Initial commit: infrastructure documentation
Includes: - Hardware environment reference (Proxmox cluster, VMs, LXCs) - Services inventory with current deployments - Caddy & DNS configuration reference - Runbooks for common deployment procedures Recent additions: - SearXNG deployment (utility CT 102, search.echo6.co) - TOC conversion to Proxmox with cortex VM - Syncthing sync between Contabo and cortex Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
commit
880ff09c90
14 changed files with 1986 additions and 0 deletions
183
runbooks/contabo-configs.md
Normal file
183
runbooks/contabo-configs.md
Normal file
|
|
@ -0,0 +1,183 @@
|
|||
# Contabo VPS Current Configurations
|
||||
|
||||
**Server:** 5.189.158.149 / 100.64.0.4
|
||||
**Last Updated:** 2026-02-05
|
||||
|
||||
---
|
||||
|
||||
## Caddy Configuration
|
||||
|
||||
**File:** `/etc/caddy/Caddyfile`
|
||||
|
||||
```caddyfile
|
||||
# Global options
|
||||
{
|
||||
email admin@echo6.co
|
||||
admin off
|
||||
}
|
||||
|
||||
# Main Mailcow hostname
|
||||
mail.echo6.co {
|
||||
reverse_proxy https://127.0.0.1:8443 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
read_timeout 3600s
|
||||
write_timeout 3600s
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Autodiscover for Outlook
|
||||
autodiscover.echo6.co {
|
||||
reverse_proxy https://127.0.0.1:8443 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Autoconfig for Thunderbird
|
||||
autoconfig.echo6.co {
|
||||
reverse_proxy https://127.0.0.1:8443 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Headscale VPN + Headplane Admin
|
||||
vpn.echo6.co {
|
||||
handle /admin* {
|
||||
reverse_proxy 127.0.0.1:3100
|
||||
}
|
||||
handle {
|
||||
reverse_proxy 127.0.0.1:8084
|
||||
}
|
||||
}
|
||||
|
||||
# Authentik SSO
|
||||
auth.echo6.co {
|
||||
reverse_proxy 127.0.0.1:9000
|
||||
}
|
||||
|
||||
# Forgejo Git Forge
|
||||
forge.echo6.co {
|
||||
reverse_proxy 127.0.0.1:3001
|
||||
}
|
||||
|
||||
# Vaultwarden Password Manager
|
||||
vault.echo6.co {
|
||||
reverse_proxy /notifications/hub 127.0.0.1:3012
|
||||
reverse_proxy 127.0.0.1:8086
|
||||
}
|
||||
```
|
||||
|
||||
### Commands
|
||||
|
||||
```bash
|
||||
# Validate
|
||||
caddy validate --config /etc/caddy/Caddyfile
|
||||
|
||||
# Restart (admin off, so reload won't work)
|
||||
systemctl restart caddy
|
||||
|
||||
# Logs
|
||||
journalctl -u caddy -f
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## dnsmasq Split DNS Configuration
|
||||
|
||||
**File:** `/etc/dnsmasq.d/tailscale-dns.conf`
|
||||
|
||||
```conf
|
||||
# DNSmasq config for Tailscale Split DNS
|
||||
# Listen only on Tailscale interface
|
||||
listen-address=100.64.0.4
|
||||
bind-interfaces
|
||||
|
||||
# Upstream DNS servers
|
||||
server=1.1.1.1
|
||||
server=8.8.8.8
|
||||
|
||||
# Local records for echo6.co services (route through Tailscale)
|
||||
address=/forge.echo6.co/100.64.0.4
|
||||
address=/auth.echo6.co/100.64.0.4
|
||||
address=/mail.echo6.co/100.64.0.4
|
||||
address=/vpn.echo6.co/100.64.0.4
|
||||
address=/docs.echo6.co/100.64.0.4
|
||||
address=/vault.echo6.co/100.64.0.4
|
||||
address=/stream.echo6.co/100.64.0.7
|
||||
address=/notes.echo6.co/100.64.0.22
|
||||
|
||||
# Don't read /etc/hosts
|
||||
no-hosts
|
||||
|
||||
# Cache size
|
||||
cache-size=1000
|
||||
|
||||
# Log queries for debugging
|
||||
log-queries
|
||||
```
|
||||
|
||||
### Commands
|
||||
|
||||
```bash
|
||||
# Restart
|
||||
systemctl restart dnsmasq
|
||||
|
||||
# Status
|
||||
systemctl status dnsmasq
|
||||
|
||||
# Test resolution
|
||||
dig +short vault.echo6.co @100.64.0.4
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Port Mappings Summary
|
||||
|
||||
| Service | Container Port | Host Binding | Caddy Proxy |
|
||||
|---------|---------------|--------------|-------------|
|
||||
| Authentik | 9000 | 127.0.0.1:9000 | auth.echo6.co |
|
||||
| Forgejo | 3000 | 127.0.0.1:3001 | forge.echo6.co |
|
||||
| Forgejo SSH | 22 | 0.0.0.0:2222 | Direct |
|
||||
| Headscale | 8080 | 127.0.0.1:8084 | vpn.echo6.co |
|
||||
| Headplane | 3000 | 127.0.0.1:3100 | vpn.echo6.co/admin |
|
||||
| Mailcow | 8443 | 127.0.0.1:8443 | mail.echo6.co |
|
||||
| Vaultwarden | 80 | 127.0.0.1:8086 | vault.echo6.co |
|
||||
| Vaultwarden WS | 3012 | 127.0.0.1:3012 | vault.echo6.co/notifications/hub |
|
||||
|
||||
---
|
||||
|
||||
## DNS Records (GoDaddy → Contabo)
|
||||
|
||||
| Subdomain | IP | Service |
|
||||
|-----------|-----|---------|
|
||||
| auth | 5.189.158.149 | Authentik |
|
||||
| forge | 5.189.158.149 | Forgejo |
|
||||
| mail | 5.189.158.149 | Mailcow |
|
||||
| vpn | 5.189.158.149 | Headscale |
|
||||
| vault | 5.189.158.149 | Vaultwarden |
|
||||
| autodiscover | 5.189.158.149 | Mailcow |
|
||||
| autoconfig | 5.189.158.149 | Mailcow |
|
||||
|
||||
---
|
||||
|
||||
## Split DNS Mappings (Tailscale)
|
||||
|
||||
| Domain | Tailscale IP | Server |
|
||||
|--------|-------------|--------|
|
||||
| auth.echo6.co | 100.64.0.4 | Contabo |
|
||||
| forge.echo6.co | 100.64.0.4 | Contabo |
|
||||
| mail.echo6.co | 100.64.0.4 | Contabo |
|
||||
| vpn.echo6.co | 100.64.0.4 | Contabo |
|
||||
| vault.echo6.co | 100.64.0.4 | Contabo |
|
||||
| docs.echo6.co | 100.64.0.4 | Contabo |
|
||||
| stream.echo6.co | 100.64.0.7 | PeerTube |
|
||||
| notes.echo6.co | 100.64.0.22 | Cloud |
|
||||
|
||||
---
|
||||
|
||||
*Last updated: 2026-02-05*
|
||||
Loading…
Add table
Add a link
Reference in a new issue