echo6-docs/hookshot_deployment_discovery.ref

# Hookshot Deployment Discovery
# Generated: 2026-04-09 (Phase 6.0, Question 2)

## Contabo Resource Availability

### Memory
- Total: 47 GB
- Used: 11 GB
- Available: 35 GB
- Headroom: PLENTY for hookshot (~100 MB requirement)

### Disk
- Total: 968 GB
- Used: 77 GB (8%)
- Available: 892 GB
- Headroom: PLENTY

### CPU
Current idle is ~65%. TAK Server is the biggest consumer at 22%.
Hookshot is single-threaded Node.js, minimal CPU.

Verdict: Hookshot can run on Contabo alongside existing services with no resource concerns.

## Hookshot Version

- **Latest stable:** 7.3.2 (released 2026-01-30)
- **Image:** halfshot/matrix-hookshot:7.3.2 (Docker Hub, multi-arch)
- **Pin to exact tag**, not :latest

## Port Requirements

| Purpose | Default Port | Status on Contabo |
|---------|-------------|-------------------|
| Appservice (HS→hookshot) | 9993 | AVAILABLE |
| Webhooks (inbound/outbound) | 9000 | CONFLICT — Authentik (127.0.0.1:9000) and TAK (100.64.0.1:9000) |
| Metrics (Prometheus) | 9001 | CONFLICT — TAK (100.64.0.1:9001) |
| Widgets | 9002 | AVAILABLE |

Conflicts on default ports. Resolution options:
- Use non-default ports: e.g., 9800 for webhooks, 9801 for metrics
- Since hookshot outbound webhooks talk to a LOCAL receiver, any port works
- Appservice port 9993 is fine (container-internal via matrix-net)

## Appservice Registration Flow

Same pattern as mautrix-signal. Registration file (registration.yml) goes into
Synapse's app_service_config_files list.

Registration file format:
```yaml
id: matrix-hookshot
as_token: <random>
hs_token: <random>
namespaces:
  rooms: []
  users:
    - regex: "@_webhooks_.*:echo6\\.co"
      exclusive: true
  aliases: []
sender_localpart: hookshot
url: "http://matrix-hookshot:9993"
rate_limited: false
```

MAS bypass: CONFIRMED from Phase 3. Appservice tokens (as_token/hs_token) are
handled natively by Synapse, bypassing MAS entirely. Same mechanism as mautrix-signal.

## Docker Compose Snippet (NOT APPLIED)

```yaml
  matrix-hookshot:
    image: halfshot/matrix-hookshot:7.3.2
    container_name: matrix-hookshot
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    volumes:
      - ./hookshot:/data
    networks:
      - matrix-net
    # No ports: section — internal to matrix-net only
    # Appservice reachable at http://matrix-hookshot:9993 from synapse
    # Webhook listener on 9800 (non-default) for internal receiver
```

No host port mapping needed. hookshot communicates with:
- Synapse via matrix-net (appservice transactions)
- A local receiver (if built) via matrix-net or localhost

## Dependencies

If encryption is enabled (relevant to Question 3):
- Redis is REQUIRED
- Could use Mailcow's existing Redis, or add a dedicated instance
- Crypto store needs persistent volume

If encryption is NOT enabled:
- No Redis needed
- Minimal config

## Resource Requirements

Per hookshot docs:
- RAM: ~100 MB baseline
- CPU: Minimal (single-threaded Node.js)
- Disk: Negligible (crypto store if E2EE, otherwise just config)
Migration: consolidate Echo6 docs to cortex with full infrastructure cleanup sync - Documents recent infrastructure cleanup (8 CTs destroyed, 35 DNS records removed, Headscale cleanup) - Adds 24 new runbooks covering Authentik, PeerTube, Meshtastic, RECON, Proxmox, Mailcow, Internet Archive, GPU routing - Adds project documentation for headscale, vaultwarden, peertube, matrix, mmud, advbbs, arr stack - Updates services.md, environment.md, caddy.md, authentik.md to match live infrastructure - Removes 4 deprecated runbook duplicates (canonical versions live in projects/) - Adds .gitignore for binary archives and editor temp files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-04-13 06:02:16 +00:00			`# Hookshot Deployment Discovery`
			`# Generated: 2026-04-09 (Phase 6.0, Question 2)`

			`## Contabo Resource Availability`

			`### Memory`
			`- Total: 47 GB`
			`- Used: 11 GB`
			`- Available: 35 GB`
			`- Headroom: PLENTY for hookshot (~100 MB requirement)`

			`### Disk`
			`- Total: 968 GB`
			`- Used: 77 GB (8%)`
			`- Available: 892 GB`
			`- Headroom: PLENTY`

			`### CPU`
			`Current idle is ~65%. TAK Server is the biggest consumer at 22%.`
			`Hookshot is single-threaded Node.js, minimal CPU.`

			`Verdict: Hookshot can run on Contabo alongside existing services with no resource concerns.`

			`## Hookshot Version`

			`- Latest stable: 7.3.2 (released 2026-01-30)`
			`- Image: halfshot/matrix-hookshot:7.3.2 (Docker Hub, multi-arch)`
			`- Pin to exact tag, not :latest`

			`## Port Requirements`

			`\| Purpose \| Default Port \| Status on Contabo \|`
			`\|---------\|-------------\|-------------------\|`
			`\| Appservice (HS→hookshot) \| 9993 \| AVAILABLE \|`
			`\| Webhooks (inbound/outbound) \| 9000 \| CONFLICT — Authentik (127.0.0.1:9000) and TAK (100.64.0.1:9000) \|`
			`\| Metrics (Prometheus) \| 9001 \| CONFLICT — TAK (100.64.0.1:9001) \|`
			`\| Widgets \| 9002 \| AVAILABLE \|`

			`Conflicts on default ports. Resolution options:`
			`- Use non-default ports: e.g., 9800 for webhooks, 9801 for metrics`
			`- Since hookshot outbound webhooks talk to a LOCAL receiver, any port works`
			`- Appservice port 9993 is fine (container-internal via matrix-net)`

			`## Appservice Registration Flow`

			`Same pattern as mautrix-signal. Registration file (registration.yml) goes into`
			`Synapse's app_service_config_files list.`

			`Registration file format:`
			```yaml
			`id: matrix-hookshot`
			`as_token: <random>`
			`hs_token: <random>`
			`namespaces:`
			`rooms: []`
			`users:`
			`- regex: "@_webhooks_.*:echo6\\.co"`
			`exclusive: true`
			`aliases: []`
			`sender_localpart: hookshot`
			`url: "http://matrix-hookshot:9993"`
			`rate_limited: false`
			```

			`MAS bypass: CONFIRMED from Phase 3. Appservice tokens (as_token/hs_token) are`
			`handled natively by Synapse, bypassing MAS entirely. Same mechanism as mautrix-signal.`

			`## Docker Compose Snippet (NOT APPLIED)`

			```yaml
			`matrix-hookshot:`
			`image: halfshot/matrix-hookshot:7.3.2`
			`container_name: matrix-hookshot`
			`restart: unless-stopped`
			`depends_on:`
			`postgres:`
			`condition: service_healthy`
			`volumes:`
			`- ./hookshot:/data`
			`networks:`
			`- matrix-net`
			`# No ports: section — internal to matrix-net only`
			`# Appservice reachable at http://matrix-hookshot:9993 from synapse`
			`# Webhook listener on 9800 (non-default) for internal receiver`
			```

			`No host port mapping needed. hookshot communicates with:`
			`- Synapse via matrix-net (appservice transactions)`
			`- A local receiver (if built) via matrix-net or localhost`

			`## Dependencies`

			`If encryption is enabled (relevant to Question 3):`
			`- Redis is REQUIRED`
			`- Could use Mailcow's existing Redis, or add a dedicated instance`
			`- Crypto store needs persistent volume`

			`If encryption is NOT enabled:`
			`- No Redis needed`
			`- Minimal config`

			`## Resource Requirements`

			`Per hookshot docs:`
			`- RAM: ~100 MB baseline`
			`- CPU: Minimal (single-threaded Node.js)`
			`- Disk: Negligible (crypto store if E2EE, otherwise just config)`