose.yml
+++ b/productivity/planka/docker-compose.yml
@ -43,6 +43,4 @@ services:
      interval: 10s
      timeout: 5s
      retries: 5
    labels:
      - traefik.enable=false
--- a/software-development/traefik/README.md
+++ b/software-development/traefik/README.md
@ -5,35 +5,30 @@ Traefik is my load balancer.
 ## Setup
-### Folder Structure
+### Files
 Create/Fill in the following files in a `traefik/` directory under this one using the provided templates:
 - `traefik.toml`
 - `traefik-dynamic.toml`.
-Before the first run, create `acme.json` with the initial contents `{}`. Make sure it has permission code 600 (`chmod 600 acme.json`), incorrect permissions will break traefik.
+The file `traefik/acme.json` will be generated on first run. Make sure it eventually gets permission code 600. You might need to create a blank file before the first run.
 ### Volumes
 In addition to the above files, make sure the docker socket is mounted:
 - `/var/run/docker.sock:/var/run/docker.sock:ro`
-## Notes
+## Reminders
 The file `acme.json` can be weird when it comes to permissions. It will be generated on first run.  
 Ensure it is permission code 600.
-### Adjustments
+## Adjustments
 By default there are 60s upload, download, and idle timeouts. Adjust them by modifying `traefik.toml`:
-```yaml
+```
 [entryPoints.websecure.transport.respondingTimeouts]
    readTimeout = "512s"
    writeTimeout = "512s"
    idleTimeout = "512s"
 ```
-### References
+## References
 https://doc.traefik.io/traefik/getting-started/quick-start/  
 https://doc.traefik.io/traefik/user-guides/docker compose/basic-example/
 ## Runbook
 ```bash
 docker compose down && docker system prune && docker compose up -d && docker logs -f traefik
 ```
--- a/software/workflow/n8n/.env.example
+++ b/software/workflow/n8n/.env.example
--- a/software/workflow/n8n/.gitignore
+++ b/software/workflow/n8n/.gitignore
--- a/software/workflow/n8n/README.md
+++ b/software/workflow/n8n/README.md
--- a/software/workflow/n8n/docker-compose.yml
+++ b/software/workflow/n8n/docker-compose.yml
@ -51,6 +51,4 @@ services:
      POSTGRES_DB: ${DB_POSTGRESDB_DATABASE}
    volumes:
      - /pwspool/software/n8n/data:/var/lib/postgresql/data
    labels:
      - traefik.enable=false
--- a/utility/linkwarden/docker-compose.yml
+++ b/utility/linkwarden/docker-compose.yml
@ -14,8 +14,6 @@ services:
      - linkwarden
    volumes:
      - /pwspool/software/linkwarden/db:/var/lib/postgresql/data
    labels:
      - traefik.enable=false
  linkwarden:
    container_name: linkwarden
    env_file: properties.env
@ -44,6 +42,4 @@ services:
      - linkwarden 
    volumes:
      - /pwspool/software/linkwarden/meili_data:/meili_data
    labels:
      - traefik.enable=false