Initial commit: infrastructure documentation

Includes:
- Hardware environment reference (Proxmox cluster, VMs, LXCs)
- Services inventory with current deployments
- Caddy & DNS configuration reference
- Runbooks for common deployment procedures

Recent additions:
- SearXNG deployment (utility CT 102, search.echo6.co)
- TOC conversion to Proxmox with cortex VM
- Syncthing sync between Contabo and cortex

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

runbooks/meshmonitor-password-reset.md

@@ -0,0 +1,127 @@
+# MeshMonitor Admin Password Reset
+
+## Overview
+
+Reset the admin password for MeshMonitor web interface.
+
+| Item | Value |
+|------|-------|
+| Service | MeshMonitor |
+| Location | utility CT 100 (192.168.1.100:8080) |
+| Database | SQLite at `/data/meshmonitor.db` |
+
+## Prerequisites
+
+- SSH access to Proxmox utility node (192.168.1.241) as root
+- `sshpass` installed on local machine
+- `python3` with `bcrypt` module (for generating password hash)
+
+## Quick Reset (One-liner)
+
+Reset to a specific password (generates hash inside container to avoid escaping issues):
+
+```bash
+sshpass -p '7redditGold' ssh -o StrictHostKeyChecking=no root@192.168.1.241 'pct exec 100 -- docker exec meshmonitor node -e "
+const Database = require(\"better-sqlite3\");
+const bcrypt = require(\"bcrypt\");
+const db = new Database(\"/data/meshmonitor.db\");
+const hash = bcrypt.hashSync(\"7redditGold\", 10);
+db.prepare(\"UPDATE users SET password_hash = ? WHERE username = ?\").run(hash, \"admin\");
+console.log(\"Password updated to 7redditGold\");
+db.close();
+"'
+```
+
+To use a different password, replace both instances of `7redditGold` (SSH password and new MeshMonitor password).
+
+## Step-by-Step Process
+
+### 1. SSH to Proxmox Host
+
+```bash
+ssh root@192.168.1.241
+```
+
+### 2. Enter the Container
+
+```bash
+pct exec 100 -- bash
+```
+
+### 3. Option A: Use Built-in Reset Script (Random Password)
+
+```bash
+docker exec meshmonitor node /app/reset-admin.mjs
+```
+
+This generates a random password - save the output.
+
+### 3. Option B: Set Specific Password via Node.js
+
+Generate a bcrypt hash first (run on any machine with Node.js):
+
+```bash
+node -e "const bcrypt = require('bcrypt'); \
+  bcrypt.hash('YOUR_PASSWORD_HERE', 10).then(h => console.log(h));"
+```
+
+Then update the database:
+
+```bash
+docker exec meshmonitor node -e "
+const Database = require('better-sqlite3');
+const db = new Database('/data/meshmonitor.db');
+db.prepare(\"UPDATE users SET password_hash = ? WHERE username = 'admin'\")
+  .run('\$2b\$10\$YOUR_HASH_HERE');
+db.close();
+"
+```
+
+### 4. Verify Login
+
+Open http://192.168.1.100:8080 and log in with:
+- Username: `admin`
+- Password: (your new password)
+
+## Troubleshooting
+
+### Check Current Admin User
+
+```bash
+docker exec meshmonitor node -e "
+const Database = require('better-sqlite3');
+const db = new Database('/data/meshmonitor.db');
+console.log(db.prepare(\"SELECT * FROM users WHERE username='admin'\").get());
+db.close();
+"
+```
+
+### List All Users
+
+```bash
+docker exec meshmonitor node -e "
+const Database = require('better-sqlite3');
+const db = new Database('/data/meshmonitor.db');
+console.log(db.prepare('SELECT id, username, is_admin, is_active FROM users').all());
+db.close();
+"
+```
+
+### Container Not Running
+
+```bash
+# On Proxmox host
+pct exec 100 -- docker ps -a
+pct exec 100 -- docker start meshmonitor
+```
+
+## Notes
+
+- The `reset-admin.mjs` script generates random passwords; use direct DB update for specific passwords
+- SQLite3 CLI is not installed in the container; use Node.js with `better-sqlite3`
+- Password column is `password_hash` in the `users` table (lowercase)
+- **Shell escaping gotcha:** Bcrypt hashes contain `$` characters (e.g., `$2b$10$...`) which get interpreted by the shell. Always use single quotes around the outer SSH command to preserve them, or generate the hash inside the container using `bcrypt.hashSync()` directly
+
+---
+
+*Created: 2026-02-04*