docs(v5): Complete system documentation

Comprehensive documentation for TZZR system v5 including: - 00_VISION: Glossary and foundational philosophy - 01_ARQUITECTURA: System overview and server specs - 02_MODELO_DATOS: Entity definitions and data planes (T0, MST, BCK) - 03_COMPONENTES: Agent docs (CLARA, MARGARET, FELDMAN, GRACE) - 04_SEGURIDAD: Threat model and secrets management - 05_OPERACIONES: Infrastructure and backup/recovery - 06_INTEGRACIONES: GPU services (RunPod status: blocked) - 99_ANEXOS: Repository inventory (24 repos) Key findings documented: - CRITICAL: UFW inactive on CORP/HST - CRITICAL: PostgreSQL 5432 exposed - CRITICAL: .env files with 644 permissions - RunPod workers not starting (code ready in R2) - Infisical designated as single source of secrets (D-001) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-24 17:58:03 +00:00
parent a92d41c846
commit 6d15abcb1a
16 changed files with 4164 additions and 2 deletions
--- a/01_ARQUITECTURA/servidores.md
+++ b/01_ARQUITECTURA/servidores.md
@@ -0,0 +1,230 @@
+# Servidores TZZR
+
+**Versión:** 5.0
+**Fecha:** 2024-12-24
+
+---
+
+## ARCHITECT (69.62.126.110)
+
+**Rol:** Coordinador central del sistema
+
+### Servicios
+
+| Servicio | Puerto | Estado |
+|----------|--------|--------|
+| PostgreSQL | 5432 | Operativo |
+| Gitea | 3000 (HTTP), 2222 (SSH) | Operativo |
+| Orchestrator App | 5050 | Operativo |
+| Infisical | 8082 | Operativo |
+
+### PostgreSQL (database: architect)
+
+| Tabla | Descripción |
+|-------|-------------|
+| context_blocks | 30 bloques de contexto atómicos |
+| agent_context_index | Asignaciones agente-bloque |
+| agents | 6 agentes definidos |
+| creds_* | 6 tablas de credenciales |
+| s_contract_contexts | Contextos IA |
+| s_contract_datasets | Datasets IA |
+
+### Acceso
+
+```bash
+# SSH
+ssh orchestrator@69.62.126.110
+
+# PostgreSQL
+sudo -u postgres psql -d architect
+
+# Gitea
+http://localhost:3000
+```
+
+---
+
+## DECK (72.62.1.113)
+
+**Rol:** Servidor personal
+
+### Servicios
+
+| Servicio | Puerto | Estado |
+|----------|--------|--------|
+| CLARA | 5051 | Operativo |
+| ALFRED | 5052 | Operativo |
+| Mailcow (15 containers) | SMTP, IMAP | Operativo |
+| Directus | 8055 | Operativo |
+| FileBrowser | 8082 | Operativo |
+| Shlink | 8083 | Operativo |
+| Vaultwarden | 8085 | Operativo |
+| ntfy | 8080 | Operativo |
+
+### PostgreSQL (database: tzzr)
+
+| Tabla | Descripción |
+|-------|-------------|
+| clara_log | Log inmutable de ingesta |
+| deck_visiones | Visiones personales |
+| deck_milestones | Milestones personales |
+| deck_acciones | Acciones |
+| deck_habitos | Hábitos |
+| deck_bck | Bloques |
+
+### Docker Containers
+
+```
+mailcowdockerized-acme-mailcow-1
+mailcowdockerized-clamd-mailcow-1
+mailcowdockerized-dovecot-mailcow-1
+mailcowdockerized-mysql-mailcow-1
+mailcowdockerized-netfilter-mailcow-1
+mailcowdockerized-nginx-mailcow-1
+mailcowdockerized-olefy-mailcow-1
+mailcowdockerized-php-fpm-mailcow-1
+mailcowdockerized-postfix-mailcow-1
+mailcowdockerized-redis-mailcow-1
+mailcowdockerized-rspamd-mailcow-1
+mailcowdockerized-sogo-mailcow-1
+mailcowdockerized-solr-mailcow-1
+mailcowdockerized-unbound-mailcow-1
+mailcowdockerized-watchdog-mailcow-1
+clara-clara
+alfred-alfred
+directus
+filebrowser
+shlink
+vaultwarden
+ntfy
+```
+
+### Acceso
+
+```bash
+ssh -i ~/.ssh/tzzr root@72.62.1.113
+```
+
+---
+
+## CORP (92.112.181.188)
+
+**Rol:** Servidor empresarial
+
+### Servicios
+
+| Servicio | Puerto | Estado |
+|----------|--------|--------|
+| MARGARET | 5051 | Operativo |
+| JARED | 5052 | Operativo |
+| MASON | 5053 | Operativo |
+| FELDMAN | 5054 | Operativo |
+| PostgreSQL | 5432 | Operativo |
+| Directus | 8055 | Operativo |
+| Nextcloud | 8080 | Operativo |
+| Vaultwarden | 8081 | Operativo |
+| Odoo | 8069 | Operativo |
+| Caddy | 80/443 | Operativo |
+
+### PostgreSQL (database: corp)
+
+| Tabla | Descripción |
+|-------|-------------|
+| margaret_log | Log inmutable de ingesta |
+| mason_workspace | Espacio de enriquecimiento |
+| feldman_cola | Cola de consolidación |
+| feldman_bloques | Bloques inmutables |
+| feldman_validaciones | Auditoría validaciones |
+| milestones | Plano MST |
+| bloques | Plano BCK |
+| hst_mirror | Mirror de tags HST |
+
+### Acceso
+
+```bash
+ssh -i ~/.ssh/tzzr root@92.112.181.188
+```
+
+---
+
+## HST (72.62.2.84)
+
+**Rol:** API de tags semánticos
+
+### Servicios
+
+| Servicio | Puerto | Estado |
+|----------|--------|--------|
+| Nginx | 80/443 | Operativo |
+| Directus | 8055 | Operativo |
+| PostgreSQL | 5432 | Operativo |
+
+### Estadísticas HST
+
+| Grupo | Cantidad |
+|-------|----------|
+| hst | 639 |
+| spe | 145 |
+| vsn | 84 |
+| flg | 65 |
+| vue | 21 |
+| **Total** | **973** |
+
+### API
+
+```
+https://tzrtech.org/{h_maestro}.png  # Imagen de tag
+```
+
+### Acceso
+
+```bash
+ssh -i ~/.ssh/tzzr root@72.62.2.84
+```
+
+---
+
+## LOCKER (Cloudflare R2)
+
+**Rol:** Almacenamiento distribuido
+
+### Endpoint
+
+```
+https://7dedae6030f5554d99d37e98a5232996.r2.cloudflarestorage.com
+```
+
+### Buckets
+
+| Bucket | Uso |
+|--------|-----|
+| architect | Backups Gitea, configs, GPU services |
+| deck | Archivos personales (CLARA) |
+| corp | Archivos empresariales (MARGARET) |
+| hst | Imágenes de tags |
+| locker | Almacenamiento general/temporal |
+
+### Estructura GPU Services
+
+```
+s3://architect/gpu-services/
+├── base/
+│   └── bootstrap.sh
+├── grace/
+│   └── code/handler.py
+├── penny/
+│   └── code/handler.py
+└── factory/
+    └── code/handler.py
+```
+
+---
+
+## Resumen de IPs
+
+| Servidor | IP Pública | IP Interna |
+|----------|------------|------------|
+| ARCHITECT | 69.62.126.110 | localhost |
+| DECK | 72.62.1.113 | - |
+| CORP | 92.112.181.188 | - |
+| HST | 72.62.2.84 | - |