johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/2026-02-19.md

172 lines
9.2 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 2026-02-19
## SSH Keys Added
- `johanjongsma@Johans-MacBook-Pro.local` → added to forge authorized_keys
- `johan@thinkpad-x1` → added to forge authorized_keys
- ThinkPad X1: 2019 model, Ubuntu 24.04 desktop, IP 192.168.0.223 (WiFi), hostname `johan-x1`, kernel 6.17
- James SSH key (james@forge) added to ThinkPad X1 — forge can now SSH in
## Rogue Agent — Go Environment
- At 23:30 tonight a rogue agent ran: `apt install golang-go` (Go 1.22.2), installed libgtk-3-dev + libwebkit2gtk-4.1-dev (Wails deps), installed `~/go/bin/wails` binary
- Was setting up Wails framework
- Fix: removed apt golang packages, Go 1.23.6 from /usr/local/go restored as active
- PATH fixed in .bashrc: `/usr/local/go/bin` now at FRONT (was at end — easily shadowed by apt)
- wails binary left in ~/go/bin — Johan's call whether to keep
## Win Alerts Fix (M365 → Fully)
- Kaseya win alerts (winalert@kaseya.com) were still posting to Fully tablet
- Fix: added silent sender filter in connector_m365.go — suppresses Fully alerts for:
- winalert@kaseya.com, lostalert@kaseya.com, standard.instrumentation@kaseya.com, noreply@salesforce.com
- Committed `b408ebc` on mc-unified branch, mail-bridge restarted
## Zurich Infrastructure Rebuild (MAJOR)
The night's biggest event — Zurich's services were all broken/missing.
### Root Cause
- Caddy was NOT installed on Zurich (despite memory notes saying it was). Services (ntfy, Uptime Kuma) were not running.
- Stalwart had claimed port 443 when set up Feb 17, and vault.inou.com DNS pointed to Zurich with no Vaultwarden behind it.
- The home Caddy had `includeSubDomains` HSTS on inou.com, causing Chrome to hard-block vault.inou.com when cert was wrong.
### What Was Installed Tonight
1. **Caddy** — installed fresh on Zurich, now owns port 443
2. **Stalwart** — moved HTTPS from public :443 → localhost:8443 (mail ports unchanged)
3. **Vaultwarden** — deployed at /opt/vaultwarden, serving vault.jongsma.me (Johan wanted it on Zurich)
4. **ntfy** — fresh install, /opt/ntfy, user `james` / `JamesNtfy2026!`, token `tk_ggphzgdis49ddsvu51qam6bgzlyxn`
5. **Uptime Kuma** — fresh install, /opt/uptime-kuma, all monitors lost (0 monitors currently)
### DNS Changes
- `vault.jongsma.me` → 82.24.174.112 (Zurich) — was caught by *.jongsma.me wildcard pointing to home
### Vaultwarden Drama
- Johan asked "vault.jongsma.me or vault.inou.com?" — I answered vault.inou.com (wrong)
- No data found anywhere — original Vaultwarden install may never have existed or data was lost
- Johan's passwords are still in Proton Pass (unchanged)
- Fresh Vaultwarden at https://vault.jongsma.me — Johan needs to create account + import
### ntfy Token Changed
- Old token: `tk_k120jegay3lugeqbr9fmpuxdqmzx5` (was in TOOLS.md)
- New token: `tk_ggphzgdis49ddsvu51qam6bgzlyxn` — TOOLS.md updated
### Uptime Kuma Monitors Lost
All 8 monitors need to be re-added. Known from memory:
1. inou.com HTTP
2. inou.com API
3. Zurich VPS
4. DNS
5. SSL Cert
6. Forge — OpenClaw (push token: r1G9JcTYCg) → ntfy
7. Forge — Message Center (push token: rLdedldMLP) → OC webhook
8. Home Network Public (ping 47.197.93.62) → ntfy
Johan hasn't confirmed if he wants them rebuilt.
## Claude Usage
- 73% weekly (resets Fri Feb 21 ~2pm ET)
- Warning posted to Fully dashboard
- K2.5 emergency switch available if needed
## Zurich Caddy Config (current state)
```
vault.jongsma.me → 127.0.0.1:8222 (Vaultwarden)
ntfy.inou.com → 127.0.0.1:2586 (ntfy)
kuma.inou.com → 127.0.0.1:3001 (Uptime Kuma)
mail.inou.com, mail.jongsma.me → 127.0.0.1:8443 (Stalwart)
```
## Stalwart Mail Migration: Amsterdam → Zurich (2026-02-19 overnight)
### What happened
- rsync completed (19GB RocksDB from /opt/stalwart-mail/data/ on Amsterdam → /opt/stalwart/data/ on Zurich)
- Discovered Zurich Stalwart config was bare skeleton (missing ACME, hostname, trusted-networks)
- Updated /opt/stalwart/etc/config.toml with Amsterdam's config values
- Flipped mail.inou.com DNS from Amsterdam (82.24.174.112) → Zurich (82.22.36.202) via Cloudflare
- Stalwart running on Zurich: ports 25/465/587/143/993/995 all up, TLS 1.3, valid LE cert
### SMTP security audit + fixes
All 6 issues found and resolved:
1. jongsma.me SPF → v=spf1 a:mail.jongsma.me -all (was ProtonMail)
2. jongsma.me DKIM → stalwart._domainkey.jongsma.me added (ed25519 key cwP26...)
3. jongsma.me DMARC → p=reject, rua=mailto:dmarc@jongsma.me (was p=none)
4. Rate limiting → already configured (5/1s per IP, 25/hr per sender), confirmed working
5. AUTH PLAIN/LOGIN → was never broken, shows correctly after STARTTLS
6. inou.com DKIM DNS mismatch → updated to 8QPYBCe... (DB key was different from old DNS)
Also: cleaned up duplicate jongsma-me DKIM signature created by mistake
### Amsterdam state
- Stalwart: stopped and disabled (data preserved at /opt/stalwart-mail/)
- Shannon: fully removed
- Duplicate Kuma/Vaultwarden/ntfy: still running, to be cleaned up later
- DO NOT start Amsterdam Stalwart, do NOT delete data yet
### DNS state (all correct at Cloudflare/1.1.1.1)
- mail.inou.com → 82.22.36.202 (Zurich)
- mail.jongsma.me → 82.22.36.202 (Zurich)
- stalwart._domainkey.inou.com → 8QPYBCeqIm1WMXH0f1VBTeSt0hIIAYPrh7fcV4IHGnM=
- stalwart._domainkey.jongsma.me → cwP26GBsSjSGXakknI8TiD7nPUjAp8nqTl05XNaYFgE=
- v=spf1 a:mail.jongsma.me -all (jongsma.me)
- _dmarc.jongsma.me → p=reject
## Afternoon Session (Feb 19) — Major Accomplishments
### Johan Career History (NEW — important context)
- Founded **Iaso Backup** → sold to GFI/Insight Partners 2013 → became **Cove Data Protection** at N-able = "his baby"
- Left N-able 2019, still most knowledgeable person on Cove architecture
- Now at Kaseya/Datto: building **Datto Endpoint Backup 2 (EPB2)** — Go rewrite, D2C agent + appliance compatible
- EPB2: 100k+ installations, shipping at scale
- Cove original code: C++ from 2009/2010, rock-solid, nobody dares touch it
- Engineering Leader frustration: took 1 year to ship Mac installer (software worked in Feb, released Dec)
- Kaseya context: almost all C-level <1 year tenure, new CTO has bigger fish to fry
- Openprovider account: `johan.jongsma@iasobackup.com` (kept old company domain)
- **Harry Haasjes**: Johan's sister Wenda's husband, Signal +31628124366, wants to write a book (topic unknown)
### N-able (NABL) Discussion
- Q4 2025: $130.3M revenue (+11.8%), ARR $539.7M, guiding 8-9% CC growth (deceleration)
- Thoma Bravo + Silver Lake each ~⅓ owners since SolarWinds LBO, explored sale at $2.5B (2024), now at $1B
- PE buyout thesis: 1.8x ARR, 30%+ EBITDA margins, MSP customer stickiness, both PE firms want exit
- Patrick Pulvermueller (ex-Acronis CEO) joined NABL board
### DNS Mass Fix
- 6 domains had wrong Cloudflare NS (aryanna/sage should be arvind/wren) + DNSSEC pointing at dead zones
- **Root cause**: Cloudflare zone migration created new zones with arvind/wren but OpenProvider still pointed to old aryanna/sage zones (which were deleted)
- Fixed all 6: harryhaasjes.nl, johanjongsma.nl, localbackup.in, stpetersburgaquatics.com, x4.trading, 851brightwaters.com
- DNSSEC disabled on all 6 (DS records removed from TLDs)
### Harry Haasjes Full Setup
- harryhaasjes.nl: "coming soon" placeholder live on Zurich (Dutch, theme)
- harry@harryhaasjes.nl: Stalwart account created, catch-all (@harryhaasjes.nl) added
- SFTP: user `harry-web`, pw `HarryWeb2026!`, chrooted to /var/www/harryhaasjes/
- All sent to Harry via Signal in Dutch
- Harry is NOT technical keep all communication simple
### stpetersburgaquatics.com
- Site was hosted on old home IP 47.206.57.145 (Frontier, St. Petersburg FL) dead
- Multiple domains used 47.206.57.x range (old home IPs, no longer valid)
- Coming soon page live on Zurich: 🏊 theme, dark blue
### Proton Bridge → Stalwart Migration (Message Center)
- MC now connects directly to Stalwart on mail.jongsma.me:993 (SSL/TLS)
- Passwords: tj@jongsma.me = `!Lekker69`, johan@jongsma.me = `!!Lekker69`
- YAML gotcha: `!` at start of value is YAML tag indicator must quote: `password: "${VAR}"`
- systemd env gotcha: `!` in EnvironmentFile values needs quoting in systemd
- Proton Bridge: stopped + disabled
- SMS connector: disabled (phone disconnected, was causing 15s hangs on /messages/new)
- MC `/messages/new` was hanging due to SMS connector 15s timeout fixed by disabling
### Email Triage (Full Inbox Catch-Up)
- Ran full triage on tj + johan inboxes (32 messages)
- Key finds: Delta flight today (TPAJFK DL2475, return DL2093, conf F86VDN), Nordstrom bill $59.06 due 03/16
- memumi iPhone 17 cases arriving Saturday 2/21 added to deliveries dashboard
- Moved all 18 johan inbox messages to Archive folder in Stalwart via IMAP (were marked read but not moved)
### OpenClaw Auth (Important!)
- Config shows `"mode": "token"` but this is misleading that IS an OAuth token
- We are on **Claude Max subscription OAuth**, NOT API key
- This means Anthropic's crackdown on OpenClaw subscription use DOES apply to us
- Risk: Anthropic could cancel Johan's Max account
- Options discussed: switch to API key, switch to OpenAI, or accept risk
- Johan considering no decision yet
### Delivery Preference Updated
- Briefings **Telegram with rich format** (bold, italic, headers)
- Signal for alerts, quick pings, conversational replies
Reference in New Issue View Git Blame Copy Permalink