networks:
  localai_default:
    driver: bridge

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./traefik_data:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - localai_default

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "5678:5678"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - N8N_RUNNERS_ENABLED=true
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - TZ=${GENERIC_TIMEZONE}
    volumes:
      - ./n8n_data:/home/node/.n8n
      - ./n8n_files:/home/node/.n8n-files
    networks:
      - localai_default

# https://ahmetoner.com/whisper-asr-webservice/
  whisper:
    image: onerahmet/openai-whisper-asr-webservice
    restart: always
    ports:
      - "9955:9000"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    # labels:
    #   - traefik.enable=true
    #   - traefik.http.routers.whisper.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
    #   - traefik.http.routers.whisper.tls=true
    #   - traefik.http.routers.whisper.entrypoints=web,websecure
    #   - traefik.http.routers.whisper.tls.certresolver=mytlschallenge
    #   - traefik.http.middlewares.whisper.headers.SSLRedirect=true
    #   - traefik.http.middlewares.whisper.headers.STSSeconds=315360000
    #   - traefik.http.middlewares.whisper.headers.browserXSSFilter=true
    #   - traefik.http.middlewares.whisper.headers.contentTypeNosniff=true
    #   - traefik.http.middlewares.whisper.headers.forceSTSHeader=true
    #   - traefik.http.middlewares.whisper.headers.SSLHost=${DOMAIN_NAME}
    #   - traefik.http.middlewares.whisper.headers.STSIncludeSubdomains=true
    #   - traefik.http.middlewares.whisper.headers.STSPreload=true
    #   - traefik.http.routers.whisper.middlewares=whisper@docker
    environment:
      - ASR_MODEL=tiny
    networks:
      - localai_default
    profiles:
      - whisper