feat: audiocraft

ai/compose.yaml

@@ -15,7 +15,7 @@ services:
       - ai_postgres_data:/var/lib/postgresql/data
       - ./postgres/init:/docker-entrypoint-initdb.d
     healthcheck:
-      test: ['CMD-SHELL', 'pg_isready -U ${AI_DB_USER}']
+      test: ["CMD-SHELL", "pg_isready -U ${AI_DB_USER}"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -73,23 +73,23 @@ services:
     networks:
       - compose_network
     labels:
-      - 'traefik.enable=${AI_TRAEFIK_ENABLED}'
+      - "traefik.enable=${AI_TRAEFIK_ENABLED}"
       # HTTP to HTTPS redirect
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-redirect-web-secure'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web.rule=Host(`${AI_TRAEFIK_HOST}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-redirect-web-secure"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web.rule=Host(`${AI_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web.entrypoints=web"
       # HTTPS router
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${AI_TRAEFIK_HOST}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-web-secure-compress,security-headers@file'
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${AI_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure"
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-web-secure-compress,security-headers@file"
       # Service
-      - 'traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8080'
-      - 'traefik.docker.network=${NETWORK_NAME}'
+      - "traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8080"
+      - "traefik.docker.network=${NETWORK_NAME}"
       # Watchtower
-      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
+      - "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
 
   # LiteLLM - Proxy to convert Anthropic API to OpenAI-compatible format
   litellm:
@@ -101,26 +101,24 @@ services:
       ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
       LITELLM_MASTER_KEY: ${AI_LITELLM_API_KEY}
       DATABASE_URL: postgresql://${AI_DB_USER}:${AI_DB_PASSWORD}@ai_postgres:5432/litellm
-      GPU_TAILSCALE_IP: ${GPU_TAILSCALE_IP}
-      GPU_VLLM_QWEN_URL: ${GPU_VLLM_QWEN_URL}
       GPU_VLLM_LLAMA_URL: ${GPU_VLLM_LLAMA_URL}
       GPU_VLLM_EMBED_URL: ${GPU_VLLM_EMBED_URL}
       # LITELLM_DROP_PARAMS: 'true'  # DISABLED: Was breaking streaming
-      NO_DOCS: 'true'
-      NO_REDOC: 'true'
+      NO_DOCS: "true"
+      NO_REDOC: "true"
       # Performance optimizations
-      LITELLM_LOG: 'DEBUG'  # Enable detailed logging for debugging streaming issues
-      LITELLM_MODE: 'PRODUCTION'  # Production mode for better performance
+      LITELLM_LOG: "DEBUG" # Enable detailed logging for debugging streaming issues
+      LITELLM_MODE: "PRODUCTION" # Production mode for better performance
     volumes:
       - ./litellm-config.yaml:/app/litellm-config.yaml:ro
     command:
       [
-        '--config',
-        '/app/litellm-config.yaml',
-        '--host',
-        '0.0.0.0',
-        '--port',
-        '4000'
+        "--config",
+        "/app/litellm-config.yaml",
+        "--host",
+        "0.0.0.0",
+        "--port",
+        "4000",
       ]
     depends_on:
       - ai_postgres
@@ -129,23 +127,23 @@ services:
     healthcheck:
       disable: true
     labels:
-      - 'traefik.enable=${AI_TRAEFIK_ENABLED}'
+      - "traefik.enable=${AI_TRAEFIK_ENABLED}"
       # HTTP to HTTPS redirect
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-litellm-redirect-web-secure.redirectscheme.scheme=https'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-litellm-redirect-web-secure'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web.rule=Host(`${AI_LITELLM_TRAEFIK_HOST}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web.entrypoints=web'
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-litellm-redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-litellm-redirect-web-secure"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web.rule=Host(`${AI_LITELLM_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web.entrypoints=web"
       # HTTPS router
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.rule=Host(`${AI_LITELLM_TRAEFIK_HOST}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.tls.certresolver=resolver'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.entrypoints=web-secure'
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure-compress.compress=true'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure-compress,security-headers@file'
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.rule=Host(`${AI_LITELLM_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.tls.certresolver=resolver"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.entrypoints=web-secure"
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure-compress.compress=true"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure-compress,security-headers@file"
       # Service
-      - 'traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.loadbalancer.server.port=4000'
-      - 'traefik.docker.network=${NETWORK_NAME}'
+      - "traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.loadbalancer.server.port=4000"
+      - "traefik.docker.network=${NETWORK_NAME}"
       # Watchtower
-      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
+      - "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
 
   # Facefusion - AI face swapping and enhancement
   facefusion:
@@ -156,7 +154,7 @@ services:
     container_name: ${AI_COMPOSE_PROJECT_NAME}_facefusion
     restart: unless-stopped
     tty: true
-    command: ['python', '-u', 'facefusion.py', 'run']
+    command: ["python", "-u", "facefusion.py", "run"]
     environment:
       TZ: ${TIMEZONE:-Europe/Berlin}
       GRADIO_SERVER_NAME: "0.0.0.0"
@@ -166,23 +164,23 @@ services:
     networks:
       - compose_network
     labels:
-      - 'traefik.enable=${AI_FACEFUSION_TRAEFIK_ENABLED}'
+      - "traefik.enable=${AI_FACEFUSION_TRAEFIK_ENABLED}"
       # HTTP to HTTPS redirect
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-redirect-web-secure.redirectscheme.scheme=https'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-redirect-web-secure'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.rule=Host(`${AI_FACEFUSION_TRAEFIK_HOST}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.entrypoints=web'
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-redirect-web-secure"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.rule=Host(`${AI_FACEFUSION_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.entrypoints=web"
       # HTTPS router with Authelia
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.rule=Host(`${AI_FACEFUSION_TRAEFIK_HOST}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.tls.certresolver=resolver'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.entrypoints=web-secure'
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress.compress=true'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress,net-authelia,security-headers@file'
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.rule=Host(`${AI_FACEFUSION_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.tls.certresolver=resolver"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.entrypoints=web-secure"
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress.compress=true"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress,net-authelia,security-headers@file"
       # Service
-      - 'traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.loadbalancer.server.port=7860'
-      - 'traefik.docker.network=${NETWORK_NAME}'
+      - "traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.loadbalancer.server.port=7860"
+      - "traefik.docker.network=${NETWORK_NAME}"
       # Watchtower - disabled for custom local image
-      - 'com.centurylinklabs.watchtower.enable=false'
+      - "com.centurylinklabs.watchtower.enable=false"
 
   # ComfyUI - Node-based UI for Flux image generation (proxies to RunPod GPU)
   comfyui:
@@ -191,34 +189,66 @@ services:
     restart: unless-stopped
     environment:
       TZ: ${TIMEZONE:-Europe/Berlin}
-      COMFYUI_BACKEND_HOST: ${GPU_TAILSCALE_IP}
-      COMFYUI_BACKEND_PORT: ${COMFYUI_BACKEND_PORT:-8188}
+      GPU_SERVICE_HOST: ${GPU_TAILSCALE_HOST}
+      GPU_SERVICE_PORT: ${COMFYUI_BACKEND_PORT:-8188}
     volumes:
-      - ./comfyui-nginx.conf:/etc/nginx/nginx.conf.template:ro
-    command: /bin/sh -c "envsubst '$${COMFYUI_BACKEND_HOST},$${COMFYUI_BACKEND_PORT}' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf && exec nginx -g 'daemon off;'"
+      - ./nginx.conf.template:/etc/nginx/nginx.conf.template:ro
+    command: /bin/sh -c "envsubst '$${GPU_SERVICE_HOST},$${GPU_SERVICE_PORT}' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf && exec nginx -g 'daemon off;'"
     networks:
       - compose_network
     labels:
-      - 'traefik.enable=${AI_COMFYUI_TRAEFIK_ENABLED:-true}'
+      - "traefik.enable=${AI_COMFYUI_TRAEFIK_ENABLED:-true}"
       # HTTP to HTTPS redirect
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-comfyui-redirect-web-secure.redirectscheme.scheme=https'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-comfyui-redirect-web-secure'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web.rule=Host(`${AI_COMFYUI_TRAEFIK_HOST:-comfy.ai.pivoine.art}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web.entrypoints=web'
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-comfyui-redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-comfyui-redirect-web-secure"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web.rule=Host(`${AI_COMFYUI_TRAEFIK_HOST:-comfy.ai.pivoine.art}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web.entrypoints=web"
       # HTTPS router with Authelia SSO
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.rule=Host(`${AI_COMFYUI_TRAEFIK_HOST:-comfy.ai.pivoine.art}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.tls.certresolver=resolver'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.entrypoints=web-secure'
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure-compress.compress=true'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure-compress,net-authelia,security-headers@file'
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.rule=Host(`${AI_COMFYUI_TRAEFIK_HOST:-comfy.ai.pivoine.art}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.tls.certresolver=resolver"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.entrypoints=web-secure"
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure-compress.compress=true"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure-compress,net-authelia,security-headers@file"
       # Service
-      - 'traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.loadbalancer.server.port=80'
-      - 'traefik.docker.network=${NETWORK_NAME}'
+      - "traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-comfyui-web-secure.loadbalancer.server.port=80"
+      - "traefik.docker.network=${NETWORK_NAME}"
       # Watchtower
-      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
+      - "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
+
+  audiocraft:
+    image: nginx:alpine
+    container_name: ${AI_COMPOSE_PROJECT_NAME}_audiocraft
+    restart: unless-stopped
+    environment:
+      TZ: ${TIMEZONE:-Europe/Berlin}
+      GPU_SERVICE_HOST: ${GPU_TAILSCALE_HOST}
+      GPU_SERVICE_PORT: ${AUDIOCRAFT_BACKEND_PORT:-7860}
+    volumes:
+      - ./nginx.conf.template:/etc/nginx/nginx.conf.template:ro
+    command: /bin/sh -c "envsubst '$${GPU_SERVICE_HOST},$${GPU_SERVICE_PORT}' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf && exec nginx -g 'daemon off;'"
+    networks:
+      - compose_network
+    labels:
+      - "traefik.enable=${AI_AUDIOCRAFT_TRAEFIK_ENABLED:-true}"
+      # HTTP to HTTPS redirect
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-audiocraft-redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-audiocraft-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-audiocraft-redirect-web-secure"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-audiocraft-web.rule=Host(`${AI_AUDIOCRAFT_TRAEFIK_HOST:-audiocraft.ai.pivoine.art}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-audiocraft-web.entrypoints=web"
+      # HTTPS router with Authelia SSO
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-audiocraft-web-secure.rule=Host(`${AI_AUDIOCRAFT_TRAEFIK_HOST:-audiocraft.ai.pivoine.art}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-audiocraft-web-secure.tls.certresolver=resolver"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-audiocraft-web-secure.entrypoints=web-secure"
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-audiocraft-web-secure-compress.compress=true"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-audiocraft-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-audiocraft-web-secure-compress,net-authelia,security-headers@file"
+      # Service
+      - "traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-audiocraft-web-secure.loadbalancer.server.port=80"
+      - "traefik.docker.network=${NETWORK_NAME}"
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
 
   # Supervisor UI - Modern web interface for RunPod process management
-  supervisor-ui:
+  supervisor:
     image: dev.pivoine.art/valknar/supervisor-ui:latest
     container_name: ${AI_COMPOSE_PROJECT_NAME}_supervisor_ui
     restart: unless-stopped
@@ -232,23 +262,23 @@ services:
     networks:
       - compose_network
     labels:
-      - 'traefik.enable=${AI_SUPERVISOR_TRAEFIK_ENABLED:-true}'
+      - "traefik.enable=${AI_SUPERVISOR_TRAEFIK_ENABLED:-true}"
       # HTTP to HTTPS redirect
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-supervisor-redirect-web-secure.redirectscheme.scheme=https'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-supervisor-redirect-web-secure'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web.rule=Host(`${AI_SUPERVISOR_TRAEFIK_HOST:-supervisor.ai.pivoine.art}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web.entrypoints=web'
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-supervisor-redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-supervisor-redirect-web-secure"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web.rule=Host(`${AI_SUPERVISOR_TRAEFIK_HOST:-supervisor.ai.pivoine.art}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web.entrypoints=web"
       # HTTPS router with Authelia SSO
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.rule=Host(`${AI_SUPERVISOR_TRAEFIK_HOST:-supervisor.ai.pivoine.art}`)'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.tls.certresolver=resolver'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.entrypoints=web-secure'
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure-compress.compress=true'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure-compress,net-authelia,security-headers@file'
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.rule=Host(`${AI_SUPERVISOR_TRAEFIK_HOST:-supervisor.ai.pivoine.art}`)"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.tls.certresolver=resolver"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.entrypoints=web-secure"
+      - "traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure-compress.compress=true"
+      - "traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure-compress,net-authelia,security-headers@file"
       # Service (port 3000 for Next.js app)
-      - 'traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.loadbalancer.server.port=3000'
-      - 'traefik.docker.network=${NETWORK_NAME}'
+      - "traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-supervisor-web-secure.loadbalancer.server.port=3000"
+      - "traefik.docker.network=${NETWORK_NAME}"
       # Watchtower
-      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
+      - "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
 
 volumes:
   ai_postgres_data:

ai/nginx.conf.template

@@ -29,8 +29,8 @@ http {
         client_max_body_size 100M;
 
         location / {
-            # Proxy to ComfyUI on RunPod via Tailscale
-            proxy_pass http://${COMFYUI_BACKEND_HOST}:${COMFYUI_BACKEND_PORT};
+            # Proxy to service on RunPod via Tailscale
+            proxy_pass http://${GPU_SERVICE_HOST}:${GPU_SERVICE_PORT};
 
             # WebSocket upgrade
             proxy_http_version 1.1;