Initial commit: 23 docker stacks for GitOps deployment

Stacks included:
- Infrastructure: traefik, authentik, gitea, registry, watchtower, dockge
- Monitoring: smokeping, changedetection
- Apps: ghost, gollum, wallabag, radicale, invidious, xbackbone, filebrowser, syncthing, zerotier
- Custom: obsidian-tools, memento, perilous, ramz, bookclub, brain

🤖 Generated with Claude Code

stacks/traefik/.env.template

@@ -0,0 +1 @@
+ACME_EMAIL=${ACME_EMAIL}

stacks/traefik/docker-compose.yml

@@ -0,0 +1,25 @@
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - web
+    ports:
+      - 80:80
+      - 443:443
+      - 8080:8080
+    environment:
+      - TZ=America/New_York
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik.yml:/traefik.yml:ro
+      - ./acme.json:/acme.json
+      - ./conf.d/:/conf.d/
+      - /var/log:/var/log
+
+networks:
+  web:
+    external: true

stacks/traefik/traefik.yml

@@ -0,0 +1,40 @@
+global:
+  checkNewVersion: true
+
+api:
+  dashboard: true
+  insecure: true
+
+entryPoints:
+  http:
+    address: ":80"
+  https:
+    address: ":443"
+
+providers:
+  providersThrottleDuration: 2s
+  file:
+    directory: "/conf.d"
+    watch: true
+  docker:
+    watch: true
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    network: web
+
+certificatesResolvers:
+  http:
+    acme:
+      email: ${ACME_EMAIL}
+      storage: acme.json
+      httpChallenge:
+        entryPoint: http
+
+log:
+  level: INFO
+  filePath: /var/log/traefik.log
+  format: json
+
+accessLog:
+  filePath: /var/log/traefik_access.log
+  format: json