consaul.cloud — Network Diagram

Generated 2026-05-16 · ← env.consaul.cloud

🌐 INTERNET ☁ CLOUDFLARE consaul.cloud · Authoritative DNS · Strict SSL · Rate Limit 30/10s HETZNER CLOUD VM 89.167.54.62 Ubuntu 24.04 · ARM64 · 16 vCPU · 30 GB RAM Caddy 2 · :80 / :443 · auto-HTTPS PUBLIC ROUTES auth · status · n8n · grafana · docs · games · file · ssh vault · reapi · vip · immich · shop · minio · optimushq opencode · gru · voice · env · flowise · dahlia · claw-api obsidian · gimp · gfn · catgen · fabric [tinyauth TOTP on marked services] TAILNET-ONLY ROUTES dash · portainer · torrent · sync · loki AdGuard DNS 100.120.44.115:53 → split-horizon INFRASTRUCTURE Prometheus · Alertmanager · Blackbox · Promtail cAdvisor · Node Exporter · coTURN · Watchtower TS: 100.120.44.115 HOSTINGER VPS 187.124.88.49 Debian · x86_64 Traefik 2 · :80 / :443 · Let's Encrypt OpenCLAW openclaw.consaul.cloud Telegram · WhatsApp · WS 30min heartbeat watchdog UAP uap.consaul.cloud R Shiny · port 3838 UFO/UAP data app MONITORING AGENTS Promtail → Hetzner Loki cAdvisor · Node Exporter (scraped via Tailscale) Portainer Agent TS: 100.102.128.60 TAILSCALE tailnet: consaul 100.120.44.115 (Hetzner) 100.102.128.60 (Hostinger) WireGuard mesh · Option A ACL HETZNER STORAGE BOX u563812.your-storagebox.de rsync · SSH port 23 · 7-day retention TELEGRAM OpenCLAW bot Security alerts · daily briefing MICROSOFT 365 Graph API · email relay d1g1talAssistant@consaul.cloud VAULTWARDEN vault.consaul.cloud Single source of truth · secrets EXTERNAL APIs RapidAPI · OpenRouter Anthropic · OpenAI · Gemini

Service Reference

Hetzner Cloud VM

89.167.54.62 · TS: 100.120.44.115 · Ubuntu 24.04 ARM64
Public Routes — Core & Tools
SubdomainBackendAuth
authtinyauth:3000TOTP
statusuptime-kuma:3001public
vaultvaultwarden:80native+TOTP
docsbookstack:80native
filefilebrowser:80native
sshsshwifty:8182tinyauth
flowiseflowise:3000native
n8nn8n:5678native TOTP
grafanagrafana:3000native TOTP
Public Routes — Apps & Media
SubdomainBackendAuth
reapire-api:8000API key
vip / vehicle-intelligence-platformvip:3106public
immich172.18.0.1:2283native
shopai-shopping-*native
creditcreditfixit:8000public
readsubstackvault-api:8000 (read-it-later/TTS/search · /api/ingest bearer-bypass)tinyauth
gamesromm:8080native
miniominio:9000native
minio-consoleminio:9001native
optimushq172.18.0.1:3001native
opencode172.18.0.1:4096 (systemd)native pw · @tailnet
gru172.18.0.1:4444 (gru-ai.service)open
voice/srv/voice (static · ElevenLabs Convai → Claude). /api/* → voice-tools signed-url mint.tinyauth
voice-toolsvoice-tools:8000 (FastAPI · /tools/* webhooks, /health open; /public/* not routed here)bearer
dahlia/srv/dahlia (static · ElevenLabs UI)public
dahlia-apidahlia-bridge:8001public
claw-api187.124.88.49:18789 → OpenCLAWpublic
env/srv/env (static)public
stremiostremio:8080 (tsaridas web player + streaming server · iOS-friendly)public
Public Routes — Selkies WebRTC
SubdomainAppAuth
obsidianobsidian:3000tinyauth
gimpgimp:3000tinyauth
gfngfn:3000tinyauth
Systemd Services (non-Docker)
SubdomainProcessAuth
catgenFlask :5000tinyauth
fabricSvelteKit :3033tinyauth
optimushqExpress :3001native
opencodeopencode web :4096native pw
Tailnet-Only Routes (AdGuard split DNS)
SubdomainBackendHost Port
dashhomepage:3000100.120.44.115:3030
portainerportainer:9000100.120.44.115:9900
torrentqbittorrent:8080100.120.44.115:8088
synccouchdb:5984100.120.44.115:5984
lokiloki:3100100.120.44.115:3100
metubemetube:8081100.120.44.115:8081
Infrastructure & Monitoring
ContainerRole
prometheusmetrics scrape + store
alertmanageralert routing → Telegram
blackbox-exporterHTTP/HTTPS endpoint probes
node-exporterhost metrics
cadvisorcontainer metrics
promtaillog shipper → Loki
adguardDNS + split-horizon + ad-block
coturnWebRTC TURN relay (Selkies)
watchtowerimage auto-update
tinyauthforward-auth TOTP gateway
Databases & Storage
ContainerUsed By
couchdbObsidian LiveSync (sync.*)
bookstack-dbBookStack (MySQL)
romm-dbRomM (MySQL)
immich_postgresImmich
immich_redisImmich cache
immich_machine_learningImmich ML (face/CLIP)
ai-shopping-assistant-postgres-1Shopping Assistant
minioS3 object storage
App-Stack Sidecar Containers
ContainerRole
dahlia-bridgeFastAPI Telegram relay for dahlia agent (:8001)
voice-toolsFastAPI tool-server for the voice.* EL agent (:8000)

Hostinger VPS

187.124.88.49 · TS: 100.102.128.60 · Debian x86_64
Public Routes (Traefik + Let's Encrypt)
SubdomainServiceAuth
openclawOpenCLAW :56106Telegram/WA
uapR Shiny :3838native
OpenCLAW Detail
ComponentNotes
runtimeHono (Node.js) WebSocket
configdata/.openclaw/openclaw.json
modelsOpenRouter · Anthropic · OpenAI · Gemini
heartbeatevery 30min, gemini-2.5-flash-lite
daily briefing8 AM ET via Telegram
skillsreapi-orchestrator
channelsTelegram · WhatsApp
REST API❌ no POST — WS/CLI only
Hostinger Monitoring Agents
ContainerScraped By
hostinger-node-exporterHetzner Prometheus (TS)
hostinger-cadvisorHetzner Prometheus (TS)
hostinger-promtail→ Hetzner Loki (TS)
portainer_agentHetzner Portainer

External Services

Backups
ServiceDetails
Hetzner Storage Boxu563812.your-storagebox.de · SSH port 23
backup-hetzner.sh03:00 UTC daily · configs + 10 DB dumps
backup-hostinger.sh03:30 UTC daily · Hostinger configs
retention7 days auto-prune
Secret Management
ServiceDetails
Vaultwardenvault.consaul.cloud · single source of truth
sync-secrets.shbw CLI → .env (hetzner · catgen · openclaw)
Email / Notifications
ServiceDetails
MS Graph APId1g1talAssistant@consaul.cloud (no SMTP)
Telegram botsecurity alerts · crit/high/warn only
OpenCLAW briefingdaily 8 AM ET weather + spend + status
AI / API Providers
ProviderUsed By
Anthropic (Claude)RE-API · OpenCLAW · OptimusHQ · gru-ai
OpenRouterOpenCLAW · RE-API fallback
OpenAIOpenCLAW · Flowise · Voice
Google GeminiOpenCLAW heartbeat · RE-API pre-processor
RapidAPI (realty-in-us etc.)RE-API collectors
ElevenLabsVoice assistant TTS
DNS / Network
ServiceDetails
CloudflareAuthoritative DNS · SSL strict · rate limit
AdGuard Home100.120.44.115:53 · split-horizon + adblock
Tailscaletailnet: consaul · Option-A ACL · split DNS
coTURNTURN relay for Selkies WebRTC (89.167.54.62)
Security Automation
ScriptSchedule
security-nightly.sh02:30 UTC daily
backup-hetzner.sh03:00 UTC daily
backup-hostinger.sh03:30 UTC daily
security-weekly-drift.sh09:00 UTC Monday
audit reportsreapi.consaul.cloud/static/audit/
Public route (Caddy/Traefik)
Tailnet-only (AdGuard split DNS)
Systemd service (non-Docker)
Infrastructure / internal
External service / API
Hostinger service
Tailscale mesh link