Migration: consolidate Echo6 docs to cortex with full infrastructure cleanup sync

- Documents recent infrastructure cleanup (8 CTs destroyed, 35 DNS records removed, Headscale cleanup) - Adds 24 new runbooks covering Authentik, PeerTube, Meshtastic, RECON, Proxmox, Mailcow, Internet Archive, GPU routing - Adds project documentation for headscale, vaultwarden, peertube, matrix, mmud, advbbs, arr stack - Updates services.md, environment.md, caddy.md, authentik.md to match live infrastructure - Removes 4 deprecated runbook duplicates (canonical versions live in projects/) - Adds .gitignore for binary archives and editor temp files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 06:02:16 +00:00 · 2026-04-13 06:02:16 +00:00 · e9231ac24a
commit e9231ac24a
parent 89834796ff
93 changed files with 51223 additions and 254 deletions
--- a/synapse.ref
+++ b/synapse.ref
@ -0,0 +1,79 @@
+# Synapse Deployment Reference
+# Generated: 2026-04-09 (Phase 1)
+
+## Install Method
+- Docker Compose at /opt/matrix/docker-compose.yml
+- Four containers on `matrix-net` bridge network:
+  - matrix-synapse (matrixdotorg/synapse:latest) → 127.0.0.1:8008
+  - matrix-mas (ghcr.io/element-hq/matrix-authentication-service:latest) → 127.0.0.1:8085
+  - matrix-postgres (postgres:16-alpine) → internal 5432
+  - matrix-element (vectorim/element-web:latest) → 127.0.0.1:8088
+
+## Synapse Version
+- 1.147.1 (confirmed via admin API and docker exec)
+
+## Key Config Values (from homeserver.yaml)
+- server_name: echo6.co
+- public_baseurl: https://matrix.echo6.co/
+- listeners: port 8008, HTTP, x_forwarded=true, bind 0.0.0.0, resources=[client, federation]
+- database: psycopg2 → matrix-postgres:5432, db=synapse, user=synapse
+- media_store_path: /data/media_store (95 MB used)
+- registration_shared_secret: PRESENT (not redacted here — see synapse_homeserver.yaml.sanitized)
+- signing_key_path: /data/echo6.co.signing.key
+- enable_registration: false
+- url_preview_enabled: true
+- report_stats: false
+- app_service_config_files: NOT PRESENT (no appservices currently registered)
+- encryption_enabled_by_default_for_room_type: NOT SET (default=off)
+- MAS delegation: enabled, endpoint=http://matrix-mas:8080/, shared secret present
+
+## MAS (Matrix Authentication Service)
+- Version: v1.12.0
+- Listen: 8080 (web), 8081 (internal/health)
+- Database: postgresql://mas:***@matrix-postgres:5432/mas
+- Upstream OAuth2: Authentik (auth.echo6.co) via OIDC
+  - Client ID: 93kCoZkBlnJyD9EcAm7E4btKflecOcBm9DGONB5T
+  - Issuer: https://auth.echo6.co/application/o/matrix/
+- Matrix integration: kind=synapse, homeserver=echo6.co, endpoint=http://matrix-synapse:8008/
+- Passwords: enabled (bcrypt v1 + argon2id v2)
+- Email transport: blackhole (not sending)
+
+## Database (PostgreSQL)
+- Version: 16.12 (Alpine)
+- Host: matrix-postgres container on matrix-net
+- Databases: synapse (owner: synapse), mas (owner: mas), postgres, template0, template1
+- Users: synapse (Superuser, Create role, Create DB), mas (regular)
+- Auth: password from .env file (POSTGRES_PASSWORD)
+- New DB/user can be created without collision — synapse user has Superuser/Create role privileges
+
+## Reverse Proxy (Caddy on Contabo)
+- matrix.echo6.co routes:
+  - /_matrix/client/*/login|logout|refresh|auth_metadata → MAS (127.0.0.1:8085)
+  - /_matrix/* → Synapse (127.0.0.1:8008)
+  - /_synapse/* → Synapse (127.0.0.1:8008)
+  - Everything else → MAS (127.0.0.1:8085)
+- element.echo6.co → 127.0.0.1:8088
+
+## Federation
+- Well-known served from echo6.co (utility Caddy, NOT matrix.echo6.co)
+  - /.well-known/matrix/server: {"m.server": "matrix.echo6.co:443"}
+  - /.well-known/matrix/client: base_url=https://matrix.echo6.co, issuer=https://matrix.echo6.co/
+- Federation tester: AllChecksOK=true, TLS 1.3, valid Ed25519 key, valid certificates
+- Port 8448 exposed in container but NOT used externally (federation via 443 + well-known)
+
+## Existing Appservices
+- NONE — no app_service_config_files in homeserver.yaml, no registration files in /opt/matrix/synapse/
+
+## Backup
+- Cron: daily at 3 AM via /opt/matrix/scripts/pg_backup.sh
+- Backs up synapse DB only (NOT mas DB)
+- Retention: 14 days
+- Location: /opt/matrix/backups/
+
+## Ports in 29xxx Range
+- NONE in use — confirmed via ss -tlnp
+
+## MSC4190 Support
+- Synapse 1.147.1 supports MSC4190 (merged in 1.121.0)
+- Requires io.element.msc4190: true in appservice registration file
+- Also requires experimental_features.msc3202_transaction_extensions: true in homeserver.yaml