totalmcp/SERVICES.md

# SERVICES.md — ALPHA Service Catalog

> **Primary host:** Unraid ALPHA
> **Primary network:** `br0` (10.2.0.0/24, static IPs)
> **Secondary network:** Docker `bridge` (172.17.0.0/16, port-mapped to host 10.2.0.2)
> **Reverse proxy:** Nginx Proxy Manager at `10.2.0.3` (admin UI on `:81`)
> **Last Updated:** 2026-05-09

This is the canonical reference for every service running on the ALPHA Unraid server **and the off-host services that integrate with it** (Home Assistant, off-site client UISP). Reuse this file across projects (MCP gateways, dashboards, monitoring, automation, documentation) — it is the single source of truth for service identity, purpose, networking, public hostnames, and integration potential.

Each entry includes:
- **Purpose** — what it does and why it exists
- **Image source** — Docker image origin (where applicable)
- **Network** — `br0` (static LAN IP) / `bridge` (Docker NAT) / `host` / off-host
- **Address** — reachable IP/port for LAN clients
- **Public hostname(s)** — domain(s) bound via Nginx Proxy Manager
- **Category** — functional grouping
- **Owner** — `personal`, `business`, `commercial`, `infra`, or `third-party`
- **MCP Plugin Status** — current placement in the Total MCP Gateway plan

---

## Brand Domains

| Domain | Brand | Purpose | Used For |
|---|---|---|---|
| `alwisp.com` | Personal | Jason's personal-brand domain | Most services (default) |
| `mpm.to` | Business / work | Work-only short domain | Work-routed aliases for work services (`cpas.mpm.to`, `wfh.mpm.to`) |
| `qrknit.com` | Commercial product | QR.knit SaaS public domain | QR.knit app only |

> **Rule of thumb:** if a service has both an `*.alwisp.com` and `*.mpm.to` hostname, the `mpm.to` alias is the work-facing entry point. Personal/dual-use services live only under `alwisp.com`.

---

## Quick Index

| Service | Public Hostname | LAN Address | Category | MCP Status |
|---|---|---|---|---|
| [adminer](#adminer) | — (LAN-only) | `10.2.0.2:7070` | DB Admin | Skip |
| [alwisp_db](#alwisp_db) | — | `10.2.0.7` | Database | Indirect |
| [alwisp_web](#alwisp_web) | `alwisp.com` | `10.2.0.8:80` | Personal Site | Candidate |
| [breedr](#breedr) | — | `10.2.0.17` | Custom App (Personal) | Candidate |
| [bx (client UISP)](#bx-offsite-client-uisp) | `bx.alwisp.com` | `71.45.182.201:1443` *(off-host)* | Network Mgmt (client) | Skip |
| [codedump](#codedump) | — | `10.2.0.34` | Custom App (PM) | Candidate |
| [cpas](#cpas) | `cpas.alwisp.com`, `cpas.mpm.to` | `10.2.0.14:3001` | HR / Compliance | Candidate |
| [DONNA](#donna) | `donna.alwisp.com` | `10.2.0.28:18789` *(stopped)* | AI / OpenClaw (friend) | Skip |
| [email-sigs](#email-sigs) | `sig.alwisp.com` | `10.2.0.10:3000` | HR / IT | Skip (no API) |
| [fabdash](#fabdash) | `fabdash.alwisp.com` | `10.2.0.13:8080` | Production | Candidate |
| [Gitea](#gitea) | `git.alwisp.com`, `registry.alwisp.com` | `10.2.0.15:3000` | Source Control + Registry | Phase 1 |
| [gitea-mcp](#gitea-mcp) | `mcp.alwisp.com` | `10.2.0.16:8081` | MCP / Gitea Bridge | Existing → folded into gateway |
| [Gitea-Runner](#gitea-runner) | — | `172.17.0.7` | CI/CD | Indirect |
| [Home Assistant](#home-assistant) | `ha.alwisp.com` | `10.2.0.12:8123` *(off-host)* | Smart Home (controller) | Candidate |
| [totalmcp](#totalmcp) | *(planned)* | `10.2.0.35:8811` *(planned)* | MCP Gateway | **THIS PROJECT** |
| [inven](#inven) | — | `10.2.0.25` | Custom MRP (in dev) | Future |
| [invoiceninja-v5](#invoiceninja-v5) | `inv.alwisp.com` | `10.2.0.2:8000` (HTTP), `:8444` (HTTPS) | Finance | Candidate |
| [MariaDB-Official](#mariadb-official) | — | `10.2.0.2:3306` | Database (shared) | Skip |
| [matter-server](#matter-server) | — | `10.2.0.2` (host net) | Smart Home (protocol) | Candidate |
| [memer](#memer) | `meme.alwisp.com` | `10.2.0.30:3000` | Personal / Media | Candidate |
| [mrp (CODEX)](#mrp-codex) | `mrp.alwisp.com` | `10.2.0.19:3000` | MRP / ERP | Phase 3 (`codex-mrp`) |
| [mrp-qrcode](#mrp-qrcode) | `qrmrp.alwisp.com` | `10.2.0.32:3000` | MRP (specialized) | Future |
| [n8n](#n8n) | `n8n.alwisp.com` | `10.2.0.20:5678` *(stopped)* | Automation | Skip |
| [NEBULA (Transmission)](#nebula-transmission) | `neb.alwisp.com` | `10.2.0.5:9091` | Torrent | Candidate |
| [NGINX (NPM)](#nginx-npm) | `internal.alwisp.com` | `10.2.0.3:81` (admin), `:80`/`:443` (proxy) | Reverse Proxy | Candidate |
| [NOVA (OpenClaw)](#nova-openclaw) | `nova.alwisp.com` | `10.2.0.26:18789` | AI / Compute (primary) | Phase 2 |
| [nyaa](#nyaa) | — | `10.2.0.21` | Torrent Crawler | Candidate |
| [obsidian](#obsidian) | — | `10.2.0.2:3000` (HTTP), `:3001` (HTTPS) | Notes / PKM | Phase 6 (deferred) |
| [plex](#plex) | — | `10.2.0.2` (host net) | Media | Candidate |
| [postgresql16](#postgresql16) | — | `10.2.0.2:5432` | Database (shared) | Skip |
| [QR.knit](#qrknit) | `qrknit.com`, `www.qrknit.com` | `10.2.0.9:5000` | Commercial SaaS | Candidate |
| [rackmapper](#rackmapper) | — | `10.2.0.23` | Datacenter Mgmt | Phase 3 |
| [Redis](#redis) | — | `10.2.0.2:6379` | Cache (shared) | Skip |
| [stepview](#stepview) | `step.alwisp.com` | `10.2.0.33:3000` | 3D Model Viewer | Candidate |
| [syncthing](#syncthing) | — | `10.2.0.2:8384` (web), `:21027/UDP` | File Sync | Candidate |
| [ui-tracker](#ui-tracker) | — | `10.2.0.29` | Stock Watcher | Candidate |
| [UISP](#uisp) | `wisp.alwisp.com` | `10.2.0.4:443` | Network Mgmt | Candidate |
| [unifi-access-dashboard](#unifi-access-dashboard) | — | `10.2.0.11` | Access Control | Phase 3 (`unifi`) |
| [wfh](#wfh) | `wfh.alwisp.com`, `wfh.mpm.to` | `10.2.0.18:3000` | HR / Remote Work | Candidate |
| [Decommissioned: to.alwisp.com](#decommissioned--unused) | `to.alwisp.com` | `10.2.0.6:5000` *(unused)* | — | — |
| [Decommissioned: url.alwisp.com](#decommissioned--unused) | `url.alwisp.com` | `10.2.0.2:8080` *(unused)* | — | — |

---

## Infrastructure & Networking

### NGINX (NPM)
- **Purpose:** Nginx Proxy Manager — reverse proxy, SSL termination, and routing for every public-facing service. NPM admin UI lives at `internal.alwisp.com`. All `*.alwisp.com`, `*.mpm.to`, and `*.qrknit.com` traffic terminates here.
- **Image:** `jc21/nginx-proxy-manager`
- **Network:** `br0`
- **Address:** `10.2.0.3` (proxy on `:80` / `:443`, admin UI on `:81`)
- **Public hostname:** `internal.alwisp.com` → `10.2.0.3:81` (admin UI)
- **Category:** Infra / Networking
- **Owner:** infra (third-party)
- **MCP Plugin Status:** Candidate — `npm_list_proxy_hosts`, `npm_create_proxy_host`, `npm_renew_cert`, `npm_check_cert_status`. Useful for managing routes from agents.

### UISP
- **Purpose:** Ubiquiti UISP / UNMS — manages Ubiquiti UISP-line gear (airMAX, EdgeSwitch, EdgeRouter, UFiber). Distinct from UniFi Access. Used for monitoring radio links, switch ports, and ISP-grade gear.
- **Image:** `nico640/docker-unms`
- **Network:** `br0`
- **Address:** `10.2.0.4:443`
- **Public hostname:** `wisp.alwisp.com` → `https://10.2.0.4:443`
- **Category:** Infra / Networking
- **Owner:** infra (third-party)
- **MCP Plugin Status:** Candidate — `uisp_list_devices`, `uisp_get_device_status`, `uisp_list_sites`, `uisp_get_link_quality`.

### bx (offsite client UISP)
- **Purpose:** **Off-site UISP instance for a client.** Reachable via NPM proxy entry `bx.alwisp.com` for convenience access. Not running on ALPHA — points to a client's public IP.
- **Network:** off-host (external WAN)
- **Address:** `71.45.182.201:1443` (HTTPS — client's public IP)
- **Public hostname:** `bx.alwisp.com` → `https://71.45.182.201:1443`
- **Category:** Infra / Networking (client-facing)
- **Owner:** third-party (client environment, exposed by client to Jason)
- **MCP Plugin Status:** **Skip** — client-owned, separate trust boundary.

### NEBULA (Transmission)
- **Purpose:** Transmission BitTorrent daemon (named "NEBULA" — not the Nebula VPN/mesh product). General-purpose torrent client; pairs with `nyaa` for niche-source automation.
- **Image:** `lscr.io/linuxserver/transmission`
- **Network:** `br0`
- **Address:** `10.2.0.5:9091` (Transmission RPC / web UI)
- **Public hostname:** `neb.alwisp.com` → `http://10.2.0.5:9091`
- **Category:** Infra / Media Acquisition
- **Owner:** personal (third-party image)
- **MCP Plugin Status:** Candidate — `transmission_add_torrent`, `transmission_list_torrents`, `transmission_pause`, `transmission_remove`, `transmission_get_stats`. Pairs with `nyaa`.

### syncthing
- **Purpose:** Peer-to-peer encrypted file sync across devices/servers. Used for keeping appdata, project files, and personal directories in sync without cloud dependencies.
- **Image:** `lscr.io/linuxserver/syncthing`
- **Network:** `bridge`
- **Address:** `10.2.0.2:8384` (web UI), `10.2.0.2:21027/UDP` (discovery)
- **Public hostname:** — (LAN-only)
- **Category:** Infra / File Sync
- **Owner:** infra (third-party)
- **MCP Plugin Status:** Candidate — `syncthing_list_folders`, `syncthing_folder_status`, `syncthing_list_devices`, `syncthing_pause_folder`, `syncthing_rescan`.

---

## Source Control & CI/CD

### Gitea
- **Purpose:** Self-hosted Git server. Primary source-control hub for all custom applications. Also hosts the **Gitea Container Registry** at the same host/port (proxied separately as `registry.alwisp.com` for clarity).
- **Image:** `gitea/gitea`
- **Network:** `br0`
- **Address:** `10.2.0.15:3000`
- **Public hostnames:**
  - `git.alwisp.com` → `http://10.2.0.15:3000` (Git web UI + API)
  - `registry.alwisp.com` → `http://10.2.0.15:3000` (Gitea container registry — same backend)
- **Category:** Source Control + Container Registry
- **Owner:** infra (third-party)
- **MCP Plugin Status:** Phase 1 — `gitea_list_repos`, `gitea_get_file`, `gitea_commit_file`, `gitea_list_issues`, `gitea_create_issue`, plus future registry tools (`registry_list_images`, `registry_get_image_tags`).

### gitea-mcp
- **Purpose:** Existing standalone MCP bridge for Gitea (current production MCP endpoint). Reachable at `mcp.alwisp.com`. Will be **superseded by the Total MCP Gateway's `gitea` plugin** once Phase 1 lands.
- **Image:** `docker.gitea.com/.../mcp-server`
- **Network:** `br0`
- **Address:** `10.2.0.16:8081`
- **Public hostname:** `mcp.alwisp.com` → `http://10.2.0.16:8081`
- **Category:** MCP / Source Control bridge
- **Owner:** infra (third-party)
- **MCP Plugin Status:** Existing MCP server — to be replaced by gateway's `gitea` plugin. The replacement (`totalmcp`) lives on its own static IP `10.2.0.35:8811`, so this container can keep running undisturbed during the transition.

### totalmcp
- **Purpose:** **THIS PROJECT.** Unified MCP gateway exposing every backend service on ALPHA (and off-host integrations like Home Assistant) as a single MCP endpoint for Claude Code, Codex, and Antigravity. Hot-reloadable plugin architecture; one stable URL per agent.
- **Image:** `git.alwisp.com/jason/totalmcp:latest` (built via Gitea Actions)
- **Network:** `br0`
- **Address:** `10.2.0.35:8811` (next available static IP, iterated above codedump @ `.34`)
- **Public hostname:** *(planned — likely `mcp.alwisp.com` once `gitea-mcp` is decommissioned, or a new `gw.alwisp.com` / `agents.alwisp.com`)*
- **Category:** MCP Gateway / Agent Control Plane
- **Owner:** personal (custom build — see [PLAN.md](PLAN.md))
- **MCP Plugin Status:** **THIS PROJECT.** Phase roadmap in PLAN.md covers: Phase 1 (gitea, unraid), Phase 2 (docker, openclaw→NOVA), Phase 3 (unifi, codex-mrp, streamvault, rackmapper), Phase 6 (chronicle, obsidian — deferred), Phase 7 (npm, uisp, transmission, syncthing, plex, nyaa), Phase 8 (home-assistant), Phase 9 (invoiceninja, fabdash, cpas, wfh), Phase 10 (breedr, codedump, ui-tracker, stepview, qrknit, memer, alwisp-web).

### Gitea-Runner
- **Purpose:** Gitea Actions runner (CI/CD executor). Builds Docker images for custom apps and pushes them to `git.alwisp.com` registry on every commit.
- **Image:** `gitea/act_runner`
- **Network:** `bridge`
- **Address:** `172.17.0.7` (no host port mapping)
- **Public hostname:** —
- **Category:** CI/CD
- **Owner:** infra (third-party)
- **MCP Plugin Status:** Indirect — managed via Gitea API.

---

## AI & Compute

### NOVA (OpenClaw)
- **Purpose:** **Jason's primary OpenClaw inference instance.** Local LLM runtime (Ollama-style, custom-branded). The `OpenClaw`-named container in the Unraid Docker tab serves this `nova.alwisp.com` proxy entry. Provides chat completion endpoint for local model use without sending data to external APIs.
- **Image:** `ghcr.io/opencla.../enclaw`
- **Network:** `br0`
- **Address:** `10.2.0.26:18789`
- **Public hostname:** `nova.alwisp.com` → `http://10.2.0.26:18789`
- **Category:** AI / Compute
- **Owner:** personal (custom build)
- **MCP Plugin Status:** Phase 2 (`openclaw` plugin) — endpoint URL: `http://10.2.0.26:18789`. Tools: `openclaw_chat`, `openclaw_list_models`, `openclaw_get_model_info`.

### DONNA (OpenClaw — friend's instance)
- **Purpose:** **Second OpenClaw instance set up for a friend, who never uses it.** Currently stopped. Same image as NOVA, separate container at a different IP.
- **Image:** `ghcr.io/opencla.../enclaw`
- **Network:** `br0`
- **Address:** `10.2.0.28:18789` *(container currently stopped)*
- **Public hostname:** `donna.alwisp.com` → `http://10.2.0.28:18789`
- **Status:** Stopped (unused)
- **Category:** AI / Compute (shared with another user)
- **Owner:** personal (hosted for a friend)
- **MCP Plugin Status:** **Skip** — unused; not worth a plugin slot. If reactivated, reuse the OpenClaw plugin with a different endpoint URL.

---

## Smart Home (off-host)

### Home Assistant
- **Purpose:** Home Assistant — the central smart-home controller. **Hosted on its own dedicated machine** (not on ALPHA). Talks to `matter-server` (on ALPHA) for Matter-protocol devices, plus Zigbee, Z-Wave, and other integrations directly from the HA host.
- **Image:** N/A (lives on a separate physical/VM host)
- **Network:** off-host (LAN)
- **Address:** `10.2.0.12:8123` (HTTPS)
- **Public hostname:** `ha.alwisp.com` → `https://10.2.0.12:8123`
- **Category:** Smart Home (controller)
- **Owner:** personal (third-party software, separate host)
- **MCP Plugin Status:** Candidate — `ha_list_entities`, `ha_get_state`, `ha_call_service`, `ha_list_automations`, `ha_trigger_automation`, `ha_get_history`. Auth: long-lived access token from HA. **Note:** this is the higher-leverage smart-home plugin — `matter-server` is just the protocol bridge underneath HA.

### matter-server
- **Purpose:** Matter protocol server. Bridges Matter-compliant smart-home devices to a controller (Home Assistant above). Enables device commissioning and inter-vendor smart-home interoperability.
- **Image:** `ghcr.io/home-assistant-libs/python-matter-server` (likely)
- **Network:** `host`
- **Address:** `10.2.0.2` (host networking — required for Matter mDNS)
- **Public hostname:** —
- **Category:** Smart Home / IoT (protocol bridge)
- **Owner:** personal (third-party)
- **MCP Plugin Status:** Candidate (lower priority than HA plugin) — direct Matter access. In practice, prefer `ha.*` tools because Home Assistant abstracts Matter + Zigbee + Z-Wave behind one API.

---

## Custom Business Apps

### cpas
- **Purpose:** **Conduct Points & Action System** — work HR app for tracking employee handbook violations on a points system. Records infractions, assigns point values, tracks running totals per employee, triggers escalation thresholds.
- **Image:** `library/cpas` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.14:3001`
- **Public hostnames:**
  - `cpas.alwisp.com` (personal-brand alias)
  - `cpas.mpm.to` (work-brand canonical)
- **Category:** HR / Compliance
- **Owner:** business (custom build)
- **MCP Plugin Status:** Candidate — `cpas_list_violations`, `cpas_get_employee_score`, `cpas_log_violation`, `cpas_list_at_risk_employees`.

### fabdash
- **Purpose:** Fabrication calendar/dashboard for the production metal shop. Tracks shop schedule, work orders in flight, machine assignments, operator capacity.
- **Image:** `library/fabdash` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.13:8080`
- **Public hostname:** `fabdash.alwisp.com` → `http://10.2.0.13:8080`
- **Category:** Production / Operations
- **Owner:** business (custom build)
- **MCP Plugin Status:** Candidate — `fabdash_get_today_schedule`, `fabdash_list_active_jobs`, `fabdash_machine_status`, `fabdash_create_job`.

### mrp (CODEX)
- **Purpose:** Original custom MRP/ERP system (image `mrp-codex`). Hybrid manufacturing-resource-planning + enterprise-resource-planning. Manages work orders, BOMs, inventory, purchasing.
- **Image:** `library/mrp-codex` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.19:3000`
- **Public hostname:** `mrp.alwisp.com` → `http://10.2.0.19:3000`
- **Category:** ERP / MRP
- **Owner:** business (custom build)
- **MCP Plugin Status:** Phase 3 (`codex-mrp`) — work orders, BOMs, inventory, purchasing.

### mrp-qrcode
- **Purpose:** **Second-generation MRP**, specialized in pure manufacturing resource planning (no ERP overlap). QR-code-driven workflow — operators scan parts/locations to advance work orders. Independent of the original CODEX MRP.
- **Image:** `registry.alwisp.com/.../mrp-qrcode` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.32:3000`
- **Public hostname:** `qrmrp.alwisp.com` → `http://10.2.0.32:3000`
- **Category:** MRP (specialized)
- **Owner:** business (custom build)
- **MCP Plugin Status:** Future — separate plugin once stable. Distinct from `codex-mrp`.

### inven
- **Purpose:** **Third custom MRP, in active development.** Different design philosophy from `mrp` (CODEX) and `mrp-qrcode`. Not yet production.
- **Image:** `library/inven` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.25` (port not yet exposed via NPM)
- **Public hostname:** —
- **Category:** MRP (in development)
- **Owner:** business (custom build)
- **MCP Plugin Status:** Future — wait until design stabilizes.

### rackmapper
- **Purpose:** Server rack and datacenter inventory mapper. Tracks rack layouts, U-position of devices, cable runs, links physical hardware to logical services.
- **Image:** `library/rackmapper` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.23` (no public proxy)
- **Public hostname:** —
- **Category:** Infra Documentation
- **Owner:** business (custom build)
- **MCP Plugin Status:** Phase 3 — `rackmapper_list_racks`, `rackmapper_get_rack`, `rackmapper_list_devices`, `rackmapper_map_service`.

### wfh
- **Purpose:** **Work-From-Home task tracker and form-submission portal.** Lets remote employees log daily tasks, submit timesheets, file required forms.
- **Image:** `library/wfh` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.18:3000`
- **Public hostnames:**
  - `wfh.alwisp.com` (personal-brand alias)
  - `wfh.mpm.to` (work-brand canonical)
- **Category:** HR / Remote Work
- **Owner:** business (custom build)
- **MCP Plugin Status:** Candidate — `wfh_list_tasks`, `wfh_get_employee_log`, `wfh_submit_form`, `wfh_list_pending_submissions`.

### email-sigs
- **Purpose:** Company-wide email signature generator. Renders consistent, branded signatures from a central template. Used by all employees.
- **Image:** `library/email-sigs` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.10:3000`
- **Public hostname:** `sig.alwisp.com` → `http://10.2.0.10:3000`
- **Category:** HR / IT
- **Owner:** business (custom build)
- **MCP Plugin Status:** **Skip** — no API exists currently. Reconsider if API added.

### codedump
- **Purpose:** Personal project tracker — quick-view dashboard for ongoing projects, completion percentages, rough status. Lightweight self-reporting alternative to a full PM tool.
- **Image:** `registry.alwisp.com/.../codedump` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.34` (no public proxy currently)
- **Public hostname:** —
- **Category:** Project Management (personal)
- **Owner:** personal (custom build)
- **MCP Plugin Status:** Candidate — `codedump_list_projects`, `codedump_get_project`, `codedump_update_completion`, `codedump_add_project`.

### ui-tracker
- **Purpose:** **UniFi store stock tracker.** Watches Ubiquiti's online store for out-of-stock items and sends a Telegram message when an item comes back in stock.
- **Image:** `library/ui-tracker` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.29` (no public proxy)
- **Public hostname:** —
- **Category:** Monitoring / Notification
- **Owner:** personal (custom build)
- **MCP Plugin Status:** Candidate — `uitracker_list_watched`, `uitracker_add_watch`, `uitracker_remove_watch`, `uitracker_get_alert_history`.

---

## Personal Apps

### alwisp_web
- **Purpose:** Public HTML server for the **alwisp** personal-brand website. The root of `alwisp.com`.
- **Image:** `library/alwisp_web` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.8:80`
- **Public hostname:** `alwisp.com` → `http://10.2.0.8:80`
- **Category:** Personal Site
- **Owner:** personal (custom build)
- **MCP Plugin Status:** Candidate (low priority) — `alwisp_publish_page`, `alwisp_update_page`, `alwisp_list_pages`.

### alwisp_db
- **Purpose:** Dedicated MySQL database for `alwisp_web`. Holds CMS / dynamic content for the personal-brand site.
- **Image:** `library/mysql`
- **Network:** `br0`
- **Address:** `10.2.0.7` (port 3306 internal)
- **Public hostname:** —
- **Category:** Database (service-owned)
- **Owner:** personal (third-party image, custom data)
- **MCP Plugin Status:** Indirect — accessed only via `alwisp_web`.

### breedr
- **Purpose:** **Golden Retriever breeding/whelping calendar and genealogy app** for Jason's kennel. Tracks breeding pairs, due dates, whelping logs, litter records, multi-generational pedigree.
- **Image:** `library/breedr` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.17` (no public proxy)
- **Public hostname:** —
- **Category:** Personal / Hobby
- **Owner:** personal (custom build)
- **MCP Plugin Status:** Candidate — `breedr_list_dogs`, `breedr_get_pedigree`, `breedr_list_upcoming_litters`, `breedr_log_whelp_event`.

### memer
- **Purpose:** Personal meme sharing and organizing app. Tag-based library, upload UI, shareable links.
- **Image:** `git.alwisp.com/.../memer` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.30:3000`
- **Public hostname:** `meme.alwisp.com` → `http://10.2.0.30:3000`
- **Category:** Personal / Media
- **Owner:** personal (custom build)
- **MCP Plugin Status:** Candidate (low priority) — `memer_search`, `memer_upload`, `memer_get_random`, `memer_list_tags`.

---

## Commercial / SaaS

### QR.knit
- **Purpose:** **Commercial short-link and QR code generation app.** Multi-tenant SaaS — generates branded QR codes and shortlinks. Public product, sold/licensed externally. Owns its own brand domain (`qrknit.com`).
- **Image:** `library/qrknit` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.9:5000`
- **Public hostnames:**
  - `qrknit.com` → `http://10.2.0.9:5000`
  - `www.qrknit.com` → `http://10.2.0.9:5000`
- **Category:** Commercial SaaS
- **Owner:** commercial (custom build)
- **MCP Plugin Status:** Candidate — `qrknit_create_link`, `qrknit_get_analytics`, `qrknit_list_links`, `qrknit_generate_qr`.

---

## Productivity / PKM

### obsidian
- **Purpose:** Obsidian vault hosted via the LinuxServer.io Obsidian image (web-accessible vault). Personal/business knowledge management.
- **Image:** `lscr.io/linuxserver/obsidian`
- **Network:** `bridge`
- **Address:** `10.2.0.2:3000` (web UI), `10.2.0.2:3001` (HTTPS)
- **Public hostname:** —
- **Category:** Notes / PKM
- **Owner:** personal (third-party)
- **MCP Plugin Status:** Phase 6 (deferred) — requires Obsidian Local REST API plugin first. Tools: `obsidian_note_create/read/update/append/search`, `obsidian_list_vault`.

---

## Media & Entertainment

### plex
- **Purpose:** Plex Media Server — movies, TV, music streaming to clients across the home and remote.
- **Image:** `lscr.io/linuxserver/plex`
- **Network:** `host`
- **Address:** `10.2.0.2` (host networking — Plex default ports 32400, 32469, etc.)
- **Public hostname:** — (Plex handles its own remote access via plex.tv tunnel)
- **Category:** Media / Entertainment
- **Owner:** personal (third-party)
- **MCP Plugin Status:** Candidate — `plex_search_library`, `plex_recently_added`, `plex_now_playing`, `plex_server_status`, `plex_list_libraries`.

### nyaa
- **Purpose:** Custom **nyaa.si torrent crawler and auto-downloader**. Watches nyaa.si for matching titles, queues them into the torrent client when matches appear.
- **Image:** `library/nyaa` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.21` (no public proxy)
- **Public hostname:** —
- **Category:** Media Acquisition (automation)
- **Owner:** personal (custom build)
- **MCP Plugin Status:** Candidate — `nyaa_list_watches`, `nyaa_add_watch`, `nyaa_get_recent_matches`, `nyaa_force_check`. Pairs with NEBULA.

---

## Access Control

### unifi-access-dashboard
- **Purpose:** UniFi Access dashboard — door entry, badge/credential management, access events. Distinct from UISP (which manages UISP-line ISP gear).
- **Image:** `library/unifi-access-dashboard` (custom or thin wrapper)
- **Network:** `br0`
- **Address:** `10.2.0.11`
- **Public hostname:** —
- **Category:** Physical Security / Access Control
- **Owner:** business (custom or wrapped)
- **MCP Plugin Status:** Phase 3 (`unifi`) — `unifi_list_access_events`, `unifi_list_users`, `unifi_get_door_status`, `unifi_list_sites`.

---

## Finance

### invoiceninja-v5
- **Purpose:** Invoice Ninja v5 — open-source invoicing, billing, expense tracking, client management.
- **Image:** `maihai/invoiceninja_v5`
- **Network:** `bridge`
- **Address:** `10.2.0.2:8000` (HTTP), `10.2.0.2:8444` (HTTPS)
- **Public hostname:** `inv.alwisp.com` → `http://10.2.0.2:8000`
- **Category:** Finance / Billing
- **Owner:** business (third-party)
- **MCP Plugin Status:** Candidate — `invoiceninja_list_invoices`, `invoiceninja_create_invoice`, `invoiceninja_list_clients`, `invoiceninja_get_payment_status`, `invoiceninja_send_invoice`.

---

## 3D / CAD

### stepview
- **Purpose:** Custom **STEP/STP (.stp/.step) 3D model viewer**. Lets clients view CAD models in a browser without being able to download the source files. Used for client preview while protecting IP.
- **Image:** `registry.alwisp.com/.../stepview` (custom)
- **Network:** `br0`
- **Address:** `10.2.0.33:3000`
- **Public hostname:** `step.alwisp.com` → `http://10.2.0.33:3000`
- **Category:** Engineering / Client Preview
- **Owner:** business (custom build)
- **MCP Plugin Status:** Candidate — `stepview_list_models`, `stepview_upload_model`, `stepview_create_share_link`, `stepview_revoke_share`.

---

## Automation

### n8n
- **Purpose:** n8n workflow automation engine. Currently stopped, barely used.
- **Image:** `n8nio/n8n`
- **Network:** `br0`
- **Address:** `10.2.0.20:5678` *(container currently stopped)*
- **Public hostname:** `n8n.alwisp.com` → `http://10.2.0.20:5678`
- **Status:** Stopped (barely used)
- **Category:** Automation
- **Owner:** infra (third-party)
- **MCP Plugin Status:** **Skip** — barely used per user. Skip unless usage picks up.

---

## Databases (Shared)

> **Rule:** These databases are accessed directly by the services that own them. The MCP gateway does **not** expose direct DB plugins — services should expose their own domain-specific tools instead.

### MariaDB-Official
- **Purpose:** Shared MariaDB instance for general-purpose use by multiple services.
- **Image:** `library/mariadb`
- **Network:** `bridge`
- **Address:** `10.2.0.2:3306`
- **Public hostname:** —
- **Category:** Database (shared)
- **Owner:** infra (third-party)
- **MCP Plugin Status:** **Skip.**

### postgresql16
- **Purpose:** Shared PostgreSQL 16 instance.
- **Image:** `library/postgres`
- **Network:** `bridge`
- **Address:** `10.2.0.2:5432`
- **Public hostname:** —
- **Category:** Database (shared)
- **Owner:** infra (third-party)
- **MCP Plugin Status:** **Skip.**

### Redis
- **Purpose:** Shared Redis cache / pub-sub.
- **Image:** `library/redis`
- **Network:** `bridge`
- **Address:** `10.2.0.2:6379`
- **Public hostname:** —
- **Category:** Database / Cache (shared)
- **Owner:** infra (third-party)
- **MCP Plugin Status:** **Skip.**

### adminer
- **Purpose:** Web UI for browsing/editing the shared databases (MariaDB, PostgreSQL, MySQL `alwisp_db`).
- **Image:** `library/adminer`
- **Network:** `bridge`
- **Address:** `10.2.0.2:7070`
- **Public hostname:** —
- **Category:** DB Admin Tool
- **Owner:** infra (third-party)
- **MCP Plugin Status:** **Skip** — UI-only, not API-driven.

---

## Decommissioned / Unused

> NPM still has live proxy entries for these, but the underlying services are abandoned, replaced, or never reactivated. **Do not target these in MCP plugins.** Candidates for cleanup.

### `to.alwisp.com` → `http://10.2.0.6:5000`
- **Purpose (historical):** Earlier custom URL shortener (Jason's first attempt). Replaced by QR.knit's link-shortening features.
- **Status:** **Unused** — superseded by QR.knit. Container at `10.2.0.6:5000` no longer relied on.
- **Recommendation:** Remove proxy entry and decommission container at next cleanup.

### `url.alwisp.com` → `https://10.2.0.2:8080`
- **Purpose (historical):** Earlier short-link / URL service.
- **Status:** **Unused.**
- **Recommendation:** Remove proxy entry; investigate what (if anything) is still listening on `10.2.0.2:8080` before reusing the port.

### n8n (covered above)
- See [n8n](#n8n) — container stopped, barely used.

### DONNA (covered above)
- See [DONNA](#donna-openclaw--friends-instance) — second OpenClaw instance for a friend, never used, container stopped.

---

## Networking Conventions

### `br0` static-IP services (`10.2.0.0/24`)
Services on `br0` get their own LAN IP and are reachable directly from any device on the network. Used for: anything that needs to expose multiple ports cleanly, or where a stable LAN-routable address simplifies inter-service communication.

### `bridge` (Docker NAT) services
Services on the default Docker `bridge` network sit behind the host (`10.2.0.2`) with port mappings. Used for: third-party images that don't fight with port conflicts and don't need their own LAN identity.

### `host` networking
Used only when a service requires direct host networking (mDNS, broadcast, multicast, or wide port ranges) — currently `plex` and `matter-server`.

### Off-host services
Reachable on the LAN but not running on ALPHA: **Home Assistant** (`10.2.0.12`) and the **client UISP** behind `bx.alwisp.com`. The MCP gateway can target these the same way it targets ALPHA services — it's just an outbound HTTP call.

---

## Reverse Proxy Map (NPM)

Reference of every NPM proxy host → backend, grouped by domain. Source: NPM admin at `internal.alwisp.com`.

### `*.alwisp.com` (personal brand)

| Hostname | → Backend | Service |
|---|---|---|
| `alwisp.com` | `http://10.2.0.8:80` | alwisp_web |
| `cpas.alwisp.com` | `http://10.2.0.14:3001` | cpas |
| `donna.alwisp.com` | `http://10.2.0.28:18789` | DONNA *(stopped)* |
| `fabdash.alwisp.com` | `http://10.2.0.13:8080` | fabdash |
| `git.alwisp.com` | `http://10.2.0.15:3000` | Gitea |
| `ha.alwisp.com` | `https://10.2.0.12:8123` | Home Assistant *(off-host)* |
| `internal.alwisp.com` | `http://10.2.0.3:81` | NPM admin UI |
| `inv.alwisp.com` | `http://10.2.0.2:8000` | invoiceninja-v5 |
| `mcp.alwisp.com` | `http://10.2.0.16:8081` | gitea-mcp |
| `meme.alwisp.com` | `http://10.2.0.30:3000` | memer |
| `mrp.alwisp.com` | `http://10.2.0.19:3000` | mrp (CODEX) |
| `n8n.alwisp.com` | `http://10.2.0.20:5678` | n8n *(stopped)* |
| `neb.alwisp.com` | `http://10.2.0.5:9091` | NEBULA (Transmission) |
| `nova.alwisp.com` | `http://10.2.0.26:18789` | NOVA (OpenClaw) |
| `qrmrp.alwisp.com` | `http://10.2.0.32:3000` | mrp-qrcode |
| `registry.alwisp.com` | `http://10.2.0.15:3000` | Gitea container registry |
| `sig.alwisp.com` | `http://10.2.0.10:3000` | email-sigs |
| `step.alwisp.com` | `http://10.2.0.33:3000` | stepview |
| `to.alwisp.com` | `http://10.2.0.6:5000` | *(decommissioned)* |
| `url.alwisp.com` | `https://10.2.0.2:8080` | *(decommissioned)* |
| `wfh.alwisp.com` | `http://10.2.0.18:3000` | wfh |
| `wisp.alwisp.com` | `https://10.2.0.4:443` | UISP |
| `bx.alwisp.com` | `https://71.45.182.201:1443` | Client UISP *(off-host)* |

### `*.mpm.to` (work brand)

| Hostname | → Backend | Service |
|---|---|---|
| `cpas.mpm.to` | `http://10.2.0.14:3001` | cpas (work alias) |
| `wfh.mpm.to` | `http://10.2.0.18:3000` | wfh (work alias) |

### `qrknit.com` (commercial product)

| Hostname | → Backend | Service |
|---|---|---|
| `qrknit.com` | `http://10.2.0.9:5000` | QR.knit |
| `www.qrknit.com` | `http://10.2.0.9:5000` | QR.knit |

---

## Categorization Summary

| Category | Services |
|---|---|
| **Infra / Networking** | NGINX (NPM), UISP, NEBULA (Transmission), syncthing, bx (client UISP, off-host) |
| **Source / CI** | Gitea, gitea-mcp, Gitea-Runner |
| **MCP Gateway** | totalmcp *(this project — planned, 10.2.0.35:8811)* |
| **AI / Compute** | NOVA (OpenClaw, primary), DONNA (OpenClaw, friend's, stopped) |
| **HR / Compliance** | cpas, wfh, email-sigs |
| **Production / MRP** | mrp (CODEX), mrp-qrcode, inven, fabdash |
| **Datacenter / Infra Mgmt** | rackmapper, ui-tracker |
| **Personal Apps** | alwisp_web, alwisp_db, breedr, codedump, memer |
| **Commercial SaaS** | QR.knit |
| **Productivity / PKM** | obsidian |
| **Media** | plex, nyaa, NEBULA |
| **Smart Home** | Home Assistant (off-host), matter-server |
| **Physical Security** | unifi-access-dashboard |
| **Finance** | invoiceninja-v5 |
| **Engineering / Client Preview** | stepview |
| **Automation** | n8n (stopped) |
| **Databases (shared)** | MariaDB, postgresql16, Redis, adminer |
| **Decommissioned** | to.alwisp.com, url.alwisp.com |

---

## Owner Legend

- **personal** — Jason's personal projects, hobbies, or self-hosted utilities (typically under `alwisp.com`)
- **business** — Custom apps for the metal-fab business / company operations (work-routed under `mpm.to`)
- **commercial** — Apps sold or licensed to external customers (under their own brand domain, e.g., `qrknit.com`)
- **infra** — Infrastructure plumbing (proxies, runners, AI runtime)
- **third-party** — Off-the-shelf images run as-is

---

## Reuse Notes

This document is intentionally project-agnostic. To reuse it in a different project:

1. Drop this file into the new project's repo (root or `docs/`).
2. Trim sections that aren't relevant to that project's scope.
3. Update the **MCP Plugin Status** column if the new project has a different integration plan.
4. Keep the **Purpose**, **Image**, **Network**, **Address**, **Public hostname(s)**, and **Owner** fields stable — they describe the service itself, not the consumer's intent.
5. The **Reverse Proxy Map** section is the fastest way to get oriented — it's a one-page view of every public route and what it points at.