johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/infrastructure.md

78 lines
3.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Infrastructure Map
*Updated: 2026-02-15*
## Home Network
### forge (James' Home) — 192.168.1.16
- **Role:** Primary home for James (OpenClaw, MC, dashboards, all agent services)
- **CPU:** Intel i7-6700K @ 4.0GHz (4c/8t)
- **RAM:** 64GB DDR4
- **GPU:** NVIDIA GTX 970 4GB
- **Storage:** 477GB NVMe (Samsung 950 PRO 512GB)
- **OS:** Ubuntu 24.04.1 LTS (headless + minimal GUI for headed Chrome)
- **Hostname:** forge
- **Services:** OpenClaw (18789), MC (8025), Alert Dashboard/Fully (9202), James Dashboard (9200), DocSys (9201), OCR (8090), message-bridge (8030), Xvfb:99 + Chrome CDP (9224)
### james (Old James Home) — 192.168.1.17
- **Role:** Retired/backup — kept running "just to be sure"
- **Hardware:** Lenovo ThinkServer TS140
- **CPU:** Intel Xeon E3-1225 v3 @ 3.20GHz (4c/4t)
- **RAM:** 16GB DDR3 ECC (2×8GB, MB issue prevents upgrade)
- **Storage:** WD Blue SA510 1TB SSD
- **OS:** Ubuntu 24.04.3 LTS
- **Status:** Running but not primary. Candidate for decommission once forge proves stable.
### staging/dev — 192.168.1.253
- **Role:** Home server — personal/family services
- **Hardware:** Lenovo ThinkServer TS140, 4×4TB disks in RAIDZ
- **Services:** Jellyfin, Immich, and other home services
- **Note:** This is Johan's home server, not James' domain
### prod — 192.168.100.2
- **Role:** inou production server
- **Hardware:** Same as staging (TS140 class)
- **Location:** Home network, dedicated to inou prod
- **Status:** BROKEN — Johan wants to fix tonight (2026-02-15)
- **Note:** Different subnet (192.168.100.x)
## VPS / Remote
### zurich — zurich.inou.com (82.24.174.112)
- **Role:** inou supervising/security tools
- **Location:** Zurich, Switzerland (VPS)
- **Management:** Full autonomy — James manages, Johan has backup SSH key
- **Tailscale:** Yes, part of tailnet
- **Services:** Uptime Kuma (127.0.0.1:3001), Caddy (80/443), Greenbone (stopped)
- **Hardened 2026-02-15:** UFW (deny incoming, allow SSH/80/443/Tailscale), fail2ban, PasswordAuth disabled, PermitRootLogin prohibit-password, Kuma bound to localhost
### shannon — amsterdam.inou.com (82.24.174.112)
- **Role:** Dedicated Shannon security scanner VPS
- **Location:** Netherlands (HostKey VPS, server ID 53643)
- **Management:** Full autonomy — James manages, Johan has backup SSH key
- **Hostname:** vm-mini
- **Specs:** 4 vCore, 6GB RAM, 120GB SSD
- **SSH:** root@82.24.174.112 (key auth)
- **Services:** Shannon (Temporal + Router + Worker via Docker), no Tailscale (by design)
- **Egress:** Locked to inou.com + Anthropic API only
- **DNS:** amsterdam.inou.com A-record set 2026-02-15
- **Due date:** 2026-03-09 (22 days)
- **HostKey API:** key=639551e73029b90f-c061af4412951b2e
- **TODO:** Harden per VPS checklist (same as zurich)
## Network Notes
- Home LAN: 192.168.1.0/24 (main), 192.168.100.0/24 (prod), 192.168.2.0/24 (IoT), 192.168.3.0/24 (?)
- Tailscale overlay for remote access
- UDM-Pro as core router
## VPS Hardening Checklist (MANDATORY for every new VPS)
1. `PasswordAuthentication no` in sshd
2. `PermitRootLogin prohibit-password`
3. Install & configure UFW (deny incoming, allow SSH/80/443/Tailscale)
4. Install & configure fail2ban (sshd jail, 3 retries, 1h ban)
5. Auto-updates enabled
6. All services bound to 127.0.0.1 unless explicitly needed public
7. Caddy for TLS termination
8. Join Tailscale
9. Verify with `ss -tlnp` — nothing unexpected on 0.0.0.0
Reference in New Issue View Git Blame Copy Permalink