docs: update CLAUDE.md and README.md with Mattermost and Netdata

Updated documentation to reflect current infrastructure:

**Added:**
- Mattermost team collaboration platform
  - Team chat, file sharing, integrations
  - Email notifications via IONOS SMTP
  - Incoming webhooks for infrastructure alerts
  - PostgreSQL backend

- Netdata real-time monitoring
  - System and service monitoring
  - PostgreSQL and Docker monitoring
  - Restic backup repository monitoring
  - Email and Mattermost alerts
  - HTTP Basic Auth protection

**Removed:**
- Gotify notification server (replaced by Mattermost)

**Updated:**
- Database initialization: Added mattermost database
- Backup configuration: Added Mattermost volumes
- Environment variables: Added MATTERMOST_WEBHOOK_URL and WATCHTOWER_NOTIFICATION_URL
- Volume management: Added Mattermost, Joplin, and Jellyfin volumes
- Service list in compose include pattern

All documentation now reflects the current state of the infrastructure
with Mattermost as the central notification and collaboration hub.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

CLAUDE.md

@@ -15,7 +15,7 @@ Root `compose.yaml` uses Docker Compose's `include` directive to orchestrate mul
 - **sexy**: Directus 11 CMS + SvelteKit frontend
 - **awsm**: Next.js application with SQLite
 - **track**: Umami analytics (PostgreSQL)
-- **gotify**: Push notification server
+- **mattermost**: Team collaboration and chat platform (PostgreSQL)
 - **scrapy**: Scrapyd web scraping cluster (scrapyd, scrapy, scrapyrt)
 - **n8n**: Workflow automation platform (PostgreSQL)
 - **stash**: Filestash web-based file manager
@@ -26,6 +26,7 @@ Root `compose.yaml` uses Docker Compose's `include` directive to orchestrate mul
 - **jelly**: Jellyfin media server with hardware transcoding
 - **drop**: PairDrop peer-to-peer file sharing
 - **restic**: Backrest backup system with restic backend
+- **netdata**: Real-time infrastructure monitoring
 - **sablier**: Dynamic scaling plugin for Traefik
 - **vpn**: WireGuard VPN (wg-easy)
 
@@ -59,6 +60,7 @@ Services expose themselves via Docker labels:
 `core/postgres/init/01-init-databases.sh` runs on first PostgreSQL startup:
 - Creates `directus` database for Sexy CMS
 - Creates `umami` database for Track analytics
+- Creates `mattermost` database for Mattermost chat platform
 - Creates `n8n` database for workflow automation
 - Creates `linkwarden` database for Links bookmark manager
 - Creates `joplin` database for Joplin Server
@@ -155,6 +157,22 @@ Next.js app with embedded SQLite:
 - Optional webhook secret for database updates
 - Database persisted in `awesome_data` volume
 
+### Mattermost (mattermost/compose.yaml)
+Team collaboration and chat platform:
+- **mattermost**: Mattermost Team Edition exposed at `mattermost.pivoine.art:8065`
+  - Team chat with channels, direct messages, and threads
+  - File sharing and integrations
+  - PostgreSQL backend for message persistence
+  - Email notifications via IONOS SMTP
+  - Mobile and desktop app support
+  - Incoming webhooks for infrastructure notifications
+  - Data persisted in `mattermost_config`, `mattermost_data`, `mattermost_plugins` volumes
+
+**Configuration**:
+- **Email**: Configured with IONOS SMTP for notifications and invitations
+- **Webhooks**: Incoming webhook URL stored in `.env` as `MATTERMOST_WEBHOOK_URL`
+- **Integrations**: Netdata alerts, Watchtower updates, Restic backups, n8n workflows
+
 ### Scrapy (scrapy/compose.yaml)
 Web scraping cluster with three services:
 - **scrapyd**: Scrapyd daemon exposed at `scrapy.pivoine.art:6800`
@@ -411,6 +429,28 @@ PairDrop peer-to-peer file sharing service:
 
 **Note**: PairDrop is stateless and doesn't require backups as no data is persisted. All transfers happen directly between devices.
 
+### Netdata (netdata/compose.yaml)
+Real-time infrastructure monitoring and alerting:
+- **netdata**: Netdata monitoring agent exposed at `netdata.pivoine.art:19999`
+  - Real-time performance metrics for all services
+  - System monitoring (CPU, RAM, disk, network)
+  - PostgreSQL database monitoring via go.d collector
+  - Restic backup repository monitoring via filecheck collector
+  - Docker container monitoring
+  - Custom Dockerfile with msmtp for email alerts
+  - Protected by HTTP Basic Auth
+
+**Monitoring Configuration**:
+- **PostgreSQL**: Monitors core PostgreSQL instance (connection, queries, performance)
+- **Filecheck**: Monitors Restic backup repository at `/mnt/hidrive/users/valknar/Backup`
+- **Email Alerts**: Configured with IONOS SMTP via msmtp for health notifications
+- **Mattermost Alerts**: Sends critical alerts to Mattermost via webhook
+
+**Alert Configuration**:
+- Health alerts sent to both email and Mattermost
+- All alert roles (sysadmin, dba, webmaster, etc.) route to notifications
+- Webhook URL configured via `MATTERMOST_WEBHOOK_URL` environment variable
+
 ### Restic (restic/compose.yaml)
 Backrest backup system with restic backend:
 - **backrest**: Backrest web UI exposed at `restic.pivoine.art:9898`
@@ -452,9 +492,9 @@ Backrest backup system with restic backend:
    - Path: `/volumes/awesome_data`
    - Retention: 7 daily, 4 weekly, 6 monthly
 
-6. **gotify-backup** (5 AM daily)
-   - Path: `/volumes/gotify_data`
-   - Retention: 7 daily, 4 weekly, 3 monthly
+6. **mattermost-backup** (5 AM daily)
+   - Paths: `/volumes/mattermost_config`, `/volumes/mattermost_data`, `/volumes/mattermost_plugins`
+   - Retention: 7 daily, 4 weekly, 6 monthly, 2 yearly
 
 7. **scrapy-backup** (6 AM daily)
    - Paths: `/volumes/scrapyd_data`, `/volumes/scrapy_code`
@@ -511,6 +551,8 @@ Key variables defined in `arty.yml` and overridden in `.env`:
 - `{SERVICE}_TRAEFIK_ENABLED`: Toggle Traefik exposure
 - `SEXY_DIRECTUS_SECRET`: Directus security secret
 - `TRACK_APP_SECRET`: Umami analytics secret
+- `MATTERMOST_WEBHOOK_URL`: Incoming webhook URL for infrastructure notifications (stored in `.env` only)
+- `WATCHTOWER_NOTIFICATION_URL`: Shoutrrr format URL for container update notifications
 
 ## Volume Management
 
@@ -518,11 +560,14 @@ Each service uses named volumes prefixed with project name:
 - `core_postgres_data`, `core_redis_data`: Database persistence
 - `core_directus_uploads`, `core_directus_bundle`: Directus media/extensions
 - `awesome_data`: AWSM SQLite database
+- `mattermost_config`, `mattermost_data`, `mattermost_plugins`: Mattermost chat and configuration
 - `scrapy_scrapyd_data`, `scrapy_scrapy_code`: Scrapy spider data and code
 - `n8n_n8n_data`: n8n workflow data
 - `stash_filestash_data`: Filestash configuration and state
 - `links_data`, `links_meili_data`: Linkwarden bookmarks and Meilisearch index
 - `vault_data`: Vaultwarden password vault (SQLite database)
+- `joplin_data`: Joplin note-taking data
+- `jelly_config`: Jellyfin media server configuration
 - `restic_data`, `restic_config`, `restic_cache`, `restic_tmp`: Backrest backup system
 - `proxy_letsencrypt_data`: SSL certificates
 

README.md

@@ -47,7 +47,7 @@ The **Falcon** is a state-of-the-art containerized starship, powered by Docker's
 | **SEXY** | *Advanced alien encounter database* | [sexy.pivoine.art](https://sexy.pivoine.art) |
 | **AWSM** | *Intergalactic discovery catalog* | [awesome.pivoine.art](https://awesome.pivoine.art) |
 | **TRACK** | *Mission analytics & telemetry* | [umami.pivoine.art](https://umami.pivoine.art) |
-| **GOTIFY** | *Subspace communication relay* | [gotify.pivoine.art](https://gotify.pivoine.art) |
+| **MATTERMOST** | *Crew collaboration & mission control* | [mattermost.pivoine.art](https://mattermost.pivoine.art) |
 | **SCRAPY** | *Web scraping reconnaissance cluster* | [scrapy.pivoine.art](https://scrapy.pivoine.art) |
 | **N8N** | *Automated workflow command center* | [n8n.pivoine.art](https://n8n.pivoine.art) |
 | **STASH** | *Universal file management portal* | [stash.pivoine.art](https://stash.pivoine.art) |
@@ -58,6 +58,7 @@ The **Falcon** is a state-of-the-art containerized starship, powered by Docker's
 | **JELLY** | *Media streaming server* | [jelly.pivoine.art](https://jelly.pivoine.art) |
 | **DROP** | *Peer-to-peer file sharing* | [drop.pivoine.art](https://drop.pivoine.art) |
 | **RESTIC** | *Automated backup vault system* | [restic.pivoine.art](https://restic.pivoine.art) |
+| **NETDATA** | *Real-time ship diagnostics & alerts* | [netdata.pivoine.art](https://netdata.pivoine.art) |
 | **PROXY** | *Shield control dashboard* | [proxy.pivoine.art](https://proxy.pivoine.art) |
 | **VPN** | *Cloaking device network* | [vpn.pivoine.art](https://vpn.pivoine.art) |