6d15abcb1a
Comprehensive documentation for TZZR system v5 including: - 00_VISION: Glossary and foundational philosophy - 01_ARQUITECTURA: System overview and server specs - 02_MODELO_DATOS: Entity definitions and data planes (T0, MST, BCK) - 03_COMPONENTES: Agent docs (CLARA, MARGARET, FELDMAN, GRACE) - 04_SEGURIDAD: Threat model and secrets management - 05_OPERACIONES: Infrastructure and backup/recovery - 06_INTEGRACIONES: GPU services (RunPod status: blocked) - 99_ANEXOS: Repository inventory (24 repos) Key findings documented: - CRITICAL: UFW inactive on CORP/HST - CRITICAL: PostgreSQL 5432 exposed - CRITICAL: .env files with 644 permissions - RunPod workers not starting (code ready in R2) - Infisical designated as single source of secrets (D-001) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
7.7 KiB
7.7 KiB
Infraestructura TZZR
Versión: 5.0 Fecha: 2024-12-24
Resumen de Servidores
| Servidor | IP Pública | Rol | Proveedor |
|---|---|---|---|
| ARCHITECT | 69.62.126.110 | Coordinador central | VPS |
| DECK | 72.62.1.113 | Personal | VPS |
| CORP | 92.112.181.188 | Empresarial | VPS |
| HST | 72.62.2.84 | API Tags | VPS |
| LOCKER | R2 | Almacenamiento | Cloudflare |
ARCHITECT (69.62.126.110)
Especificaciones
- OS: Ubuntu 22.04 LTS
- Usuario: orchestrator
- Servicios: PostgreSQL, Gitea, Orchestrator, Infisical
Puertos
| Puerto | Servicio | Estado |
|---|---|---|
| 22 | SSH | Abierto |
| 2222 | Gitea SSH | Abierto |
| 3000 | Gitea HTTP | Abierto |
| 5050 | Orchestrator | Abierto |
| 5432 | PostgreSQL | CRÍTICO: 0.0.0.0 |
| 8082 | Infisical | Abierto |
Acceso
ssh orchestrator@69.62.126.110
PostgreSQL
sudo -u postgres psql -d architect
Gitea
URL: http://localhost:3000
Token lectura: 5ca10e5b71d41f9b22f12d0f96bfc2e6de5c2c7f
Token escritura: ac5a604b9aac5cee81192a656fc918f9efa3834b
DECK (72.62.1.113)
Especificaciones
- OS: Ubuntu 22.04 LTS
- Usuario: root
- Servicios: CLARA, ALFRED, Mailcow, Directus, etc.
Puertos
| Puerto | Servicio | Estado |
|---|---|---|
| 22 | SSH | Abierto |
| 25 | SMTP | Abierto |
| 143 | IMAP | Abierto |
| 465 | SMTPS | Abierto |
| 587 | Submission | Abierto |
| 993 | IMAPS | Abierto |
| 5051 | CLARA | Abierto |
| 5052 | ALFRED | Abierto |
| 8055 | Directus | Abierto |
| 8080 | ntfy | Abierto |
| 8082 | FileBrowser | Abierto |
| 8083 | Shlink | Abierto |
| 8085 | Vaultwarden | Abierto |
Acceso
ssh -i ~/.ssh/tzzr root@72.62.1.113
Docker Containers
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
CORP (92.112.181.188)
Especificaciones
- OS: Ubuntu 22.04 LTS
- Usuario: root
- Servicios: MARGARET, JARED, MASON, FELDMAN, Odoo, Nextcloud
Puertos
| Puerto | Servicio | Estado |
|---|---|---|
| 22 | SSH | Abierto |
| 80 | Caddy HTTP | Abierto |
| 443 | Caddy HTTPS | Abierto |
| 5051 | MARGARET | Abierto |
| 5052 | JARED | Abierto |
| 5053 | MASON | Abierto |
| 5054 | FELDMAN | Abierto |
| 5432 | PostgreSQL | Local |
| 8055 | Directus | Abierto |
| 8069 | Odoo | Abierto |
| 8080 | Nextcloud | Abierto |
| 8081 | Vaultwarden | Abierto |
Acceso
ssh -i ~/.ssh/tzzr root@92.112.181.188
Firewall
ALERTA CRÍTICA: UFW INACTIVO
# Verificar estado
ufw status
# Activar (cuando se autorice)
ufw default deny incoming
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable
HST (72.62.2.84)
Especificaciones
- OS: Ubuntu 22.04 LTS
- Usuario: root
- Servicios: Nginx, Directus, PostgreSQL
Puertos
| Puerto | Servicio | Estado |
|---|---|---|
| 22 | SSH | Abierto |
| 80 | Nginx HTTP | Abierto |
| 443 | Nginx HTTPS | Abierto |
| 5432 | PostgreSQL | Local |
| 8055 | Directus | Abierto |
Acceso
ssh -i ~/.ssh/tzzr root@72.62.2.84
API Pública
https://tzrtech.org/{h_maestro}.png
Estadísticas HST
| Grupo | Cantidad |
|---|---|
| hst | 639 |
| spe | 145 |
| vsn | 84 |
| flg | 65 |
| vue | 21 |
| Total | 973 |
LOCKER (Cloudflare R2)
Endpoint
https://7dedae6030f5554d99d37e98a5232996.r2.cloudflarestorage.com
Buckets
| Bucket | Uso | Tamaño Aprox |
|---|---|---|
| architect | Backups, configs, GPU services | ~500 MB |
| deck | Archivos personales (CLARA) | Variable |
| corp | Archivos empresariales (MARGARET) | Variable |
| hst | Imágenes de tags | ~100 MB |
| locker | Almacenamiento general | Variable |
Acceso
source /home/orchestrator/orchestrator/.env
export AWS_ACCESS_KEY_ID="$R2_ACCESS_KEY"
export AWS_SECRET_ACCESS_KEY="$R2_SECRET_KEY"
aws s3 ls s3://architect/ \
--endpoint-url https://7dedae6030f5554d99d37e98a5232996.r2.cloudflarestorage.com
SSH Keys
Ubicación
/home/orchestrator/.ssh/tzzr # Private key
/home/orchestrator/.ssh/tzzr.pub # Public key
Permisos
chmod 600 ~/.ssh/tzzr
chmod 644 ~/.ssh/tzzr.pub
Configuración SSH
# ~/.ssh/config
Host deck
HostName 72.62.1.113
User root
IdentityFile ~/.ssh/tzzr
Host corp
HostName 92.112.181.188
User root
IdentityFile ~/.ssh/tzzr
Host hst
HostName 72.62.2.84
User root
IdentityFile ~/.ssh/tzzr
Bases de Datos
architect (ARCHITECT)
Host: localhost
Port: 5432
Database: architect
User: postgres
Tablas principales:
- context_blocks
- agents
- creds_*
tzzr (DECK)
Host: localhost
Port: 5432
Database: tzzr
Tablas principales:
- clara_log
- deck_visiones
- deck_milestones
corp (CORP)
Host: localhost
Port: 5432
Database: corp
Tablas principales:
- margaret_log
- mason_workspace
- feldman_cola
- milestones
- bloques
hst_images (HST)
Host: localhost
Port: 5432
Database: hst_images
Tablas principales:
- hst_tags
- hst_trees
Monitoreo
Comandos de Estado
# Verificar servicios ARCHITECT
systemctl status postgresql
docker ps
# Verificar servicios DECK
ssh deck 'docker ps'
ssh deck 'systemctl status fail2ban'
# Verificar servicios CORP
ssh corp 'docker ps'
ssh corp 'ufw status'
# Verificar servicios HST
ssh hst 'systemctl status nginx'
ssh hst 'systemctl status postgresql'
Logs Importantes
# PostgreSQL
journalctl -u postgresql -f
# Docker containers
docker logs <container> -f
# Nginx (HST)
tail -f /var/log/nginx/access.log
tail -f /var/log/nginx/error.log
# SSH auth
tail -f /var/log/auth.log
Diagrama de Red
Internet
│
┌──────────────────────────┼──────────────────────────┐
│ │ │
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ ARCHITECT │ │ DECK │ │ CORP │
│ 69.62.126.110 │◄────────│ 72.62.1.113 │────────►│92.112.181.188 │
└───────────────┘ SSH └───────────────┘ SSH └───────────────┘
│ │ │
│ │ │
│ ▼ │
│ ┌───────────────┐ │
│ │ HST │ │
└────────────────►│ 72.62.2.84 │◄──────────────────┘
SSH └───────────────┘
│
│ HTTPS
▼
┌───────────────┐
│ Cloudflare │
│ R2 │
└───────────────┘