Work on the compose file

server/.env

@@ -8,41 +8,27 @@ NGINX_LETSENCRYPT=/mnt/md0/nginx/letsencrypt
 NEXTCLOUD_DATA=/mnt/md0/nextcloud/data
 NEXTCLOUD_DB_DATA=/mnt/md0/nextcloud/db
 NEXTCLOUD_DB_PASSWORD=K7m9P2xQ8vN3rY6sL4dF1jH5eW9zB2cX
+NC_DOMAIN=nc.trude.dev
 REDIS_PASSWORD=R3d1sP@ssw0rd2025SecureCache
 
 # Gitea
 GITEA=/mnt/md0/gitea
 
-# Immich
-IMMICH_UPLOAD_LOCATION=/mnt/md0/immich/uploads
-IMMICH_DB_DATA_LOCATION=/mnt/md0/immich/db
-IMMICH_VERSION=release
-IMMICH_DB_PASSWORD=postgres
-IMMICH_DB_USERNAME=postgres    # Do not change
-IMMICH_DB_DATABASE_NAME=immich # Do not change
-
-# -------------------
+# N8N Automation
+N8N_HOST=n8n.trude.dev
+N8N_DATA=/mnt/md0/n8n/data
+N8N_FILES=/mnt/md0/n8n/files
 
 # Home Assistant
 HA_CONFIG=/mnt/md0/ha/config
-OWW_CUSTOM_MODEL_DIR=/mnt/md0/ha/openwakeword-model
-OWW_DATA=/mnt/md0/ha/openwakeword-data
 PIPER_DATA=/mnt/md0/ha/piper-data
 WHISPER_DATA=/mnt/md0/ha/whisper-data
+
+# ESPHome
 ESPHOME_CONFIG=/mnt/md0/esphome/config
 
-
-# FileBrowser
-FILEBROWSER_DATA=/mnt/md0/files
-FILEBROWSER_CONFIG=/mnt/md0/filebrowser/config
-FILEBROWSER_DATABASE=/mnt/md0/filebrowser/database
-
 # Prosody XMPP Server
 PROSODY_CONFIG=/mnt/md0/prosody/config
 PROSODY_LOGS=/tmp/prosody/logs
 PROSODY_MODULES=/mnt/md0/prosody/modules
 
-# N8N Automation
-N8N_HOST=n8n.trude.dev
-N8N_DATA=/mnt/md0/n8n/data
-N8N_FILES=/mnt/md0/n8n/files

server/docker-compose.yml

@@ -35,12 +35,37 @@ services:
       - POSTGRES_USER=nextcloud
       - POSTGRES_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
       - NEXTCLOUD_TRUSTED_DOMAINS=localhost
+      - OVERWRITEPROTOCOL=https
+      - OVERWRITECLIURL=https://${NC_DOMAIN}
+      - OVERWRITEHOST=${NC_DOMAIN}
+      - TRUSTED_PROXIES=172.16.0.0/12
+      - NEXTCLOUD_INIT_HTACCESS=true
     volumes:
       - ${NEXTCLOUD_DATA}:/var/www/html
     networks:
       - server-network
       - nextcloud-network
 
+  nextcloud-cron:
+    image: nextcloud:apache
+    restart: unless-stopped
+    container_name: nextcloud-cron
+    entrypoint: /cron.sh
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+    environment:
+      - POSTGRES_HOST=nextcloud-db
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
+      - REDIS_HOST=nextcloud-redis
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+    volumes:
+      - ${NEXTCLOUD_DATA}:/var/www/html
+    networks:
+      - nextcloud-network
+
   nextcloud-db:
     image: postgres:latest
     restart: unless-stopped
@@ -76,216 +101,113 @@ services:
     networks:
       - server-network
 
-  # --- Immich Server ---
-  immich-server: # immich-server:2283
-    ports:
-      - "2283:2283" # Local HTTP
-    container_name: immich-server
-    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
-    # extends:
-    #   file: hwaccel.transcoding.yml
-    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
-    volumes:
-      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${IMMICH_UPLOAD_LOCATION}:/usr/src/app/upload
-      - /etc/localtime:/etc/localtime:ro
-    environment:
-      - REDIS_HOSTNAME=immich-redis
-      - DB_HOSTNAME=immich-database
+  # --- N8n Automation ---
+  n8n: # :5678
+    image: n8nio/n8n:latest
+    restart: unless-stopped
+    container_name: n8n
     env_file:
       - .env
-    depends_on:
-      - immich-redis
-      - immich-database
-      - immich-machine-learning
-    restart: unless-stopped
-    healthcheck:
-      disable: false
+    environment:
+      - N8N_HOST=${N8N_HOST}
+      - N8N_PORT=5678
+      - N8N_PROTOCOL=https # Nginx Proxy Manager will handle HTTPS
+      - NODE_ENV=production
+      - WEBHOOK_URL=https://${N8N_HOST}/
+      - GENERIC_TIMEZONE=${TZ}
+      - N8N_RUNNERS_ENABLED=true
+      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
+    volumes:
+      - ${N8N_DATA}:/home/node/.n8n
+      - ${N8N_FILES}:/files
     networks:
       - server-network
-      - immich-network
 
-  immich-machine-learning:
-    container_name: immich-machine-learning
-    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
-    # Example tag: ${IMMICH_VERSION:-release}-cuda
-    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
-    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
-    #   file: hwaccel.ml.yml
-    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
-    volumes:
-      - model-cache:/cache
+  # --- Home Assistant ---
+  homeassistant: # :8123
+    image: "ghcr.io/home-assistant/home-assistant:stable"
+    container_name: homeassistant
     env_file:
       - .env
-    restart: unless-stopped
-    healthcheck:
-      disable: false
-    networks:
-      - immich-network
-
-  immich-redis:
-    container_name: immich-redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
-    healthcheck:
-      test: redis-cli ping || exit 1
-    restart: unless-stopped
-    networks:
-      - immich-network
-
-  immich-database:
-    container_name: immich-database
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
-    environment:
-      POSTGRES_PASSWORD: ${IMMICH_DB_PASSWORD}
-      POSTGRES_USER: ${IMMICH_DB_USERNAME}
-      POSTGRES_DB: ${IMMICH_DB_DATABASE_NAME}
-      POSTGRES_INITDB_ARGS: "--data-checksums"
-      # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
-      B_STORAGE_TYPE: "HDD"
     volumes:
-      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
-      - ${IMMICH_DB_DATA_LOCATION}:/var/lib/postgresql/data
+      - ${HA_CONFIG}:/config
+      - /etc/localtime:/etc/localtime:ro
+      - /run/dbus:/run/dbus:ro
+    restart: unless-stopped
+    # devices:
+    #   - /dev/ttyUSB0:/dev/ttyUSB0
+    privileged: true
+    networks:
+      - ha-network
+      - server-network
+
+  piper: # :10200
+    image: homeassistant/amd64-addon-piper:latest
+    container_name: piper
+    entrypoint: python3
+    command: >
+      -m wyoming_piper  
+      --piper '/usr/share/piper/piper'  
+      --uri 'tcp://0.0.0.0:10200'  
+      --length-scale "1"  
+      --noise-scale "0.667"  
+      --speaker "0"  
+      --voice "en_US-lessac-medium"  
+      --max-piper-procs "1"  
+      --data-dir /data  
+      --data-dir /share/piper  
+      --download-dir /data
+    volumes:
+      - ${PIPER_DATA}:/data
     restart: unless-stopped
     networks:
-      - immich-network
+      - ha-network
 
-  # # --- Home Assistant ---
-  # homeassistant:
-  #   container_name: homeassistant
-  #   image: "ghcr.io/home-assistant/home-assistant:stable"
-  #   env_file:
-  #     - .env
-  #   volumes:
-  #     - ${HA_CONFIG}:/config
-  #     - /etc/localtime:/etc/localtime:ro
-  #     - /run/dbus:/run/dbus:ro
-  #   restart: unless-stopped
-  #   # devices:
-  #   #   - /dev/ttyUSB0:/dev/ttyUSB0
-  #   privileged: true
+  whisper: # :10300
+    image: homeassistant/amd64-addon-whisper:latest
+    container_name: whisper
+    entrypoint: python3
+    command: >
+      -m wyoming_faster_whisper  
+      --uri tcp://0.0.0.0:10300  
+      --model small-int8  
+      --beam-size 1  
+      --language en  
+      --data-dir /data  
+      --download-dir /data
+    volumes:
+      - ${WHISPER_DATA}:/data
+    restart: unless-stopped
+    networks:
+      - ha-network
+  
+  # --- ESPHome ---
+  esphome:
+    container_name: esphome
+    image: ghcr.io/esphome/esphome:latest
+    volumes:
+      - ${ESPHOME_CONFIG}:/config
+      - /etc/localtime:/etc/localtime:ro
+    restart: unless-stopped
+    privileged: true
     # network_mode: host
-  #   # ports:
-  #   #   - "8123:8123"
-
-  # esphome:
-  #   container_name: esphome
-  #   image: ghcr.io/esphome/esphome:latest
-  #   volumes:
-  #     - ${ESPHOME_CONFIG}:/config
-  #     - /etc/localtime:/etc/localtime:ro
-  #   restart: unless-stopped
-  #   privileged: true
-  #   network_mode: host
-  #   # ports:
-  #   #   - "6052:6052"
-  #   env_file:
-  #     - .env
-
-  # # openwakeword:
-  # #   image: homeassistant/amd64-addon-openwakeword:latest
-  # #   container_name: openwakeword
-  # #   entrypoint: python3
-  # #   command: >
-  # #     -m wyoming_openwakeword
-  # #     --uri 'tcp://0.0.0.0:10400'
-  # #     --preload-model 'ok_nabu'
-  # #     --custom-model-dir /share/openwakeword
-  # #   env_file:
-  # #     - .env
-  # #   ports:
-  # #     - 10400:10400
-  # #   volumes:
-  # #     - ${OWW_DATA}:/data
-  # #     - ${OWW_CUSTOM_MODEL_DIR}:/share/openwakeword
-  # #   restart: unless-stopped
-
-  # piper:
-  #   image: homeassistant/amd64-addon-piper:latest
-  #   container_name: piper
-
-  #   entrypoint: python3
-  #   command: >
-  #     -m wyoming_piper  
-  #     --piper '/usr/share/piper/piper'  
-  #     --uri 'tcp://0.0.0.0:10200'  
-  #     --length-scale "1"  
-  #     --noise-scale "0.667"  
-  #     --speaker "0"  
-  #     --voice "en_US-lessac-medium"  
-  #     --max-piper-procs "1"  
-  #     --data-dir /data  
-  #     --data-dir /share/piper  
-  #     --download-dir /data
-  #   network_mode: host
-  #   # ports:
-  #   #   - "10200:10200"
-  #   volumes:
-  #     - ${PIPER_DATA}:/data
-  #   restart: unless-stopped
-
-  # whisper:
-  #   image: homeassistant/amd64-addon-whisper:latest
-  #   container_name: whisper
-
-  #   entrypoint: python3
-  #   command: >
-  #     -m wyoming_faster_whisper  
-  #     --uri tcp://0.0.0.0:10300  
-  #     --model small-int8  
-  #     --beam-size 1  
-  #     --language en  
-  #     --data-dir /data  
-  #     --download-dir /data
-  #   network_mode: host # Needed to use localhost in HA interface
-  #   # ports:
-  #   #   - "10300:10300"
-  #   env_file:
-  #     - .env
-  #   volumes:
-  #     - ${WHISPER_DATA}:/data
-  #   restart: unless-stopped
-
-
-
+    ports:
+      - "6052:6052"
 
   # # --- Prosody XMPP Server ---
-  # prosody:
+  # prosody: # :5280
   #   image: prosody/prosody:latest
   #   container_name: prosody
   #   restart: unless-stopped
   #   ports:
   #     - "5222:5222" # XMPP client connections
   #     - "5269:5269" # XMPP server-to-server connections
-  #     - "5280:5280" # HTTP/WebSocket connections
-  #     - "5281:5281" # HTTPS/WebSocket connections (if SSL configured)
   #   volumes:
   #     - ${PROSODY_CONFIG}:/etc/prosody
   #     - ${PROSODY_LOGS}:/var/log/prosody
   #     - ${PROSODY_MODULES}:/usr/lib/prosody-modules
-  #   env_file:
-  #     - .env
-
-  # # --- N8n Automation ---
-  # n8n:
-  #   image: n8nio/n8n:latest
-  #   restart: always
-  #   # N8n will not be directly exposed to the host, Nginx Proxy Manager will proxy to it
-  #   # Therefore, no 'ports' mapping is needed here for external access.
-  #   # It will be accessible on the Docker network by Nginx Proxy Manager.
-  #   environment:
-  #     - N8N_HOST=${N8N_HOST}
-  #     - N8N_PORT=5678
-  #     - N8N_PROTOCOL=https # Nginx Proxy Manager will handle HTTPS
-  #     - NODE_ENV=production
-  #     - WEBHOOK_URL=https://${N8N_HOST}/
-  #     - GENERIC_TIMEZONE=${TZ}
-  #     - N8N_RUNNERS_ENABLED=true
-  #     - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
-  #   volumes:
-  #     - ${N8N_DATA}:/home/node/.n8n
-  #     - ${N8N_FILES}:/files
-  #   env_file:
-  #     - .env
+  #   networks:
+  #     - server-network
 
 volumes:
   model-cache:
@@ -295,7 +217,5 @@ networks:
     driver: bridge
   nextcloud-network:
     driver: bridge
-  immich-network:
-    driver: bridge
-  homeassistant-network:
+  ha-network:
     driver: bridge

server/domains.md

@@ -1,20 +0,0 @@
-# Domains
-
-- trude.dev (github pages site)
-
-## External Domains
-
-- ha.trude.dev     (home assistant) (for phone tracking)
-- git.trude.dev    (gitea) (for public repos)
-- chat.trude.dev   (XMPP)
-  - muc.trude.dev    (group chats)
-  - share.trude.dev  (file sharing)
-  - proxy.trude.dev  (compatibility)
-- n8n.trude.dev
-
-## Tailscale Access / Local
-
-- server.local:81   (NGINX)
-- server.local:2100 (PiHole)
-- server.local:2283 (immich)
-- server.local:8080 (file browser)

server/nextcloud.sh

@@ -0,0 +1 @@
+docker exec -u www-data -it nextcloud php "$@"