# New Server Migration Plan (2026-02-03) ## Target: New ThinkServer TS140 — Ubuntu 24.04 **Current IP:** 192.168.3.134 (temporary) **Final IP:** 192.168.1.16 (keep same — all configs, Tailscale, Caddy, etc. already point here) **User:** johan **Sudo password:** Helder06 --- ## Phase 1: Base System (SSH access needed) ### 1.1 First Login - [ ] SSH in, update system - [ ] Set hostname to `james` - [ ] Install essentials: curl, git, jq, htop, tmux, build-essential, pass, gnupg ### 1.2 GUI — Minimal Xfce (match current) Current setup: **Xubuntu desktop (Xfce4 + LightDM + X11)** - [ ] `apt install xubuntu-desktop-minimal lightdm xorg` - [ ] Set LightDM as display manager - [ ] Configure autologin for johan (headless Chrome needs a session) - [ ] Disable screensaver/power management ### 1.3 GTX 970 — Inference Only (NOT display) - [ ] Install NVIDIA driver (nvidia-driver-535 or latest for GTX 970) - [ ] Configure Xorg to use ONLY Intel iGPU for display - [ ] Write /etc/X11/xorg.conf pinning display to Intel - [ ] Install CUDA toolkit (for inference) - [ ] Verify: `nvidia-smi` shows GPU, display runs on Intel ### 1.4 Hardening - [ ] UFW firewall (allow SSH, deny rest, open services as needed) - [ ] Fail2ban for SSH - [ ] Disable root login via SSH - [ ] SSH key-only auth (disable password auth) - [ ] Unattended security updates --- ## Phase 2: Services ### 2.1 Node.js + OpenClaw - [ ] Install Node 22.x (nodesource) - [ ] npm install -g openclaw - [ ] Copy config: ~/.clawdbot/ (entire directory) - [ ] Copy workspace: ~/clawd/ (entire directory) - [ ] Set up systemd user service for openclaw-gateway ### 2.2 Chrome + Chromium - [ ] Install Google Chrome (for relay extension) - [ ] Install Chromium (headless automation) - [ ] Copy Chrome profile (~/.config/google-chrome/) ### 2.3 Signal CLI - [ ] Install signal-cli - [ ] Copy data: ~/.local/share/signal-cli/ - [ ] Set up daemon service on port 8080 ### 2.4 Proton Mail Bridge - [ ] Install protonmail-bridge (headless) - [ ] Copy GPG keyring (~/.gnupg/) - [ ] Copy pass store (~/.password-store/) - [ ] Set up systemd service ### 2.5 Mail Bridge / Message Center - [ ] Copy source: ~/dev/mail-bridge/ - [ ] Copy data: ~/.message-center/ - [ ] Set up systemd service on port 8025 ### 2.6 Message Bridge (WhatsApp) - [ ] Copy source: ~/dev/message-bridge/ - [ ] Copy data: ~/.message-bridge/ - [ ] Set up systemd service on port 8030 - [ ] May need re-linking (QR scan) ### 2.7 James Dashboard - [ ] Copy source: ~/dev/james-dashboard/ - [ ] Set up systemd service on port 9200 ### 2.8 Samba - [ ] Install samba - [ ] Create shares: sophia, inou-dev, johan, docscan, scan-inbox - [ ] Create SMB users: johan, scanner ### 2.9 Tailscale - [ ] Install tailscale - [ ] `tailscale up` (will need auth) - [ ] Should get same Tailscale IP (100.123.216.65) if old node is removed first ### 2.10 Document System - [ ] Copy ~/documents/ tree - [ ] Set up docsys service --- ## Phase 3: AI / Inference ### 3.1 GLM-OCR (0.9B) - [ ] Install Python venv for inference - [ ] Install PyTorch with CUDA support - [ ] Install transformers, accelerate - [ ] Download glm-ocr model (Zhipu GLM-Edge-V 0.9B or similar) - [ ] Create inference API service - [ ] Test with sample document --- ## Phase 4: Data Migration ### 4.1 Copy Everything From current server (192.168.1.16) to new (192.168.3.134): ```bash # Core workspace rsync -avz ~/clawd/ newbox:~/clawd/ # OpenClaw config + state rsync -avz ~/.clawdbot/ newbox:~/.clawdbot/ # Dev projects rsync -avz ~/dev/ newbox:~/dev/ # Documents rsync -avz ~/documents/ newbox:~/documents/ # Signal data rsync -avz ~/.local/share/signal-cli/ newbox:~/.local/share/signal-cli/ # Chrome profile rsync -avz ~/.config/google-chrome/ newbox:~/.config/google-chrome/ # GPG + pass rsync -avz ~/.gnupg/ newbox:~/.gnupg/ rsync -avz ~/.password-store/ newbox:~/.password-store/ # Sophia docs rsync -avz ~/sophia/ newbox:~/sophia/ # Message bridge data rsync -avz ~/.message-bridge/ newbox:~/.message-bridge/ rsync -avz ~/.message-center/ newbox:~/.message-center/ # Systemd user services rsync -avz ~/.config/systemd/user/*.service newbox:~/.config/systemd/user/ # SSH keys rsync -avz ~/.ssh/ newbox:~/.ssh/ # NPM global packages list npm list -g --depth=0 > /tmp/npm-global-packages.txt ``` ### 4.2 IP Swap 1. Shut down old server 2. Change new server IP from 192.168.3.134 → 192.168.1.16 3. Everything (Caddy, Tailscale, bookmarks, configs) just works --- ## SSH Key Setup Johan needs to add his SSH public key to the new machine: ```bash # On your Mac/workstation, copy your public key to the new server: ssh-copy-id -i ~/.ssh/id_ed25519.pub johan@192.168.3.134 # Or manually: cat ~/.ssh/id_ed25519.pub | ssh johan@192.168.3.134 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys' ``` The current authorized keys are: - `ssh-ed25519 ...N7f johan@ubuntu2404` (Johan's key) - `ssh-ed25519 ...fD39 claude@macbook` (Claude Code key) Both need to be on the new machine. --- ## Current Services Inventory | Service | Port | Status | |---------|------|--------| | OpenClaw Gateway | 18789 | running | | Signal CLI daemon | 8080 | running | | Proton Mail Bridge | 1143/1025 | running | | Mail Bridge (MC) | 8025 | running | | Message Bridge (WA) | 8030 | running | | James Dashboard | 9200 | running | | DocSys | ? | running | | Chrome (headed) | - | for relay | | Chromium (headless) | 9223 | on-demand | ## Crontab ``` */5 * * * * /home/johan/clawd/scripts/k2-watchdog.sh ```