2026-02-19: SSH keys, Go fix, win alerts filter, Zurich infra rebuild, ntfy/kuma/vaultwarden notes

2026-02-19 06:54:30 -05:00 · 2026-02-19 06:54:30 -05:00 · aca9d2d718
parent 39b07e31dd
commit aca9d2d718
3 changed files with 69 additions and 52 deletions
--- a/memory/2026-02-19.md
+++ b/memory/2026-02-19.md
@ -1,57 +1,74 @@
 # 2026-02-19
 ## SSH Keys Added
- Johan's MacBook Pro: `johanjongsma@Johans-MacBook-Pro.local` → forge authorized_keys
+- `johanjongsma@Johans-MacBook-Pro.local` → added to forge authorized_keys
- ThinkPad X1 (2019, Ubuntu 24.04): `johan@thinkpad-x1` → forge authorized_keys
+- `johan@thinkpad-x1` → added to forge authorized_keys
-  - IP: 192.168.0.223 (WiFi), hostname: `johan-x1`, kernel 6.17
+- ThinkPad X1: 2019 model, Ubuntu 24.04 desktop, IP 192.168.0.223 (WiFi), hostname `johan-x1`, kernel 6.17
-  - Had to enable SSH via CC prompt, add james@forge key separately
+- James SSH key (james@forge) added to ThinkPad X1 — forge can now SSH in
-## Go Environment Restored (rogue agent damage)
+## Rogue Agent — Go Environment
- Rogue agent installed `golang-go` via apt at 23:30 → Go 1.22.2 shadowed Go 1.23.6
+- At 23:30 tonight a rogue agent ran: `apt install golang-go` (Go 1.22.2), installed libgtk-3-dev + libwebkit2gtk-4.1-dev (Wails deps), installed `~/go/bin/wails` binary
- Also installed libgtk-3-dev, libwebkit2gtk-4.1-dev, wails binary (was building Wails app)
+- Was setting up Wails framework
- Fix: removed apt golang packages, moved `/usr/local/go/bin` to FRONT of PATH in .bashrc
+- Fix: removed apt golang packages, Go 1.23.6 from /usr/local/go restored as active
- Go 1.23.6 restored as active version
+- PATH fixed in .bashrc: `/usr/local/go/bin` now at FRONT (was at end — easily shadowed by apt)
- Note: azure-backup needs go1.24.12, inou needs go1.24.4 (GOTOOLCHAIN=auto handles this)
+- wails binary left in ~/go/bin — Johan's call whether to keep
-## Win Alerts Suppressed from Fully Dashboard
+## Win Alerts Fix (M365 → Fully)
- Fixed connector_m365.go: added `silentSenders` list
+- Kaseya win alerts (winalert@kaseya.com) were still posting to Fully tablet
- winalert@kaseya.com, lostalert@kaseya.com, standard.instrumentation@kaseya.com, noreply@salesforce.com
+- Fix: added silent sender filter in connector_m365.go — suppresses Fully alerts for:
- Committed `b408ebc` on mc-unified, restarted mail-bridge
+  - winalert@kaseya.com, lostalert@kaseya.com, standard.instrumentation@kaseya.com, noreply@salesforce.com
 - Committed `b408ebc` on mc-unified branch, mail-bridge restarted
-## Zurich Infrastructure Restored
+## Zurich Infrastructure Rebuild (MAJOR)
-**Root cause:** When Stalwart mail server was set up Feb 17, it took port 443, killing Caddy (which wasn't on Zurich anyway — wrong assumption). ntfy, Kuma, and vault were all broken.
+The night's biggest event — Zurich's services were all broken/missing.
-**Tonight's fixes:**
+### Root Cause
- Installed Caddy on Zurich (82.24.174.112)
+- Caddy was NOT installed on Zurich (despite memory notes saying it was). Services (ntfy, Uptime Kuma) were not running.
- Moved Stalwart HTTPS from public :443 → 127.0.0.1:8443
+- Stalwart had claimed port 443 when set up Feb 17, and vault.inou.com DNS pointed to Zurich with no Vaultwarden behind it.
- Deployed Vaultwarden: /opt/vaultwarden → vault.jongsma.me
+- The home Caddy had `includeSubDomains` HSTS on inou.com, causing Chrome to hard-block vault.inou.com when cert was wrong.
 - Deployed ntfy: /opt/ntfy → ntfy.inou.com (port 2586)
  - New token: `tk_ggphzgdis49ddsvu51qam6bgzlyxn` (old one gone)
  - User: james / JamesNtfy2026!
 - Deployed Uptime Kuma: /opt/uptime-kuma → kuma.inou.com (port 3001) — FRESH, no monitors
 - Added vault.jongsma.me DNS A record → 82.24.174.112 (was wildcard *.jongsma.me → home)
-**Zurich Caddyfile:** vault.jongsma.me, ntfy.inou.com, kuma.inou.com, mail.inou.com, mail.jongsma.me
+### What Was Installed Tonight
 1. **Caddy** — installed fresh on Zurich, now owns port 443
 2. **Stalwart** — moved HTTPS from public :443 → localhost:8443 (mail ports unchanged)
 3. **Vaultwarden** — deployed at /opt/vaultwarden, serving vault.jongsma.me (Johan wanted it on Zurich)
 4. **ntfy** — fresh install, /opt/ntfy, user `james` / `JamesNtfy2026!`, token `tk_ggphzgdis49ddsvu51qam6bgzlyxn`
 5. **Uptime Kuma** — fresh install, /opt/uptime-kuma, all monitors lost (0 monitors currently)
-## Vaultwarden History (messy)
+### DNS Changes
- Memory notes said vault.inou.com was deployed — was NOT true
+- `vault.jongsma.me` → 82.24.174.112 (Zurich) — was caught by *.jongsma.me wildcard pointing to home
 - vault.inou.com DNS → Zurich, but Stalwart was serving it with wrong cert (mail.inou.com)
 - HSTS `includeSubDomains` on inou.com home Caddy caused Chrome to hard-block vault.inou.com
 - Johan uploaded passwords to what he thought was Vaultwarden — data went nowhere (Stalwart)
 - Passwords are safe in Proton Pass (never deleted)
 - Now properly deployed at vault.jongsma.me on Zurich
 - TODO: Johan needs to create account + import Proton Pass, then disable signups
-## Uptime Kuma — Needs Monitors Re-added
+### Vaultwarden Drama
-All monitors lost when Kuma was redeployed fresh. Need to re-add:
+- Johan asked "vault.jongsma.me or vault.inou.com?" — I answered vault.inou.com (wrong)
- inou.com monitors (HTTP, API, DNS, SSL)
+- No data found anywhere — original Vaultwarden install may never have existed or data was lost
- Zurich VPS
+- Johan's passwords are still in Proton Pass (unchanged)
- Forge/OpenClaw
+- Fresh Vaultwarden at https://vault.jongsma.me — Johan needs to create account + import
 - Message Center
 - Home network
-## TODO (Pending)
+### ntfy Token Changed
- [ ] Vaultwarden: Johan creates account + imports Proton Pass + disable signups
+- Old token: `tk_k120jegay3lugeqbr9fmpuxdqmzx5` (was in TOOLS.md)  
- [ ] Uptime Kuma: re-add all monitors
+- New token: `tk_ggphzgdis49ddsvu51qam6bgzlyxn` — TOOLS.md updated
- [ ] ntfy Uptime Kuma push monitors need re-wiring
+
- [ ] Fix HSTS includeSubDomains on home Caddy (inou.com) — should NOT have preload/includeSubDomains unless all subdomains are served properly
+### Uptime Kuma Monitors Lost
 All 8 monitors need to be re-added. Known from memory:
 1. inou.com HTTP
 2. inou.com API
 3. Zurich VPS
 4. DNS
 5. SSL Cert
 6. Forge — OpenClaw (push token: r1G9JcTYCg) → ntfy
 7. Forge — Message Center (push token: rLdedldMLP) → OC webhook
 8. Home Network Public (ping 47.197.93.62) → ntfy
 Johan hasn't confirmed if he wants them rebuilt.
 ## Claude Usage
 - 73% weekly (resets Fri Feb 21 ~2pm ET)
 - Warning posted to Fully dashboard
 - K2.5 emergency switch available if needed
 ## Zurich Caddy Config (current state)
 ```
 vault.jongsma.me → 127.0.0.1:8222 (Vaultwarden)
 ntfy.inou.com → 127.0.0.1:2586 (ntfy)
 kuma.inou.com → 127.0.0.1:3001 (Uptime Kuma)
 mail.inou.com, mail.jongsma.me → 127.0.0.1:8443 (Stalwart)
 ```
--- a/memory/claude-usage.json
+++ b/memory/claude-usage.json
@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-02-19T11:29:28.217199Z",
+  "last_updated": "2026-02-19T11:53:31.411834Z",
  "source": "api",
-  "session_percent": 1,
+  "session_percent": 5,
-  "session_resets": "2026-02-19T16:00:01.172272+00:00",
+  "session_resets": "2026-02-19T16:00:01.382338+00:00",
  "weekly_percent": 73,
-  "weekly_resets": "2026-02-21T19:00:00.172296+00:00",
+  "weekly_resets": "2026-02-21T19:00:00.382362+00:00",
  "sonnet_percent": 35
 }
--- a/memory/heartbeat-state.json
+++ b/memory/heartbeat-state.json
@ -1,11 +1,11 @@
 {
  "lastChecks": {
-    "email": 1771380446,
+    "email": 1771502031,
    "calendar": null,
    "weather": 1771163041,
    "briefing": 1771163041,
    "news": 1771163041,
-    "claude_usage": 1771163041
+    "claude_usage": 1771502031
  },
  "lastBriefing": "2026-02-15T08:44:01.402521",
  "lastWeeklyDocker": "2026-02-15T05:00:00-05:00",