Fooocus

docker pull ghcr.io/lllyasviel/fooocus:latest
docker run -d \
–name fooocus \
–gpus all \
-p 7865:7865 \
-v fooocus_data:/content/data \
ghcr.io/lllyasviel/fooocus:latest

VideoSOS

# 1. Clone the repo
git clone https://github.com/timoncool/videosos
cd videosos

# 2. Start VideoSOS in Docker
docker compose up -d

# 3. Open in browser
# -> http://localhost:3000

# 4. Stop when done
docker compose down

LocalAI

1️⃣ Prereqs

Make sure these work first:

docker –version
docker compose version

If you have a GPU (NVIDIA):

NVIDIA drivers installed

NVIDIA Container Toolkit installed

2️⃣ Create a project folder
mkdir localai-webui
cd localai-webui

3️⃣ docker-compose.yml

Create this file:

version: “3.9”

services:
localai:
image: ghcr.io/go-skynet/localai:latest
container_name: localai
ports:
– “8080:8080”
volumes:
– ./models:/models
environment:
– MODELS_PATH=/models
command: >
–models-path /models
–context-size 4096
deploy:
resources:
reservations:
devices:
– capabilities: [gpu]
restart: unless-stopped

webui:
image: ghcr.io/open-webui/open-webui:latest
container_name: open-webui
ports:
– “3000:8080”
environment:
– OPENAI_API_BASE_URL=http://localai:8080/v1
– OPENAI_API_KEY=localai
depends_on:
– localai
volumes:
– ./webui-data:/app/backend/data
restart: unless-stopped

4️⃣ Download a model (important)

LocalAI does not auto-download models.

Create folders:

mkdir -p models/llama-3

Example: download a GGUF model (recommended):

wget -O models/llama-3/llama-3-8b-instruct.Q4_K_M.gguf \
https://huggingface.co/meta-llama/Meta-Llama-3-8B-Instruct-GGUF/resolve/main/llama-3-8b-instruct.Q4_K_M.gguf

Create models/llama-3/model.yaml:

name: llama-3
backend: llama-cpp
parameters:
model: llama-3-8b-instruct.Q4_K_M.gguf
context_size: 4096

5️⃣ Start everything
docker compose up -d

6️⃣ Open the UI

Web UI: http://localhost:3000

LocalAI API: http://localhost:8080/v1/chat/completions

In Open WebUI:

Model → select llama-3

Start chatting 🎉

MusicGPT

docker pull gabotechs/musicgpt
docker run -it –gpus all -p 8642:8642 \
-v ~/.musicgpt:/root/.local/share/musicgpt \
gabotechs/musicgpt –gpu –ui-expose

nextcloud_archive_files.sh

#!/bin/bash
set -o pipefail

#############################################
# CONFIGURATION
#############################################
NEXTCLOUD_DATA_DIR="/path/to/nextcloud/data"
MINIO_ALIAS="myminio"
MINIO_BUCKET="bucket_name"
LOG_FILE="/path/to/minio.log"

# DRY RUN (set to false to actually upload & delete)
DRY_RUN=false

# Disable MC color output to avoid ANSI codes
export MC_COLOR=off

mkdir -p "$(dirname "$LOG_FILE")"
touch "$LOG_FILE"

#############################################
# SANITIZATION FUNCTIONS
#############################################

sanitize_string() {
    printf "%s" "$1" | tr -d '\000-\037\177'
}

log() {
    local clean_msg
    clean_msg=$(sanitize_string "$1")
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $clean_msg" >> "$LOG_FILE"
}

sanitize_file_on_disk() {
    local file="$1"
    local dir base cleanbase

    dir=$(dirname "$file")
    base=$(basename "$file")
    cleanbase=$(printf "%s" "$base" | tr -d '\000-\037\177')

    if [[ "$cleanbase" != "$base" ]]; then
        mv -n -- "$file" "$dir/$cleanbase"
        log "Renamed on disk: '$file' → '$dir/$cleanbase'"
    fi

    echo "$dir/$cleanbase"
}

#############################################
# ARCHIVE PROCESS
#############################################

log "===== Starting Nextcloud archive process ====="
log "DRY_RUN=$DRY_RUN"



find "$NEXTCLOUD_DATA_DIR" \
    -xdev \
    -type f \
    -mtime +90 \
    -size +200M \
    -print0 |
while IFS= read -r -d '' file; do

    # Sanitize filename on disk
    file=$(sanitize_file_on_disk "$file")

    # Build relative path
    relative_path="${file#$NEXTCLOUD_DATA_DIR/}"
    relative_path=$(sanitize_string "$relative_path")

    target="$MINIO_ALIAS/$MINIO_BUCKET/$relative_path"

    log "Processing: '$file' → '$target'"

    if [[ "$DRY_RUN" == true ]]; then
        log "DRY-RUN: Would upload and delete '$file'"
        continue
    fi

    mc_output=$(mc cp -- "$file" "$target" 2>&1 | tr -d '\000-\037\177')
    mc_exit=$?

    if [[ $mc_exit -eq 0 ]]; then
        log "SUCCESS: Uploaded '$file'"
        rm -f -- "$file"
        log "Deleted local copy: '$file'"
    else
        log "ERROR: Upload failed for '$file'"
        log "mc error: $mc_output"
    fi

done

log "===== Completed Nextcloud archive process ====="

create_user.sh

#!/bin/bash

# MinIO Server Details
MINIO_HOST="http://MINIO_HOST:9000"  # replace with your MinIO endpoint
MINIO_ROOT_USER="########"          # replace with your root username
MINIO_ROOT_PASSWORD="#########"      # replace with your root password

# MinIO Client (mc) alias setup
MC_ALIAS="myminio"

# Check if bucket name is provided as an argument
if [ -z "$1" ]; then
    echo "Usage: $0 "
    exit 1
fi

# Bucket name passed as argument
BUCKET="$1"
USERNAME="${BUCKET}-user"
POLICY_NAME="policy-${BUCKET}"

# Set mc alias
mc alias set $MC_ALIAS $MINIO_HOST $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD

# Create the user
create_user() {
    # Create user with a randomly generated secret key (or use your own password)
    USER_SECRET=$(openssl rand -base64 32)
    mc admin user add $MC_ALIAS $USERNAME $USER_SECRET

    # Create a custom policy for the bucket
    cat < /tmp/${POLICY_NAME}.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::${BUCKET}"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::${BUCKET}/*"
    }
  ]
}
EOF

    # Attach the policy to the user
    mc admin policy add $MC_ALIAS $POLICY_NAME /tmp/${POLICY_NAME}.json
    mc admin policy attach $MC_ALIAS $POLICY_NAME --user $USERNAME

    # Clean up the policy file
    rm /tmp/${POLICY_NAME}.json

    echo "User $USERNAME created with policy for bucket $BUCKET"
    echo "User credentials: ACCESSKEY: $USERNAME, SECRETKEY: $USER_SECRET"
}

# Check if the bucket exists before creating the user and policy
mc ls $MC_ALIAS/$BUCKET &> /dev/null
if [ $? -ne 0 ]; then
    echo "Bucket $BUCKET does not exist. Please create the bucket first."
    exit 1
fi

# Call the function to create the user and attach the policy
create_user

# curl https://download.argon40.com/argonneo5.sh | bash
# nano /boot/firmware/config.txt

kernel=kernel8.img
dtparam=nvme
dtparam=pciex1_gen=3
usb_max_current_enable=1

# sudo apt update
# sudo apt install snapd
# sudo snap install snapd
# sudo snap install nextcloud
# sudo /snap/bin/nextcloud.occ config:system:set trusted_proxies 0 --value="127.0.0.1"
# sudo /snap/bin/nextcloud.occ config:system:set trusted_domains 1 --value="yourdomain.com"
# sudo /snap/bin/nextcloud.disable-https
# sudo apt install caddy
# sudo nano /etc/caddy/Caddyfile

https://yourdomain.com {
    reverse_proxy 127.0.0.1:8080
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
    }

    # Redirect for CalDAV and CardDAV clients
    redir /.well-known/caldav /remote.php/dav 301
    redir /.well-known/carddav /remote.php/dav 301
}

# sudo snap set nextcloud ports.http=8080
# sudo snap set nextcloud ports.https=
# sudo snap restart nextcloud.apache
# sudo systemctl daemon-reload
# sudo systemctl start caddy
# sudo systemctl status caddy
# sudo /snap/bin/nextcloud.occ config:system:set overwriteprotocol --value="https"
# sudo /snap/bin/nextcloud.occ config:system:set overwrite.cli.url --value="https://yourdomain.com"
# sudo /snap/bin/nextcloud.occ maintenance:repair --include-expensive
# sudo /snap/bin/nextcloud.occ background:cron
# apt install syncthing
# systemctl enable syncthing@pi-nas.service
# systemctl start syncthing@pi-nas.service
# nano /usr/lib/systemd/system/syncthing@.service

Group=users
UMask=0002

# apt install proftpd
# nano /etc/proftpd/proftpd.conf

DefaultRoot ~
Umask 002 002

# nano /usr/local/bin/fix_ownership.sh

#!/bin/bash
WATCHDIR="/volume1"
LOGFILE="/var/log/fix_ownership.log"

# Function to fix ownership of a file or directory
fix_ownership() {
    local file="$1"
    if [ -e "$file" ]; then
        if [ -d "$file" ]; then
            chown -R pi-nas:users "$file" 2>/dev/null
        else
            chown pi-nas:users "$file" 2>/dev/null
        fi
        echo "$(date '+%Y-%m-%d %H:%M:%S') Fixed ownership: $file" >> "$LOGFILE"
    fi
}

# Watch for changes
inotifywait -m -r -e close_write,create,move,delete --format '%w%f' "$WATCHDIR" | while read -r file; do
    fix_ownership "$file"
done

# nano /etc/systemd/system/fix_ownership.service

[Unit]
Description=Recursive ownership watcher for Volume1 folder
After=network.target

[Service]
ExecStart=/usr/local/bin/fix_ownership.sh
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

# systemctl daemon-reload
# systemctl enable fix_ownership.service
# systemctl start fix_ownership.service

# apt update
# apt install git python3-pip python3-venv
# useradd -r -m -d /var/lib/radicale -s /bin/bash radicale
# mkdir /etc/radicale
# nano /etc/radicale/radicale.conf

[server]
# Bind to all IP addresses (0.0.0.0) instead of just localhost
hosts = 0.0.0.0:5232
[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/users
htpasswd_encryption = bcrypt
[storage]
filesystem_folder = /var/lib/radicale/collections
[web]
type = radicale_infcloud

# htpasswd -c -B /etc/radicale/users yourusername
# htpasswd -B /etc/radicale/users anotheruser
# ufw allow 5232/tcp
# ufw reload
# su radicale
$ cd ~
$ python3 -m venv venv
$ source venv/bin/activate
$ pip install radicale bcrypt git+https://github.com/Unrud/RadicaleInfCloud.git
$ radicale --config /etc/radicale/radicale.conf

http://your-server-ip:5232/

$ exit
# nano /etc/systemd/system/radicale.service

[Unit]
Description=Radicale CalDAV and CardDAV Server
After=network.target
[Service]
User=radicale
Group=radicale
ExecStart=/var/lib/radicale/venv/bin/radicale --config /etc/radicale/radicale.conf
WorkingDirectory=/var/lib/radicale
Restart=on-failure
LimitNOFILE=4096
[Install]
WantedBy=multi-user.target

# systemctl daemon-reload
# systemctl enable radicale
# systemctl start radicale
# systemctl status radicale

# apt install apache2 certbot python3-certbot-apache
# nano /etc/apache2/sites-available/radicale.conf

<VirtualHost *:80>
  ServerName your_domain.com
  ProxyPass / http://localhost:5232/
  ProxyPassReverse / http://localhost:5232/
</VirtualHost>

# ufw allow 80/tcp
# ufw allow 443/tcp
# ufw reload
# certbot --apache -d your_domain.com

https://your_domain.com

# sudo systemctl status certbot.timer
# sudo certbot renew --dry-run

Webmin Setup

The simplest and best way to get Webmin is to use automatic webmin-setup-repo.sh script to configure repositories on your RHEL or Debian derivative systems. It can be done in two easy steps:

$curl -o webmin-setup-repo.sh https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh
sudo sh webmin-setup-repo.sh

This script will automatically setup our repository and install our GPG keys on your system, and provide webmin package for installation and easy upgrades in the future.

Install

If Webmin repository was setup using our webmin-setup-repo.sh as described above then Webmin can be installed as easy as:

$ sudo apt-get install webmin --install-recommends

Access

Open ports for both Webmin and Freeswitch.

$ ufw allow 10000/tcp
$ ufw allow 3478:3479/udp
$ ufw allow 5060
$ ufw allow 5080
$ ufw allow 8021/tcp
$ ufw allow 16384:32768/udp

After successful Webmin installation, you can access its interface by entering https://<Your-Server-IP>:10000 in your browser..

Freeswitch Setup

$curl -sSL https://freeswitch.org/fsget | bash -s [Personal Access Token] release install
$ sudo apt install freeswitch-mod-flite fail2ban

Fail2ban Setup

Fail2ban’s jail.conf file contains a standard configuration for FreeSWITCH.

From Standard jail.conf

[shd] <-- Make sure that this section is empty.

[freeswitch]
enabled  = true
port     = 5060,5061
action_  = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]
           %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]
logpath  = /var/log/freeswitch/freeswitch.log
filter   = freeswitch-ip

/etc/fail2ban/filter.d/freeswitch-ip.conf

# Fail2Ban configuration file
[Definition]
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
ignoreregex =

Add the following line to the [DEFAULT] section of /etc/fail2ban/paths-debian.conf:

sshd_backend = systemd

In Webmin, go to Networking > Fail2ban Intrusion Detector and click on Filter Action Jails. Click on Freeswitch in the list and change ‘Check for log file updates using‘ to systemd and click on the ‘Save’ button.

Usage

To check the status of fail2ban:

$ systemctl status fail2ban.service

To check the IP addresses that were blocked:

$ fail2ban-client banned

Resources

https://webmin.com/download/

https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Installation/Linux/Debian_67240088#about

https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Security/Fail2Ban_1049236/

https://github.com/fail2ban/fail2ban/issues/3567

https://stackoverflow.com/questions/3561289/what-ports-does-freeswitch-need-open

Create the user who should run the service, or choose an existing one.(Skip if your distribution package already installs these files, see above.) From git location copy the syncthing@.service file into the load path of the system instance. On Debian 12, the path of the file is ‘/usr/lib/systemd/system’. I also added the following lines to the [Service] section of the file:

Group=users
UMask=0002

The umask only works when ‘Ignore Permissions’ is enabled for the folder. Enable and start the service. Replace “myuser” with the actual Syncthing user after the @:

$ sudo systemctl enable syncthing@myuser.service
$ sudo systemctl start syncthing@myuser.service

Reference

https://docs.syncthing.net/users/autostart.html

IMAPdump, requires OpenSSL to be installed. Install it using the following command:

$ sudo apt install openssl

The IO::Socket::SSL Perl module is also required. First, install using the following command:

$ sudo perl -MCPAN -e shell

Then enter the following command from within the cpan shell:

cpan[1]> install IO::Socket::SSL

Now IMAPdump should run without errors. You can download it from https://github.com/andrewnimmo/rick-sanders-imap-tools.

This article assumes that you have all of your files in the /volume1 folder. In order to be able to access these files from within Nextcloud’s External Storage app, you will need to add the following line in /etc/fstab:

/volume1 /mnt/volume1 none bind

Also, until Redis packages are made to take advantage of the larger page size of the Raspberry Pi 5, we will have to add the following line to /boot/firmware/config.txt:

kernel=kernel8.img

Now install nextcloud using the following commands:

$ sudo apt install snapd
$ sudo snap install snapd
$ sudo snap install nextcloud

You should now be able to access the Nextcloud installer by entering the Pi’s IP address in a browser on the same network. If you want to install an SSL certificate then use the following command:

$ sudo /snap/bin/nextcloud.enable-https lets-encrypt

You will be asked to provide an email address and the domain name to be used. You will need to add the following lines to the config.php file for Nextcloud. This file should be located in /var/snap/nextcloud/current/nextcloud/config/config.php.

'overwritehost' => 'example.com',
'overwriteprotocol' => 'https',
'trusted_domains' => 
array (
  0 => 'example.com',
),

Now you should be able to access Nextcloud using your domain name. If you need to run the OCC command, use the following:

$ sudo /snap/bin/nextcloud.occ COMMAND

References

https://help.nextcloud.com/t/redis-crashing-on-startup-after-swapping-rpi4-8gb-with-rpi5-8gb/182242

https://snapcraft.io/install/nextcloud/debian

https://github.com/nextcloud-snap/nextcloud-snap/wiki/Nextcloud-snap-step-by-step/38e0ac1ceb23a990f10471546b95e2f04f060314