Project: Create a set of instructions that includes terminal commands, bash scripts, manual UI configuration and any other task necessary, to configure the below described server. The steps should be listed in order in which they need to be executed. To confirm the successful delivery of the project, we will first review the provided instructions and then execute them on a new Debian 13 server and verify that everything is working as expected. Before delivering the instructions, please critically review the listed components and raise any potential concern or required clarification. I Server Specs: - Provider: Hetzner CPX32 (6 vCPU, 16GB RAM). - OS: Debian 13 (Trixie). II Context: - A lean self-hosted environment for a 2-person team (may soon grow to 5). III Approach: - All apps share one PostgreSQL 16 container and one Redis container - Data is centralized in /srv/docker-data/[app] - Network - all containers on infra_default (Docker) - Logging: central (main server) journald logging for all containers IV Components: 1. OS Hardening: General hardening, disable root remote login, change SSH port, UFW (allow only required ports), Fail2Ban, etc. 2. Infrastructure: use docker-compose.yml - Services: Nginx, PostgreSQL, Redis - PostgreSQL Databases: nextcloud, n8n, vikunja, stalwart, immich, clapshot (disable apps own internal db) 3. Stalwart Mail: - use mail.domain.com (for incoming, outgoing and admin) - link to PostgreSQL - Nexycloud Mail for client - SMTP2Go outbound relay 4. Nextcloud: - use cloud.domain.com - configure Nginx Proxy with client_max_body_size 0 - link to PostgreSQL and Redis - connect OnlyOffice - include files and storage, Nextcloud Talk, calendar, contacts, two-factor authentication, whiteboard - disable other components, including: anti-virus, weather app, local OCR, automation/workflow, tasks, notes, LibreOffice, mailcow 5. Deploy SiYuan - use notes.domain.com - disable local OCR 6. Deploy Vikunja - use tasks.domain.com - link to PostgreSQL 7. Deploy Immich - use video.domain.com - configure Nginx Proxy with client_max_body_size 0 - link to PostgreSQL - should save files to /srv/docker-data/nextcloud/data/media - limit to 3 CPUs - encoding x264 and superfast preset (disable hardware acceleration) 8. Deploy Clapshot - use review.domain.com - link to PostgreSQL - should save files to /srv/docker-data/nextcloud/data/media/review - limit to 3 CPUs - encoding x264 and superfast preset (disable hardware acceleration) 9. Deploy Audiobookshelf - use audio.domain.com - configure Nginx Proxy with client_max_body_size 0 10. Deploy FFmpeg - install inside an n8n container 11. Deploy Docling including Tesseract OCR - internal API - limit to 2 CPUs 12. Deploy n8n: - use automation.domain.com - link to Postgres - link to Stalwart, Nextcloud (shared files), SiYuan, Vikunja, Immich, Clapshot, Audiobookshelf, FFmpegm, Docling - limit to 2 CPUs