Updated service configurations, added new services, removed deprecated
ones, and improved gitignore patterns for better repository hygiene.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove Tinyauth SSO provider and migrate to Authelia for authentication.
Update LLDAP to use PostgreSQL backend and remove Tinyauth middleware
from core services.
Changes:
- Remove Tinyauth service entirely (compose/core/tinyauth/)
- Update LLDAP configuration with PostgreSQL database
- Remove Tinyauth middleware from Traefik dashboard
- Update LLDAP credentials and timezone to America/Los_Angeles
Add IP allowlist middleware to restrict services to local network
(10.0.0.0/16). Allows services to be protected from external access
while remaining accessible on LAN.
- Upgrade Traefik from v3.3 to v3.6.2
- Add Docker API version specification for compatibility
- Update LLDAP to latest image tag
- Migrate LLDAP to named volume for better data management
Traefik Network Fix:
- Change homelab network to external: true
- Consistent with all other services
- Network must be created before deploying Traefik
- Resolves CI validation warning
Labeler Configuration Fix:
- Remove unsupported changed-lines option
- actions/labeler@v5 doesn't support line-based matching
- Simplified to file path matching only
- Removes 'traefik' and 'dependencies' advanced filters
- Resolves 'Unknown config options' error
CI should now pass all validation checks
Core Infrastructure:
- Add LLDAP for centralized user authentication (lldap.fig.systems)
- Configure Tinyauth with LLDAP backend for SSO (auth.fig.systems)
- Set up Traefik v3.3 with Let's Encrypt SSL automation
- Create homelab Docker network for service isolation
Media Services:
- Configure Jellyfin with /media folder mappings (flix.fig.systems)
- Add Jellyseerr for media requests (requests.fig.systems)
- Update Immich with photo library access (photos.fig.systems)
- Set up Sonarr for TV automation (sonarr.fig.systems)
- Set up Radarr for movie automation (radarr.fig.systems)
- Configure SABnzbd for Usenet downloads (sabnzbd.fig.systems)
- Add qBittorrent for torrent downloads (qbt.fig.systems)
Utility Services:
- Update Linkwarden with proper networking (links.fig.systems)
- Configure Vikunja task management (tasks.fig.systems)
- Set up LubeLogger vehicle tracking (garage.fig.systems)
- Configure Calibre-web for ebooks (books.fig.systems)
- Add Booklore for book tracking (booklore.fig.systems)
- Update FreshRSS reader (rss.fig.systems)
- Update RSSHub with internal networking (rsshub.fig.systems)
- Update MicroBin pastebin (paste.fig.systems)
- Add File Browser for media access (files.fig.systems)
Technical Improvements:
- Standardize all compose files to compose.yaml (Docker best practice)
- Add Traefik labels to all services for SSL termination
- Implement proper network isolation (homelab + service-specific networks)
- Add health checks to database services
- Configure dual domain support (fig.systems + edfig.dev)
- Set proper /media folder mappings for all media services
- Add comprehensive README with deployment instructions
Security:
- Enable SSO via Tinyauth for most services
- Configure LLDAP with admin user (edfig/admin@edfig.dev)
- Services with built-in auth have SSO disabled by default
- All traffic secured with automatic Let's Encrypt certificates
