360 lines
22 KiB
Markdown
360 lines
22 KiB
Markdown
# Current Services Inventory
|
||
|
||
## Active Services
|
||
|
||
| Service | Location | IP:Port | Access | Notes |
|
||
|---------|----------|---------|--------|-------|
|
||
| MeshMonitor | utility (CT 100) | 192.168.1.100:8080 | https://mesh.echo6.co | Meshtastic mesh monitoring (zvx-echo6/meshmonitor fork, multi-channel AutoAnnounce/AutoResponder) |
|
||
| Utility Caddy | utility (CT 101) | 192.168.1.101 / 100.64.0.8 | 199.6.36.163 (ports 80/443) | Reverse proxy for home services |
|
||
| Echo6 Search (SearXNG) | utility (CT 102) | 192.168.1.102:8080 | https://echo6.co | Branded search homepage (Docker, custom theme) |
|
||
| meshtasticd (AIDA-N2) | aida-nebra | 192.168.1.253:4403 | Internal | AIDA-N2(RPT,LLM) node !27780c47, Nebra 2W hat (ZebraHat), CLIENT_BASE role, fw 2.7.19. MeshAI (CT 108) connects via TCP localhost:4403 |
|
||
| Meshtastic CLI | mt-isr | 192.168.1.141 | Internal | Station G2 WiFi bridge + TCP management |
|
||
| meshtasticd | mt-burleybutte | 192.168.1.185:4403 | Internal | Software Meshtastic node (Nebra 2W hat) |
|
||
| IdahoMesh Headscale | utility (CT 106) | 192.168.1.106:8080 | https://vpn.idahomesh.com | Meshtastic mesh VPN coordination |
|
||
| mesh-bridge | utility (CT 107) | 192.168.1.107 | Internal | Dual-tailscaled bridge (echo6 ↔ idahomesh) |
|
||
| MeshAI | utility (CT 108) | 192.168.1.144:4403 | Internal | LLM-powered Meshtastic assistant (Docker, Gemini Flash, Google grounding) |
|
||
| Authentik | Contabo | 5.189.158.149:9000 | https://auth.echo6.co | SSO provider (Echo6 branded, custom CSS, dark theme) |
|
||
| Forge | Contabo | 5.189.158.149 | https://forge.echo6.co | Git server |
|
||
| Headscale | Contabo | 5.189.158.149 | https://vpn.echo6.co | Tailscale coordination (OIDC enabled) |
|
||
| Headplane | Contabo | 127.0.0.1:3100 | https://vpn.echo6.co/admin | Headscale web UI (OIDC via Authentik) |
|
||
| Mailcow | Contabo | 5.189.158.149 | https://mail.echo6.co | Email server |
|
||
| Vaultwarden | Contabo | 127.0.0.1:8086 | https://vault.echo6.co | Password manager (SSO enabled) |
|
||
| Syncthing | Contabo | 100.64.0.1:22000 | Internal (Tailscale) | File sync — ~/.claude/, ~/projects/ |
|
||
| Syncthing | cortex | 100.64.0.14:22000 | Internal (Tailscale) | File sync — ~/.claude/, ~/projects/ |
|
||
| Proxmox VE | data node | 192.168.1.240:8006 | https://proxmox.echo6.co | Cluster web UI (via Caddy+Tailscale) |
|
||
| Immich | cloud (CT 120) | 192.168.1.182:2283 | https://immich.echo6.co | Photo management (Docker, NFS storage on pi-nas) |
|
||
| Nextcloud | cloud (CT 121) | 192.168.1.183:11000 | https://nextcloud.echo6.co | Cloud storage (AIO Docker, NFS on pi-nas, SSO) |
|
||
| Jellyfin | media (VM 105) | 192.168.1.160:8096 | https://jellyfin.echo6.co | Media server (Docker, NFS on pi-nas, SSO) |
|
||
| Jellyseer | media (VM 105) | 192.168.1.160:5055 | https://requests.echo6.co | Media request management (Docker, SSO) |
|
||
| Sonarr | media (VM 105) | 192.168.1.160:8989 | Internal | TV automation (Docker) |
|
||
| Radarr | media (VM 105) | 192.168.1.160:7878 | Internal | Movie automation (Docker) |
|
||
| Prowlarr | media (VM 105) | 192.168.1.160:9696 | Internal | Indexer manager (Docker) |
|
||
| SABnzbd | media (VM 105) | 192.168.1.160:8080 | Internal | Usenet download client (Docker) |
|
||
| PeerTube | media (CT 110) | 192.168.1.170:9000 | https://stream.echo6.co | Video streaming (native, NFS on pi-nas, SSO) |
|
||
| WATCHTOWER | Contabo | 127.0.0.1:8099 | https://wt.echo6.co | Ops dashboard (Docker, Authentik forward auth) |
|
||
| Open WebUI | cortex (VM 150) | 192.168.1.150:8080 | https://ai.echo6.co | AI chat interface (Docker, Ollama backend, SSO) |
|
||
| Qdrant | cortex (VM 150) | 192.168.1.150:6333 | Internal | Vector database (Docker, RECON knowledge store) |
|
||
| TEI | cortex (VM 150) | 192.168.1.150:8090 | Internal | Text embeddings (Docker, bge-m3 1024-dim) |
|
||
| RECON | data (VM 1130) | 192.168.1.130:8420 | https://recon.echo6.co | Knowledge extraction pipeline (systemd, dashboard+API) |
|
||
| Files | data (VM 1130) | 192.168.1.130:8888 | https://files.echo6.co | PDF library (nginx, Authentik forward auth) |
|
||
| Samba | data | 192.168.1.240:445 | Internal | SMB file sharing — `//data/library` → /mnt/data/library (guest access) |
|
||
| Matrix Synapse | Contabo | 127.0.0.1:8008 | https://matrix.echo6.co | Matrix homeserver (Docker, SSO) |
|
||
| Element Web | Contabo | 127.0.0.1:8088 | https://element.echo6.co | Matrix web client (Docker) |
|
||
| mautrix-signal | Contabo | internal (29328) | DM @signalbot:echo6.co | Signal bridge (Docker, E2BE, MSC4190, double puppeting) |
|
||
| LiveSync | Contabo | 127.0.0.1:5984 | https://notes.echo6.co | Obsidian sync (CouchDB + provisioner, Docker, JWT auth) |
|
||
| TAK Server | Contabo | 100.64.0.1:8446/8443/8089 | https://tak.echo6.co | TAK Server (Docker, Authentik forward auth on admin portal) |
|
||
| SIGIL | Contabo | 100.64.0.1:8990 | https://tak.echo6.co/sigil | TAK management console (Docker, Authentik forward auth) |
|
||
| Echo6 Cortex Agent | cortex (VM 150) | N/A (Matrix bot) | #cortex:echo6.co in echo6-ops space | Claude Code bridge — @cortex:echo6.co, session continuity, E2EE (systemd) |
|
||
| Echo6 Contabo Agent | Contabo | N/A (Matrix bot) | #contabo:echo6.co in echo6-ops space | Claude Code bridge — @contabo:echo6.co, session continuity, E2EE (systemd) |
|
||
| mautrix-signal | Contabo | 29328 (internal) | Internal (matrix-net) | Signal bridge — @signalbot:echo6.co, E2BE, MSC4190, auto-portals |
|
||
| Matrix MAS | Contabo | 127.0.0.1:8085 | Internal (via Caddy) | Matrix Authentication Service (Docker, handles login/logout/OIDC for Synapse) |
|
||
| Termix | Contabo | 0.0.0.0:8083 | Internal (no Caddy block) | Terminal sharing tool (Docker, ghcr.io/lukegus/termix:latest) |
|
||
| Archivist | utility (CT 118) | 192.168.1.118 | Internal | Signal/Matrix room archive bot (systemd) — see archivist.ref for details |
|
||
| pt-transcoder | cortex (VM 150) | N/A | Internal | PeerTube H.265 NVENC transcoder (systemd, /opt/bulk-import/transcoder.py) |
|
||
| recon-sparse | cortex (VM 150) | 192.168.1.150:8091 | Internal | RECON sparse embedding service (systemd, bge-m3 model, port 8091) |
|
||
| Samba | cortex (VM 150) | 192.168.1.150:445 | Internal | SMB file sharing — `//cortex/projects` → /home/zvx/projects (guest access) |
|
||
|
||
## Services by Server
|
||
|
||
### toc - Proxmox Host (192.168.1.244 / Tailscale: 100.64.0.13)
|
||
- Proxmox VE node (echo6-cluster)
|
||
- GPU passthrough host for cortex VM
|
||
- No direct services — workloads run on cortex VM
|
||
|
||
### cortex - VM 150 on toc (192.168.1.150 / Tailscale: 100.64.0.14)
|
||
- GPU compute VM (RTX A4000)
|
||
- Claude Code host
|
||
- Syncthing (syncs with Contabo)
|
||
- Open WebUI (port 8080, https://ai.echo6.co, Docker, SSO via Authentik, Echo6 theme)
|
||
- Compose path: `/opt/open-webui/docker-compose.yml`
|
||
- Echo6 theme: togglable via "E6" button (bottom-right), persisted in localStorage
|
||
- Theme files bind-mounted from `/home/zvx/echo6-theme/` into container
|
||
- DEFAULT_USER_ROLE=user (new signups auto-activated, not pending)
|
||
- Ollama (port 11434, internal, Docker with GPU)
|
||
- Qdrant (port 6333, internal, Docker — vector DB for RECON)
|
||
- TEI (port 8090, internal, Docker — bge-m3 embeddings for RECON)
|
||
- PeerTube remote runner (peertube-runner service, Whisper auto-captioning via smart GPU/CPU wrapper, concurrency=2, MemoryMax=20G)
|
||
- pt-transcoder (systemd: pt-transcoder.service, PeerTube H.265 NVENC transcoder)
|
||
- Script: `/opt/bulk-import/transcoder.py`
|
||
- MemoryMax=12G, Restart=always, RestartSec=60
|
||
- Depends on: nvidia-persistenced.service
|
||
- recon-sparse (systemd: recon-sparse.service, RECON sparse embedding service)
|
||
- Script: `/opt/recon-sparse/sparse_embed_service.py --port 8091`
|
||
- Model: BAAI/bge-m3 (HuggingFace cache)
|
||
- Restart=on-failure, RestartSec=10
|
||
- Samba (smbd/nmbd, system packages)
|
||
- Share: `//cortex/projects` → `/home/zvx/projects` (browseable, read-write, guest OK, force user/group zvx)
|
||
- Workgroup: WORKGROUP, standalone server
|
||
- Echo6 Cortex Agent (systemd: echo6-agent.service, matrix-nio bot, @cortex:echo6.co)
|
||
- Install path: `/opt/echo6-agent/`
|
||
- Matrix space: echo6-ops, room: #cortex:echo6.co (E2EE, private)
|
||
- Session continuity via `claude -p --resume`, persistent per-room sessions
|
||
- `!new` resets conversation session
|
||
- Allowed users: @matt:echo6.co
|
||
- MAS user ID: 01KKX88ARGK0BTA1JMB2QVAW4C
|
||
|
||
### utility - CT 100 (192.168.1.100 / Tailscale: 100.64.0.7)
|
||
- MeshMonitor (port 8080, https://mesh.echo6.co)
|
||
- Image: `meshmonitor:multichannel-new` (local build from zvx-echo6/meshmonitor fork, branch `feature/multi-channel-automation`)
|
||
- Fork of Yeraze/meshmonitor with multi-channel AutoAnnounce and AutoResponder support (PR #2078 open upstream)
|
||
|
||
### utility - CT 101 (192.168.1.101 / Tailscale: 100.64.0.8)
|
||
- Utility Caddy (reverse proxy for VPN-only services)
|
||
|
||
### utility - CT 102 (192.168.1.102 / Tailscale: 100.64.0.15)
|
||
- Echo6 Search — branded SearXNG homepage (port 8080, https://echo6.co)
|
||
- Custom cyberpunk theme: JetBrains Mono font, cyan/yellow palette, dark backgrounds
|
||
- Homepage: centered Echo6 logo + pill search bar (Google-style, viewport-locked no-scroll)
|
||
- Results page: full-width two-column grid (results + sidebar), stretched search header
|
||
- Top nav bar: `.//photos`, `.//mail`, waffle app launcher (11 services), login avatar
|
||
- All nav links use Authentik launch URLs for seamless SSO pass-through
|
||
- search.echo6.co permanently redirects to echo6.co (301)
|
||
- Redis/Valkey cache (valkey container)
|
||
- Compose path: `/opt/searxng/docker-compose.yml`
|
||
- Theme files: `/opt/searxng/custom/` (bind-mounted into container)
|
||
- `templates/simple/base.html` — custom template (nav, CSS, waffle menu, footer)
|
||
- `templates/simple/index.html` — custom homepage (Echo6 logo replaces SearXNG title)
|
||
- `img/echo6-logo.png` — Echo6 logo (replaces SearXNG logo)
|
||
- `img/favicon.png` — Echo6 favicon
|
||
- Config: `/opt/searxng/searxng-config/settings.yml` (instance_name: "Echo6", dark theme, center_alignment: false)
|
||
- SearXNG version: 2026.2.6 (Docker image: searxng/searxng:latest)
|
||
|
||
### utility - CT 103 (192.168.1.103 / Tailscale: 100.64.0.31)
|
||
- Meshtastic sim node (advbbs)
|
||
|
||
### utility - CT 108 (192.168.1.144 / Tailscale: 100.64.0.32)
|
||
- MeshAI — LLM-powered Meshtastic mesh assistant (Docker)
|
||
- Bot name: AIDA, node ID !27780c47, channel 8 whitelist
|
||
- Image: ghcr.io/zvx-echo6/meshai:latest (GitHub Actions multi-arch build)
|
||
- Backend: Gemini 2.5 Flash with Google Search grounding
|
||
- Connects to meshtasticd **on aida-nebra** (192.168.1.253:4403) — the AIDA-N2 node !27780c47
|
||
- Config TUI on port 7682 (`meshai --config`)
|
||
- Commands: !help, !ping, !status, !weather, !reset, !clear
|
||
- 7-day rolling conversation memory (SQLite), full history sent to LLM
|
||
- Response: 175 char chunks × 3 messages max
|
||
- Compose path: `/home/zvx/meshai/docker-compose.yml`
|
||
|
||
### utility - CT 118 (192.168.1.118)
|
||
- Signal/Matrix room archive bot (archivist.service via systemd)
|
||
- 1 core, 1GB RAM, 8GB disk
|
||
- Not registered in Headscale (no Tailscale)
|
||
- Source: forge.echo6.co/matt/matrix-archivist (private)
|
||
- See `/home/zvx/projects/.ref/archivist.ref` for implementation details
|
||
|
||
### cloud - CT 120 (192.168.1.182 / Tailscale: 100.64.0.2)
|
||
- Immich photo management (https://immich.echo6.co)
|
||
- Port 2283
|
||
- NFS storage from pi-nas (/mnt/immich)
|
||
- Compose path: `/opt/immich/docker-compose.yml`
|
||
|
||
### cloud - CT 121 (192.168.1.183 / Tailscale: 100.64.0.11)
|
||
- Nextcloud AIO (https://nextcloud.echo6.co)
|
||
- Apache port 11000, AIO management on 8080
|
||
- NFS storage from pi-nas (/mnt/nextcloud)
|
||
- SSO via Authentik OIDC
|
||
|
||
### media - VM 105 (192.168.1.160 / Tailscale: 100.64.0.18)
|
||
- ARR media automation stack (Docker)
|
||
- Jellyfin media server (port 8096, https://jellyfin.echo6.co)
|
||
- Jellyseer request management (port 5055, https://requests.echo6.co)
|
||
- Sonarr TV automation (port 8989, internal)
|
||
- Radarr movie automation (port 7878, internal)
|
||
- Prowlarr indexer manager (port 9696, internal)
|
||
- SABnzbd Usenet downloader (port 8080, internal)
|
||
- NFS storage from pi-nas (/mnt/arr)
|
||
- Config dirs: /opt/arr/{jellyfin,jellyseer,sonarr,radarr,prowlarr,sabnzbd}
|
||
|
||
### media - CT 110 (192.168.1.170 / Tailscale: 100.64.0.23)
|
||
- PeerTube video streaming (https://stream.echo6.co)
|
||
- Native install (Node.js 22, PostgreSQL 16, Redis, nginx)
|
||
- Port 9000 (PeerTube), proxied via nginx on port 80
|
||
- NFS storage from pi-nas (/var/www/peertube/storage, /export/peertube)
|
||
- SSO via Authentik OIDC (peertube-plugin-auth-openid-connect)
|
||
- Privileged container (NFS bind-mount)
|
||
- Auto-transcription enabled (remote runners on cortex, Whisper medium model)
|
||
- **PeerTube Bulk Import Pipeline:**
|
||
- pt-downloader.service — YouTube channel downloader (yt-dlp, sliding window, cookie auth)
|
||
- pt-importer.service — Uploads downloaded videos to PeerTube via resumable upload API
|
||
- NordVPN (nordvpnd.service) — IP rotation for downloads
|
||
- Config: `/opt/bulk-import/config/` (channel-map.json, cookies.txt, downloader-state.json)
|
||
- Logs: `/opt/bulk-import/logs/`
|
||
- Pipeline dirs: `/var/www/peertube/storage/pipeline/{staging,completed,transcoded,failed}`
|
||
|
||
### data - Proxmox Host (192.168.1.240 / Tailscale: 100.64.0.6)
|
||
- Proxmox VE node (echo6-cluster)
|
||
- Samba (smbd/nmbd, system packages)
|
||
- Share: `//data/library` → `/mnt/data/library` (browseable, read-write, guest OK, force user/group root)
|
||
- Workgroup: WORKGROUP, standalone server
|
||
|
||
### data - VM 1130 "recon-vm" (192.168.1.130 / Tailscale: 100.64.0.24)
|
||
- **Migrated from CT 130 (LXC) on 2026-04-19**
|
||
- OS: Ubuntu 24.04.4 LTS, kernel 6.8.0-110-generic
|
||
- Resources: 4 cores, 16GB RAM, 100GB disk
|
||
- Software: Docker 29.4.0, Python 3.12.3 (venv), Tailscale, nginx, sqlite3
|
||
- RECON knowledge extraction pipeline
|
||
- systemd services: `recon.service`, `recon-watchdog.service`, `kiwix.service`
|
||
- Dashboard + API on port 8420 (https://recon.echo6.co)
|
||
- nginx file server on port 8888 (https://files.echo6.co, Authentik forward auth)
|
||
- Kiwix-serve on port 8430 (ZIM library, 10 sources)
|
||
- Install: `/opt/recon/` (Python 3, Flask, venv)
|
||
- NFS mounts: pi-nas:/export/library → /mnt/library (PDF source), /mnt/nav, /mnt/kiwix
|
||
- Pipeline: Extract (PyPDF2→pdftotext→Tesseract→Gemini Vision) → Enrich (Gemini) → Embed (TEI/Qdrant)
|
||
- DB: SQLite (status), Qdrant on cortex:6333 (vectors)
|
||
- Backups: rsync to Contabo every 6hrs (concepts, text, DB, config), DB snapshot every 2hrs
|
||
- Config: `/opt/recon/config.yaml`, keys in `/opt/recon/.env`
|
||
- Docs: `/opt/recon/PROJECT-BIBLE.md`
|
||
- User: zvx (sudo, SSH key auth)
|
||
|
||
### utility - CT 106 (192.168.1.106)
|
||
- IdahoMesh Headscale (https://vpn.idahomesh.com)
|
||
- Container name: meshtastic-hs
|
||
- Manages meshtastic mesh VPN (separate from echo6 Headscale on Contabo)
|
||
- Users: malice, sidpatchy, nebra
|
||
|
||
### utility - CT 107 (192.168.1.107)
|
||
- mesh-bridge — dual tailscaled instance
|
||
- Bridges echo6 (100.64.0.0/10) ↔ idahomesh (100.100.0.0/16) networks
|
||
- NAT masquerade + subnet route advertisement
|
||
- Echo6 clients need `--accept-routes` to reach idahomesh devices
|
||
- iptables FORWARD rules must be BEFORE `ts-forward` jump (Tailscale drops cross-tailnet packets otherwise)
|
||
- Echo6 socket: `/run/tailscale/tailscaled.sock` (port 41641)
|
||
- IdahoMesh socket: `/var/run/tailscale-meshtastic/tailscaled.sock` (port 41642, tun=tailscale1)
|
||
- Rules persisted: `/etc/iptables/rules.v4` via `iptables-restore.service`
|
||
|
||
### pi-nas (192.168.1.245 / Tailscale: 100.64.0.21)
|
||
- OpenMediaVault NAS (https://nas.echo6.co)
|
||
- Port 80 (HTTP)
|
||
- Internet Archive CLI (`ia` v5.7.2) installed for archive.org uploads
|
||
|
||
### aida-nebra (192.168.1.253 / Tailscale: 100.64.0.9)
|
||
- **AIDA-N2(RPT,LLM)** — meshtasticd node `!27780c47` (short name: AIDA)
|
||
- Hardware: Nebra 2W SX1262 hat (ZebraHat config in `/etc/meshtasticd/config.d/`)
|
||
- Port: 4403 (default), firmware 2.7.19 (PORTDUINO/native)
|
||
- Role: CLIENT_BASE, position: 42.574, -114.607 (manual)
|
||
- MAC source: eth0 (derived MAC `00:bd:27:78:0c:47`)
|
||
- MeshAI bot (CT 108) connects to this node via TCP `localhost:4403` (Docker network)
|
||
- Service: `meshtasticd.service` (single instance, runs as user meshtastic)
|
||
- Config: `/etc/meshtasticd/config.yaml` + `/etc/meshtasticd/config.d/ZebraHat_2W.yaml`
|
||
- User: zvx, password auth (`sshpass -p '7redditGold' ssh zvx@aida-nebra`)
|
||
|
||
### mt-isr (192.168.1.141 / IdahoMesh: 100.100.0.5)
|
||
- Raspberry Pi Zero 2 W, Debian 13 (trixie), Waveshare ETH/USB HUB HAT
|
||
- No meshtasticd (G2 managed via WiFi TCP, not local daemon)
|
||
- Meshtastic Python CLI v2.7.7 in venv (`/home/isr/meshtastic-cli/`)
|
||
- Tailscale on IdahoMesh tailnet (vpn.idahomesh.com, nebra user)
|
||
- WiFi hotspot: ISR-MESH (192.168.4.0/24, PMF disabled for ESP32 compatibility)
|
||
- Station G2 radio connected via WiFi at 192.168.4.241, managed via TCP
|
||
- G2 config: Freq51 (ch0, psk=1A==) + MediumFast (ch1), MEDIUM_FAST preset, ch=51, txPower=11
|
||
- G2 gold config backup: `isr@192.168.1.141:~/backups/g2-gold-config.yaml`
|
||
- DNS bootstrap drop-in for tailscaled (reboot-safe)
|
||
- User: isr, password auth (see credentials)
|
||
|
||
### mt-burleybutte (192.168.1.185)
|
||
- meshtasticd (software Meshtastic node, Nebra 2W hat)
|
||
- Raspberry Pi OS, user bb
|
||
- Static MAC: A7:A1:30:79:BB:BB
|
||
- Tailscale registered on IdahoMesh Headscale (vpn.idahomesh.com) under malice user
|
||
|
||
### Contabo VPS (5.189.158.149 / Tailscale: 100.64.0.1)
|
||
- Authentik (SSO, Echo6 branded — custom CSS, dark theme, logo, favicon, flow titles)
|
||
- Forge (Git)
|
||
- Headscale (mesh VPN)
|
||
- Mailcow (email)
|
||
- Vaultwarden (passwords)
|
||
- Syncthing (syncs with cortex)
|
||
- WATCHTOWER (ops dashboard, port 8099, https://wt.echo6.co)
|
||
- Matrix Synapse homeserver (port 8008, https://matrix.echo6.co, Docker, SSO via Authentik)
|
||
- Element Web client (port 8088, https://element.echo6.co, Docker)
|
||
- mautrix-signal bridge (port 29328 internal, Docker, E2BE with MSC4190)
|
||
- Image: `dock.mau.dev/mautrix/signal:v0.2603.0`
|
||
- Container: `mautrix-signal` on `matrix-net`
|
||
- Config: `/opt/matrix/mautrix-signal/config.yaml`
|
||
- Registration: `/opt/matrix/synapse/registration.yaml` + `/opt/matrix/synapse/doublepuppet.yaml`
|
||
- Database: `mautrix_signal` on `matrix-postgres` (role: `mautrix_signal`, minimal grants)
|
||
- Bot user: `@signalbot:echo6.co`, device: `UPX4KKLZVY`
|
||
- Permissions: `@matt:echo6.co` = admin, `echo6.co` = user
|
||
- Double puppeting: appservice-based (doublepuppet.yaml as_token)
|
||
- Encryption: E2BE enabled (allow+default+require), MSC4190, self-signed cross-signing keys
|
||
- Compose path: `/opt/matrix/docker-compose.yml`
|
||
- Backup: daily at 3AM, 14-day retention (synapse + mas + mautrix_signal databases)
|
||
- LiveSync CouchDB (port 5984, https://notes.echo6.co, Docker, JWT auth)
|
||
- LiveSync Provisioner (port 5985, https://notes.echo6.co/_provision/, Docker, Authentik forward auth)
|
||
- Compose path: `/opt/livesync/docker-compose.yml`
|
||
- Per-user ES512 key pairs, encrypted setup URIs, per-user CouchDB databases
|
||
- TAK Server (port 8446 web admin, 8443 mutual TLS API, 8089 TLS for EUDs)
|
||
- https://tak.echo6.co (Authentik forward auth on admin portal)
|
||
- Compose path: `/opt/tak-server-deploy/docker-compose.yml`
|
||
- Certs: `/opt/tak-server-deploy/tak/certs/files/`
|
||
- Container names: `tak-server-deploy-tak-1`, `tak-server-deploy-db-1`
|
||
- SIGIL console (port 8990, https://tak.echo6.co/sigil, Authentik forward auth)
|
||
- Compose path: `/opt/sigil/docker-compose.yml`
|
||
- Matrix Authentication Service (MAS) (port 8085, internal, Docker)
|
||
- Container: `matrix-mas` on `matrix-net`
|
||
- Handles login/logout/refresh/auth_metadata for Synapse
|
||
- Caddy routes: `/_matrix/client/*/login`, `/_matrix/client/*/logout`, `/_matrix/client/*/refresh`, `/_matrix/client/*/auth_metadata` → MAS (8085); `/_matrix/*` and `/_synapse/*` → Synapse (8008); default → MAS (8085)
|
||
- Compose: `/opt/matrix/docker-compose.yml` (shared with Synapse stack)
|
||
- Termix (port 8083, internal, Docker)
|
||
- Container: `termix` on `termix_default` network
|
||
- Image: `ghcr.io/lukegus/termix:latest`
|
||
- Port: 8080→8083 (bound to 0.0.0.0, NOT 127.0.0.1)
|
||
- Volume: `termix_termix-data` → `/app/data`
|
||
- No Caddy block — direct access only on port 8083
|
||
- Compose: `/opt/termix/` (inferred from Docker volume naming)
|
||
- Echo6 Contabo Agent (systemd: echo6-agent.service, matrix-nio bot, @contabo:echo6.co)
|
||
- Install path: `/opt/echo6-agent/`
|
||
- Claude Code bridge with session continuity + E2EE
|
||
- Watches #contabo:echo6.co in echo6-ops space
|
||
- CLAUDE_CWD=/root, runs as root
|
||
- mautrix-signal bridge (mautrix-signal container, port 29328 internal)
|
||
- Image: dock.mau.dev/mautrix/signal:v0.2603.0
|
||
- Config: `/opt/matrix/mautrix-signal/config.yaml`
|
||
- Compose: `/opt/matrix/docker-compose.yml` (shared with Synapse stack)
|
||
- DB: mautrix_signal on matrix-postgres
|
||
- Bot: @signalbot:echo6.co, management room !fDjIRTMjxILVQoAcEN:echo6.co
|
||
- E2BE enabled (MSC4190), double puppeting via doublepuppet.yaml
|
||
- Signal account: +12083080811 (@matt:echo6.co)
|
||
- Portals auto-create on incoming messages (no autocreate toggle available)
|
||
- Ref: `/home/zvx/projects/.ref/mautrix_signal.ref`
|
||
|
||
## Adding New Services
|
||
|
||
When deploying a new service, update this file with:
|
||
1. Service name
|
||
2. Host location (server + container if applicable)
|
||
3. IP:Port
|
||
4. Access method (internal only vs public URL)
|
||
5. Brief description
|
||
|
||
## Naming Conventions
|
||
|
||
- **Internal services:** Access via Tailscale IP (100.64.x.x) or local IP
|
||
- **Public services:** Access via `*.echo6.co` subdomain through Caddy reverse proxy
|
||
|
||
### Lidarr on Steroids (lidarr.echo6.co)
|
||
- **Container:** lidarr (youegraillot/lidarr-on-steroids:latest)
|
||
- **Host:** media VM 105 (192.168.1.160)
|
||
- **Ports:** 8686 (Lidarr), 6595 (Deemix)
|
||
- **Network:** arr-net
|
||
- **Config:** /opt/arr/lidarr/config (Lidarr), /opt/arr/lidarr/config_deemix (Deemix)
|
||
- **Compose:** /opt/arr/docker-compose.yml
|
||
- **Music root:** /mnt/arr/music (NFS from pi-nas)
|
||
- **Downloads:** /mnt/arr/downloads (shared with SABnzbd)
|
||
- **API key:** 78f026ec93a94d8eb3177816b74a57b7
|
||
- **Caddy:** lidarr.echo6.co -> 100.64.0.18:8686 (Authentik forward auth)
|
||
- **Prowlarr:** fullSync configured
|
||
- **SABnzbd:** configured (music category)
|
||
- **Deemix:** port 6595, NOT exposed via Caddy (Tailscale-only access)
|
||
- **PUID/PGID:** 1000/1000, TZ: America/Boise
|
||
|
||
### Navidrome (navidrome.echo6.co)
|
||
- **Container:** navidrome (deluan/navidrome:latest)
|
||
- **Host:** media VM 105 (192.168.1.160)
|
||
- **Port:** 4533
|
||
- **Network:** arr-net
|
||
- **Data volume:** arr_navidrome-data (named Docker volume)
|
||
- **Music volume:** /mnt/arr/music (read-only, shared with Lidarr)
|
||
- **Compose:** /opt/arr/docker-compose.yml
|
||
- **Caddy:** navidrome.echo6.co -> 100.64.0.18:4533 (Authentik forward auth)
|
||
- **User:** 1000:1000
|
||
- **Scan schedule:** every 1 hour
|
||
- **Admin setup:** First login at https://navidrome.echo6.co creates admin account
|