From 8aef54992a073d444b458dfcf8600afa1be095c8 Mon Sep 17 00:00:00 2001
From: jazzymc <jazzymc@xtrm-lab.org>
Date: Sat, 28 Feb 2026 20:39:16 +0200
Subject: [PATCH] Docker audit: migrate all containers to Dockge, clean up
 Traefik config

---
 docs/CHANGELOG.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 3ed270c..77da0d7 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -3,6 +3,32 @@
 **Purpose:** Major infrastructure events only. Minor changes are in git commit messages.
 
 ---
+## 2026-02-28
+
+### Docker Container Audit & Migration to Dockge
+- **[DOCKER]** Removed 4 orphan images: nextcloud/all-in-one, olprog/unraid-docker-webui, ghcr.io/ich777/doh-server, ghcr.io/idmedia/hass-unraid
+- **[DOCKER]** Removed ancient pgAdmin4 v2.1 (status=Created) and fenglc/pgadmin4 image
+- **[DOCKER]** Removed spaceinvaderone/ha_inabox image (replaced by Home-Assistant-Container)
+- **[TRAEFIK]** Removed Docker provider constraint (`traefik.constraint=valid`) — Docker labels now auto-discovered
+- **[TRAEFIK]** Cleaned up dynamic.yml: removed 14 stale/migrated router+service pairs (pangolin, pihole, doh, netbox, and services now using Docker labels)
+- **[TRAEFIK]** Added dockge-secure router to dynamic.yml
+- **[DOCKER]** Created 6 new Dockge stacks: docker-socket-proxy, tuyagateway, firefly, seekandwatch, ha-time-machine, homeassistant (replaced inabox with Container)
+- **[DOCKER]** Migrated ALL 53 containers from dockerman to Dockge compose stacks (100% coverage)
+- **[DOCKER]** Fixed Nextcloud Traefik rule: empty Host() → Host(`cloud.xtrm-lab.org`)
+- **[DOCKER]** Fixed UptimeKuma Traefik rule: empty Host() → Host(`uptime.xtrm-lab.org`)
+- **[DOCKER]** Fixed Homarr domain: `homarr.xtrm-lab.org` → `xtrm-lab.org` (root domain)
+- **[DOCKER]** Fixed Netdisco entrypoint: `websecure` → `https`
+- **[DOCKER]** Removed stale `traefik.constraint=valid` from Dockhand
+- **[DOCKER]** Fixed Transmission middleware: removed non-existent `transmission-headers@file`
+- **[DOCKER]** Added Authentik forward auth middleware to: n8n, homarr, transmission, speedtest-tracker, uptime-kuma, firefly, seekandwatch, open-webui, traefik dashboard, dockge, netalertx, urbackup, unimus
+- **[DOCKER]** Added Traefik labels to: vaultwarden, open-webui (ai.xtrm-lab.org), firefly, seekandwatch
+- **[DOCKER]** Added missing Unraid labels (icon, managed, webui) to: ntfy, timemachine, ollama, docker-socket-proxy, tuyagateway, all new stacks
+- **[DOCKER]** Moved ollama + open-webui from bridge to dockerproxy network
+- **[DOCKER]** Moved fireflyiii + firefly-data-importer from none to dockerproxy network
+- **[DOCKER]** Moved SeekAndWatch from bridge to dockerproxy network
+- **[DOCKER]** Removed traefik labels from host-network containers (plex, netalertx) — routed via dynamic.yml only
+- **[DOCKER]** Fixed NetAlertX: added read_only, proper capabilities (NET_RAW/NET_ADMIN), and UID 20211
+- **[DOCKER]** Removed empty netbox stack directory
 
 ## 2026-02-26