From c76d0fda6b0d7e9da8e284ff3ef3cb05a34323d6 Mon Sep 17 00:00:00 2001
From: Thierry Pouplier <thierrypouplier@gmail.com>
Date: Sat, 4 Apr 2026 04:48:49 -0400
Subject: [PATCH] Progress dump before ai agent

---
 ai/compose.yml     | 113 +++++++++++++++++++++++++++++++++------------
 backup/compose.yml |  55 ++++++++++++++++++++++
 coms/compose.yml   |  46 ++++++++++++++++++
 tak/compose.yml    |  95 +++++++++++++++++++++++++++++++++++++
 4 files changed, 280 insertions(+), 29 deletions(-)
 create mode 100644 backup/compose.yml
 create mode 100644 coms/compose.yml
 create mode 100644 tak/compose.yml

diff --git a/ai/compose.yml b/ai/compose.yml
index 6378012..d322d0b 100644
--- a/ai/compose.yml
+++ b/ai/compose.yml
@@ -139,44 +139,99 @@ services:
       - "303"
       - "26"
 
-  n8n:
-    image: n8nio/n8n:latest
-    container_name: n8n
+  # n8n:
+  #   image: n8nio/n8n:latest
+  #   container_name: n8n
+  #   restart: unless-stopped
+  #   networks:
+  #     - traefik-net
+  #   environment:
+  #     - N8N_HOST=n8n.lazyworkhorse.net
+  #     - N8N_PORT=5678
+  #     - N8N_PROTOCOL=https
+  #     - NODE_ENV=production
+  #     - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
+  #     - WEBHOOK_URL=https://n8n.lazyworkhorse.net/
+  #     - GENERIC_TIMEZONE=America/New_York # Adjust to your timezone
+  #     - N8N_BLOCK_EXTERNAL_STORAGE_ACCESS=false
+  #     - N8N_NODES_PYTHON_CAN_IMPORT_MODULES=true 
+  #     - N8N_NATIVE_PYTHON_RUNNER=true
+  #     - N8N_PYTHON_ALLOW_STDLIB=uuid,re,os,json
+  #     - N8N_PYTHON_ALLOW_EXTERNAL=requests,pandas
+  #     - NODE_FUNCTION_ALLOW_EXTERNAL=uuid,requests
+  #   volumes:
+  #     - /mnt/HoardingCow_docker_data/n8n:/home/node/.n8n
+  #   labels:
+  #     - "traefik.enable=true"
+
+  #     # Router for HTTP + redirection to HTTPS
+  #     - "traefik.http.routers.n8n-http.rule=Host(`n8n.lazyworkhorse.net`)"
+  #     - "traefik.http.routers.n8n-http.entrypoints=web"
+  #     - "traefik.http.routers.n8n-http.middlewares=redirect-to-https"
+
+  #     # Router for HTTPS with TLS
+  #     - "traefik.http.routers.n8n-https.rule=Host(`n8n.lazyworkhorse.net`)"
+  #     - "traefik.http.routers.n8n-https.entrypoints=websecure"
+  #     - "traefik.http.routers.n8n-https.tls=true"
+  #     - "traefik.http.routers.n8n-https.tls.certresolver=njalla"
+
+  #     # Service Loadbalancer (n8n default port)
+  #     - "traefik.http.services.n8n.loadbalancer.server.port=5678"
+       
+  openclaw:
+    image: coollabsio/openclaw:latest
+    container_name: openclaw
     restart: unless-stopped
+    expose:
+      - "8080"  # WebUI
+      - "18789" # Gateway/WebSocket
+      - "8788"  # Nextcloud Webhook
     networks:
       - traefik-net
-    environment:
-      - N8N_HOST=n8n.lazyworkhorse.net
-      - N8N_PORT=5678
-      - N8N_PROTOCOL=https
-      - NODE_ENV=production
-      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
-      - WEBHOOK_URL=https://n8n.lazyworkhorse.net/
-      - GENERIC_TIMEZONE=America/New_York # Adjust to your timezone
-      - N8N_BLOCK_EXTERNAL_STORAGE_ACCESS=false
-      - N8N_NODES_PYTHON_CAN_IMPORT_MODULES=true 
-      - N8N_NATIVE_PYTHON_RUNNER=true
-      - N8N_PYTHON_ALLOW_STDLIB=uuid,re,os,json
-      - N8N_PYTHON_ALLOW_EXTERNAL=requests,pandas
-      - NODE_FUNCTION_ALLOW_EXTERNAL=uuid,requests
     volumes:
-      - /mnt/HoardingCow_docker_data/n8n:/home/node/.n8n
+      - /mnt/HoardingCow_docker_data/openclaw/data:/data
+      - /home/gortium/infra:/data/workspace/infra
+    environment:
+      - TZ=America/Toronto
+      - OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}
+      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
+      # Point to the sidecar browser
+      - BROWSER_CDP_URL=http://openclaw-browser:9222
+      - BROWSER_EVALUATE_ENABLED=true
+      - OPENCLAW_GATEWAY_HOST=0.0.0.0
+      - OPENCLAW_ALLOWED_ORIGINS=https://claw.lazyworkhorse.net
+
     labels:
       - "traefik.enable=true"
 
-      # Router for HTTP + redirection to HTTPS
-      - "traefik.http.routers.n8n-http.rule=Host(`n8n.lazyworkhorse.net`)"
-      - "traefik.http.routers.n8n-http.entrypoints=web"
-      - "traefik.http.routers.n8n-http.middlewares=redirect-to-https"
+      - "traefik.http.routers.openclaw-http.rule=Host(`claw.lazyworkhorse.net`)"
+      - "traefik.http.routers.openclaw-http.entrypoints=web"
+      - "traefik.http.routers.openclaw-http.middlewares=redirect-to-https"
 
-      # Router for HTTPS with TLS
-      - "traefik.http.routers.n8n-https.rule=Host(`n8n.lazyworkhorse.net`)"
-      - "traefik.http.routers.n8n-https.entrypoints=websecure"
-      - "traefik.http.routers.n8n-https.tls=true"
-      - "traefik.http.routers.n8n-https.tls.certresolver=njalla"
+      - "traefik.http.routers.openclaw-https.rule=Host(`claw.lazyworkhorse.net`)"
+      - "traefik.http.routers.openclaw-https.priority=50"
+      - "traefik.http.routers.openclaw-https.entrypoints=websecure"
+      - "traefik.http.routers.openclaw-https.tls=true"
+      - "traefik.http.routers.openclaw-https.tls.certresolver=njalla"
+      - "traefik.http.services.openclaw.loadbalancer.server.port=8080"
 
-      # Service Loadbalancer (n8n default port)
-      - "traefik.http.services.n8n.loadbalancer.server.port=5678"
+    depends_on:
+      - openclaw-browser
+
+  openclaw-browser:
+    image: ghcr.io/browserless/chromium:latest
+    restart: always
+    expose:
+      - "3000"
+    environment:
+      - MAX_CONCURRENT_SESSIONS=10
+      - CONNECTION_TIMEOUT=300000
+      - PREBOOT_CHROME=true
+      - DEMO_MODE=false
+    networks:
+      traefik-net:
+        aliases:
+          - browser
 
 networks:
   traefik-net:
diff --git a/backup/compose.yml b/backup/compose.yml
new file mode 100644
index 0000000..d25fc44
--- /dev/null
+++ b/backup/compose.yml
@@ -0,0 +1,55 @@
+version: "3.8"
+
+services:
+  kopia:
+    image: kopia/kopia:latest
+    container_name: kopia
+    restart: unless-stopped
+    # We explicitly run as root (0:0) to solve the CHDIR issue, 
+    # OR we make sure the host folders match UID 1000.
+    user: "0:0" 
+    command:
+      - server
+      - start
+      - --address=0.0.0.0:51515
+      - --server-username=${KOPIA_SERVER_USER}
+      - --server-password=${KOPIA_SERVER_PASSWORD}
+      - --config-file=/app/config/repository.config
+      - --disable-csrf-token-checks
+      - --insecure
+    environment:
+      - TZ=America/Montreal
+      - KOPIA_PASSWORD=${KOPIA_PASSWORD}
+      - USER=${KOPIA_USER}
+    volumes:
+      - /mnt/HoardingCow_docker_data/Kopia/config:/app/config
+      - /mnt/HoardingCow_docker_data/Kopia/cache:/app/cache
+      - /mnt/HoardingCow_docker_data/Kopia/repository:/repository
+      # Required if you want to use the 'Mount' feature later
+      - /tmp:/tmp:shared
+      # Required for mounting backups as drives
+    cap_add:
+      - SYS_ADMIN
+    devices:
+      - /dev/fuse:/dev/fuse
+    networks:
+      - traefik-net
+    labels:
+      - "traefik.enable=true"
+      # 1. HTTP to HTTPS Redirect
+      - "traefik.http.routers.kopia-http.rule=Host(`backup.lazyworkhorse.net`)"
+      - "traefik.http.routers.kopia-http.entrypoints=web"
+      - "traefik.http.routers.kopia-http.middlewares=redirect-to-https@docker"
+      
+      # 2. HTTPS Configuration
+      - "traefik.http.routers.kopia.rule=Host(`backup.lazyworkhorse.net`)"
+      - "traefik.http.routers.kopia.entrypoints=websecure"
+      - "traefik.http.routers.kopia.tls=true"
+      - "traefik.http.routers.kopia.tls.certresolver=njalla"
+      
+      # 3. Backend Service Config
+      - "traefik.http.services.kopia.loadbalancer.server.port=51515"
+
+networks:
+  traefik-net:
+    external: true
diff --git a/coms/compose.yml b/coms/compose.yml
new file mode 100644
index 0000000..fd290cd
--- /dev/null
+++ b/coms/compose.yml
@@ -0,0 +1,46 @@
+version: "3.9"
+services:
+  nomadnet:
+    image: ghcr.io/markqvist/nomadnet:master
+    container_name: nomadnet
+    restart: unless-stopped
+    volumes:
+      - /mnt/HoardingCow_docker_data/Nomadnet:/root/.nomadnetwork
+      - /mnt/HoardingCow_docker_data/Reticulum:/root/.reticulum
+    # Reticulum transport must be reachable directly (NOT through Traefik)
+    ports:
+      - "4242:4242"
+
+  # rbrowser:
+  #   build: 
+  #     context: https://github.com/fr33n0w/rBrowser.git#main
+  #   container_name: rbrowser
+  #   restart: unless-stopped
+  #   user: "1000:1000"
+  #   depends_on:
+  #     - nomadnet
+  #   volumes:
+  #     # share Reticulum identity + network state
+  #     - /mnt/HoardingCow_docker_data/Reticulum:/home/appuser/.reticulum
+  #   networks:
+  #     - traefik-net
+  #   labels:
+  #     - "traefik.enable=true"
+  #
+  #     # HTTP → HTTPS
+  #     - "traefik.http.routers.rns-http.rule=Host(`nomad.lazyworkhorse.net`)"
+  #     - "traefik.http.routers.rns-http.entrypoints=web"
+  #     - "traefik.http.routers.rns-http.middlewares=redirect-to-https"
+  #
+  #     # HTTPS protected by Authelia
+  #     - "traefik.http.routers.rns-https.rule=Host(`nomad.lazyworkhorse.net`)"
+  #     - "traefik.http.routers.rns-https.entrypoints=websecure"
+  #     - "traefik.http.routers.rns-https.tls=true"
+  #     - "traefik.http.routers.rns-https.tls.certresolver=njalla"
+  #     - "traefik.http.routers.rns-https.middlewares=authelia-auth"
+  #
+  #     - "traefik.http.services.rns.loadbalancer.server.port=5000"
+
+networks:
+  traefik-net:
+    external: true
diff --git a/tak/compose.yml b/tak/compose.yml
new file mode 100644
index 0000000..71370b3
--- /dev/null
+++ b/tak/compose.yml
@@ -0,0 +1,95 @@
+services:
+  freetakserver:
+    image: ghcr.io/freetakteam/freetakserver:master
+    container_name: freetakserver
+    hostname: freetakserver
+    restart: unless-stopped
+    networks:
+      - traefik-net
+    volumes:
+      - /mnt/HoardingCow_docker_data/TAK/fts_data:/opt/fts:z,rw
+    ports:
+      - 8087:8087
+      - 8089:8089
+      - 8443:8443
+      - 9000:9000
+      - 19023:19023
+    environment:
+      FTS_FED_PASSWORD: "${FTS_FED_PASSWORD}"
+      FTS_CLIENT_CERT_PASSWORD: "${FTS_CLIENT_CERT_PASSWORD}"
+      FTS_WEBSOCKET_KEY: "${FTS_WEBSOCKET_KEY}"
+      FTS_SECRET_KEY: "${FTS_SECRET_KEY}"
+      FTS_CONNECTION_MESSAGE: "Welcome to FreeTAKServer. The Parrot is not dead. It's just resting"
+      FTS_COT_PORT: 8087
+      FTS_SSLCOT_PORT: 8089
+      FTS_API_PORT: 19023
+      FTS_FED_PORT: 9000
+      FTS_DP_ADDRESS: 'freetakserver'
+      FTS_USER_ADDRESS: 'freetakserver'
+      FTS_API_ADDRESS: 'freetakserver'
+      FTS_ROUTING_PROXY_SUBSCRIBE_PORT: 19030
+      FTS_ROUTING_PROXY_SUBSCRIBE_IP: 'freetakserver'
+      FTS_ROUTING_PROXY_PUBLISHER_PORT: 19032
+      FTS_ROUTING_PROXY_PUBLISHER_IP: 'freetakserver'
+      FTS_ROUTING_PROXY_SERVER_PORT: 19031
+      FTS_ROUTING_PROXY_SERVER_IP: 'freetakserver'
+      FTS_INTEGRATION_MANAGER_PULLER_PORT: 19033
+      FTS_INTEGRATION_MANAGER_PULLER_ADDRESS: 'freetakserver'
+      FTS_INTEGRATION_MANAGER_PUBLISHER_PORT: 19034
+      FTS_INTEGRATION_MANAGER_PUBLISHER_ADDRESS: 'freetakserver'
+      FTS_OPTIMIZE_API: "True"
+      FTS_DATA_RECEPTION_BUFFER: 1024
+      FTS_MAX_RECEPTION_TIME: 4
+      FTS_NUM_ROUTING_WORKERS: 3
+      FTS_COT_TO_DB: "True"
+      FTS_MAINLOOP_DELAY: 100
+      FTS_EMERGENCY_RADIUS: 0
+      FTS_LOG_LEVEL: "info"
+
+  freetakserver-ui:
+    image: ghcr.io/freetakteam/ui:latest
+    container_name: freetakserver-ui
+    hostname: freetakserver-ui
+    restart: unless-stopped
+    networks:
+      - traefik-net
+    ports:
+      - 5000:5000
+    volumes:
+      - /mnt/HoardingCow_docker_data/TAK/fts_ui_data:/home/freetak/data:z,rw
+    environment:
+      FTS_IP: "freetakserver" 
+      FTS_API_PORT: 19023
+      FTS_API_PROTO: 'http'
+      FTS_UI_EXPOSED_IP: 'freetakserver-ui'
+      FTS_MAP_EXPOSED_IP: '127.0.0.1'
+      FTS_MAP_PORT: 8000
+      FTS_MAP_PROTO: 'http'
+      FTS_UI_PORT: 5000
+      FTS_UI_WSKEY: "${FTS_WEBSOCKET_KEY}"
+      FTS_API_KEY: 'Bearer token'
+      FTS_UI_SQLALCHEMY_DATABASE_URI: 'sqlite:////home/freetak/data/FTSServer-UI.db'
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik-net"
+
+      # HTTP -> HTTPS Redirect
+      - "traefik.http.routers.fts-ui-http.rule=Host(`tak.lazyworkhorse.net`)"
+      - "traefik.http.routers.fts-ui-http.entrypoints=web"
+      - "traefik.http.routers.fts-ui-http.middlewares=redirect-to-https"
+
+      # HTTPS Router
+      - "traefik.http.routers.fts-ui-https.rule=Host(`tak.lazyworkhorse.net`)"
+      - "traefik.http.routers.fts-ui-https.entrypoints=websecure"
+      - "traefik.http.routers.fts-ui-https.tls=true"
+      - "traefik.http.routers.fts-ui-https.tls.certresolver=njalla"
+      
+      # Service & Port
+      - "traefik.http.services.fts-ui.loadbalancer.server.port=5000"
+
+      # Reuse your existing redirect middleware
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+networks:
+  traefik-net:
+    external: true