many changes

ai/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   openwebui:
-    image: ghcr.io/open-webui/open-webui:0.5.10
+    image: ghcr.io/open-webui/open-webui:0.5.11
     container_name: open-webui
     restart: always
     environment:
@@ -13,6 +13,7 @@ services:
      - 'OAUTH_CLIENT_SECRET=7DvwzbhHEElZLoZjEcHOtpwIU2IxhyNPv5sGmdOnJvvaMxQVQTgbaP6OAcEKTGLtUvIzgh8c8juvTYsrOkdp2WXCLNTrM2ZQP3UhHTBjESRU1yZK4MaVG46jnLj9Aaks'
      - 'OAUTH_SCOPES=openid email profile'
      - 'OPENID_REDIRECT_URI=https://ai.home.thoster.net/oauth/oidc/callback'
+     - 'GLOBAL_LOG_LEVEL=DEBUG'
     volumes:
       - ./data:/app/backend/data
     ports:

hass/homeassistant/automations.yaml

@@ -474,6 +474,10 @@
     device_id: ef6d5a43ae7c971e4b7b740dbc0f378e
     entity_id: d212bffda3c532f2e43ea9d08b1fd008
     domain: switch
+    for:
+      hours: 0
+      minutes: 59
+      seconds: 0
   actions:
   - type: turn_off
     device_id: ef6d5a43ae7c971e4b7b740dbc0f378e

hass/homeassistant/configuration.yaml

@@ -18,7 +18,12 @@ switch:
     mac: "58:47:CA:78:4E:59"
     turn_off:
       service: shell_command.turn_off_remote_pc
-
+  - platform: template
+    name: "comfyui"
+    turn_on:
+      service: shell_command.start_comfy_ui
+    turn_off:
+      service: shell_command.turn_off_remote_pc
 
 #MQTT Broker for milight hub:
 mqtt:

hass/homeassistant/shell_commands.yaml

@@ -1 +1,2 @@
 turn_off_remote_pc: "ssh -i /config/ssh_keys/id_rsa_homeassistant -o 'StrictHostKeyChecking=no' homeassistant@192.168.178.87 sudo shutdown -h now"
+start_comfy_ui: "ssh -i /config/ssh_keys/id_rsa_homeassistant -o 'StrictHostKeyChecking=no' homeassistant@192.168.178.87 bash -c 'cd /home/oster/git/ComfyUI;./start.sh; read x'"

samba/config/avahi/samba.service

@@ -0,0 +1,9 @@
+<?xml version="1.0" standalone='no'?>
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+ <name replace-wildcards="yes">%h</name>
+ <service>
+   <type>_smb._tcp</type>
+   <port>445</port>
+ </service>
+</service-group>

samba/config/runit/avahi/run

@@ -0,0 +1,2 @@
+#!/bin/sh -x
+exec avahi-daemon --no-rlimits

samba/config/runit/nmbd/run

@@ -0,0 +1,3 @@
+#!/bin/sh -x
+sleep 6
+exec nmbd --foreground

samba/config/runit/samba/run

@@ -0,0 +1,3 @@
+#!/bin/sh -x
+sleep 2
+exec smbd --foreground

samba/config/runit/wsdd2/run

@@ -0,0 +1,3 @@
+#!/bin/sh -x
+sleep 10
+exec /usr/sbin/wsdd2

samba/config/samba/smb.conf

@@ -0,0 +1,31 @@
+[global]
+   server role = standalone server
+   log file = /dev/stdout
+   dns proxy = no 
+
+   # password stuff
+   passdb backend = smbpasswd
+
+   obey pam restrictions = yes
+   security = user
+   printcap name = /dev/null
+   load printers = no
+   dns proxy = no
+   wide links = yes
+   follow symlinks = yes
+   unix extensions = no
+   acl allow execute always = yes
+
+   # MacOS Compatibility options
+   vfs objects = catia fruit streams_xattr
+
+   # Special configuration for Apple's Time Machine
+   fruit:model = TimeCapsule
+   fruit:aapl = yes
+
+   # fix filenames with special chars (should be default)
+   mangled names = no
+   dos charset = CP850
+   unix charset = UTF-8
+
+   # Docker Envs global config options

traefik/conf.d/rules.yml

@@ -69,6 +69,23 @@ http:
       service: authentik
       tls:
         certResolver: letsencrypt
+    comfy-router:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/`)"
+      middlewares:
+       - middlewares-authentik
+      service: comfy-service
+      tls:
+        certResolver: letsencrypt
+    comfy-router-auth:
+      entryPoints:
+       - "websecure"
+      rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      priority: 15
+      service: authentik
+      tls:
+        certResolver: letsencrypt
     photos-router:
       entryPoints:
         - "websecure"
@@ -111,7 +128,7 @@ http:
     hass-service:
       loadBalancer:
         servers:
-          - url: "http://ubuntu:8123"
+          - url: "http://192.168.178.114:8123"
     photos-service:
       loadBalancer:
         servers:
@@ -128,6 +145,10 @@ http:
       loadBalancer:
         servers:
           - url: "http://ubuntu:5200"
+    comfy-service:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.178.87:8188"
     auth-service:
       loadBalancer:
         servers:

traefik/conf.d/rules.yml.backup3

@@ -0,0 +1,147 @@
+# dynamic configuration
+http:
+  middlewares:
+    middlewares-authentik:
+      forwardAuth:
+        address: http://ubuntu:9000/outpost.goauthentik.io/auth/traefik
+        trustForwardHeader: true
+        authResponseHeaders:
+         - X-authentik-username
+         - X-authentik-groups
+         - X-authentik-entitlements
+         - X-authentik-email
+         - X-authentik-name
+         - X-authentik-uid
+         - X-authentik-jwt
+         - X-authentik-meta-jwks
+         - X-authentik-meta-outpost
+         - X-authentik-meta-provider
+         - X-authentik-meta-app
+         - X-authentik-meta-version
+  routers:
+    hass-router:
+      entryPoints:
+        - "hass"
+      rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
+      service: hass-service
+      tls:
+        certResolver: letsencrypt
+    paperless-router:
+      entryPoints:
+       - "websecure"
+      rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/`)"
+      middlewares:
+        - "middlewares-authentik"
+      priority: 15
+      service: paperless-service
+      tls:
+        certResolver: letsencrypt
+    hass-router-auth:
+      entryPoints:
+       - "websecure"
+      rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      priority: 15
+      service: authentik
+      tls:
+        certResolver: letsencrypt
+    paperless-router-auth:
+      entryPoints:
+       - "websecure"
+      rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      priority: 15
+      service: authentik
+      tls:
+        certResolver: letsencrypt
+    default-router:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
+      middlewares:
+       - middlewares-authentik
+      service: wikimd-service
+      tls:
+        certResolver: letsencrypt
+    default-router-auth:
+      entryPoints:
+       - "websecure"
+      rule: "Host(`home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      priority: 15
+      service: authentik
+      tls:
+        certResolver: letsencrypt
+    photos-router:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`photo.home.thoster.net`) && PathPrefix(`/`)"
+      service: photos-service
+      tls:
+        certResolver: letsencrypt
+    auth-router:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`auth.home.thoster.net`) && PathPrefix(`/`)"
+      service: auth-service
+      tls:
+        certResolver: letsencrypt
+    hass2-router:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)"
+      middlewares:
+        - "middlewares-authentik"
+      service: hass-service
+      tls:
+        certResolver: letsencrypt
+    nas-router:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`nas.home.thoster.net`) && PathPrefix(`/`)"
+      service: nas-service
+      tls:
+        certResolver: letsencrypt
+    ai-router:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`ai.home.thoster.net`) && PathPrefix(`/`)"
+      service: ai-service
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    hass-service:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.178.114:8123"
+    photos-service:
+      loadBalancer:
+        servers:
+          - url: "http://ubuntu:2283"
+    nas-service:
+      loadBalancer:
+        servers:
+          - url: "http://nas"
+    ai-service:
+      loadBalancer:
+        servers:
+          - url: "http://ubuntu:8082"
+    wikimd-service:
+      loadBalancer:
+        servers:
+          - url: "http://ubuntu:5200"
+    auth-service:
+      loadBalancer:
+        servers:
+          - url: "http://ubuntu:9000"
+    paperless-service:
+      loadBalancer:
+        servers:
+         - url: "http://ubuntu:8000"
+    dummy-service:
+      loadBalancer:
+        servers:
+          - url: "http://whoami"
+    authentik:
+      loadBalancer:
+        servers:
+         - url: "http://ubuntu:9000/outpost.goauthentik.io"
+

traefik/traefik.yaml.backup

@@ -0,0 +1,63 @@
+providers:
+  file:
+    directory: /etc/traefik/conf.d/
+
+entryPoints:
+  web:
+    address: ':80'
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+
+  websecure:
+    address: ':443'
+    http:
+      tls:
+        certResolver: letsencrypt
+
+
+  traefik:
+    address: ':8080'
+
+  hass:
+    address: ':444'
+    http:
+      tls:
+        certResolver: letsencrypt
+      redirections:
+        entryPoint:
+          scheme: https
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: "stefan@ostermail.de"
+      storage: /etc/traefik/ssl/acme.json
+      tlsChallenge: {}
+
+api:
+  dashboard: true
+  insecure: true
+
+log:
+  filePath: /var/log/traefik/traefik.log
+  format: json
+  level: INFO
+
+accessLog:
+  filePath: /var/log/traefik/traefik-access.log
+  format: json
+  filters:
+    statusCodes:
+      - "200"
+      - "400-599"
+    retryAttempts: true
+    minDuration: "10ms"
+  bufferingSize: 0
+  fields:
+    headers:
+      defaultMode: drop
+      names:
+        User-Agent: keep

traefik/traefik.yaml.backup2

@@ -0,0 +1,65 @@
+providers:
+  file:
+    directory: /etc/traefik/conf.d/
+
+entryPoints:
+  web:
+    address: ':80'
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+
+  websecure:
+    address: ':443'
+    http:
+      tls:
+        certResolver: letsencrypt
+
+  paperless:
+    address: ':5200'
+
+  traefik:
+    address: ':8080'
+
+  hass:
+    address: ':444'
+    http:
+      tls:
+        certResolver: letsencrypt
+      redirections:
+        entryPoint:
+          scheme: https
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: "stefan@ostermail.de"
+      storage: /etc/traefik/ssl/acme.json
+      tlsChallenge: {}
+
+api:
+  dashboard: true
+  insecure: true
+
+log:
+  filePath: /var/log/traefik/traefik.log
+  format: json
+  level: INFO
+
+accessLog:
+  filePath: /var/log/traefik/traefik-access.log
+  format: json
+  filters:
+    statusCodes:
+      - "200"
+      - "400-599"
+    retryAttempts: true
+    minDuration: "10ms"
+  bufferingSize: 0
+  fields:
+    headers:
+      defaultMode: drop
+      names:
+        User-Agent: keep

wikimd/wiki/homepage.md

@@ -10,6 +10,9 @@
 
 [KI Server](https://ai.home.thoster.net) -> wenn der Rechner im Keller aus ist, gehen nur die öffentlichen Modelle!
 
+#### Alte Dinge
+[Photo App auf der NAS](https://home.thoster.net:446/photo/)
+
 ### Interne Dienste
 
 [Proxmox](https://192.168.178.99:8006)
@@ -24,6 +27,8 @@
 
 [Influx](http://ubuntu.fritz.box:8086)
 
+[Paperless ai](http://ubuntu:3000/)
+
 https://www.reddit.com/r/homeassistant/comments/oje65v/home_assitant_with_grafana_and_influxdb_2x_basic/
 
 ### Probleme / TODOs