diff --git a/README.md b/README.md
index 32aac62..b86630a 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,52 @@ This infrastructure manages a comprehensive self-hosted environment including me
 
 ## Architecture
 
+### Internal Docker Services
+
+| Service | Role / Component | Web UI Port | Notes |
+|---|---|---:|---|
+| Jellyfin | Media server with hardware transcoding | 8096 | - |
+| Jellyseerr | Media request management | 5055 | - |
+| Radarr | Movie management | 7878 | - |
+| Sonarr | TV show management | 8989 | - |
+| Lidarr | Music management | 8686 | - |
+| Bazarr | Subtitle management | 6767 | - |
+| Prowlarr | Indexer manager | 9696 | - |
+| qBittorrent | Download client | 7070 | - |
+| Paperless | Document management interface | 8100 | - |
+| Stirling-PDF | PDF manipulation tools | 8090 | - |
+| OnlyOffice | Document collaboration server | 8091 | - |
+| Open WebUI | LLM interface | 3000 | - |
+| Immich | Photo management | 2283 | - |
+| Syncthing | File synchronization | 8384 | - |
+| Gitea | Git service | 8418 | - |
+| GrampsWeb Jamie | Genealogy UI | 5511 | - |
+| GrampsWeb Helen | Genealogy UI | 5512 | - |
+| Speedtest Tracker | Network performance | 8180 | - |
+| NPM Admin | NPM admin UI | 81 | - |
+| Maloja | Music scrobbling | 42010 | - |
+| Multi-Scrobbler | Cross-platform scrobbler | 9078 | - |
+| WYGIWYH | Financial tracking | 9008 | - |
+| Portainer | Container management UI | 9443 | - |
+| Homepage | Service dashboard | 7575 | - |
+
+### External Non-Docker Services
+
+| Service | IP | Role / Description | Web UI Port | Notes |
+|---|---|---|---:|---|
+| npm (Nginx Proxy Manager) | 192.168.0.10 | Web UI; admin: 81 | 80/443 | - |
+| adguard | 192.168.0.11 | DNS/ad-blocking | 3000 | - |
+| vaultwarden | 192.168.0.12 | Password manager | 80/8080 | - |
+| crafty (Crafty Controller) | 192.168.0.13 | Minecraft server management | 3000 | - |
+| nextcloud | 192.168.0.14 | File sync and collaboration | 443 | - |
+| homeassistant | 192.168.0.15 | Home automation | 8123 | - |
+| foundryvtt | 192.168.0.16 | Foundry VTT | 30000 | - |
+| openmediavault | 192.168.0.17 | NAS management | 80/443 | - |
+| wordpress-irodori | 192.168.0.18 | WordPress site | 80 | - |
+| wordpress-dustin | 192.168.0.19 | WordPress site | 80 | - |
+
+
+
 ### Network Segmentation
 
 - **media_net**: Media services and *arr applications
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 17ecdf0..9d6b269 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -345,6 +345,23 @@ services:
     logging: *default-logging
 
   # --- DOCUMENT & AI SUITE ---
+  onlyoffice:
+    image: onlyoffice/documentserver:latest
+    container_name: onlyoffice-docs
+    restart: always
+    ports:
+      - "8091:80"
+    environment:
+      - JWT_ENABLED=true
+      - JWT_SECRET=${OO_JWT_SECRET}
+      - JWT_HEADER=Authorization
+      - ALLOW_PRIVATE_IP_ADDRESS=true
+      - USE_UNAUTHORIZED_STORAGE=true
+    volumes:
+      - docker_onlyoffice:/var/lib/onlyoffice
+      - docker_onlyoffice:/var/www/onlyoffice/Data
+      - docker_onlyoffice:/var/log/onlyoffice
+      
   paperless-db:
     image: mariadb:11
     container_name: paperless-db
@@ -539,13 +556,12 @@ services:
       - UPLOAD_LOCATION=/data
     volumes:
       # LOCAL (SSD) - Config, Thumbs, Profile, and Backups
-      - /docker/immich/library/thumbs:/usr/src/app/upload/thumbs
-      - /docker/immich/library/profile:/usr/src/app/upload/profile
-      - /docker/immich/library/backups:/usr/src/app/upload/backups
-      # NAS (HDD) - High Resolution Library & Uploads
-      - /mnt/Nas-Storage/data/media/images/library:/usr/src/app/upload/library
-      - /mnt/Nas-Storage/data/media/images/upload:/usr/src/app/upload/upload
-      - /mnt/Nas-Storage/data/media/images/encoded-video:/usr/src/app/upload/encoded-video
+      - /docker/immich:/usr/src/app/upload/library
+      - /docker/immich/thumbs:/usr/src/app/upload/thumbs
+      - /docker/immich/profile:/usr/src/app/upload/profile
+      - /docker/immich/backups:/usr/src/app/upload/backups
+      - /docker/immich/encoded-video:/usr/src/app/upload/encoded-video
+      - /docker/immich/upload:/usr/src/app/upload/upload
     depends_on:
       immich-postgres:
         condition: service_healthy
@@ -784,6 +800,7 @@ services:
       # --- APP SETTINGS ---
       - SECRET_KEY=${WYGIWYH_SECRET_KEY}
       - DJANGO_ALLOWED_HOSTS=${WYGIWYH_ALLOWED_HOSTS}
+      - CSRF_TRUSTED_ORIGINS=${WYGIWYH_CSRF_TRUSTED_ORIGINS}
       - WYGIWYH_URL=${WYGIWYH_URL}
     networks:
       - web_net
@@ -835,8 +852,6 @@ services:
       - /docker/scrobble/config:/config
     logging: *default-logging
 
-
-
 networks:
   media_net:
     name: media_net