From fbbedaae3c4b21ebd2adb2b81ea7570b4b0c2d50 Mon Sep 17 00:00:00 2001
From: Tom Kendrick <tom@tkendrick.com>
Date: Thu, 18 Dec 2025 22:32:31 +0000
Subject: [PATCH 1/2] feat: network configure

---
 backups/zerobyte/docker-compose.yml           | 13 ++++++++---
 .../portainer/docker-compose.yml              | 17 +++++++++-----
 dashboards/homepage/docker-compose.yml        | 13 ++++++++---
 dns/duckdns/docker-compose.yml                |  6 +++++
 games/core-keeper/docker-compose.yml          |  6 +++++
 media/jellyfin/docker-compose.yml             | 22 ++++++++++++++-----
 monitoring/uptime-kuma/docker-compose.yml     | 13 ++++++++---
 proxies/traefik/docker-compose.yml            |  6 ++++-
 remote_access/cloudflared/docker-compose.yml  |  6 +++++
 version_control/gittea/docker-compose.yml     |  9 ++++++--
 10 files changed, 88 insertions(+), 23 deletions(-)

diff --git a/backups/zerobyte/docker-compose.yml b/backups/zerobyte/docker-compose.yml
index 604cb7b..9733916 100644
--- a/backups/zerobyte/docker-compose.yml
+++ b/backups/zerobyte/docker-compose.yml
@@ -10,14 +10,15 @@ services:
       traefik.http.routers.zerobyte.rule: "Host(`zerobyte.${DOMAIN}`)"
       traefik.http.routers.zerobyte.entrypoints: "https"
       traefik.http.routers.zerobyte.tls.certresolver: "cloudflare"
-      traefik.http.services.zerobyte.loadbalancer.server.url: "http://${HOST_IP}:4096"
+      traefik.http.routers.zerobyte.service: "zerobyte"
+      traefik.http.services.zerobyte.loadbalancer.server.port: "4096"
     image: ghcr.io/nicotsx/zerobyte:v0.19
     container_name: zerobyte
     restart: unless-stopped
     cap_add:
       - SYS_ADMIN
-    ports:
-      - "4096:4096"
+    expose:
+      - "4096"
     devices:
       - /dev/fuse:/dev/fuse
     environment:
@@ -27,3 +28,9 @@ services:
       - /etc/localtime:/etc/localtime:ro
       - /var/lib/zerobyte:/var/lib/zerobyte
       - /home/naivegarmur/.config/rclone:/root/.config/rclone
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true
diff --git a/container_management/portainer/docker-compose.yml b/container_management/portainer/docker-compose.yml
index d87731f..40da293 100644
--- a/container_management/portainer/docker-compose.yml
+++ b/container_management/portainer/docker-compose.yml
@@ -13,14 +13,19 @@ services:
       traefik.http.routers.portainer.rule: "Host(`portainer.${DOMAIN}`)"
       traefik.http.routers.portainer.entrypoints: "https"
       traefik.http.routers.portainer.tls.certresolver: "cloudflare"
-      traefik.http.services.portainer.loadbalancer.server.url: "https://${HOST_IP}:9443"
+      traefik.http.routers.portainer.service: "portainer"
+      traefik.http.services.portainer.loadbalancer.server.port: "9443"
+      traefik.http.services.portainer.loadbalancer.server.scheme: "https"
       traefik.http.services.portainer.loadbalancer.serverstransport: "insecure@file"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - portainer_data:/data
-    ports:
-      - 9443:9443
-      - 8000:8000  # Remove if you do not intend to use Edge Agents
+    expose:
+      - 9443
+      - 8000  # Remove if you do not intend to use Edge Agents
+    networks:
+      - default
+      - traefik_public
 
 volumes:
   portainer_data:
@@ -28,4 +33,6 @@ volumes:
 
 networks:
   default:
-    name: kendricklab 
+    name: kendricklab
+  traefik_public:
+    external: true
diff --git a/dashboards/homepage/docker-compose.yml b/dashboards/homepage/docker-compose.yml
index d169fb4..63bd00d 100644
--- a/dashboards/homepage/docker-compose.yml
+++ b/dashboards/homepage/docker-compose.yml
@@ -2,8 +2,8 @@ services:
   homepage:
     image: ghcr.io/gethomepage/homepage:latest
     container_name: homepage
-    ports:
-      - 3001:3000
+    expose:
+      - 3000
     volumes:
       - ${CONFIG_ROOT}/homepage/config:/app/config
       - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -20,4 +20,11 @@ services:
       traefik.http.routers.homepage.rule: "Host(`${DOMAIN}`)"
       traefik.http.routers.homepage.entrypoints: "https"
       traefik.http.routers.homepage.tls.certresolver: "cloudflare"
-      traefik.http.services.homepage.loadbalancer.server.url: "http://${HOST_IP}:3001"
+      traefik.http.routers.homepage.service: "homepage"
+      traefik.http.services.homepage.loadbalancer.server.port: "3000"
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true
diff --git a/dns/duckdns/docker-compose.yml b/dns/duckdns/docker-compose.yml
index a111cc3..90761cc 100644
--- a/dns/duckdns/docker-compose.yml
+++ b/dns/duckdns/docker-compose.yml
@@ -15,3 +15,9 @@ services:
       homepage.icon: "duckdns.png"
       homepage.href: "https://www.duckdns.org"
       homepage.description: "Dynamic DNS Updater"
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true
diff --git a/games/core-keeper/docker-compose.yml b/games/core-keeper/docker-compose.yml
index f8f3791..361bd7e 100644
--- a/games/core-keeper/docker-compose.yml
+++ b/games/core-keeper/docker-compose.yml
@@ -17,3 +17,9 @@ services:
       - ${CONFIG_ROOT}/core-keeper/server-data:/home/steam/core-keeper-data
     environment:
       - DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/1449377878192947241/_fBMK0aw42CB4WCae-xJZSI887APRjOGCB1XwYK9gDEMPVdHeqH2OncvCNg9q1VNxDVn
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true
diff --git a/media/jellyfin/docker-compose.yml b/media/jellyfin/docker-compose.yml
index c2b56a5..f130338 100644
--- a/media/jellyfin/docker-compose.yml
+++ b/media/jellyfin/docker-compose.yml
@@ -11,22 +11,25 @@ services:
     volumes:
       - ${DOCKER_PATH}/jellyfin/config:/config
       - ${MEDIA_PATH}:/media
-    ports:
-      - 8096:8096
+    expose:
+      - 8096
     restart: unless-stopped
     labels:
       # Traefik
       traefik.enable: "true"
       traefik.http.routers.jellyfin.rule: "Host(`jellyfin.${DOMAIN}`)"
       traefik.http.routers.jellyfin.entrypoints: "https"
+      traefik.http.routers.jellyfin.service: "jellyfin"
       traefik.http.routers.jellyfin.tls.certresolver: "cloudflare"
-      traefik.http.services.jellyfin.loadbalancer.server.url: "http://${HOST_IP}:8096"
+      traefik.http.services.jellyfin.loadbalancer.server.port: "8096"
       # Homepage
       homepage.group: "Media"
       homepage.name: "Jellyfin"
       homepage.icon: "jellyfin.svg"
       homepage.href: "https://jellyfin.${DOMAIN}"
       homepage.description: "Media Server"
+    networks:
+      - traefik_public
   jellyseerr:
     image: fallenbagel/jellyseerr
     container_name: jellyseerr
@@ -36,19 +39,26 @@ services:
       - TZ=Etc/UTC
     volumes:
       - ${DOCKER_PATH}/jellyseerr/config:/config
-    ports:
-      - 5055:5055
+    expose:
+      - 5055
     restart: unless-stopped
     labels:
       # Traefik
       traefik.enable: "true"
       traefik.http.routers.jellyseerr.rule: "Host(`jellyseerr.${DOMAIN}`)"
       traefik.http.routers.jellyseerr.entrypoints: "https"
+      traefik.http.routers.jellyseerr.service: "jellyseerr"
       traefik.http.routers.jellyseerr.tls.certresolver: "cloudflare"
-      traefik.http.services.jellyseerr.loadbalancer.server.url: "http://${HOST_IP}:5055"
+      traefik.http.services.jellyseerr.loadbalancer.server.port: "5055"
       # Homepage
       homepage.group: "Media"
       homepage.name: "Jellyseerr"
       homepage.icon: "jellyseerr.svg"
       homepage.href: "https://jellyseerr.${DOMAIN}"
       homepage.description: "Request management"
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true
diff --git a/monitoring/uptime-kuma/docker-compose.yml b/monitoring/uptime-kuma/docker-compose.yml
index 15bde89..e160ecd 100644
--- a/monitoring/uptime-kuma/docker-compose.yml
+++ b/monitoring/uptime-kuma/docker-compose.yml
@@ -18,7 +18,14 @@ services:
       traefik.http.routers.uptime-kuma.rule: "Host(`status.${DOMAIN}`)"
       traefik.http.routers.uptime-kuma.entrypoints: "https"
       traefik.http.routers.uptime-kuma.tls.certresolver: "cloudflare"
-      traefik.http.services.uptime-kuma.loadbalancer.server.url: "http://${HOST_IP}:3222"
-    ports:
+      traefik.http.routers.uptime-kuma.service: "uptime-kuma"
+      traefik.http.services.uptime-kuma.loadbalancer.server.port: "3001"
+    expose:
       # <Host Port>:<Container Port>
-      - "3222:3001"
+      - "3001"
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true
diff --git a/proxies/traefik/docker-compose.yml b/proxies/traefik/docker-compose.yml
index 6c981be..03c010d 100644
--- a/proxies/traefik/docker-compose.yml
+++ b/proxies/traefik/docker-compose.yml
@@ -31,7 +31,11 @@ services:
       - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fj9U0fCH4d13F5j3v3v3w0 
       - "traefik.http.routers.traefik.middlewares=traefik-auth"
     networks:
-      - traefik_proxy
+      - traefik_public
+
+networks:
+  traefik_public:
+    name: traefik_public
 
 secrets:
   cf_dns_api_token:
diff --git a/remote_access/cloudflared/docker-compose.yml b/remote_access/cloudflared/docker-compose.yml
index 7d2bc52..872dd75 100644
--- a/remote_access/cloudflared/docker-compose.yml
+++ b/remote_access/cloudflared/docker-compose.yml
@@ -14,3 +14,9 @@ services:
       homepage.icon: "cloudflare.png"
       homepage.href: "https://one.dash.cloudflare.com"
       homepage.description: "Cloudflare Tunnel"
+    networks:
+      - traefik_public
+
+networks:
+  traefik_public:
+    external: true
diff --git a/version_control/gittea/docker-compose.yml b/version_control/gittea/docker-compose.yml
index e776095..7c72656 100644
--- a/version_control/gittea/docker-compose.yml
+++ b/version_control/gittea/docker-compose.yml
@@ -3,6 +3,8 @@ version: "3"
 networks:
   gitea:
     external: false
+  traefik_public:
+    external: true
 
 services:
   server:
@@ -23,7 +25,8 @@ services:
       traefik.http.routers.gitea.rule: "Host(`gitea.${DOMAIN}`)"
       traefik.http.routers.gitea.entrypoints: "https"
       traefik.http.routers.gitea.tls.certresolver: "cloudflare"
-      traefik.http.services.gitea.loadbalancer.server.url: "http://${HOST_IP}:3000"
+      traefik.http.routers.gitea.service: "gitea"
+      traefik.http.services.gitea.loadbalancer.server.port: "3000"
       # SSH
       traefik.tcp.routers.gitea-ssh.rule: "HostSNI(`git.${DOMAIN}`)"
       traefik.tcp.routers.gitea-ssh.entrypoints: "https"
@@ -32,10 +35,12 @@ services:
       traefik.tcp.services.gitea-ssh.loadbalancer.server.address: "${HOST_IP}:222"
     networks:
       - gitea
+      - traefik_public
     volumes:
       - ${CONFIG_ROOT}/gitea:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
+    expose:
+      - "3000"
     ports:
-      - "3000:3000"
       - "222:22"
-- 
2.49.1


From a665d9b88a76f529e9ad0162f4b3d60410756c05 Mon Sep 17 00:00:00 2001
From: Tom Kendrick <tom@tkendrick.com>
Date: Thu, 18 Dec 2025 22:34:34 +0000
Subject: [PATCH 2/2] fix: typo

---
 proxies/traefik/docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proxies/traefik/docker-compose.yml b/proxies/traefik/docker-compose.yml
index 03c010d..a01ea58 100644
--- a/proxies/traefik/docker-compose.yml
+++ b/proxies/traefik/docker-compose.yml
@@ -28,7 +28,7 @@ services:
       - "traefik.http.routers.traefik.service=api@internal"
       - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
       # Basic Auth Middleware
-      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fj9U0fCH4d13F5j3v3v3w0 
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fj9U0fCH4d13F5j3v3v3w0"
       - "traefik.http.routers.traefik.middlewares=traefik-auth"
     networks:
       - traefik_public
-- 
2.49.1