audiomuse: bridge network (not gluetun), fix port conflict with TA

2026-05-17 21:11:59 +00:00
parent 7a56bca08b
commit 2a95009adc
1 changed files with 59 additions and 22 deletions
--- a/infrastructure.org
+++ b/infrastructure.org
@@ -1312,28 +1312,65 @@ playlists for Jellyfin. Runs as Flask app + RQ worker, connects to
 existing PostgreSQL and Valkey. Routes through Gluetun VPN.

 #+BEGIN_SRC yaml :tangle /docker/compose/services/audiomuse.yaml
-  1322|
-  1323|* .env Configuration
-  1324|
-  1325|The =.env= file at =/docker/compose/.env= holds all variable values.
-  1326|The =:?err= suffix on every variable ensures missing values fail fast.
-  1327|
-  1328|Key variables:
-  1329|- =DOCKER_SUBNET= and =DOCKER_GATEWAY= define the Docker bridge network
-  1330|- =CLOUDFLARE_DNS_ZONE= (=gharbeia.net=) is used in all Traefik routes
-  1331|- =PUID= and =PGID= control file ownership (1000:1000)
-  1332|- =FOLDER_FOR_MEDIA= and =FOLDER_FOR_MORE= — Media library root paths
-  1333|- =TUNNEL_TOKEN= is the Cloudflare tunnel auth token (managed externally)
-  1334|- =TA_USERNAME= and =TA_PASSWORD= — Tube Archivist admin credentials
-  1335|
-  1336|* LOGBOOK
-  1337|
-  1338|** [2026-05-16 Sat 22:45] Tube Archivist installed
-  1339|- 3-container stack: tubearchivist, ES 8.17, Redis
-  1340|- Traefik secureweb/tunnel/internal routers
-  1341|- Static TA_HOST=tubearchivist.gharbeia.net, ELASTIC_PASSWORD=tubearchivist
-  1342|- REDIS_CON connection string (newer TA uses this instead of REDIS_HOST+REDIS_PORT)
-  1343|- ES 8.17 with path_repo and xpack.security.enabled=false
+services:
+  audiomuse-ai:
+    image: ghcr.io/neptunehub/audiomuse-ai:latest
+    container_name: audiomuse-ai
+    restart: unless-stopped
+    networks:
+      - networking
+    ports:
+      - ${WEBUI_PORT_AUDIOMUSE:-8005}:8000
+    environment:
+      SERVICE_TYPE: "flask"
+      TZ: ${TIMEZONE:?err}
+      POSTGRES_USER: ${POSTGRESQL_USERNAME:?err}
+      POSTGRES_PASSWORD: ${POSTGRESQL_PASSWORD:?err}
+      POSTGRES_DB: audiomusedb
+      POSTGRES_HOST: postgresql
+      POSTGRES_PORT: "5432"
+      REDIS_URL: redis://valkey:6379/0
+      TEMP_DIR: /app/temp_audio
+      FRONTEND_PORT: "8000"
+    volumes:
+      - ${FOLDER_FOR_MEDIA:?err}:/library
+      - ${FOLDER_FOR_MORE:?err}:/more
+      - temp-audio-flask:/app/temp_audio
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.audiomuse.service=audiomuse
+      - traefik.http.routers.audiomuse.rule=Host(`audiomuse.${CLOUDFLARE_DNS_ZONE:?err}`)
+      - traefik.http.routers.audiomuse.entrypoints=tunnel
+      - traefik.http.routers.audiomuse.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
+      - traefik.http.services.audiomuse.loadbalancer.server.scheme=http
+      - traefik.http.services.audiomuse.loadbalancer.server.port=${WEBUI_PORT_AUDIOMUSE:-8005}
+
+  audiomuse-worker:
+    image: ghcr.io/neptunehub/audiomuse-ai:latest
+    container_name: audiomuse-worker
+    restart: unless-stopped
+    networks:
+      - networking
+    environment:
+      SERVICE_TYPE: "worker"
+      TZ: ${TIMEZONE:?err}
+      POSTGRES_USER: ${POSTGRESQL_USERNAME:?err}
+      POSTGRES_PASSWORD: ${POSTGRESQL_PASSWORD:?err}
+      POSTGRES_DB: audiomusedb
+      POSTGRES_HOST: postgresql
+      POSTGRES_PORT: "5432"
+      REDIS_URL: redis://valkey:6379/0
+      TEMP_DIR: /app/temp_audio
+    volumes:
+      - ${FOLDER_FOR_MEDIA:?err}:/library
+      - ${FOLDER_FOR_MORE:?err}:/more
+      - temp-audio-worker:/app/temp_audio
+
+volumes:
+  temp-audio-flask:
+  temp-audio-worker:
+#+END_SRC
+

 ** [2026-05-17 Sun 17:00] Tube Archivist: gluetun routing, CSRF fix, download path
 - TA moved to network_mode: service:gluetun (port 8000 mapped on gluetun)