From aca9d2d7185b9aa156bae4a5fa070a65a5981b20 Mon Sep 17 00:00:00 2001 From: James Date: Thu, 19 Feb 2026 06:54:30 -0500 Subject: [PATCH] 2026-02-19: SSH keys, Go fix, win alerts filter, Zurich infra rebuild, ntfy/kuma/vaultwarden notes --- memory/2026-02-19.md | 109 +++++++++++++++++++++--------------- memory/claude-usage.json | 8 +-- memory/heartbeat-state.json | 4 +- 3 files changed, 69 insertions(+), 52 deletions(-) diff --git a/memory/2026-02-19.md b/memory/2026-02-19.md index 8cb9b5b..81a0838 100644 --- a/memory/2026-02-19.md +++ b/memory/2026-02-19.md @@ -1,57 +1,74 @@ # 2026-02-19 ## SSH Keys Added -- Johan's MacBook Pro: `johanjongsma@Johans-MacBook-Pro.local` → forge authorized_keys -- ThinkPad X1 (2019, Ubuntu 24.04): `johan@thinkpad-x1` → forge authorized_keys - - IP: 192.168.0.223 (WiFi), hostname: `johan-x1`, kernel 6.17 - - Had to enable SSH via CC prompt, add james@forge key separately +- `johanjongsma@Johans-MacBook-Pro.local` → added to forge authorized_keys +- `johan@thinkpad-x1` → added to forge authorized_keys +- ThinkPad X1: 2019 model, Ubuntu 24.04 desktop, IP 192.168.0.223 (WiFi), hostname `johan-x1`, kernel 6.17 +- James SSH key (james@forge) added to ThinkPad X1 — forge can now SSH in -## Go Environment Restored (rogue agent damage) -- Rogue agent installed `golang-go` via apt at 23:30 → Go 1.22.2 shadowed Go 1.23.6 -- Also installed libgtk-3-dev, libwebkit2gtk-4.1-dev, wails binary (was building Wails app) -- Fix: removed apt golang packages, moved `/usr/local/go/bin` to FRONT of PATH in .bashrc -- Go 1.23.6 restored as active version -- Note: azure-backup needs go1.24.12, inou needs go1.24.4 (GOTOOLCHAIN=auto handles this) +## Rogue Agent — Go Environment +- At 23:30 tonight a rogue agent ran: `apt install golang-go` (Go 1.22.2), installed libgtk-3-dev + libwebkit2gtk-4.1-dev (Wails deps), installed `~/go/bin/wails` binary +- Was setting up Wails framework +- Fix: removed apt golang packages, Go 1.23.6 from /usr/local/go restored as active +- PATH fixed in .bashrc: `/usr/local/go/bin` now at FRONT (was at end — easily shadowed by apt) +- wails binary left in ~/go/bin — Johan's call whether to keep -## Win Alerts Suppressed from Fully Dashboard -- Fixed connector_m365.go: added `silentSenders` list -- winalert@kaseya.com, lostalert@kaseya.com, standard.instrumentation@kaseya.com, noreply@salesforce.com -- Committed `b408ebc` on mc-unified, restarted mail-bridge +## Win Alerts Fix (M365 → Fully) +- Kaseya win alerts (winalert@kaseya.com) were still posting to Fully tablet +- Fix: added silent sender filter in connector_m365.go — suppresses Fully alerts for: + - winalert@kaseya.com, lostalert@kaseya.com, standard.instrumentation@kaseya.com, noreply@salesforce.com +- Committed `b408ebc` on mc-unified branch, mail-bridge restarted -## Zurich Infrastructure Restored -**Root cause:** When Stalwart mail server was set up Feb 17, it took port 443, killing Caddy (which wasn't on Zurich anyway — wrong assumption). ntfy, Kuma, and vault were all broken. +## Zurich Infrastructure Rebuild (MAJOR) +The night's biggest event — Zurich's services were all broken/missing. -**Tonight's fixes:** -- Installed Caddy on Zurich (82.24.174.112) -- Moved Stalwart HTTPS from public :443 → 127.0.0.1:8443 -- Deployed Vaultwarden: /opt/vaultwarden → vault.jongsma.me -- Deployed ntfy: /opt/ntfy → ntfy.inou.com (port 2586) - - New token: `tk_ggphzgdis49ddsvu51qam6bgzlyxn` (old one gone) - - User: james / JamesNtfy2026! -- Deployed Uptime Kuma: /opt/uptime-kuma → kuma.inou.com (port 3001) — FRESH, no monitors -- Added vault.jongsma.me DNS A record → 82.24.174.112 (was wildcard *.jongsma.me → home) +### Root Cause +- Caddy was NOT installed on Zurich (despite memory notes saying it was). Services (ntfy, Uptime Kuma) were not running. +- Stalwart had claimed port 443 when set up Feb 17, and vault.inou.com DNS pointed to Zurich with no Vaultwarden behind it. +- The home Caddy had `includeSubDomains` HSTS on inou.com, causing Chrome to hard-block vault.inou.com when cert was wrong. -**Zurich Caddyfile:** vault.jongsma.me, ntfy.inou.com, kuma.inou.com, mail.inou.com, mail.jongsma.me +### What Was Installed Tonight +1. **Caddy** — installed fresh on Zurich, now owns port 443 +2. **Stalwart** — moved HTTPS from public :443 → localhost:8443 (mail ports unchanged) +3. **Vaultwarden** — deployed at /opt/vaultwarden, serving vault.jongsma.me (Johan wanted it on Zurich) +4. **ntfy** — fresh install, /opt/ntfy, user `james` / `JamesNtfy2026!`, token `tk_ggphzgdis49ddsvu51qam6bgzlyxn` +5. **Uptime Kuma** — fresh install, /opt/uptime-kuma, all monitors lost (0 monitors currently) -## Vaultwarden History (messy) -- Memory notes said vault.inou.com was deployed — was NOT true -- vault.inou.com DNS → Zurich, but Stalwart was serving it with wrong cert (mail.inou.com) -- HSTS `includeSubDomains` on inou.com home Caddy caused Chrome to hard-block vault.inou.com -- Johan uploaded passwords to what he thought was Vaultwarden — data went nowhere (Stalwart) -- Passwords are safe in Proton Pass (never deleted) -- Now properly deployed at vault.jongsma.me on Zurich -- TODO: Johan needs to create account + import Proton Pass, then disable signups +### DNS Changes +- `vault.jongsma.me` → 82.24.174.112 (Zurich) — was caught by *.jongsma.me wildcard pointing to home -## Uptime Kuma — Needs Monitors Re-added -All monitors lost when Kuma was redeployed fresh. Need to re-add: -- inou.com monitors (HTTP, API, DNS, SSL) -- Zurich VPS -- Forge/OpenClaw -- Message Center -- Home network +### Vaultwarden Drama +- Johan asked "vault.jongsma.me or vault.inou.com?" — I answered vault.inou.com (wrong) +- No data found anywhere — original Vaultwarden install may never have existed or data was lost +- Johan's passwords are still in Proton Pass (unchanged) +- Fresh Vaultwarden at https://vault.jongsma.me — Johan needs to create account + import -## TODO (Pending) -- [ ] Vaultwarden: Johan creates account + imports Proton Pass + disable signups -- [ ] Uptime Kuma: re-add all monitors -- [ ] ntfy Uptime Kuma push monitors need re-wiring -- [ ] Fix HSTS includeSubDomains on home Caddy (inou.com) — should NOT have preload/includeSubDomains unless all subdomains are served properly +### ntfy Token Changed +- Old token: `tk_k120jegay3lugeqbr9fmpuxdqmzx5` (was in TOOLS.md) +- New token: `tk_ggphzgdis49ddsvu51qam6bgzlyxn` — TOOLS.md updated + +### Uptime Kuma Monitors Lost +All 8 monitors need to be re-added. Known from memory: +1. inou.com HTTP +2. inou.com API +3. Zurich VPS +4. DNS +5. SSL Cert +6. Forge — OpenClaw (push token: r1G9JcTYCg) → ntfy +7. Forge — Message Center (push token: rLdedldMLP) → OC webhook +8. Home Network Public (ping 47.197.93.62) → ntfy + +Johan hasn't confirmed if he wants them rebuilt. + +## Claude Usage +- 73% weekly (resets Fri Feb 21 ~2pm ET) +- Warning posted to Fully dashboard +- K2.5 emergency switch available if needed + +## Zurich Caddy Config (current state) +``` +vault.jongsma.me → 127.0.0.1:8222 (Vaultwarden) +ntfy.inou.com → 127.0.0.1:2586 (ntfy) +kuma.inou.com → 127.0.0.1:3001 (Uptime Kuma) +mail.inou.com, mail.jongsma.me → 127.0.0.1:8443 (Stalwart) +``` diff --git a/memory/claude-usage.json b/memory/claude-usage.json index e2b3929..800a782 100644 --- a/memory/claude-usage.json +++ b/memory/claude-usage.json @@ -1,9 +1,9 @@ { - "last_updated": "2026-02-19T11:29:28.217199Z", + "last_updated": "2026-02-19T11:53:31.411834Z", "source": "api", - "session_percent": 1, - "session_resets": "2026-02-19T16:00:01.172272+00:00", + "session_percent": 5, + "session_resets": "2026-02-19T16:00:01.382338+00:00", "weekly_percent": 73, - "weekly_resets": "2026-02-21T19:00:00.172296+00:00", + "weekly_resets": "2026-02-21T19:00:00.382362+00:00", "sonnet_percent": 35 } \ No newline at end of file diff --git a/memory/heartbeat-state.json b/memory/heartbeat-state.json index d1148d2..94c443e 100644 --- a/memory/heartbeat-state.json +++ b/memory/heartbeat-state.json @@ -1,11 +1,11 @@ { "lastChecks": { - "email": 1771380446, + "email": 1771502031, "calendar": null, "weather": 1771163041, "briefing": 1771163041, "news": 1771163041, - "claude_usage": 1771163041 + "claude_usage": 1771502031 }, "lastBriefing": "2026-02-15T08:44:01.402521", "lastWeeklyDocker": "2026-02-15T05:00:00-05:00",