feat: complete infrastructure cleanup and optimization

This comprehensive update improves maintainability and removes unused services:

## Major Changes
- Remove 5 unused services (beaver, grist, stirlingpdf, tasksmd, redlib)
- Convert remaining static compose files to Jinja2 templates
- Clean up Caddyfile removing orphaned proxy configurations
- Align DNS records with active services

## Service Cleanup
- Remove habits.thesatelliteoflove.com DNS record (beaver service)
- Add missing DNS records for active services:
  - post.thesatelliteoflove.com (Postiz)
  - files.thesatelliteoflove.com (Pingvin Share)
  - bookmarks.thesatelliteoflove.com (Hoarder)

## Template Standardization
- Convert caddy-compose.yml to template
- Convert dockge-compose.yml to template
- Convert hoarder-compose.yml to template
- All services now use consistent template-driven approach

## Documentation Updates
- Update CLAUDE.md with new service organization
- Update README.md files with category-based deployment examples
- Update todo.md with completed work summary
- Service count updated to 22+ active services

Infrastructure is now fully organized, cleaned up, and ready for future enhancements.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

CLAUDE.md

@@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 
 ## Overview
 
-This is a personal infrastructure Ansible playbook that automates deployment and management of 25+ self-hosted Docker services across two domains (`thesatelliteoflove.com` and `nerder.land`). The setup uses Tailscale VPN for secure networking and Caddy for reverse proxy with automated HTTPS.
+This is a personal infrastructure Ansible playbook that automates deployment and management of 22+ self-hosted Docker services across two domains (`thesatelliteoflove.com` and `nerder.land`). The setup uses Tailscale VPN for secure networking and Caddy for reverse proxy with automated HTTPS.
 
 **Important**: Always review `DEPLOYMENT_LEARNINGS.md` when working on this repository for lessons learned and troubleshooting guidance.
 
@@ -32,6 +32,11 @@ ansible-playbook site.yml -i hosts.yml --tags caddy --vault-password-file vault_
 ansible-playbook site.yml -i hosts.yml --tags authentik,gitea --vault-password-file vault_pass --extra-vars "@secrets.enc"
 ansible-playbook site.yml -i hosts.yml --tags docker --vault-password-file vault_pass --extra-vars "@secrets.enc"  # all docker services
 
+# Deploy services by category (new organized structure)
+ansible-playbook site.yml -i hosts.yml --tags infrastructure --vault-password-file vault_pass --extra-vars "@secrets.enc"
+ansible-playbook site.yml -i hosts.yml --tags media,productivity --vault-password-file vault_pass --extra-vars "@secrets.enc"
+ansible-playbook site.yml -i hosts.yml --tags development,monitoring --vault-password-file vault_pass --extra-vars "@secrets.enc"
+
 # Deploy only infrastructure components
 ansible-playbook site.yml -i hosts.yml --tags common,cron --vault-password-file vault_pass --extra-vars "@secrets.enc"
 ```
@@ -45,16 +50,24 @@ ansible-playbook site.yml -i hosts.yml --tags common,cron --vault-password-file
 ### Role Structure
 - **bootstrap**: Initial server hardening, user creation, Tailscale VPN setup
 - **common**: Basic system configuration, UFW firewall management
-- **docker**: Comprehensive service deployment (25+ containerized applications)
+- **docker**: Comprehensive service deployment (22+ containerized applications, organized by category)
 - **cron**: Scheduled task management (currently Warhammer RSS feed generation)
 
-### Service Categories in Docker Role
-- **Infrastructure**: Caddy (reverse proxy), Authentik (SSO), Dockge (container management)
-- **Development**: Gitea, Code Server, Matrix (Conduit)
-- **Media**: Audiobookshelf, Calibre, Ghost blog, Pinchflat
-- **Productivity**: Paperless-NGX, TasksMD/MMDL, Baikal (CalDAV/CardDAV), Syncthing
-- **Communication**: GoToSocial (Fediverse), Postiz (social media management)
-- **Monitoring**: Changedetection, Glance dashboard, AppriseAPI
+### Docker Role Organization (Reorganized into Logical Categories)
+The docker role is now organized into logical service groups under `roles/docker/tasks/`:
+
+- **infrastructure/**: Core platform components
+  - Caddy (reverse proxy), Authentik (SSO), Dockge (container management)
+- **development/**: Development and collaboration tools  
+  - Gitea, Code Server, Matrix (Conduit)
+- **media/**: Content creation and consumption
+  - Audiobookshelf, Calibre, Ghost blog, Pinchflat, Pinry, Hoarder, Manyfold
+- **productivity/**: Personal organization and document management
+  - Paperless-NGX, MMDL, Baikal (CalDAV/CardDAV), Syncthing, Heyform, Dawarich, Pingvin
+- **communication/**: Social media and external communication
+  - GoToSocial (Fediverse), Postiz (social media management)  
+- **monitoring/**: System monitoring and alerts
+  - Changedetection, Glance dashboard, AppriseAPI
 
 ### Data Structure
 - All service data stored in `/opt/stacks/[service-name]/` on docker host
@@ -64,10 +77,11 @@ ansible-playbook site.yml -i hosts.yml --tags common,cron --vault-password-file
 ## Key Implementation Details
 
 ### Template-Driven Configuration
-The docker role uses Jinja2 templates extensively. When modifying services:
+The docker role uses Jinja2 templates exclusively for all services. When modifying services:
 - Update templates in `roles/docker/templates/[service]-compose.yml.j2`
 - Environment files use `.env.j2` templates where needed
-- Main task files in `roles/docker/tasks/` include service-specific deployment logic
+- Task files organized by category in `roles/docker/tasks/[category]/[service].yml`
+- All services now use templated configurations (no static compose files)
 
 ### DNS Management
 The `dns.yml` playbook manages AWS Route53 records for both domains. All subdomains point to the netcup server (152.53.36.98), with Caddy handling internal routing to the docker host via Tailscale.