matt/echo6-docs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
echo6-docs/hookshot_deployment_discovery.ref
Matt Johnson e9231ac24a Migration: consolidate Echo6 docs to cortex with full infrastructure cleanup sync 
- Documents recent infrastructure cleanup (8 CTs destroyed, 35 DNS records removed, Headscale cleanup)
- Adds 24 new runbooks covering Authentik, PeerTube, Meshtastic, RECON, Proxmox, Mailcow, Internet Archive, GPU routing
- Adds project documentation for headscale, vaultwarden, peertube, matrix, mmud, advbbs, arr stack
- Updates services.md, environment.md, caddy.md, authentik.md to match live infrastructure
- Removes 4 deprecated runbook duplicates (canonical versions live in projects/)
- Adds .gitignore for binary archives and editor temp files

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 06:02:16 +00:00

107 lines
3 KiB
Text
Raw Blame History

# Hookshot Deployment Discovery
# Generated: 2026-04-09 (Phase 6.0, Question 2)
## Contabo Resource Availability
### Memory
- Total: 47 GB
- Used: 11 GB
- Available: 35 GB
- Headroom: PLENTY for hookshot (~100 MB requirement)
### Disk
- Total: 968 GB
- Used: 77 GB (8%)
- Available: 892 GB
- Headroom: PLENTY
### CPU
Current idle is ~65%. TAK Server is the biggest consumer at 22%.
Hookshot is single-threaded Node.js, minimal CPU.
Verdict: Hookshot can run on Contabo alongside existing services with no resource concerns.
## Hookshot Version
- **Latest stable:** 7.3.2 (released 2026-01-30)
- **Image:** halfshot/matrix-hookshot:7.3.2 (Docker Hub, multi-arch)
- **Pin to exact tag**, not :latest
## Port Requirements
| Purpose | Default Port | Status on Contabo |
|---------|-------------|-------------------|
| Appservice (HS→hookshot) | 9993 | AVAILABLE |
| Webhooks (inbound/outbound) | 9000 | CONFLICT — Authentik (127.0.0.1:9000) and TAK (100.64.0.1:9000) |
| Metrics (Prometheus) | 9001 | CONFLICT — TAK (100.64.0.1:9001) |
| Widgets | 9002 | AVAILABLE |
Conflicts on default ports. Resolution options:
- Use non-default ports: e.g., 9800 for webhooks, 9801 for metrics
- Since hookshot outbound webhooks talk to a LOCAL receiver, any port works
- Appservice port 9993 is fine (container-internal via matrix-net)
## Appservice Registration Flow
Same pattern as mautrix-signal. Registration file (registration.yml) goes into
Synapse's app_service_config_files list.
Registration file format:
```yaml
id: matrix-hookshot
as_token: <random>
hs_token: <random>
namespaces:
rooms: []
users:
- regex: "@_webhooks_.*:echo6\\.co"
exclusive: true
aliases: []
sender_localpart: hookshot
url: "http://matrix-hookshot:9993"
rate_limited: false
```
MAS bypass: CONFIRMED from Phase 3. Appservice tokens (as_token/hs_token) are
handled natively by Synapse, bypassing MAS entirely. Same mechanism as mautrix-signal.
## Docker Compose Snippet (NOT APPLIED)
```yaml
matrix-hookshot:
image: halfshot/matrix-hookshot:7.3.2
container_name: matrix-hookshot
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
volumes:
- ./hookshot:/data
networks:
- matrix-net
# No ports: section — internal to matrix-net only
# Appservice reachable at http://matrix-hookshot:9993 from synapse
# Webhook listener on 9800 (non-default) for internal receiver
```
No host port mapping needed. hookshot communicates with:
- Synapse via matrix-net (appservice transactions)
- A local receiver (if built) via matrix-net or localhost
## Dependencies
If encryption is enabled (relevant to Question 3):
- Redis is REQUIRED
- Could use Mailcow's existing Redis, or add a dedicated instance
- Crypto store needs persistent volume
If encryption is NOT enabled:
- No Redis needed
- Minimal config
## Resource Requirements
Per hookshot docs:
- RAM: ~100 MB baseline
- CPU: Minimal (single-threaded Node.js)
- Disk: Negligible (crypto store if E2EE, otherwise just config)
Reference in a new issue View git blame Copy permalink