2026-02-19: SSH keys, Go fix, win alerts filter, Zurich infra rebuild, ntfy/kuma/vaultwarden notes

2026-02-19 06:54:30 -05:00 · 2026-02-19 06:54:30 -05:00 · aca9d2d718
parent 39b07e31dd
commit aca9d2d718
3 changed files with 69 additions and 52 deletions
--- a/memory/2026-02-19.md
+++ b/memory/2026-02-19.md
@ -1,57 +1,74 @@
 # 2026-02-19

 ## SSH Keys Added
- Johan's MacBook Pro: `johanjongsma@Johans-MacBook-Pro.local` → forge authorized_keys
- ThinkPad X1 (2019, Ubuntu 24.04): `johan@thinkpad-x1` → forge authorized_keys
-  - IP: 192.168.0.223 (WiFi), hostname: `johan-x1`, kernel 6.17
-  - Had to enable SSH via CC prompt, add james@forge key separately
+- `johanjongsma@Johans-MacBook-Pro.local` → added to forge authorized_keys
+- `johan@thinkpad-x1` → added to forge authorized_keys
+- ThinkPad X1: 2019 model, Ubuntu 24.04 desktop, IP 192.168.0.223 (WiFi), hostname `johan-x1`, kernel 6.17
+- James SSH key (james@forge) added to ThinkPad X1 — forge can now SSH in

-## Go Environment Restored (rogue agent damage)
- Rogue agent installed `golang-go` via apt at 23:30 → Go 1.22.2 shadowed Go 1.23.6
- Also installed libgtk-3-dev, libwebkit2gtk-4.1-dev, wails binary (was building Wails app)
- Fix: removed apt golang packages, moved `/usr/local/go/bin` to FRONT of PATH in .bashrc
- Go 1.23.6 restored as active version
- Note: azure-backup needs go1.24.12, inou needs go1.24.4 (GOTOOLCHAIN=auto handles this)
+## Rogue Agent — Go Environment
+- At 23:30 tonight a rogue agent ran: `apt install golang-go` (Go 1.22.2), installed libgtk-3-dev + libwebkit2gtk-4.1-dev (Wails deps), installed `~/go/bin/wails` binary
+- Was setting up Wails framework
+- Fix: removed apt golang packages, Go 1.23.6 from /usr/local/go restored as active
+- PATH fixed in .bashrc: `/usr/local/go/bin` now at FRONT (was at end — easily shadowed by apt)
+- wails binary left in ~/go/bin — Johan's call whether to keep

-## Win Alerts Suppressed from Fully Dashboard
- Fixed connector_m365.go: added `silentSenders` list
- winalert@kaseya.com, lostalert@kaseya.com, standard.instrumentation@kaseya.com, noreply@salesforce.com
- Committed `b408ebc` on mc-unified, restarted mail-bridge
+## Win Alerts Fix (M365 → Fully)
+- Kaseya win alerts (winalert@kaseya.com) were still posting to Fully tablet
+- Fix: added silent sender filter in connector_m365.go — suppresses Fully alerts for:
+  - winalert@kaseya.com, lostalert@kaseya.com, standard.instrumentation@kaseya.com, noreply@salesforce.com
+- Committed `b408ebc` on mc-unified branch, mail-bridge restarted

-## Zurich Infrastructure Restored
-**Root cause:** When Stalwart mail server was set up Feb 17, it took port 443, killing Caddy (which wasn't on Zurich anyway — wrong assumption). ntfy, Kuma, and vault were all broken.
+## Zurich Infrastructure Rebuild (MAJOR)
+The night's biggest event — Zurich's services were all broken/missing.

-**Tonight's fixes:**
- Installed Caddy on Zurich (82.24.174.112)
- Moved Stalwart HTTPS from public :443 → 127.0.0.1:8443
- Deployed Vaultwarden: /opt/vaultwarden → vault.jongsma.me
- Deployed ntfy: /opt/ntfy → ntfy.inou.com (port 2586)
-  - New token: `tk_ggphzgdis49ddsvu51qam6bgzlyxn` (old one gone)
-  - User: james / JamesNtfy2026!
- Deployed Uptime Kuma: /opt/uptime-kuma → kuma.inou.com (port 3001) — FRESH, no monitors
- Added vault.jongsma.me DNS A record → 82.24.174.112 (was wildcard *.jongsma.me → home)
+### Root Cause
+- Caddy was NOT installed on Zurich (despite memory notes saying it was). Services (ntfy, Uptime Kuma) were not running.
+- Stalwart had claimed port 443 when set up Feb 17, and vault.inou.com DNS pointed to Zurich with no Vaultwarden behind it.
+- The home Caddy had `includeSubDomains` HSTS on inou.com, causing Chrome to hard-block vault.inou.com when cert was wrong.

-**Zurich Caddyfile:** vault.jongsma.me, ntfy.inou.com, kuma.inou.com, mail.inou.com, mail.jongsma.me
+### What Was Installed Tonight
+1. **Caddy** — installed fresh on Zurich, now owns port 443
+2. **Stalwart** — moved HTTPS from public :443 → localhost:8443 (mail ports unchanged)
+3. **Vaultwarden** — deployed at /opt/vaultwarden, serving vault.jongsma.me (Johan wanted it on Zurich)
+4. **ntfy** — fresh install, /opt/ntfy, user `james` / `JamesNtfy2026!`, token `tk_ggphzgdis49ddsvu51qam6bgzlyxn`
+5. **Uptime Kuma** — fresh install, /opt/uptime-kuma, all monitors lost (0 monitors currently)

-## Vaultwarden History (messy)
- Memory notes said vault.inou.com was deployed — was NOT true
- vault.inou.com DNS → Zurich, but Stalwart was serving it with wrong cert (mail.inou.com)
- HSTS `includeSubDomains` on inou.com home Caddy caused Chrome to hard-block vault.inou.com
- Johan uploaded passwords to what he thought was Vaultwarden — data went nowhere (Stalwart)
- Passwords are safe in Proton Pass (never deleted)
- Now properly deployed at vault.jongsma.me on Zurich
- TODO: Johan needs to create account + import Proton Pass, then disable signups
+### DNS Changes
+- `vault.jongsma.me` → 82.24.174.112 (Zurich) — was caught by *.jongsma.me wildcard pointing to home

-## Uptime Kuma — Needs Monitors Re-added
-All monitors lost when Kuma was redeployed fresh. Need to re-add:
- inou.com monitors (HTTP, API, DNS, SSL)
- Zurich VPS
- Forge/OpenClaw
- Message Center
- Home network
+### Vaultwarden Drama
+- Johan asked "vault.jongsma.me or vault.inou.com?" — I answered vault.inou.com (wrong)
+- No data found anywhere — original Vaultwarden install may never have existed or data was lost
+- Johan's passwords are still in Proton Pass (unchanged)
+- Fresh Vaultwarden at https://vault.jongsma.me — Johan needs to create account + import

-## TODO (Pending)
- [ ] Vaultwarden: Johan creates account + imports Proton Pass + disable signups
- [ ] Uptime Kuma: re-add all monitors
- [ ] ntfy Uptime Kuma push monitors need re-wiring
- [ ] Fix HSTS includeSubDomains on home Caddy (inou.com) — should NOT have preload/includeSubDomains unless all subdomains are served properly
+### ntfy Token Changed
+- Old token: `tk_k120jegay3lugeqbr9fmpuxdqmzx5` (was in TOOLS.md)  
+- New token: `tk_ggphzgdis49ddsvu51qam6bgzlyxn` — TOOLS.md updated
+
+### Uptime Kuma Monitors Lost
+All 8 monitors need to be re-added. Known from memory:
+1. inou.com HTTP
+2. inou.com API
+3. Zurich VPS
+4. DNS
+5. SSL Cert
+6. Forge — OpenClaw (push token: r1G9JcTYCg) → ntfy
+7. Forge — Message Center (push token: rLdedldMLP) → OC webhook
+8. Home Network Public (ping 47.197.93.62) → ntfy
+
+Johan hasn't confirmed if he wants them rebuilt.
+
+## Claude Usage
+- 73% weekly (resets Fri Feb 21 ~2pm ET)
+- Warning posted to Fully dashboard
+- K2.5 emergency switch available if needed
+
+## Zurich Caddy Config (current state)
+```
+vault.jongsma.me → 127.0.0.1:8222 (Vaultwarden)
+ntfy.inou.com → 127.0.0.1:2586 (ntfy)
+kuma.inou.com → 127.0.0.1:3001 (Uptime Kuma)
+mail.inou.com, mail.jongsma.me → 127.0.0.1:8443 (Stalwart)
+```
--- a/memory/claude-usage.json
+++ b/memory/claude-usage.json
@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-02-19T11:29:28.217199Z",
+  "last_updated": "2026-02-19T11:53:31.411834Z",
  "source": "api",
-  "session_percent": 1,
-  "session_resets": "2026-02-19T16:00:01.172272+00:00",
+  "session_percent": 5,
+  "session_resets": "2026-02-19T16:00:01.382338+00:00",
  "weekly_percent": 73,
-  "weekly_resets": "2026-02-21T19:00:00.172296+00:00",
+  "weekly_resets": "2026-02-21T19:00:00.382362+00:00",
  "sonnet_percent": 35
 }
--- a/memory/heartbeat-state.json
+++ b/memory/heartbeat-state.json
@ -1,11 +1,11 @@
 {
  "lastChecks": {
-    "email": 1771380446,
+    "email": 1771502031,
    "calendar": null,
    "weather": 1771163041,
    "briefing": 1771163041,
    "news": 1771163041,
-    "claude_usage": 1771163041
+    "claude_usage": 1771502031
  },
  "lastBriefing": "2026-02-15T08:44:01.402521",
  "lastWeeklyDocker": "2026-02-15T05:00:00-05:00",