split core into 3 compose files

core/ddns-compose.yml

@@ -0,0 +1,17 @@
+services:
+  ddns:
+    image: qmcgaw/ddns-updater
+    user: 0:0
+    container_name: ddns
+    restart: unless-stopped
+    ports:
+      - "8000:8000/tcp"
+    environment:
+      - TZ=America/Edmonton
+      - PERIOD=5m
+      - PUBLICIP_FETCHERS=http
+      - PUBLICIP_HTTP_PROVIDERS=all
+      - CONFIG={"settings":[{"provider":"desec","domain":"mapletree.email","host":"@","token":"${DESEC_TOKEN}","ip_version":"ipv4"}]}
+      
+    volumes:
+      - /docker/core/ddns:/updater/data

core/dns-compose.yml

@@ -0,0 +1,30 @@
+services:
+  dns:
+    image: technitium/dns-server:latest
+    container_name: dns-${NODE_ID}  # Becomes dns-1 or dns-2
+    restart: unless-stopped
+    ports:
+      - "53:53/udp"
+      - "53:53/tcp"
+      - "5381:5380/tcp" 
+    environment:
+      - TZ=America/Edmonton
+      - DNS_SERVER_DOMAIN=dns${NODE_ID}.mapletree.email # dns1... or dns2...
+      - DNS_SERVER_ADMIN_PASSWORD=${DNS_ADMIN_PASSWORD}
+    volumes:
+      # Updated path to match your new 'infrastructure' folder structure
+      - /docker/core/dns/config:/etc/dns
+    networks:
+      - dns_external
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=dns_external"
+      # Dynamic Router Name (dns1 vs dns2)
+      - "traefik.http.routers.dns${NODE_ID}.rule=Host(`dns${NODE_ID}.mapletree.email`)"
+      - "traefik.http.routers.dns${NODE_ID}.entrypoints=web,websecure"
+      - "traefik.http.routers.dns${NODE_ID}.tls.certresolver=myresolver"
+      - "traefik.http.services.dns${NODE_ID}.loadbalancer.server.port=5380"
+
+networks:
+  dns_external:
+    external: true

core/docker-compose.yml

@@ -29,6 +29,8 @@ services:
     image: traefik:latest
     container_name: traefik
     network_mode: host
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     cpus: 1.0
     mem_limit: "1024m"
     mem_reservation: "128m"

core/traefik-compose.yml

@@ -0,0 +1,46 @@
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    network_mode: host
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    cpus: 1.0
+    mem_limit: "1024m"
+    mem_reservation: "128m"
+    restart: always
+    #ports:
+    #  - "80:80"     # HTTP
+    #  - "443:443"   # HTTPS
+    #  - "888:8080" # Traefik Dashboard (optional, password-protect in production!)
+    command:
+      - "--api.dashboard=true"
+      - "--api.insecure=true"  # Remove or secure in prod
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker.network=web,request"
+      - "--providers.file.directory=/etc/traefik/dynamic"
+      - "--providers.file.watch=true"
+      ##DNS resolver
+      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=desec"
+      - "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=90"
+      - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
+      - "--certificatesresolvers.myresolver.acme.email=admin@mapletree.email"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      ##HTTP resolver
+      - --certificatesresolvers.le_http.acme.httpchallenge=true
+      - --certificatesresolvers.le_http.acme.httpchallenge.entrypoint=web
+      - --certificatesresolvers.le_http.acme.email=admin@mapletree.email
+      - --certificatesresolvers.le_http.acme.storage=/letsencrypt/acme.json
+    environment:
+    # Pass the variables through
+      - DESEC_TOKEN=${DESEC_TOKEN}
+      - DESEC_DOMAIN=${DESEC_DOMAIN}
+      # (Any other Traefik env vars you need)
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "/docker/core/traefik/letsencrypt:/letsencrypt"
+      - "${REPO_ROOT}/traefik/dynamic:/etc/traefik/dynamic"