# Infrastructure Master Reference

> Central index for the self-hosted stack. Each service has its own setup doc -- this file is the map.

**Home Server:** `192.168.0.178` / `100.78.69.20` (Pop!_OS, user `sze`) — personal services, Nezha dashboard, OpenClaw
**Oracle VM 1:** `129.146.218.222` / `100.82.177.59` (coolify-master, user `ubuntu`) — Coolify platform
**Oracle VM 2:** `137.131.41.18` / `100.108.123.60` (instance-20250520-1933, user `ubuntu`) — API gateway + scraping
**Monitoring:** Nezha Dashboard at `http://192.168.0.178:8008` (custom image `nezha:custom`: service cards sorted by `display_index`, optional `public_url` links — see [nezha-fork/README.md](nezha-fork/README.md))

---

## Service Map

### pop-os — Personal / Home Services

| Service | Port | Tailscale Access | Setup Doc |
|---|---|---|---|
| Nextcloud AIO | 11000/8080 | `https://pop-os.tail3fb075.ts.net` | [aio-setup.md](aio-smb/aio-setup.md) |
| Nezha Dashboard | 8008 | `https://pop-os.tail3fb075.ts.net:8443` | -- |
| SMB Shares | 445 | `smb://100.78.69.20/DriveA` | [smb-setup.md](aio-smb/smb-setup.md) |
| Caddy (reverse proxy) | 80/443 | -- | [aio-setup.md](aio-smb/aio-setup.md) |
| OpenClaw gateway + node | 18789, 18791 (localhost) | -- | -- |
| Hermes Agent (+ WA bridge) | systemd; bridge `127.0.0.1:3100` | -- | [hermes-setup.md](hermes/hermes-setup.md) |
| tg-filter | -- (no listener) | -- | -- |
| sing-box | 1089/1090 | -- | -- |
| Grok2API | 8000 | `https://pop-os.tail3fb075.ts.net:4443` | [grok2api-setup.md](grok2api/grok2api-setup.md) |
| WARP (socks5) | 1080 (localhost) | -- | -- |
| FlareSolverr | 8191 (localhost) | -- | -- |
| poeReg2api | 8100 (container-only, no host publish) | -- | -- |
| sub2api-tunnel | 8090 (localhost → instance:8090) | -- | -- |
| grok-register | 5000 | `http://100.78.69.20:5000` | [grok-register-setup.md](grok-register/grok-register-setup.md) |
| v2ray-proxy-manager | 3001 | `http://100.78.69.20:3001` | -- |

### instance-20250520-1933 — API Gateway

| Service | Port | Tailscale Access | Setup Doc |
|---|---|---|---|
| New-API | 3000 | `http://100.108.123.60:3000` | [new-api-setup.md](new-api/new-api-setup.md) |
| sub2api | 8090 | `http://100.108.123.60:8090` | -- |
| imgbed | 7658 | `http://100.108.123.60:7658` | -- |
| sing-box | 1089/1090 | -- | -- |

### coolify-master — Coolify Platform

| Service | Port | Tailscale Access |
|---|---|---|
| Coolify | 8000→8080 | `http://100.82.177.59:8000` |
| coolify-proxy (admin UI) | 80/443 | -- |
| coolify-realtime | 6001/6002 | -- |
| coolify-db (postgres) | 5432 (internal) | -- |
| coolify-redis | 6379 (internal) | -- |
| sing-box | 1089/1090 | -- |

**Deployed apps** (Coolify worker target = instance VM `137.131.41.18`):

| App | FQDN(s) | Status (2026-05-16) |
|---|---|---|
| `lung-wai/1000-saas` | `1000saas.xyz`, `www.1000saas.xyz` | exited:unhealthy |
| `lung-wai/cloud-flare-img-bed` | _none_ (runs as `imgbed-...` on instance:7658) | running:unhealthy |
| `lung-wai/githubuilder` | `githubuilder.com`, `www.githubuilder.com` | exited:unhealthy |
| `lung-wai/new-api` (Coolify) | _none_ | exited:unhealthy |
| `lung-wai/gemini-balance` | _none_ | exited:unhealthy |

### Public llab08.com subdomains (Cloudflare DNS-only → LE certs at origin)

| Subdomain | Backend VM | Reverse proxy | Notes |
|---|---|---|---|
| `https://grok2api.llab08.com` | pop-os :8000 | Caddy on pop-os | Container rebound to `127.0.0.1:8000`; ufw + DOCKER-USER chain block direct hits |
| `https://newapi.llab08.com` | instance → `new-api:3000` | Traefik (coolify-proxy) | Container attached to `coolify` docker network |
| `https://sub2api.llab08.com` | instance → `sub2api:8080` | Traefik (coolify-proxy) | Container attached to `coolify` docker network |
| `https://imgbed.llab08.com` | instance → `imgbed-*:8080` | Traefik (coolify-proxy) | Coolify-managed; also attached to `coolify` net |
| `https://coolify.llab08.com` | coolify-master → `coolify:8080` | Traefik (coolify-proxy) | Coexists with existing `coolify.sw128lab.xyz` route |

Traefik dynamic config files (file provider, hot-reload):
- `/data/coolify/proxy/dynamic/cursor-pg-routes.yml` on both OCI VMs

### External Services

| Service | Host | URL | Setup Doc |
|---|---|---|---|
| Tempmail Frontend | Netlify | `https://snazzy-pudding-4451c6.netlify.app/` | [tempmail-setup.md](tempmail/tempmail-setup.md) |
| SGS Monitor | Netlify | `https://sgs-monitor.netlify.app/` | [sgs-monitor.md](knowledge/sgs-monitor/sgs-monitor.md) |
| Tempmail API | Cloudflare | _TBD_ | [tempmail-setup.md](tempmail/tempmail-setup.md) |
| GLM Free API Neo | Cloudflare | `https://glm-free-api-neo.leichen7272.workers.dev` | [cf-worker-neo-setup.md](cf-worker-neo/cf-worker-neo-setup.md) |

## Port Map

### pop-os (`192.168.0.178`)

| Port | Service | Scope |
|---|---|---|
| 22 | SSH | public |
| 80/443 | Caddy reverse proxy | public |
| 139, 445 | Samba/SMB | public |
| 1080 | WARP (socks5) | localhost |
| 1089/1090 | sing-box | public |
| 3001 | v2ray-proxy-manager | public |
| 5000 | grok-register web UI | public |
| 8000 | Grok2API | public |
| 8008 | Nezha dashboard | public |
| 8080 | Nextcloud AIO master | public |
| 8090 | sub2api-tunnel (→ instance:8090) | localhost |
| 8191 | FlareSolverr | localhost |
| 11000 | Nextcloud Apache | public |
| 18789 | openclaw-gateway | localhost |
| 18791 | openclaw-node | localhost |
| 3100 | Hermes WhatsApp bridge | localhost |

### instance-20250520-1933 (`137.131.41.18`)

| Port | Service | Scope |
|---|---|---|
| 22 | SSH | public |
| 80/443 | coolify-proxy | public |
| 1089/1090 | sing-box | public |
| 3000 | New-API | public |
| 7658 | imgbed | public |
| 8090 | sub2api | public |

### coolify-master (`129.146.218.222`)

| Port | Service | Scope |
|---|---|---|
| 22 | SSH | public |
| 80/443 | coolify-proxy | public |
| 1089/1090 | sing-box | public |
| 8000 | Coolify (→8080) | public |

### Caddy HTTPS Ports on pop-os (Tailscale only)

| HTTPS Port | Backend | Service |
|---|---|---|
| 443 | localhost:11000 | Nextcloud |
| 3443 | 100.108.123.60:3000 | New-API (Oracle) |
| 4443 | localhost:8000 | Grok2API |
| 8443 | localhost:8008 | Nezha Dashboard |

---

## Nezha Monitoring

Dashboard: `http://192.168.0.178:8008` ([nezha-setup.md](nezha/nezha-setup.md))

### Active Monitors

| ID | Monitor | Type | Target | Interval | VM |
|---|---|---|---|---|---|
| 8 | Nextcloud AIO | HTTP GET | `http://127.0.0.1:11000` | 60s | pop-os |
| 9 | New-API | HTTP GET | `http://100.108.123.60:3000` | 60s | instance |
| 10 | SMB Service | TCPing | `127.0.0.1:445` | 120s | pop-os |
| 11 | Tempmail Frontend | HTTP GET | `https://snazzy-pudding-4451c6.netlify.app/` | 120s | External |
| 14 | Grok2API | HTTP GET | `http://127.0.0.1:8000` | 60s | pop-os |
| 18 | sub2api | HTTP GET | `http://100.108.123.60:8090` | 60s | instance |
| 19 | imgbed | HTTP GET | `http://100.108.123.60:7658` | 60s | instance |
| 20 | Coolify | HTTP GET | `http://100.82.177.59:8000` | 120s | coolify-master |

### Nezha Agents

| VM | Agent Location | Config | Status |
|---|---|---|---|
| pop-os | `/home/sze/nezha/agent/` | `server: 192.168.0.178:8008` | process |
| coolify-master | `/opt/nezha-agent/` | `server: 100.78.69.20:8008` | systemd |
| instance-20250520-1933 | `/opt/nezha-agent/` | `server: 100.78.69.20:8008` | systemd |

Service cards use **`public_url`** (Tailscale or public URL) for clickable titles where configured; **`target`** remains the health-check endpoint. Set both via `PATCH /api/v1/service/{id}` (see [nezha-setup.md](nezha/nezha-setup.md)).

### Adding a Monitor via API

```bash
TOKEN=$(curl -s -X POST http://localhost:8008/api/v1/login \
  -H 'Content-Type: application/json' \
  -d '{"username":"admin","password":"admin123"}' \
  | python3 -c 'import sys,json; print(json.load(sys.stdin)["data"]["token"])')

curl -s -X POST http://localhost:8008/api/v1/service \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"name":"<name>","type":1,"target":"<url>","duration":60,"cover":0,"enable_show_in_service":true,"skip_servers":{},"fail_trigger_tasks":[],"recover_trigger_tasks":[]}'
```

Type values: `1` = HTTP GET, `2` = ICMP Ping, `3` = TCP Ping.

---

## Scheduled Jobs

### OpenClaw cron (managed via `openclaw cron <list|run|disable>`)

| Job | Schedule | Delivery | Description |
|---|---|---|---|
| `morning-digest` | `0 9 * * *` (daily 9 AM HKT) | WhatsApp → +85259369670 | Concise news digest: world/US, tech & AI, markets |
| `morning-digest-g1` | `0 9 * * *` (daily 9 AM HKT) | WhatsApp → group `...93876@g.us` | Same digest to group 1 |
| `morning-digest-g2` | `0 9 * * *` (daily 9 AM HKT) | WhatsApp → group `...53206@g.us` | Same digest to group 2 |
| `linuxdo-digest` | `0 10 * * *` (daily 10 AM HKT) | WhatsApp → +85259369670 | linux.do forum daily digest (Tier 1: curl API, agent: linuxdo 🦉) |

### User crontab on pop-os (`crontab -l` as `sze`)

All weekdays only (`* * 1-5`), times in UTC. Script: `~/.openclaw/agents/fundamental-analysis/workspace/skills/update-reports/scripts/update_reports.sh`. Log: `~/.openclaw/agents/fundamental-analysis/workspace/reports/cron.log`.

| Schedule (UTC) | HKT | Args | US data-release window |
|---|---|---|---|
| `35 12 * * 1-5` | 20:35 | `--wa-send` | 08:35 ET — NFP, CPI, PPI, GDP, Retail Sales, Jobless Claims |
| `5 14 * * 1-5` | 22:05 | `--wa-send` | 10:05 ET — ISM PMI, JOLTS, Consumer Confidence |
| `5 18 * * 1-5` | 02:05 (+1d) | `--wa-send` | 14:05 ET — FOMC statement/minutes (on meeting days) |
| `10 20 * * 1-5` | 04:10 (+1d) | _(none)_ | 16:10 ET — daily market close recap |

---

## Tailscale Devices

| Device | Tailscale IP | Public IP | OS |
|---|---|---|---|
| pop-os (server) | 100.78.69.20 | 192.168.0.178 (LAN) | Linux |
| coolify-master | 100.82.177.59 | 129.146.218.222 | Linux (aarch64) |
| instance-20250520-1933 | 100.108.123.60 | 137.131.41.18 | Linux (aarch64) |
| szes-macbook-pro | 100.78.115.109 | -- | macOS |
| iphone182 | 100.101.165.57 | -- | iOS |

**Reusable auth key:** stored on pop-os at `~/.tailscale/authkey` (for adding future VMs: `sudo tailscale up --authkey $(cat ~/.tailscale/authkey)`)

---

## All Documents

| Document | Contents |
|---|---|
| [aio-setup.md](aio-smb/aio-setup.md) | Nextcloud AIO over Tailscale: deploy, Caddy, certs, reset |
| [smb-setup.md](aio-smb/smb-setup.md) | SMB drive sharing: fstab, Samba config, client access |
| [nezha-setup.md](nezha/nezha-setup.md) | Nezha v2: dashboard, agent, service monitors, API, custom image |
| [nezha-fork/README.md](nezha-fork/README.md) | Patched Nezha + nezha-dash-v2; Docker build (`nezha:custom`) |
| [new-api-setup.md](new-api/new-api-setup.md) | New-API: deploy, update, Caddy HTTPS |
| [new-api-vm-credentials.md](new-api/new-api-vm-credentials.md) | New-API login credentials |
| [cliproxy-setup.md](cliproxy/cliproxy-setup.md) | CLIProxyAPI: **decommissioned** |
| [grok2api-setup.md](grok2api/grok2api-setup.md) | Grok2API: deploy, config, Caddy HTTPS |
| [tempmail-setup.md](tempmail/tempmail-setup.md) | Tempmail / DuckMail: Netlify frontend, Cloudflare backend |
| [headless-setup.md](pop-os/headless-setup.md) | Pop!_OS headless conversion: disable GUI + sleep |
| [envctl README](envctl/README.md) | Central env & MCP config manager |
| [hermes-setup.md](hermes/hermes-setup.md) | Hermes Agent: deploy, model config, coexistence with OpenClaw |
| [cf-worker-neo-setup.md](cf-worker-neo/cf-worker-neo-setup.md) | GLM Free API Neo: Cloudflare Worker, deploy, API endpoints, credentials |