# Current Services Inventory ## Active Services | Service | Location | IP:Port | Access | Notes | |---------|----------|---------|--------|-------| | MeshMonitor | utility (CT 100) | 192.168.1.100:8080 | https://mesh.echo6.co | Meshtastic mesh monitoring (zvx-echo6/meshmonitor fork, multi-channel AutoAnnounce/AutoResponder) | | Utility Caddy | utility (CT 101) | 192.168.1.101 / 100.64.0.8 | 199.6.36.163 (ports 80/443) | Reverse proxy for home services | | Echo6 Search (SearXNG) | utility (CT 102) | 192.168.1.102:8080 | https://echo6.co | Branded search homepage (Docker, custom theme) | | meshtasticd (AIDA-N2) | aida-nebra | 192.168.1.253:4403 | Internal | AIDA-N2(RPT,LLM) node !27780c47, Nebra 2W hat (ZebraHat), CLIENT_BASE role, fw 2.7.19. MeshAI (CT 108) connects via TCP localhost:4403 | | Meshtastic CLI | mt-isr | 192.168.1.141 | Internal | Station G2 WiFi bridge + TCP management | | meshtasticd | mt-burleybutte | 192.168.1.185:4403 | Internal | Software Meshtastic node (Nebra 2W hat) | | IdahoMesh Headscale | utility (CT 106) | 192.168.1.106:8080 | https://vpn.idahomesh.com | Meshtastic mesh VPN coordination | | mesh-bridge | utility (CT 107) | 192.168.1.107 | Internal | Dual-tailscaled bridge (echo6 ↔ idahomesh) | | MeshAI | utility (CT 108) | 192.168.1.144:4403 | Internal | LLM-powered Meshtastic assistant (Docker, Gemini Flash, Google grounding) | | Authentik | Contabo | 5.189.158.149:9000 | https://auth.echo6.co | SSO provider (Echo6 branded, custom CSS, dark theme) | | Forge | Contabo | 5.189.158.149 | https://forge.echo6.co | Git server | | Headscale | Contabo | 5.189.158.149 | https://vpn.echo6.co | Tailscale coordination (OIDC enabled) | | Headplane | Contabo | 127.0.0.1:3100 | https://vpn.echo6.co/admin | Headscale web UI (OIDC via Authentik) | | Mailcow | Contabo | 5.189.158.149 | https://mail.echo6.co | Email server | | Vaultwarden | Contabo | 127.0.0.1:8086 | https://vault.echo6.co | Password manager (SSO enabled) | | Syncthing | Contabo | 100.64.0.1:22000 | Internal (Tailscale) | File sync — ~/.claude/, ~/projects/ | | Syncthing | cortex | 100.64.0.14:22000 | Internal (Tailscale) | File sync — ~/.claude/, ~/projects/ | | Proxmox VE | data node | 192.168.1.240:8006 | https://proxmox.echo6.co | Cluster web UI (via Caddy+Tailscale) | | Immich | cloud (CT 120) | 192.168.1.182:2283 | https://immich.echo6.co | Photo management (Docker, NFS storage on pi-nas) | | Nextcloud | cloud (CT 121) | 192.168.1.183:11000 | https://nextcloud.echo6.co | Cloud storage (AIO Docker, NFS on pi-nas, SSO) | | Jellyfin | media (VM 105) | 192.168.1.160:8096 | https://jellyfin.echo6.co | Media server (Docker, NFS on pi-nas, SSO) | | Jellyseer | media (VM 105) | 192.168.1.160:5055 | https://requests.echo6.co | Media request management (Docker, SSO) | | Sonarr | media (VM 105) | 192.168.1.160:8989 | Internal | TV automation (Docker) | | Radarr | media (VM 105) | 192.168.1.160:7878 | Internal | Movie automation (Docker) | | Prowlarr | media (VM 105) | 192.168.1.160:9696 | Internal | Indexer manager (Docker) | | SABnzbd | media (VM 105) | 192.168.1.160:8080 | Internal | Usenet download client (Docker) | | PeerTube | media (CT 110) | 192.168.1.170:9000 | https://stream.echo6.co | Video streaming (native, NFS on pi-nas, SSO) | | WATCHTOWER | Contabo | 127.0.0.1:8099 | https://wt.echo6.co | Ops dashboard (Docker, Authentik forward auth) | | Open WebUI | cortex (VM 150) | 192.168.1.150:8080 | https://ai.echo6.co | AI chat interface (Docker, Ollama backend, SSO) | | Qdrant | cortex (VM 150) | 192.168.1.150:6333 | Internal | Vector database (Docker, RECON knowledge store) | | TEI | cortex (VM 150) | 192.168.1.150:8090 | Internal | Text embeddings (Docker, bge-m3 1024-dim) | | RECON | data (VM 1130) | 192.168.1.130:8420 | https://recon.echo6.co | Knowledge extraction pipeline (systemd, dashboard+API) | | Files | data (VM 1130) | 192.168.1.130:8888 | https://files.echo6.co | PDF library (nginx, Authentik forward auth) | | Samba | data | 192.168.1.240:445 | Internal | SMB file sharing — `//data/library` → /mnt/data/library (guest access) | | Matrix Synapse | Contabo | 127.0.0.1:8008 | https://matrix.echo6.co | Matrix homeserver (Docker, SSO) | | Element Web | Contabo | 127.0.0.1:8088 | https://element.echo6.co | Matrix web client (Docker) | | mautrix-signal | Contabo | internal (29328) | DM @signalbot:echo6.co | Signal bridge (Docker, E2BE, MSC4190, double puppeting) | | LiveSync | Contabo | 127.0.0.1:5984 | https://notes.echo6.co | Obsidian sync (CouchDB + provisioner, Docker, JWT auth) | | TAK Server | Contabo | 100.64.0.1:8446/8443/8089 | https://tak.echo6.co | TAK Server (Docker, Authentik forward auth on admin portal) | | SIGIL | Contabo | 100.64.0.1:8990 | https://tak.echo6.co/sigil | TAK management console (Docker, Authentik forward auth) | | Echo6 Cortex Agent | cortex (VM 150) | N/A (Matrix bot) | #cortex:echo6.co in echo6-ops space | Claude Code bridge — @cortex:echo6.co, session continuity, E2EE (systemd) | | Echo6 Contabo Agent | Contabo | N/A (Matrix bot) | #contabo:echo6.co in echo6-ops space | Claude Code bridge — @contabo:echo6.co, session continuity, E2EE (systemd) | | mautrix-signal | Contabo | 29328 (internal) | Internal (matrix-net) | Signal bridge — @signalbot:echo6.co, E2BE, MSC4190, auto-portals | | Matrix MAS | Contabo | 127.0.0.1:8085 | Internal (via Caddy) | Matrix Authentication Service (Docker, handles login/logout/OIDC for Synapse) | | Termix | Contabo | 0.0.0.0:8083 | Internal (no Caddy block) | Terminal sharing tool (Docker, ghcr.io/lukegus/termix:latest) | | Archivist | utility (CT 118) | 192.168.1.118 | Internal | Signal/Matrix room archive bot (systemd) — see archivist.ref for details | | pt-transcoder | cortex (VM 150) | N/A | Internal | PeerTube H.265 NVENC transcoder (systemd, /opt/bulk-import/transcoder.py) | | recon-sparse | cortex (VM 150) | 192.168.1.150:8091 | Internal | RECON sparse embedding service (systemd, bge-m3 model, port 8091) | | Samba | cortex (VM 150) | 192.168.1.150:445 | Internal | SMB file sharing — `//cortex/projects` → /home/zvx/projects (guest access) | ## Services by Server ### toc - Proxmox Host (192.168.1.244 / Tailscale: 100.64.0.13) - Proxmox VE node (echo6-cluster) - GPU passthrough host for cortex VM - No direct services — workloads run on cortex VM ### cortex - VM 150 on toc (192.168.1.150 / Tailscale: 100.64.0.14) - GPU compute VM (RTX A4000) - Claude Code host - Syncthing (syncs with Contabo) - Open WebUI (port 8080, https://ai.echo6.co, Docker, SSO via Authentik, Echo6 theme) - Compose path: `/opt/open-webui/docker-compose.yml` - Echo6 theme: togglable via "E6" button (bottom-right), persisted in localStorage - Theme files bind-mounted from `/home/zvx/echo6-theme/` into container - DEFAULT_USER_ROLE=user (new signups auto-activated, not pending) - Ollama (port 11434, internal, Docker with GPU) - Qdrant (port 6333, internal, Docker — vector DB for RECON) - TEI (port 8090, internal, Docker — bge-m3 embeddings for RECON) - PeerTube remote runner (peertube-runner service, Whisper auto-captioning via smart GPU/CPU wrapper, concurrency=2, MemoryMax=20G) - pt-transcoder (systemd: pt-transcoder.service, PeerTube H.265 NVENC transcoder) - Script: `/opt/bulk-import/transcoder.py` - MemoryMax=12G, Restart=always, RestartSec=60 - Depends on: nvidia-persistenced.service - recon-sparse (systemd: recon-sparse.service, RECON sparse embedding service) - Script: `/opt/recon-sparse/sparse_embed_service.py --port 8091` - Model: BAAI/bge-m3 (HuggingFace cache) - Restart=on-failure, RestartSec=10 - Samba (smbd/nmbd, system packages) - Share: `//cortex/projects` → `/home/zvx/projects` (browseable, read-write, guest OK, force user/group zvx) - Workgroup: WORKGROUP, standalone server - Echo6 Cortex Agent (systemd: echo6-agent.service, matrix-nio bot, @cortex:echo6.co) - Install path: `/opt/echo6-agent/` - Matrix space: echo6-ops, room: #cortex:echo6.co (E2EE, private) - Session continuity via `claude -p --resume`, persistent per-room sessions - `!new` resets conversation session - Allowed users: @matt:echo6.co - MAS user ID: 01KKX88ARGK0BTA1JMB2QVAW4C ### utility - CT 100 (192.168.1.100 / Tailscale: 100.64.0.7) - MeshMonitor (port 8080, https://mesh.echo6.co) - Image: `meshmonitor:multichannel-new` (local build from zvx-echo6/meshmonitor fork, branch `feature/multi-channel-automation`) - Fork of Yeraze/meshmonitor with multi-channel AutoAnnounce and AutoResponder support (PR #2078 open upstream) ### utility - CT 101 (192.168.1.101 / Tailscale: 100.64.0.8) - Utility Caddy (reverse proxy for VPN-only services) ### utility - CT 102 (192.168.1.102 / Tailscale: 100.64.0.15) - Echo6 Search — branded SearXNG homepage (port 8080, https://echo6.co) - Custom cyberpunk theme: JetBrains Mono font, cyan/yellow palette, dark backgrounds - Homepage: centered Echo6 logo + pill search bar (Google-style, viewport-locked no-scroll) - Results page: full-width two-column grid (results + sidebar), stretched search header - Top nav bar: `.//photos`, `.//mail`, waffle app launcher (11 services), login avatar - All nav links use Authentik launch URLs for seamless SSO pass-through - search.echo6.co permanently redirects to echo6.co (301) - Redis/Valkey cache (valkey container) - Compose path: `/opt/searxng/docker-compose.yml` - Theme files: `/opt/searxng/custom/` (bind-mounted into container) - `templates/simple/base.html` — custom template (nav, CSS, waffle menu, footer) - `templates/simple/index.html` — custom homepage (Echo6 logo replaces SearXNG title) - `img/echo6-logo.png` — Echo6 logo (replaces SearXNG logo) - `img/favicon.png` — Echo6 favicon - Config: `/opt/searxng/searxng-config/settings.yml` (instance_name: "Echo6", dark theme, center_alignment: false) - SearXNG version: 2026.2.6 (Docker image: searxng/searxng:latest) ### utility - CT 103 (192.168.1.103 / Tailscale: 100.64.0.31) - Meshtastic sim node (advbbs) ### utility - CT 108 (192.168.1.144 / Tailscale: 100.64.0.32) - MeshAI — LLM-powered Meshtastic mesh assistant (Docker) - Bot name: AIDA, node ID !27780c47, channel 8 whitelist - Image: ghcr.io/zvx-echo6/meshai:latest (GitHub Actions multi-arch build) - Backend: Gemini 2.5 Flash with Google Search grounding - Connects to meshtasticd **on aida-nebra** (192.168.1.253:4403) — the AIDA-N2 node !27780c47 - Config TUI on port 7682 (`meshai --config`) - Commands: !help, !ping, !status, !weather, !reset, !clear - 7-day rolling conversation memory (SQLite), full history sent to LLM - Response: 175 char chunks × 3 messages max - Compose path: `/home/zvx/meshai/docker-compose.yml` ### utility - CT 118 (192.168.1.118) - Signal/Matrix room archive bot (archivist.service via systemd) - 1 core, 1GB RAM, 8GB disk - Not registered in Headscale (no Tailscale) - Source: forge.echo6.co/matt/matrix-archivist (private) - See `/home/zvx/projects/.ref/archivist.ref` for implementation details ### cloud - CT 120 (192.168.1.182 / Tailscale: 100.64.0.2) - Immich photo management (https://immich.echo6.co) - Port 2283 - NFS storage from pi-nas (/mnt/immich) - Compose path: `/opt/immich/docker-compose.yml` ### cloud - CT 121 (192.168.1.183 / Tailscale: 100.64.0.11) - Nextcloud AIO (https://nextcloud.echo6.co) - Apache port 11000, AIO management on 8080 - NFS storage from pi-nas (/mnt/nextcloud) - SSO via Authentik OIDC ### media - VM 105 (192.168.1.160 / Tailscale: 100.64.0.18) - ARR media automation stack (Docker) - Jellyfin media server (port 8096, https://jellyfin.echo6.co) - Jellyseer request management (port 5055, https://requests.echo6.co) - Sonarr TV automation (port 8989, internal) - Radarr movie automation (port 7878, internal) - Prowlarr indexer manager (port 9696, internal) - SABnzbd Usenet downloader (port 8080, internal) - NFS storage from pi-nas (/mnt/arr) - Config dirs: /opt/arr/{jellyfin,jellyseer,sonarr,radarr,prowlarr,sabnzbd} ### media - CT 110 (192.168.1.170 / Tailscale: 100.64.0.23) - PeerTube video streaming (https://stream.echo6.co) - Native install (Node.js 22, PostgreSQL 16, Redis, nginx) - Port 9000 (PeerTube), proxied via nginx on port 80 - NFS storage from pi-nas (/var/www/peertube/storage, /export/peertube) - SSO via Authentik OIDC (peertube-plugin-auth-openid-connect) - Privileged container (NFS bind-mount) - Auto-transcription enabled (remote runners on cortex, Whisper medium model) - **PeerTube Bulk Import Pipeline:** - pt-downloader.service — YouTube channel downloader (yt-dlp, sliding window, cookie auth) - pt-importer.service — Uploads downloaded videos to PeerTube via resumable upload API - NordVPN (nordvpnd.service) — IP rotation for downloads - Config: `/opt/bulk-import/config/` (channel-map.json, cookies.txt, downloader-state.json) - Logs: `/opt/bulk-import/logs/` - Pipeline dirs: `/var/www/peertube/storage/pipeline/{staging,completed,transcoded,failed}` ### data - Proxmox Host (192.168.1.240 / Tailscale: 100.64.0.6) - Proxmox VE node (echo6-cluster) - Samba (smbd/nmbd, system packages) - Share: `//data/library` → `/mnt/data/library` (browseable, read-write, guest OK, force user/group root) - Workgroup: WORKGROUP, standalone server ### data - VM 1130 "recon-vm" (192.168.1.130 / Tailscale: 100.64.0.24) - **Migrated from CT 130 (LXC) on 2026-04-19** - OS: Ubuntu 24.04.4 LTS, kernel 6.8.0-110-generic - Resources: 4 cores, 16GB RAM, 100GB disk - Software: Docker 29.4.0, Python 3.12.3 (venv), Tailscale, nginx, sqlite3 - RECON knowledge extraction pipeline - systemd services: `recon.service`, `recon-watchdog.service`, `kiwix.service` - Dashboard + API on port 8420 (https://recon.echo6.co) - nginx file server on port 8888 (https://files.echo6.co, Authentik forward auth) - Kiwix-serve on port 8430 (ZIM library, 10 sources) - Install: `/opt/recon/` (Python 3, Flask, venv) - NFS mounts: pi-nas:/export/library → /mnt/library (PDF source), /mnt/nav, /mnt/kiwix - Pipeline: Extract (PyPDF2→pdftotext→Tesseract→Gemini Vision) → Enrich (Gemini) → Embed (TEI/Qdrant) - DB: SQLite (status), Qdrant on cortex:6333 (vectors) - Backups: rsync to Contabo every 6hrs (concepts, text, DB, config), DB snapshot every 2hrs - Config: `/opt/recon/config.yaml`, keys in `/opt/recon/.env` - Docs: `/opt/recon/PROJECT-BIBLE.md` - User: zvx (sudo, SSH key auth) ### utility - CT 106 (192.168.1.106) - IdahoMesh Headscale (https://vpn.idahomesh.com) - Container name: meshtastic-hs - Manages meshtastic mesh VPN (separate from echo6 Headscale on Contabo) - Users: malice, sidpatchy, nebra ### utility - CT 107 (192.168.1.107) - mesh-bridge — dual tailscaled instance - Bridges echo6 (100.64.0.0/10) ↔ idahomesh (100.100.0.0/16) networks - NAT masquerade + subnet route advertisement - Echo6 clients need `--accept-routes` to reach idahomesh devices - iptables FORWARD rules must be BEFORE `ts-forward` jump (Tailscale drops cross-tailnet packets otherwise) - Echo6 socket: `/run/tailscale/tailscaled.sock` (port 41641) - IdahoMesh socket: `/var/run/tailscale-meshtastic/tailscaled.sock` (port 41642, tun=tailscale1) - Rules persisted: `/etc/iptables/rules.v4` via `iptables-restore.service` ### pi-nas (192.168.1.245 / Tailscale: 100.64.0.21) - OpenMediaVault NAS (https://nas.echo6.co) - Port 80 (HTTP) - Internet Archive CLI (`ia` v5.7.2) installed for archive.org uploads ### aida-nebra (192.168.1.253 / Tailscale: 100.64.0.9) - **AIDA-N2(RPT,LLM)** — meshtasticd node `!27780c47` (short name: AIDA) - Hardware: Nebra 2W SX1262 hat (ZebraHat config in `/etc/meshtasticd/config.d/`) - Port: 4403 (default), firmware 2.7.19 (PORTDUINO/native) - Role: CLIENT_BASE, position: 42.574, -114.607 (manual) - MAC source: eth0 (derived MAC `00:bd:27:78:0c:47`) - MeshAI bot (CT 108) connects to this node via TCP `localhost:4403` (Docker network) - Service: `meshtasticd.service` (single instance, runs as user meshtastic) - Config: `/etc/meshtasticd/config.yaml` + `/etc/meshtasticd/config.d/ZebraHat_2W.yaml` - User: zvx, password auth (`sshpass -p '7redditGold' ssh zvx@aida-nebra`) ### mt-isr (192.168.1.141 / IdahoMesh: 100.100.0.5) - Raspberry Pi Zero 2 W, Debian 13 (trixie), Waveshare ETH/USB HUB HAT - No meshtasticd (G2 managed via WiFi TCP, not local daemon) - Meshtastic Python CLI v2.7.7 in venv (`/home/isr/meshtastic-cli/`) - Tailscale on IdahoMesh tailnet (vpn.idahomesh.com, nebra user) - WiFi hotspot: ISR-MESH (192.168.4.0/24, PMF disabled for ESP32 compatibility) - Station G2 radio connected via WiFi at 192.168.4.241, managed via TCP - G2 config: Freq51 (ch0, psk=1A==) + MediumFast (ch1), MEDIUM_FAST preset, ch=51, txPower=11 - G2 gold config backup: `isr@192.168.1.141:~/backups/g2-gold-config.yaml` - DNS bootstrap drop-in for tailscaled (reboot-safe) - User: isr, password auth (see credentials) ### mt-burleybutte (192.168.1.185) - meshtasticd (software Meshtastic node, Nebra 2W hat) - Raspberry Pi OS, user bb - Static MAC: A7:A1:30:79:BB:BB - Tailscale registered on IdahoMesh Headscale (vpn.idahomesh.com) under malice user ### Contabo VPS (5.189.158.149 / Tailscale: 100.64.0.1) - Authentik (SSO, Echo6 branded — custom CSS, dark theme, logo, favicon, flow titles) - Forge (Git) - Headscale (mesh VPN) - Mailcow (email) - Vaultwarden (passwords) - Syncthing (syncs with cortex) - WATCHTOWER (ops dashboard, port 8099, https://wt.echo6.co) - Matrix Synapse homeserver (port 8008, https://matrix.echo6.co, Docker, SSO via Authentik) - Element Web client (port 8088, https://element.echo6.co, Docker) - mautrix-signal bridge (port 29328 internal, Docker, E2BE with MSC4190) - Image: `dock.mau.dev/mautrix/signal:v0.2603.0` - Container: `mautrix-signal` on `matrix-net` - Config: `/opt/matrix/mautrix-signal/config.yaml` - Registration: `/opt/matrix/synapse/registration.yaml` + `/opt/matrix/synapse/doublepuppet.yaml` - Database: `mautrix_signal` on `matrix-postgres` (role: `mautrix_signal`, minimal grants) - Bot user: `@signalbot:echo6.co`, device: `UPX4KKLZVY` - Permissions: `@matt:echo6.co` = admin, `echo6.co` = user - Double puppeting: appservice-based (doublepuppet.yaml as_token) - Encryption: E2BE enabled (allow+default+require), MSC4190, self-signed cross-signing keys - Compose path: `/opt/matrix/docker-compose.yml` - Backup: daily at 3AM, 14-day retention (synapse + mas + mautrix_signal databases) - LiveSync CouchDB (port 5984, https://notes.echo6.co, Docker, JWT auth) - LiveSync Provisioner (port 5985, https://notes.echo6.co/_provision/, Docker, Authentik forward auth) - Compose path: `/opt/livesync/docker-compose.yml` - Per-user ES512 key pairs, encrypted setup URIs, per-user CouchDB databases - TAK Server (port 8446 web admin, 8443 mutual TLS API, 8089 TLS for EUDs) - https://tak.echo6.co (Authentik forward auth on admin portal) - Compose path: `/opt/tak-server-deploy/docker-compose.yml` - Certs: `/opt/tak-server-deploy/tak/certs/files/` - Container names: `tak-server-deploy-tak-1`, `tak-server-deploy-db-1` - SIGIL console (port 8990, https://tak.echo6.co/sigil, Authentik forward auth) - Compose path: `/opt/sigil/docker-compose.yml` - Matrix Authentication Service (MAS) (port 8085, internal, Docker) - Container: `matrix-mas` on `matrix-net` - Handles login/logout/refresh/auth_metadata for Synapse - Caddy routes: `/_matrix/client/*/login`, `/_matrix/client/*/logout`, `/_matrix/client/*/refresh`, `/_matrix/client/*/auth_metadata` → MAS (8085); `/_matrix/*` and `/_synapse/*` → Synapse (8008); default → MAS (8085) - Compose: `/opt/matrix/docker-compose.yml` (shared with Synapse stack) - Termix (port 8083, internal, Docker) - Container: `termix` on `termix_default` network - Image: `ghcr.io/lukegus/termix:latest` - Port: 8080→8083 (bound to 0.0.0.0, NOT 127.0.0.1) - Volume: `termix_termix-data` → `/app/data` - No Caddy block — direct access only on port 8083 - Compose: `/opt/termix/` (inferred from Docker volume naming) - Echo6 Contabo Agent (systemd: echo6-agent.service, matrix-nio bot, @contabo:echo6.co) - Install path: `/opt/echo6-agent/` - Claude Code bridge with session continuity + E2EE - Watches #contabo:echo6.co in echo6-ops space - CLAUDE_CWD=/root, runs as root - mautrix-signal bridge (mautrix-signal container, port 29328 internal) - Image: dock.mau.dev/mautrix/signal:v0.2603.0 - Config: `/opt/matrix/mautrix-signal/config.yaml` - Compose: `/opt/matrix/docker-compose.yml` (shared with Synapse stack) - DB: mautrix_signal on matrix-postgres - Bot: @signalbot:echo6.co, management room !fDjIRTMjxILVQoAcEN:echo6.co - E2BE enabled (MSC4190), double puppeting via doublepuppet.yaml - Signal account: +12083080811 (@matt:echo6.co) - Portals auto-create on incoming messages (no autocreate toggle available) - Ref: `/home/zvx/projects/.ref/mautrix_signal.ref` ## Adding New Services When deploying a new service, update this file with: 1. Service name 2. Host location (server + container if applicable) 3. IP:Port 4. Access method (internal only vs public URL) 5. Brief description ## Naming Conventions - **Internal services:** Access via Tailscale IP (100.64.x.x) or local IP - **Public services:** Access via `*.echo6.co` subdomain through Caddy reverse proxy ### Lidarr on Steroids (lidarr.echo6.co) - **Container:** lidarr (youegraillot/lidarr-on-steroids:latest) - **Host:** media VM 105 (192.168.1.160) - **Ports:** 8686 (Lidarr), 6595 (Deemix) - **Network:** arr-net - **Config:** /opt/arr/lidarr/config (Lidarr), /opt/arr/lidarr/config_deemix (Deemix) - **Compose:** /opt/arr/docker-compose.yml - **Music root:** /mnt/arr/music (NFS from pi-nas) - **Downloads:** /mnt/arr/downloads (shared with SABnzbd) - **API key:** 78f026ec93a94d8eb3177816b74a57b7 - **Caddy:** lidarr.echo6.co -> 100.64.0.18:8686 (Authentik forward auth) - **Prowlarr:** fullSync configured - **SABnzbd:** configured (music category) - **Deemix:** port 6595, NOT exposed via Caddy (Tailscale-only access) - **PUID/PGID:** 1000/1000, TZ: America/Boise ### Navidrome (navidrome.echo6.co) - **Container:** navidrome (deluan/navidrome:latest) - **Host:** media VM 105 (192.168.1.160) - **Port:** 4533 - **Network:** arr-net - **Data volume:** arr_navidrome-data (named Docker volume) - **Music volume:** /mnt/arr/music (read-only, shared with Lidarr) - **Compose:** /opt/arr/docker-compose.yml - **Caddy:** navidrome.echo6.co -> 100.64.0.18:4533 (Authentik forward auth) - **User:** 1000:1000 - **Scan schedule:** every 1 hour - **Admin setup:** First login at https://navidrome.echo6.co creates admin account