How to Install AI Tools Locally with Docker

Posted on February 3, 2026 by Unique Technologies

Fooocus

# docker pull ghcr.io/lllyasviel/fooocus:latest
# docker run -d \
–name fooocus \
–gpus all \
-p 7865:7865 \
-v fooocus_data:/content/data \
ghcr.io/lllyasviel/fooocus:latest

VideoSOS

Clone the repo

# git clone https://github.com/timoncool/videosos
# cd videosos

Start VideoSOS in Docker

# docker compose up -d

Open in browser

http://localhost:3000

Stop when done

# docker compose down

LocalAI + Open WebUI

Prereqs

Make sure these work first:

# docker –version
# docker compose version

If you have a GPU (NVIDIA):

NVIDIA drivers installed

NVIDIA Container Toolkit installed

Create a project folder

# mkdir localai-webui
# cd localai-webui

docker-compose.yml

Create this file:

version: “3.9”

services:
localai:
image: ghcr.io/go-skynet/localai:latest
container_name: localai
ports:
– “8080:8080”
volumes:
– ./models:/models
environment:
– MODELS_PATH=/models
command: >
–models-path /models
–context-size 4096
deploy:
resources:
reservations:
devices:
– capabilities: [gpu]
restart: unless-stopped

webui:
image: ghcr.io/open-webui/open-webui:latest
container_name: open-webui
ports:
– “3000:8080”
environment:
– OPENAI_API_BASE_URL=http://localai:8080/v1
– OPENAI_API_KEY=localai
depends_on:
– localai
volumes:
– ./webui-data:/app/backend/data
restart: unless-stopped

Download a model (important)

LocalAI does not auto-download models.

Create folders:

# mkdir -p models/llama-3

Example: download a GGUF model (recommended):

# wget -O models/llama-3/llama-3-8b-instruct.Q4_K_M.gguf \
https://huggingface.co/meta-llama/Meta-Llama-3-8B-Instruct-GGUF/resolve/main/llama-3-8b-instruct.Q4_K_M.gguf

Create models/llama-3/model.yaml:

name: llama-3
backend: llama-cpp
parameters:
model: llama-3-8b-instruct.Q4_K_M.gguf
context_size: 4096

Start everything
# docker compose up -d

Open the UI

Web UI: http://localhost:3000

LocalAI API: http://localhost:8080/v1/chat/completions

In Open WebUI:

Model → select llama-3

Start chatting

MusicGPT

# docker pull gabotechs/musicgpt
# docker run -it –gpus all -p 8642:8642 \
-v ~/.musicgpt:/root/.local/share/musicgpt \
gabotechs/musicgpt –gpu –ui-expose

ARM Support

If you need ARM support for any of the above, the general approach is:

Build your own ARM image

Enable Docker Buildx

# docker buildx create –use
# docker buildx inspect –bootstrap

Clone the repo

# git clone https://github.com/<project>/<repo>.git
# cd <repo>

Build for ARM64

# docker buildx build \
–platform linux/arm64 \
-t my-arm64-fooocus:latest \
.

Run it

# docker run -p 7865:7865 my-arm64-fooocus:latest

This works if the Python/pytorch packages and other dependencies have ARM-compatible wheels — many PyTorch builds do now on macOS M1/M2 and some Linux ARM64 systems.

Useful MinIO scripts

Posted on December 9, 2025 by Unique Technologies

nextcloud_archive_files.sh

#!/bin/bash
set -o pipefail

#############################################
# CONFIGURATION
#############################################
NEXTCLOUD_DATA_DIR="/path/to/nextcloud/data"
MINIO_ALIAS="myminio"
MINIO_BUCKET="bucket_name"
LOG_FILE="/path/to/minio.log"

# DRY RUN (set to false to actually upload & delete)
DRY_RUN=false

# Disable MC color output to avoid ANSI codes
export MC_COLOR=off

mkdir -p "$(dirname "$LOG_FILE")"
touch "$LOG_FILE"

#############################################
# SANITIZATION FUNCTIONS
#############################################

sanitize_string() {
    printf "%s" "$1" | tr -d '\000-\037\177'
}

log() {
    local clean_msg
    clean_msg=$(sanitize_string "$1")
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $clean_msg" >> "$LOG_FILE"
}

sanitize_file_on_disk() {
    local file="$1"
    local dir base cleanbase

    dir=$(dirname "$file")
    base=$(basename "$file")
    cleanbase=$(printf "%s" "$base" | tr -d '\000-\037\177')

    if [[ "$cleanbase" != "$base" ]]; then
        mv -n -- "$file" "$dir/$cleanbase"
        log "Renamed on disk: '$file' → '$dir/$cleanbase'"
    fi

    echo "$dir/$cleanbase"
}

#############################################
# ARCHIVE PROCESS
#############################################

log "===== Starting Nextcloud archive process ====="
log "DRY_RUN=$DRY_RUN"



find "$NEXTCLOUD_DATA_DIR" \
    -xdev \
    -type f \
    -mtime +90 \
    -size +200M \
    -print0 |
while IFS= read -r -d '' file; do

    # Sanitize filename on disk
    file=$(sanitize_file_on_disk "$file")

    # Build relative path
    relative_path="${file#$NEXTCLOUD_DATA_DIR/}"
    relative_path=$(sanitize_string "$relative_path")

    target="$MINIO_ALIAS/$MINIO_BUCKET/$relative_path"

    log "Processing: '$file' → '$target'"

    if [[ "$DRY_RUN" == true ]]; then
        log "DRY-RUN: Would upload and delete '$file'"
        continue
    fi

    mc_output=$(mc cp -- "$file" "$target" 2>&1 | tr -d '\000-\037\177')
    mc_exit=$?

    if [[ $mc_exit -eq 0 ]]; then
        log "SUCCESS: Uploaded '$file'"
        rm -f -- "$file"
        log "Deleted local copy: '$file'"
    else
        log "ERROR: Upload failed for '$file'"
        log "mc error: $mc_output"
    fi

done

log "===== Completed Nextcloud archive process ====="

create_user.sh

#!/bin/bash

# MinIO Server Details
MINIO_HOST="http://MINIO_HOST:9000"  # replace with your MinIO endpoint
MINIO_ROOT_USER="########"          # replace with your root username
MINIO_ROOT_PASSWORD="#########"      # replace with your root password

# MinIO Client (mc) alias setup
MC_ALIAS="myminio"

# Check if bucket name is provided as an argument
if [ -z "$1" ]; then
    echo "Usage: $0 "
    exit 1
fi

# Bucket name passed as argument
BUCKET="$1"
USERNAME="${BUCKET}-user"
POLICY_NAME="policy-${BUCKET}"

# Set mc alias
mc alias set $MC_ALIAS $MINIO_HOST $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD

# Create the user
create_user() {
    # Create user with a randomly generated secret key (or use your own password)
    USER_SECRET=$(openssl rand -base64 32)
    mc admin user add $MC_ALIAS $USERNAME $USER_SECRET

    # Create a custom policy for the bucket
    cat < /tmp/${POLICY_NAME}.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::${BUCKET}"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::${BUCKET}/*"
    }
  ]
}
EOF

    # Attach the policy to the user
    mc admin policy add $MC_ALIAS $POLICY_NAME /tmp/${POLICY_NAME}.json
    mc admin policy attach $MC_ALIAS $POLICY_NAME --user $USERNAME

    # Clean up the policy file
    rm /tmp/${POLICY_NAME}.json

    echo "User $USERNAME created with policy for bucket $BUCKET"
    echo "User credentials: ACCESSKEY: $USERNAME, SECRETKEY: $USER_SECRET"
}

# Check if the bucket exists before creating the user and policy
mc ls $MC_ALIAS/$BUCKET &> /dev/null
if [ $? -ne 0 ]; then
    echo "Bucket $BUCKET does not exist. Please create the bucket first."
    exit 1
fi

# Call the function to create the user and attach the policy
create_user

A Script for Backing Up Nextcloud to an FTP Server

Posted on October 23, 2025 by Unique Technologies

#!/bin/bash

# ==== CONFIGURATION ====
NEXTCLOUD_PATH="/var/www/html"
DATA_PATH="/var/www/html/data"
BACKUP_PATH="/var/backups/nextcloud"

DB_USER="nextcloud"
DB_PASS="dbpassword"
DB_NAME="nextcloud"

FTP_HOST="yourftphost.com"
FTP_USER="yourftpuser"
FTP_PASS="yourftppassword"
FTP_DIR="/path/to/save/file"

DATE=$(date +"%Y-%m-%d_%H-%M")
ARCHIVE_NAME="nextcloud-backup-$DATE.tar.gz"

MAX_LOCAL_BACKUPS=3

# ==== START BACKUP ====
echo "Starting streamed Nextcloud backup..."

mkdir -p "$BACKUP_PATH"

# Export database (small file)
DB_DUMP="/tmp/db_$DATE.sql"
mysqldump --no-tablespaces -u "$DB_USER" -p"$DB_PASS" "$DB_NAME" > "$DB_DUMP"

# === Stream tar directly to FTP ===
echo "Creating and streaming archive directly to FTP..."

tar -czf - \
--exclude="$DATA_PATH/appdata_*/preview" \
--exclude="$NEXTCLOUD_PATH/updater-*" \
--exclude="$NEXTCLOUD_PATH/data/tmp" \
-C / \
"${NEXTCLOUD_PATH#/}" \
"${DATA_PATH#/}" \
"$DB_DUMP" \
| curl --ftp-pasv -T - "ftp://$FTP_HOST$FTP_DIR/$ARCHIVE_NAME" --user "$FTP_USER:$FTP_PASS"

# Remove temp database dump
rm -f "$DB_DUMP"

# Optional: keep a few local backups (not needed for streamed uploads)
echo "Cleaning up old local backups..."
cd "$BACKUP_PATH" || exit
ls -1t nextcloud-backup-*.tar.gz 2>/dev/null | tail -n +$((MAX_LOCAL_BACKUPS + 1)) | xargs -r rm -f --

echo "Backup complete: streamed directly to FTP as $ARCHIVE_NAME"

Setting up a NAS on a Raspberry Pi 5 that boots from NVME

Posted on October 22, 2025 by Unique Technologies

# curl https://download.argon40.com/argonneo5.sh | bash
# nano /boot/firmware/config.txt

kernel=kernel8.img
dtparam=nvme
dtparam=pciex1_gen=3
usb_max_current_enable=1

# sudo apt update
# sudo apt install snapd
# sudo snap install snapd
# sudo snap install nextcloud
# sudo /snap/bin/nextcloud.occ config:system:set trusted_proxies 0 --value="127.0.0.1"
# sudo /snap/bin/nextcloud.occ config:system:set trusted_domains 1 --value="yourdomain.com"
# sudo /snap/bin/nextcloud.disable-https
# sudo apt install caddy
# sudo nano /etc/caddy/Caddyfile

https://yourdomain.com {
    reverse_proxy 127.0.0.1:8080
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
    }

    # Redirect for CalDAV and CardDAV clients
    redir /.well-known/caldav /remote.php/dav 301
    redir /.well-known/carddav /remote.php/dav 301
}

# sudo snap set nextcloud ports.http=8080
# sudo snap set nextcloud ports.https=
# sudo snap restart nextcloud.apache
# sudo systemctl daemon-reload
# sudo systemctl start caddy
# sudo systemctl status caddy
# sudo /snap/bin/nextcloud.occ config:system:set overwriteprotocol --value="https"
# sudo /snap/bin/nextcloud.occ config:system:set overwrite.cli.url --value="https://yourdomain.com"
# sudo /snap/bin/nextcloud.occ maintenance:repair --include-expensive
# sudo /snap/bin/nextcloud.occ background:cron
# apt install syncthing
# systemctl enable syncthing@pi-nas.service
# systemctl start syncthing@pi-nas.service
# nano /usr/lib/systemd/system/syncthing@.service

Group=users
UMask=0002

# apt install proftpd
# nano /etc/proftpd/proftpd.conf

DefaultRoot ~
Umask 002 002

# nano /usr/local/bin/fix_ownership.sh

#!/bin/bash
WATCHDIR="/volume1"
LOGFILE="/var/log/fix_ownership.log"

# Function to fix ownership of a file or directory
fix_ownership() {
    local file="$1"
    if [ -e "$file" ]; then
        if [ -d "$file" ]; then
            chown -R pi-nas:users "$file" 2>/dev/null
        else
            chown pi-nas:users "$file" 2>/dev/null
        fi
        echo "$(date '+%Y-%m-%d %H:%M:%S') Fixed ownership: $file" >> "$LOGFILE"
    fi
}

# Watch for changes
inotifywait -m -r -e close_write,create,move,delete --format '%w%f' "$WATCHDIR" | while read -r file; do
    fix_ownership "$file"
done

# nano /etc/systemd/system/fix_ownership.service

[Unit]
Description=Recursive ownership watcher for Volume1 folder
After=network.target

[Service]
ExecStart=/usr/local/bin/fix_ownership.sh
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

# systemctl daemon-reload
# systemctl enable fix_ownership.service
# systemctl start fix_ownership.service

Setting Up Radicale and Infcloud in Debian 13 (Trixie)

Posted on October 21, 2025 by Unique Technologies

# apt update
# apt install git python3-pip python3-venv
# useradd -r -m -d /var/lib/radicale -s /bin/bash radicale
# mkdir /etc/radicale
# nano /etc/radicale/radicale.conf

[server]
# Bind to all IP addresses (0.0.0.0) instead of just localhost
hosts = 0.0.0.0:5232
[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/users
htpasswd_encryption = bcrypt
[storage]
filesystem_folder = /var/lib/radicale/collections
[web]
type = radicale_infcloud

# htpasswd -c -B /etc/radicale/users yourusername
# htpasswd -B /etc/radicale/users anotheruser
# ufw allow 5232/tcp
# ufw reload
# su radicale
$ cd ~
$ python3 -m venv venv
$ source venv/bin/activate
$ pip install radicale bcrypt git+https://github.com/Unrud/RadicaleInfCloud.git
$ radicale --config /etc/radicale/radicale.conf

http://your-server-ip:5232/

$ exit
# nano /etc/systemd/system/radicale.service

[Unit]
Description=Radicale CalDAV and CardDAV Server
After=network.target
[Service]
User=radicale
Group=radicale
ExecStart=/var/lib/radicale/venv/bin/radicale --config /etc/radicale/radicale.conf
WorkingDirectory=/var/lib/radicale
Restart=on-failure
LimitNOFILE=4096
[Install]
WantedBy=multi-user.target

# systemctl daemon-reload
# systemctl enable radicale
# systemctl start radicale
# systemctl status radicale

# apt install apache2 certbot python3-certbot-apache
# nano /etc/apache2/sites-available/radicale.conf

<VirtualHost *:80>
  ServerName your_domain.com
  ProxyPass / http://localhost:5232/
  ProxyPassReverse / http://localhost:5232/
</VirtualHost>

# ufw allow 80/tcp
# ufw allow 443/tcp
# ufw reload
# certbot --apache -d your_domain.com

https://your_domain.com

# sudo systemctl status certbot.timer
# sudo certbot renew --dry-run

Setting Up Webmin/Fail2ban/Freeswitch in Debian

Posted on May 17, 2025 by Unique Technologies

Webmin Setup

The simplest and best way to get Webmin is to use automatic webmin-setup-repo.sh script to configure repositories on your RHEL or Debian derivative systems. It can be done in two easy steps:

$curl -o webmin-setup-repo.sh https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh
sudo sh webmin-setup-repo.sh

This script will automatically setup our repository and install our GPG keys on your system, and provide webmin package for installation and easy upgrades in the future.

Install

If Webmin repository was setup using our webmin-setup-repo.sh as described above then Webmin can be installed as easy as:

$ sudo apt-get install webmin --install-recommends

Access

Open ports for both Webmin and Freeswitch.

$ ufw allow 10000/tcp
$ ufw allow 3478:3479/udp
$ ufw allow 5060
$ ufw allow 5080
$ ufw allow 8021/tcp
$ ufw allow 16384:32768/udp

After successful Webmin installation, you can access its interface by entering https://<Your-Server-IP>:10000 in your browser..

Freeswitch Setup

$curl -sSL https://freeswitch.org/fsget | bash -s [Personal Access Token] release install
$ sudo apt install freeswitch-mod-flite fail2ban

Fail2ban Setup

Fail2ban’s jail.conf file contains a standard configuration for FreeSWITCH.

From Standard jail.conf

[shd] <-- Make sure that this section is empty.

[freeswitch]
enabled  = true
port     = 5060,5061
action_  = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]
           %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]
logpath  = /var/log/freeswitch/freeswitch.log
filter   = freeswitch-ip

/etc/fail2ban/filter.d/freeswitch-ip.conf

# Fail2Ban configuration file
[Definition]
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
ignoreregex =

Add the following line to the [DEFAULT] section of /etc/fail2ban/paths-debian.conf:

sshd_backend = systemd

In Webmin, go to Networking > Fail2ban Intrusion Detector and click on Filter Action Jails. Click on Freeswitch in the list and change ‘Check for log file updates using‘ to systemd and click on the ‘Save’ button.

Usage

To check the status of fail2ban:

$ systemctl status fail2ban.service

To check the IP addresses that were blocked:

$ fail2ban-client banned

Resources

https://webmin.com/download/

https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Installation/Linux/Debian_67240088#about

https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Security/Fail2Ban_1049236/

https://github.com/fail2ban/fail2ban/issues/3567

https://stackoverflow.com/questions/3561289/what-ports-does-freeswitch-need-open

Setting Up a Syncthing System Service

Posted on May 12, 2025 by Unique Technologies

Create the user who should run the service, or choose an existing one.(Skip if your distribution package already installs these files, see above.) From git location copy the syncthing@.service file into the load path of the system instance. On Debian 12, the path of the file is ‘/usr/lib/systemd/system’. I also added the following lines to the [Service] section of the file:

Group=users
UMask=0002

The umask only works when ‘Ignore Permissions’ is enabled for the folder. Enable and start the service. Replace “myuser” with the actual Syncthing user after the @:

$ sudo systemctl enable syncthing@myuser.service
$ sudo systemctl start syncthing@myuser.service

Reference

https://docs.syncthing.net/users/autostart.html

Setting Up IMAPdump in Debian

Posted on May 12, 2025 by Unique Technologies

IMAPdump, requires OpenSSL to be installed. Install it using the following command:

$ sudo apt install openssl

The IO::Socket::SSL Perl module is also required. First, install using the following command:

$ sudo perl -MCPAN -e shell

Then enter the following command from within the cpan shell:

cpan[1]> install IO::Socket::SSL

Now IMAPdump should run without errors. You can download it from https://github.com/andrewnimmo/rick-sanders-imap-tools.

Install Nextcloud on a Raspberry Pi 5 using Snap

Posted on May 10, 2025 by Unique Technologies

This article assumes that you have all of your files in the /volume1 folder. In order to be able to access these files from within Nextcloud’s External Storage app, you will need to add the following line in /etc/fstab:

/volume1 /mnt/volume1 none bind

Also, until Redis packages are made to take advantage of the larger page size of the Raspberry Pi 5, we will have to add the following line to /boot/firmware/config.txt:

kernel=kernel8.img

Now install nextcloud using the following commands:

$ sudo apt install snapd
$ sudo snap install snapd
$ sudo snap install nextcloud

You should now be able to access the Nextcloud installer by entering the Pi’s IP address in a browser on the same network. If you want to install an SSL certificate then use the following command:

$ sudo /snap/bin/nextcloud.enable-https lets-encrypt

You will be asked to provide an email address and the domain name to be used. You will need to add the following lines to the config.php file for Nextcloud. This file should be located in /var/snap/nextcloud/current/nextcloud/config/config.php.

'overwritehost' => 'example.com',
'overwriteprotocol' => 'https',
'trusted_domains' => 
array (
  0 => 'example.com',
),

Now you should be able to access Nextcloud using your domain name. If you need to run the OCC command, use the following:

$ sudo /snap/bin/nextcloud.occ COMMAND

References

https://help.nextcloud.com/t/redis-crashing-on-startup-after-swapping-rpi4-8gb-with-rpi5-8gb/182242

https://snapcraft.io/install/nextcloud/debian

https://github.com/nextcloud-snap/nextcloud-snap/wiki/Nextcloud-snap-step-by-step/38e0ac1ceb23a990f10471546b95e2f04f060314

Adding external storage in Nextcloud fails with “wrong password”

Posted on March 9, 2025 by Unique Technologies

If you are having trouble with adding external storage mounts in Nextcloud, you can do this:

$ sudo -u www-data php occ files_external:list

You can see the bad external mounts and delete it with:

$ sudo -u www-data php occ files_external:delete X

Then, you can re-create good ones by using this command:

$ sudo -u www-data php occ files_external:create Blabla ‘smb’ password::password -c host=X.X.X.X -c share=X -c root=/X -c domain=workgroup -c user=X -c password=X

You can add applicable users to the mount using this command:

$ sudo -u www-data php occ files_external:applicable --add-user=X

Replace: X with Yours.