matt/echo6-docs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
echo6-docs/docs/services/services.md
echo6-autocommit abb0bd0b7c auto: docs sync 2026-04-13T12:00:05+00:00 
Files changed: docs/services/services.md reports/logistics_migration.md reports/post_validation_report.md reports/task_a_aurora_validation.md reports/task_c_watchdog_test.md
2026-04-13 12:00:05 +00:00

21 KiB
Raw Blame History

Current Services Inventory

Active Services

Service Location IP:Port Access Notes
MeshMonitor utility (CT 100) 192.168.1.100:8080 https://mesh.echo6.co Meshtastic mesh monitoring (zvx-echo6/meshmonitor fork, multi-channel AutoAnnounce/AutoResponder)
Utility Caddy utility (CT 101) 192.168.1.101 / 100.64.0.8 199.6.36.163 (ports 80/443) Reverse proxy for home services
Echo6 Search (SearXNG) utility (CT 102) 192.168.1.102:8080 https://echo6.co Branded search homepage (Docker, custom theme)
meshtasticd (AIDA-N2) aida-nebra 192.168.1.253:4403 Internal AIDA-N2(RPT,LLM) node !27780c47, Nebra 2W hat (ZebraHat), CLIENT_BASE role, fw 2.7.19. MeshAI (CT 108) connects via TCP localhost:4403
Meshtastic CLI mt-isr 192.168.1.141 Internal Station G2 WiFi bridge + TCP management
meshtasticd mt-burleybutte 192.168.1.185:4403 Internal Software Meshtastic node (Nebra 2W hat)
IdahoMesh Headscale utility (CT 106) 192.168.1.106:8080 https://vpn.idahomesh.com Meshtastic mesh VPN coordination
mesh-bridge utility (CT 107) 192.168.1.107 Internal Dual-tailscaled bridge (echo6 ↔ idahomesh)
MeshAI utility (CT 108) 192.168.1.144:4403 Internal LLM-powered Meshtastic assistant (Docker, Gemini Flash, Google grounding)
Authentik Contabo 5.189.158.149:9000 https://auth.echo6.co SSO provider (Echo6 branded, custom CSS, dark theme)
Forge Contabo 5.189.158.149 https://forge.echo6.co Git server
Headscale Contabo 5.189.158.149 https://vpn.echo6.co Tailscale coordination (OIDC enabled)
Headplane Contabo 127.0.0.1:3100 https://vpn.echo6.co/admin Headscale web UI (OIDC via Authentik)
Mailcow Contabo 5.189.158.149 https://mail.echo6.co Email server
Vaultwarden Contabo 127.0.0.1:8086 https://vault.echo6.co Password manager (SSO enabled)
Syncthing Contabo 100.64.0.1:22000 Internal (Tailscale) File sync — ~/.claude/, ~/projects/
Syncthing cortex 100.64.0.14:22000 Internal (Tailscale) File sync — ~/.claude/, ~/projects/
Proxmox VE data node 192.168.1.240:8006 https://proxmox.echo6.co Cluster web UI (via Caddy+Tailscale)
Immich cloud (CT 120) 192.168.1.182:2283 https://immich.echo6.co Photo management (Docker, NFS storage on pi-nas)
Nextcloud cloud (CT 121) 192.168.1.183:11000 https://nextcloud.echo6.co Cloud storage (AIO Docker, NFS on pi-nas, SSO)
Jellyfin media (VM 105) 192.168.1.160:8096 https://jellyfin.echo6.co Media server (Docker, NFS on pi-nas, SSO)
Jellyseer media (VM 105) 192.168.1.160:5055 https://requests.echo6.co Media request management (Docker, SSO)
Sonarr media (VM 105) 192.168.1.160:8989 Internal TV automation (Docker)
Radarr media (VM 105) 192.168.1.160:7878 Internal Movie automation (Docker)
Prowlarr media (VM 105) 192.168.1.160:9696 Internal Indexer manager (Docker)
SABnzbd media (VM 105) 192.168.1.160:8080 Internal Usenet download client (Docker)
PeerTube media (CT 110) 192.168.1.170:9000 https://stream.echo6.co Video streaming (native, NFS on pi-nas, SSO)
WATCHTOWER Contabo 127.0.0.1:8099 https://wt.echo6.co Ops dashboard (Docker, Authentik forward auth)
Open WebUI cortex (VM 150) 192.168.1.150:8080 https://ai.echo6.co AI chat interface (Docker, Ollama backend, SSO)
Qdrant cortex (VM 150) 192.168.1.150:6333 Internal Vector database (Docker, RECON knowledge store)
TEI cortex (VM 150) 192.168.1.150:8090 Internal Text embeddings (Docker, bge-m3 1024-dim)
RECON data (CT 130) 192.168.1.130:8420 https://recon.echo6.co Knowledge extraction pipeline (systemd, dashboard+API)
Files data (CT 130) 192.168.1.130:8888 https://files.echo6.co PDF library (nginx, Authentik forward auth)
Matrix Synapse Contabo 127.0.0.1:8008 https://matrix.echo6.co Matrix homeserver (Docker, SSO)
Element Web Contabo 127.0.0.1:8088 https://element.echo6.co Matrix web client (Docker)
mautrix-signal Contabo internal (29328) DM @signalbot:echo6.co Signal bridge (Docker, E2BE, MSC4190, double puppeting)
LiveSync Contabo 127.0.0.1:5984 https://notes.echo6.co Obsidian sync (CouchDB + provisioner, Docker, JWT auth)
TAK Server Contabo 100.64.0.1:8446/8443/8089 https://tak.echo6.co TAK Server (Docker, Authentik forward auth on admin portal)
SIGIL Contabo 100.64.0.1:8990 https://tak.echo6.co/sigil TAK management console (Docker, Authentik forward auth)
Echo6 Cortex Agent cortex (VM 150) N/A (Matrix bot) #cortex:echo6.co in echo6-ops space Claude Code bridge — @cortex:echo6.co, session continuity, E2EE (systemd)
Echo6 Contabo Agent Contabo N/A (Matrix bot) #contabo:echo6.co in echo6-ops space Claude Code bridge — @contabo:echo6.co, session continuity, E2EE (systemd)
mautrix-signal Contabo 29328 (internal) Internal (matrix-net) Signal bridge — @signalbot:echo6.co, E2BE, MSC4190, auto-portals
Matrix MAS Contabo 127.0.0.1:8085 Internal (via Caddy) Matrix Authentication Service (Docker, handles login/logout/OIDC for Synapse)
Termix Contabo 0.0.0.0:8083 Internal (no Caddy block) Terminal sharing tool (Docker, ghcr.io/lukegus/termix:latest)
Archivist utility (CT 118) 192.168.1.118 Internal Signal/Matrix room archive bot (systemd) — see archivist.ref for details
pt-transcoder cortex (VM 150) N/A Internal PeerTube H.265 NVENC transcoder (systemd, /opt/bulk-import/transcoder.py)
recon-sparse cortex (VM 150) 192.168.1.150:8091 Internal RECON sparse embedding service (systemd, bge-m3 model, port 8091)
Samba cortex (VM 150) 192.168.1.150:445 Internal SMB file sharing — //cortex/projects → /home/zvx/projects (guest access)

Services by Server

toc - Proxmox Host (192.168.1.244 / Tailscale: 100.64.0.13)

  • Proxmox VE node (echo6-cluster)
  • GPU passthrough host for cortex VM
  • No direct services — workloads run on cortex VM

cortex - VM 150 on toc (192.168.1.150 / Tailscale: 100.64.0.14)

  • GPU compute VM (RTX A4000)
  • Claude Code host
  • Syncthing (syncs with Contabo)
  • Open WebUI (port 8080, https://ai.echo6.co, Docker, SSO via Authentik, Echo6 theme)
    • Compose path: /opt/open-webui/docker-compose.yml
    • Echo6 theme: togglable via "E6" button (bottom-right), persisted in localStorage
    • Theme files bind-mounted from /home/zvx/echo6-theme/ into container
    • DEFAULT_USER_ROLE=user (new signups auto-activated, not pending)
  • Ollama (port 11434, internal, Docker with GPU)
  • Qdrant (port 6333, internal, Docker — vector DB for RECON)
  • TEI (port 8090, internal, Docker — bge-m3 embeddings for RECON)
  • PeerTube remote runner (peertube-runner service, Whisper auto-captioning via smart GPU/CPU wrapper, concurrency=2, MemoryMax=20G)
  • pt-transcoder (systemd: pt-transcoder.service, PeerTube H.265 NVENC transcoder)
    • Script: /opt/bulk-import/transcoder.py
    • MemoryMax=12G, Restart=always, RestartSec=60
    • Depends on: nvidia-persistenced.service
  • recon-sparse (systemd: recon-sparse.service, RECON sparse embedding service)
    • Script: /opt/recon-sparse/sparse_embed_service.py --port 8091
    • Model: BAAI/bge-m3 (HuggingFace cache)
    • Restart=on-failure, RestartSec=10
  • Samba (smbd/nmbd, system packages)
    • Share: //cortex/projects/home/zvx/projects (browseable, read-write, guest OK, force user/group zvx)
    • Workgroup: WORKGROUP, standalone server
  • Echo6 Cortex Agent (systemd: echo6-agent.service, matrix-nio bot, @cortex:echo6.co)
    • Install path: /opt/echo6-agent/
    • Matrix space: echo6-ops, room: #cortex:echo6.co (E2EE, private)
    • Session continuity via claude -p --resume, persistent per-room sessions
    • !new resets conversation session
    • Allowed users: @matt:echo6.co
    • MAS user ID: 01KKX88ARGK0BTA1JMB2QVAW4C

utility - CT 100 (192.168.1.100 / Tailscale: 100.64.0.7)

  • MeshMonitor (port 8080, https://mesh.echo6.co)
  • Image: meshmonitor:multichannel-new (local build from zvx-echo6/meshmonitor fork, branch feature/multi-channel-automation)
  • Fork of Yeraze/meshmonitor with multi-channel AutoAnnounce and AutoResponder support (PR #2078 open upstream)

utility - CT 101 (192.168.1.101 / Tailscale: 100.64.0.8)

  • Utility Caddy (reverse proxy for VPN-only services)

utility - CT 102 (192.168.1.102 / Tailscale: 100.64.0.15)

  • Echo6 Search — branded SearXNG homepage (port 8080, https://echo6.co)
  • Custom cyberpunk theme: JetBrains Mono font, cyan/yellow palette, dark backgrounds
  • Homepage: centered Echo6 logo + pill search bar (Google-style, viewport-locked no-scroll)
  • Results page: full-width two-column grid (results + sidebar), stretched search header
  • Top nav bar: .//photos, .//mail, waffle app launcher (11 services), login avatar
  • All nav links use Authentik launch URLs for seamless SSO pass-through
  • search.echo6.co permanently redirects to echo6.co (301)
  • Redis/Valkey cache (valkey container)
  • Compose path: /opt/searxng/docker-compose.yml
  • Theme files: /opt/searxng/custom/ (bind-mounted into container)
    • templates/simple/base.html — custom template (nav, CSS, waffle menu, footer)
    • templates/simple/index.html — custom homepage (Echo6 logo replaces SearXNG title)
    • img/echo6-logo.png — Echo6 logo (replaces SearXNG logo)
    • img/favicon.png — Echo6 favicon
  • Config: /opt/searxng/searxng-config/settings.yml (instance_name: "Echo6", dark theme, center_alignment: false)
  • SearXNG version: 2026.2.6 (Docker image: searxng/searxng:latest)

utility - CT 103 (192.168.1.103 / Tailscale: 100.64.0.31)

  • Meshtastic sim node (advbbs)

utility - CT 108 (192.168.1.144 / Tailscale: 100.64.0.32)

  • MeshAI — LLM-powered Meshtastic mesh assistant (Docker)
  • Bot name: AIDA, node ID !27780c47, channel 8 whitelist
  • Image: ghcr.io/zvx-echo6/meshai:latest (GitHub Actions multi-arch build)
  • Backend: Gemini 2.5 Flash with Google Search grounding
  • Connects to meshtasticd on aida-nebra (192.168.1.253:4403) — the AIDA-N2 node !27780c47
  • Config TUI on port 7682 (meshai --config)
  • Commands: !help, !ping, !status, !weather, !reset, !clear
  • 7-day rolling conversation memory (SQLite), full history sent to LLM
  • Response: 175 char chunks × 3 messages max
  • Compose path: /home/zvx/meshai/docker-compose.yml

utility - CT 118 (192.168.1.118)

  • Signal/Matrix room archive bot (archivist.service via systemd)
  • 1 core, 1GB RAM, 8GB disk
  • Not registered in Headscale (no Tailscale)
  • Source: forge.echo6.co/matt/matrix-archivist (private)
  • See /home/zvx/projects/.ref/archivist.ref for implementation details

cloud - CT 120 (192.168.1.182 / Tailscale: 100.64.0.2)

  • Immich photo management (https://immich.echo6.co)
  • Port 2283
  • NFS storage from pi-nas (/mnt/immich)
  • Compose path: /opt/immich/docker-compose.yml

cloud - CT 121 (192.168.1.183 / Tailscale: 100.64.0.11)

  • Nextcloud AIO (https://nextcloud.echo6.co)
  • Apache port 11000, AIO management on 8080
  • NFS storage from pi-nas (/mnt/nextcloud)
  • SSO via Authentik OIDC

media - VM 105 (192.168.1.160 / Tailscale: 100.64.0.18)

  • ARR media automation stack (Docker)
  • Jellyfin media server (port 8096, https://jellyfin.echo6.co)
  • Jellyseer request management (port 5055, https://requests.echo6.co)
  • Sonarr TV automation (port 8989, internal)
  • Radarr movie automation (port 7878, internal)
  • Prowlarr indexer manager (port 9696, internal)
  • SABnzbd Usenet downloader (port 8080, internal)
  • NFS storage from pi-nas (/mnt/arr)
  • Config dirs: /opt/arr/{jellyfin,jellyseer,sonarr,radarr,prowlarr,sabnzbd}

media - CT 110 (192.168.1.170 / Tailscale: 100.64.0.23)

  • PeerTube video streaming (https://stream.echo6.co)
  • Native install (Node.js 22, PostgreSQL 16, Redis, nginx)
  • Port 9000 (PeerTube), proxied via nginx on port 80
  • NFS storage from pi-nas (/var/www/peertube/storage, /export/peertube)
  • SSO via Authentik OIDC (peertube-plugin-auth-openid-connect)
  • Privileged container (NFS bind-mount)
  • Auto-transcription enabled (remote runners on cortex, Whisper medium model)
  • PeerTube Bulk Import Pipeline:
    • pt-downloader.service — YouTube channel downloader (yt-dlp, sliding window, cookie auth)
    • pt-importer.service — Uploads downloaded videos to PeerTube via resumable upload API
    • NordVPN (nordvpnd.service) — IP rotation for downloads
    • Config: /opt/bulk-import/config/ (channel-map.json, cookies.txt, downloader-state.json)
    • Logs: /opt/bulk-import/logs/
    • Pipeline dirs: /var/www/peertube/storage/pipeline/{staging,completed,transcoded,failed}

data - CT 130 (192.168.1.130 / Tailscale: 100.64.0.24)

  • RECON knowledge extraction pipeline
  • systemd service: recon.service
  • Dashboard + API on port 8420 (internal)
  • nginx file server on port 8888 (files.echo6.co)
  • Install: /opt/recon/ (Python 3, Flask, venv)
  • NFS mount: pi-nas:/export/library → /mnt/library (PDF source)
  • Pipeline: Extract (PyPDF2→pdftotext→Tesseract→Gemini Vision) → Enrich (Gemini) → Embed (TEI/Qdrant)
  • DB: SQLite (status), Qdrant on cortex:6333 (vectors)
  • Backups: rsync to Contabo every 6hrs (concepts, text, DB, config)
  • Config: /opt/recon/config.yaml, keys in /opt/recon/.env
  • Docs: /opt/recon/PROJECT-BIBLE.md

utility - CT 106 (192.168.1.106)

  • IdahoMesh Headscale (https://vpn.idahomesh.com)
  • Container name: meshtastic-hs
  • Manages meshtastic mesh VPN (separate from echo6 Headscale on Contabo)
  • Users: malice, sidpatchy, nebra

utility - CT 107 (192.168.1.107)

  • mesh-bridge — dual tailscaled instance
  • Bridges echo6 (100.64.0.0/10) ↔ idahomesh (100.100.0.0/16) networks
  • NAT masquerade + subnet route advertisement
  • Echo6 clients need --accept-routes to reach idahomesh devices
  • iptables FORWARD rules must be BEFORE ts-forward jump (Tailscale drops cross-tailnet packets otherwise)
  • Echo6 socket: /run/tailscale/tailscaled.sock (port 41641)
  • IdahoMesh socket: /var/run/tailscale-meshtastic/tailscaled.sock (port 41642, tun=tailscale1)
  • Rules persisted: /etc/iptables/rules.v4 via iptables-restore.service

pi-nas (192.168.1.245 / Tailscale: 100.64.0.21)

  • OpenMediaVault NAS (https://nas.echo6.co)
  • Port 80 (HTTP)
  • Internet Archive CLI (ia v5.7.2) installed for archive.org uploads

aida-nebra (192.168.1.253 / Tailscale: 100.64.0.9)

  • AIDA-N2(RPT,LLM) — meshtasticd node !27780c47 (short name: AIDA)
  • Hardware: Nebra 2W SX1262 hat (ZebraHat config in /etc/meshtasticd/config.d/)
  • Port: 4403 (default), firmware 2.7.19 (PORTDUINO/native)
  • Role: CLIENT_BASE, position: 42.574, -114.607 (manual)
  • MAC source: eth0 (derived MAC 00:bd:27:78:0c:47)
  • MeshAI bot (CT 108) connects to this node via TCP localhost:4403 (Docker network)
  • Service: meshtasticd.service (single instance, runs as user meshtastic)
  • Config: /etc/meshtasticd/config.yaml + /etc/meshtasticd/config.d/ZebraHat_2W.yaml
  • User: zvx, password auth (sshpass -p '7redditGold' ssh zvx@aida-nebra)

mt-isr (192.168.1.141 / IdahoMesh: 100.100.0.5)

  • Raspberry Pi Zero 2 W, Debian 13 (trixie), Waveshare ETH/USB HUB HAT
  • No meshtasticd (G2 managed via WiFi TCP, not local daemon)
  • Meshtastic Python CLI v2.7.7 in venv (/home/isr/meshtastic-cli/)
  • Tailscale on IdahoMesh tailnet (vpn.idahomesh.com, nebra user)
  • WiFi hotspot: ISR-MESH (192.168.4.0/24, PMF disabled for ESP32 compatibility)
  • Station G2 radio connected via WiFi at 192.168.4.241, managed via TCP
  • G2 config: Freq51 (ch0, psk=1A==) + MediumFast (ch1), MEDIUM_FAST preset, ch=51, txPower=11
  • G2 gold config backup: isr@192.168.1.141:~/backups/g2-gold-config.yaml
  • DNS bootstrap drop-in for tailscaled (reboot-safe)
  • User: isr, password auth (see credentials)

mt-burleybutte (192.168.1.185)

  • meshtasticd (software Meshtastic node, Nebra 2W hat)
  • Raspberry Pi OS, user bb
  • Static MAC: A7:A1:30:79:BB:BB
  • Tailscale registered on IdahoMesh Headscale (vpn.idahomesh.com) under malice user

Contabo VPS (5.189.158.149 / Tailscale: 100.64.0.1)

  • Authentik (SSO, Echo6 branded — custom CSS, dark theme, logo, favicon, flow titles)
  • Forge (Git)
  • Headscale (mesh VPN)
  • Mailcow (email)
  • Vaultwarden (passwords)
  • Syncthing (syncs with cortex)
  • WATCHTOWER (ops dashboard, port 8099, https://wt.echo6.co)
  • Matrix Synapse homeserver (port 8008, https://matrix.echo6.co, Docker, SSO via Authentik)
  • Element Web client (port 8088, https://element.echo6.co, Docker)
  • mautrix-signal bridge (port 29328 internal, Docker, E2BE with MSC4190)
    • Image: dock.mau.dev/mautrix/signal:v0.2603.0
    • Container: mautrix-signal on matrix-net
    • Config: /opt/matrix/mautrix-signal/config.yaml
    • Registration: /opt/matrix/synapse/registration.yaml + /opt/matrix/synapse/doublepuppet.yaml
    • Database: mautrix_signal on matrix-postgres (role: mautrix_signal, minimal grants)
    • Bot user: @signalbot:echo6.co, device: UPX4KKLZVY
    • Permissions: @matt:echo6.co = admin, echo6.co = user
    • Double puppeting: appservice-based (doublepuppet.yaml as_token)
    • Encryption: E2BE enabled (allow+default+require), MSC4190, self-signed cross-signing keys
  • Compose path: /opt/matrix/docker-compose.yml
  • Backup: daily at 3AM, 14-day retention (synapse + mas + mautrix_signal databases)
  • LiveSync CouchDB (port 5984, https://notes.echo6.co, Docker, JWT auth)
  • LiveSync Provisioner (port 5985, https://notes.echo6.co/_provision/, Docker, Authentik forward auth)
  • Compose path: /opt/livesync/docker-compose.yml
  • Per-user ES512 key pairs, encrypted setup URIs, per-user CouchDB databases
  • TAK Server (port 8446 web admin, 8443 mutual TLS API, 8089 TLS for EUDs)
    • https://tak.echo6.co (Authentik forward auth on admin portal)
    • Compose path: /opt/tak-server-deploy/docker-compose.yml
    • Certs: /opt/tak-server-deploy/tak/certs/files/
    • Container names: tak-server-deploy-tak-1, tak-server-deploy-db-1
  • SIGIL console (port 8990, https://tak.echo6.co/sigil, Authentik forward auth)
    • Compose path: /opt/sigil/docker-compose.yml
  • Matrix Authentication Service (MAS) (port 8085, internal, Docker)
    • Container: matrix-mas on matrix-net
    • Handles login/logout/refresh/auth_metadata for Synapse
    • Caddy routes: /_matrix/client/*/login, /_matrix/client/*/logout, /_matrix/client/*/refresh, /_matrix/client/*/auth_metadata → MAS (8085); /_matrix/* and /_synapse/* → Synapse (8008); default → MAS (8085)
    • Compose: /opt/matrix/docker-compose.yml (shared with Synapse stack)
  • Termix (port 8083, internal, Docker)
    • Container: termix on termix_default network
    • Image: ghcr.io/lukegus/termix:latest
    • Port: 8080→8083 (bound to 0.0.0.0, NOT 127.0.0.1)
    • Volume: termix_termix-data/app/data
    • No Caddy block — direct access only on port 8083
    • Compose: /opt/termix/ (inferred from Docker volume naming)
  • Echo6 Contabo Agent (systemd: echo6-agent.service, matrix-nio bot, @contabo:echo6.co)
    • Install path: /opt/echo6-agent/
    • Claude Code bridge with session continuity + E2EE
    • Watches #contabo:echo6.co in echo6-ops space
    • CLAUDE_CWD=/root, runs as root
  • mautrix-signal bridge (mautrix-signal container, port 29328 internal)
    • Image: dock.mau.dev/mautrix/signal:v0.2603.0
    • Config: /opt/matrix/mautrix-signal/config.yaml
    • Compose: /opt/matrix/docker-compose.yml (shared with Synapse stack)
    • DB: mautrix_signal on matrix-postgres
    • Bot: @signalbot:echo6.co, management room !fDjIRTMjxILVQoAcEN:echo6.co
    • E2BE enabled (MSC4190), double puppeting via doublepuppet.yaml
    • Signal account: +12083080811 (@matt:echo6.co)
    • Portals auto-create on incoming messages (no autocreate toggle available)
    • Ref: /home/zvx/projects/.ref/mautrix_signal.ref

Adding New Services

When deploying a new service, update this file with:

  1. Service name
  2. Host location (server + container if applicable)
  3. IP:Port
  4. Access method (internal only vs public URL)
  5. Brief description

Naming Conventions

  • Internal services: Access via Tailscale IP (100.64.x.x) or local IP
  • Public services: Access via *.echo6.co subdomain through Caddy reverse proxy

Lidarr on Steroids (lidarr.echo6.co)

  • Container: lidarr (youegraillot/lidarr-on-steroids:latest)
  • Host: media VM 105 (192.168.1.160)
  • Ports: 8686 (Lidarr), 6595 (Deemix)
  • Network: arr-net
  • Config: /opt/arr/lidarr/config (Lidarr), /opt/arr/lidarr/config_deemix (Deemix)
  • Compose: /opt/arr/docker-compose.yml
  • Music root: /mnt/arr/music (NFS from pi-nas)
  • Downloads: /mnt/arr/downloads (shared with SABnzbd)
  • API key: 78f026ec93a94d8eb3177816b74a57b7
  • Caddy: lidarr.echo6.co -> 100.64.0.18:8686 (Authentik forward auth)
  • Prowlarr: fullSync configured
  • SABnzbd: configured (music category)
  • Deemix: port 6595, NOT exposed via Caddy (Tailscale-only access)
  • PUID/PGID: 1000/1000, TZ: America/Boise

Navidrome (navidrome.echo6.co)

  • Container: navidrome (deluan/navidrome:latest)
  • Host: media VM 105 (192.168.1.160)
  • Port: 4533
  • Network: arr-net
  • Data volume: arr_navidrome-data (named Docker volume)
  • Music volume: /mnt/arr/music (read-only, shared with Lidarr)
  • Compose: /opt/arr/docker-compose.yml
  • Caddy: navidrome.echo6.co -> 100.64.0.18:4533 (Authentik forward auth)
  • User: 1000:1000
  • Scan schedule: every 1 hour
  • Admin setup: First login at https://navidrome.echo6.co creates admin account