# Seattle

Contabo cloud VPS in Seattle, US. Public internet-facing host for services that need a stable external IP, plus Tailscale exit node / DERP relay for the mesh.

## Specs

| | |
|---|---|
| Hostname | `vmi2076105` |
| OS | Ubuntu 24.04.4 LTS (Noble) |
| Public IP | YOUR_WAN_IP |
| Tailscale IP | 100.82.197.124 (Headscale node ID:2) |
| RAM | 62 GB |
| Disk | 290 GB root (~110 GB free) |
| Tailscale | 1.96.4 |

SSH aliases (see `~/.ssh/config`): `seattle` (public IP, Contabo SSH), `seattle-tailscale` (via Tailscale IP).

## Role

- **Public exit node** for Tailscale mesh
- **DERP relay** (`derper`) — self-hosted DERP, advertised to Headscale
- **Stoatchat** (Revolt fork) full stack — see `docs/admin/stoatchat-operational-status.md`
- **AI coding workstation** (HolyClaude, :3059)
- **Personal productivity** (Obsidian remote, Wallabag, KeeWeb, Padloc)
- **Matrix / LiveKit** signalling + TURN for video calls
- **DDNS updaters** for `*.vish.gg` records pointing to this VPS

## Running services

All managed via `docker compose`. Twenty containers as of 2026-04-18.

| Container | Purpose | Ports |
|---|---|---|
| `holyclaude` | Web UI for Claude Code via [coderluii/holyclaude](https://github.com/coderluii/holyclaude) | `100.82.197.124:3059 → 3001` |
| `derper` | Tailscale DERP relay | `:3478/udp`, `:8444/tcp` |
| `livekit` | WebRTC SFU for Matrix calls | `:7880-7881/tcp`, `:50000-50100/udp` |
| `fluxer_server` | Fluxer backend | `127.0.0.1:8088` |
| `nats-core` | NATS messaging | internal |
| `nats-jetstream` | NATS persistence | internal |
| `elasticsearch` | Stoatchat search | `:9200` |
| `valkey` | Redis-compatible cache (Stoatchat) | internal |
| `meilisearch` | Full-text search | `:7700` |
| `padloc-nginx` / `padloc-server` / `padloc-pwa` | Padloc password manager | `:5500` |
| `keeweb` | KeeWeb password vault | `:8443` |
| `obsidian` | Headless Obsidian via LinuxServer image | `127.0.0.1:3000-3001` |
| `wallabag` | Read-later service | `127.0.0.1:8880` |
| `dozzle-agent` | Remote log agent | `:7007`, `:8080` |
| `diun` | Docker image update notifier | — |
| `ddns-ddns-seattle-derp-1` | Cloudflare DDNS for DERP DNS | — |
| `ddns-ddns-seattle-proxied-1` | Cloudflare DDNS for proxied records | — |
| `ddns-ddns-seattle-stoatchat-1` | Cloudflare DDNS for Stoatchat | — |

Nginx runs on the host (not in Docker) on `:80/:443` with Let's Encrypt and terminates SSL for all public-facing services.

## Networking

- `eth0` — Contabo public IP (YOUR_WAN_IP)
- `tailscale0` — 100.82.197.124, advertises as exit node
- Firewall: Contabo panel + ufw; ports 80, 443, 2222 (SSH), 7880-7881, 50000-50100/udp, 8444, 5500, 3478/udp open
- DDNS: three Cloudflare DDNS containers keep DNS records synced to the public IP

## Related docs

- [HolyClaude service](../services/individual/holyclaude.md)
- [Stoatchat operational status](../admin/stoatchat-operational-status.md)
- [Seattle monitoring update (Feb 2026)](../admin/monitoring-update-seattle-2026-02.md)
- [Headscale](../services/individual/headscale.md) — DERP relay advertisement

## Host access

```sh
ssh seattle                 # public IP, port 2222
ssh seattle-tailscale       # via Tailscale (100.82.197.124)
```

SSH login is `root` (key-based); no password auth.