# Sesión 260118 - Reorganización BD: Keys y Endpoints

## Resumen
Continuación de reorganización de base de datos PostgreSQL. Creación de tablas `keys` y `endpoints` en los tres servidores (DECK, HST, ARCHITECT) con FK para restringir endpoints válidos.

## Cambios realizados

### DECK (72.62.1.113) - BD: tzzr

#### tzzr_system.keys (9 servicios)
| service | endpoint |
|---------|----------|
| addy | alias.tzzrdeck.me |
| cloudflare_r2 | r2.cloudflarestorage.com |
| cloudflare_r2_personal | r2.cloudflarestorage.com |
| directus | directus.tzzrdeck.me |
| mailcow | mail.tzzrdeck.me |
| mindlink | mindlink.tzzrdeck.me |
| nextcloud | cloud.tzzrdeck.me |
| shlink | short.tzzrdeck.me |
| vaultwarden | key.tzzrdeck.me |

#### tzzr_system.endpoints (9 servicios)
| service | endpoint | type |
|---------|----------|------|
| directus | directus.tzzrdeck.me | api |
| mindlink | mindlink.tzzrdeck.me | api |
| postgrest | api.tzzrdeck.me | api |
| shlink | short.tzzrdeck.me | api |
| addy | alias.tzzrdeck.me | mail |
| mailcow | mail.tzzrdeck.me | mail |
| vaultwarden | key.tzzrdeck.me | security |
| nextcloud | cloud.tzzrdeck.me | storage |
| r2_deck | r2.cloudflarestorage.com | storage |

- FK: `keys.endpoint → endpoints.endpoint`
- Eliminadas tablas `keys_architect` y `keys_hst` (cada servidor lo suyo)

### HST (72.62.2.84) - BD: hst_images

#### tzzr_system.keys (2 servicios)
| service | endpoint |
|---------|----------|
| directus | hst.tzrtech.org |
| postgresql | localhost:5432 |

#### tzzr_system.endpoints (2 servicios)
| service | endpoint | type |
|---------|----------|------|
| directus | hst.tzrtech.org | api |
| postgresql | localhost:5432 | database |

- FK: `keys.endpoint → endpoints.endpoint`

### ARCHITECT (69.62.126.110) - BD: architect (puerto 5433)

**Instalación PostgreSQL via Docker:**
```bash
docker run -d --name postgres-architect -p 5433:5432 \
  -e POSTGRES_USER=architect \
  -e POSTGRES_PASSWORD=architect_local_2026 \
  postgres:15
```

#### tzzr_system.keys (4 servicios)
| service | endpoint | credenciales |
|---------|----------|--------------|
| cloudflare | api.cloudflare.com | API key + email |
| cloudflare_r2 | r2.cloudflarestorage.com | access_key + secret |
| runpod | api.runpod.io | API key + user_id |
| postgresql | localhost:5433 | architect / architect_local_2026 |

#### tzzr_system.endpoints (6 servicios)
| service | endpoint | type |
|---------|----------|------|
| cloudflare | api.cloudflare.com | api |
| cloudflare_r2 | r2.cloudflarestorage.com | storage |
| runpod | api.runpod.io | gpu |
| gitea | git.tzr.systems | git |
| nextcloud | cloud.tzzrarchitect.me | storage |
| postgresql | localhost:5433 | database |

- FK: `keys.endpoint → endpoints.endpoint`

## Verificaciones

### hst_rules (idéntica en DECK y HST)
14 reglas. Solo `tzzr_core_hst.hst` tiene restricción:
- Permitidos: spe, hst, vue, vsn, msn

### atc_status
CHECK constraint: `status IN ('enable', 'disable', 'deleted')`

## Documentación actualizada
- `TZZR_SCHEMA.mm` (FreeMind) - Mapa mental completo del sistema
- `CLAUDE.md` - Reglas de Nextcloud y formato de nombres

## Principios establecidos
1. **Cada servidor lo suyo**: keys solo contiene credenciales del propio servidor
2. **Endpoints restringidos**: FK de keys a endpoints
3. **Nextcloud separados**: ARCHITECT → cloud.tzzrarchitect.me, DECK → cloud.tzzrdeck.me
4. **Documentos en "documentos adjuntos"**: sin subcarpetas