adding blog post on labels / proxy / dns

posts/automated-homelab-proxy-dns.md

@@ -0,0 +1,48 @@
+---
+title: "Label-Based Proxy & DNS"
+description: "How to automate Nginx Proxy Manager and Pi-hole DNS using Docker labels."
+date: 2026-04-28T14:45:00-04:00
+lastmod: 2026-04-28
+author: wompmacho
+tags: ["docker", "automation", "pihole", "npm", "homelab", "iac"]
+---
+
+Managing a homelab often involves a lot of manual repetition: spin up a container, add a DNS record in Pi-hole, then create a proxy host in Nginx Proxy Manager (NPM). 
+
+By leveraging **Docker labels**, we can treat our homelab as **Infrastructure as Code (IaC)**, defining our entire environment within a single `docker-compose.yaml` file.
+
+<!-- more -->
+
+## The Core Concept
+
+Instead of configuring our infrastructure in multiple Web UIs, we define the requirements directly at the service level. This ensures that our proxy and DNS settings live and die with the containers they serve. Two key "shim" containers make this automation possible:
+
+1.  **[npm-docker-sync](https://github.com/Redth/npm-docker-sync)**: This container monitors the Docker socket for `npm.proxy.*` labels. When it detects a new service, it calls the Nginx Proxy Manager API to instantly create or update a proxy host.
+2.  **[docker-pihole-dns-shim](https://github.com/theonlysinjin/docker-pihole-dns-shim)**: Similarly, this service watches for `pihole.custom-record` labels. It syncs these records to your Pi-hole instance, ensuring that `myservice.local` always points to your Docker host or reverse proxy IP.
+
+## Simple Service Example: Dozzle
+
+For a standard service like [Dozzle](https://git.wompmacho.com/wompmacho/configs/src/branch/main/docker_compose/dozzel/docker-compose.yaml), the configuration is clean, portable, and self-documenting:
+
+```yaml
+services:
+  dozzle:
+    container_name: dozzle
+    image: ghcr.io/amir20/dozzle:latest
+    labels:
+      # Nginx Proxy Manager Automation
+      - "npm.proxy.domains=dozzle"
+      - "npm.proxy.port=8888"
+      - "npm.proxy.scheme=http"
+      
+      # Pi-hole Automation (Point to Docker Host IP)
+      - "pihole.custom-record=[[\"dozzle\", \"10.0.0.190\"]]"
+```
+
+When this container starts, the DNS record for `dozzle` is created, and a proxy host is instantly available in NPM. No manual clicking required.
+
+## Why Websockets Matter
+
+If your UI feels unresponsive or "frozen" (common with GTK/Broadway apps like Nicotine+), it’s often because the websocket connection is blocked. Always include `npm.proxy.websockets=true` in your labels to ensure the reverse proxy allows the real-time communication required by modern interactive apps.
+
+By adopting this **Infrastructure as Code** approach, we make our homelab reproducible, version-controlled, and significantly easier to maintain.

projects/Pihole/index.md

@@ -14,11 +14,37 @@ without installing any client-side software. Useful for blocking ad services at
 a DNS level. It uses a list of known ad services stored on github, can add your
 own. It can also operate as a internal dns router and dhcp server.
 
+## Automation (Docker Labels)
+
+To automate adding Custom DNS entries to Pi-hole when creating new Docker containers, I use the `docker-pihole-dns-shim` sidecar. This prevents the need to manually update Pi-hole's DNS records every time a new service is deployed.
+
+### Docker Compose Example (The Shim)
+The shim runs alongside your other management containers and watches the Docker socket. **Note:** Use the direct IP address of your Pi-hole (e.g., `10.0.0.11`) to ensure the container can reach the API.
+
+```yaml
+{{% include "/srv/configs/docker_compose/pihole-external-dns/docker-compose.yaml" %}}
+```
+
+### How to Auto-Configure a Service
+To create a DNS record in Pi-hole for a new container, add the following label to its `docker-compose.yaml`. The shim will automatically detect this and call the Pi-hole API.
+
+```yaml
+services:
+  my-app:
+    image: my-app:latest
+    labels:
+      # Format: [["domain", "IP_Address"]]
+      - "pihole.custom-record=[[\"myapp.wompmacho.com\", \"10.0.0.190\"]]" 
+```
+
+> [!important] Reverse Proxies
+> When using a reverse proxy like Nginx Proxy Manager, you should point the Pi-hole DNS record to the **IP of the Docker host/Proxy** (e.g., `10.0.0.190`), *not* the internal Docker IP of the individual container.
+
 ## Pihole Setup
 
 If you have a raspberry-pi or another device, its super easy to get things
 going.
-
+...
 - [pihole setup](https://github.com/pi-hole/pi-hole/?tab=readme-ov-file#one-step-automated-install).
 
 Any debian based system should be able to get things going quickly. Then all you

projects/homelab/diagrams.md

@@ -9,6 +9,8 @@ lastmod: '2026-04-12'
 tags: ['homelab', 'infrastructure', 'network']
 ---
 
+[← Back to Homelab Infrastructure](./homelab_Infra.md)
+
 ---
 
 ## 2024 Home Lab

projects/homelab/homelab_Infra.md

@@ -14,6 +14,9 @@ tags:
 
 This document outlines the internal infrastructure of the **wompmacho** homelab. The lab is built on a high-speed **10GbE backbone** and utilizes a hybrid architecture of dedicated NAS storage, Proxmox virtualization, and containerized services for media, self-hosting, and development.
 
+> [!TIP] Visual Guide
+> For a visual representation of the network and hardware layout, see the [Infrastructure Diagrams](diagrams.md).
+
 [TOC]
 
 ## Physical and hardware registry
@@ -86,6 +89,7 @@ This document outlines the internal infrastructure of the **wompmacho** homelab.
 *   **Tunnel Subnet**: `10.10.10.0/24`
 *   **Phone Peer**: `10.10.10.3/32`
 *   **Gluetun (Container VPN)**: Lightweight VPN gateway for p2p and sensitive services. It provides a container-level killswitch and manages shared network namespaces.
+*   **NPM & Pi-hole Automation**: Sidecar containers (`npm-sync` and `pihole-dns-shim`) monitor the Docker socket and automatically provision Reverse Proxy hosts and local DNS records based on container **Labels**.
 
 ## Storage infrastructure
 

projects/nginx-proxy-manager/index.md

@@ -32,6 +32,32 @@ configurations.
 {{% include "/srv/configs/docker_compose/nginx-proxy-manager/docker-compose.yaml" %}}
 ```
 
+## Automation (Docker Labels)
+
+To avoid manually configuring Proxy Hosts in the UI (and to keep configuration tightly coupled with the services themselves), I use the `npm-sync` sidecar container. 
+
+This sidecar monitors the Docker socket. When a container spins up with specific labels, `npm-sync` automatically talks to the Nginx Proxy Manager API and creates the Proxy Host. When the container is destroyed, the route is cleaned up.
+
+### How to Auto-Configure a Service
+To expose a new container, simply add the following labels to its `docker-compose.yaml`. You do not need to touch the NPM UI.
+
+```yaml
+services:
+  my-app:
+    image: my-app:latest
+    labels:
+      - "npm.proxy.domains=myapp.wompmacho.com" # The URL
+      - "npm.proxy.port=8080"                   # Internal port the app listens on
+      - "npm.proxy.scheme=http"                 # Usually http or https
+      - "npm.proxy.ssl.force=true"              # Force HTTPS
+      - "npm.proxy.ssl.letsencrypt=true"        # Auto-provision SSL certificate
+```
+
+> [!important] Direct Edits
+> Avoid making direct edits to NPM `.conf` files on the host, as it will desync the database and the Web UI. Always use the Web UI or API-driven automation like `npm-sync`.
+
+## Nginx routing
+
 Nginx gives you that great routing to your internal networked servers. Also
 helps you set up your DNS both inside and outside the network. Can be a little
 confusing at first.