johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/infrastructure.md

4.7 KiB
Raw Blame History

Infrastructure Map

Updated: 2026-02-15

Home Network

Network Topology

  • Subnet: 192.168.0.1/22 (covers 192.168.0.x192.168.3.x)
  • Router: UDM-Pro at 192.168.1.1
  • Primary WAN: 1Gb Frontier/Verizon fiber
  • Backup WAN: Starlink (manual hookup, ~15 min setup time) — used during 2024 hurricane floods

forge (James' Home) — 192.168.1.16

  • Role: Primary home for James (OpenClaw, MC, dashboards, all agent services)
  • CPU: Intel i7-6700K @ 4.0GHz (4c/8t)
  • RAM: 64GB DDR4
  • GPU: NVIDIA GTX 970 4GB
  • Storage: 477GB NVMe (Samsung 950 PRO 512GB)
  • OS: Ubuntu 24.04.1 LTS (headless + minimal GUI for headed Chrome)
  • Hostname: forge
  • Services: OpenClaw (18789), MC (8025), Alert Dashboard/Fully (9202), James Dashboard (9200), DocSys (9201), OCR (8090), message-bridge (8030), Xvfb:99 + Chrome CDP (9224)

james (Old James Home) — 192.168.1.17

  • Role: Retired/backup — kept running "just to be sure"
  • Hardware: Lenovo ThinkServer TS140
  • CPU: Intel Xeon E3-1225 v3 @ 3.20GHz (4c/4t)
  • RAM: 16GB DDR3 ECC (2×8GB, MB issue prevents upgrade)
  • Storage: WD Blue SA510 1TB SSD
  • OS: Ubuntu 24.04.3 LTS
  • Status: Running but not primary. Candidate for decommission once forge proves stable.

staging/dev — 192.168.1.253

  • Role: Home server — personal/family services
  • Hardware: Lenovo ThinkServer TS140, 4×4TB disks in RAIDZ
  • Services: Jellyfin, Immich, and other home services
  • Note: This is Johan's home server, not James' domain

prod — 192.168.100.2

  • Role: inou production server
  • Hardware: Same as staging (TS140 class)
  • Location: Home network, dedicated to inou prod
  • Status: BROKEN — Johan wants to fix tonight (2026-02-15)
  • Note: Different subnet (192.168.100.x)

VPS / Remote

zurich — zurich.inou.com (82.22.36.202) ← REAL ZURICH

  • Role: Primary remote infrastructure (security, monitoring, mail, git, vault)
  • Location: Zürich, Switzerland (HostKey VPS, separate account from Amsterdam)
  • Hostname: hostkey50304
  • Specs: 4 vCore, 6GB RAM, 120GB SSD
  • OS: Ubuntu 24.04
  • Management: Full autonomy — James manages
  • Tailscale: 100.70.148.118 (labeled "zurich" in tailnet)
  • SSH: root@82.22.36.202 or tailscale ssh root@zurich
  • Services:
    • Caddy (80/443) → ntfy.inou.com:2586, kuma.inou.com:3001, vault.inou.com:8080, mail.inou.com/mail.jongsma.me:8880, zurich.inou.com (static), harryhaasjes.nl (static)
    • Uptime Kuma (127.0.0.1:3001) — 8 monitors; push tokens: OC=r1G9JcTYCg, MC=rLdedldMLP
    • Vaultwarden Docker (127.0.0.1:8080) — 2 users registered; /opt/vaultwarden/
    • ntfy (systemd, port 2586) — topic: forge-alerts
    • Stalwart mail server (systemd) — migrated from Amsterdam 2026-02-19; data at /opt/stalwart/data/ (18GB RocksDB); ports 25/465/587/143/993; ACME certs for mail.inou.com + mail.jongsma.me
    • Git server (git user, git-shell) — repos: azure-backup, clawdnode-android, inou-mobile, mail-agent
  • Hardened: UFW, fail2ban, key-only SSH, services on localhost
  • Updated: 2026-02-19

amsterdam/shannon/dealspace — 82.24.174.112

  • Role: Dealspace dev/staging server
  • IP: 82.24.174.112 (HostKey VPS, server ID 53643)
  • NOT decommissioned — paid until 2026-04-09 (~mid-April)
  • DNS: amsterdam.inou.com → 82.24.174.112 (keep)
  • Specs: 4 vCore / 6GB RAM / 120GB SSD
  • OS: Ubuntu 24.04 (reinstalled 2026-02-28)
  • SSH: root@82.24.174.112 (key auth only, james@forge key)
  • Services: (to be deployed — Dealspace)
  • Hardened: UFW, fail2ban, key-only SSH, Caddy installed, Tailscale installed (needs auth)
  • Updated: 2026-02-28

Network Notes

  • Home LAN: 192.168.1.0/24 (main), 192.168.100.0/24 (prod), 192.168.2.0/24 (IoT), 192.168.3.0/24 (?)
  • Tailscale overlay for remote access
  • UDM-Pro as core router

VPS Hardening Checklist (MANDATORY for every new VPS)

  1. PasswordAuthentication no in sshd
  2. PermitRootLogin prohibit-password
  3. Install & configure UFW (deny incoming, allow SSH/80/443/Tailscale)
  4. Install & configure fail2ban (sshd jail, 3 retries, 1h ban)
  5. Auto-updates enabled
  6. All services bound to 127.0.0.1 unless explicitly needed public
  7. Caddy for TLS termination
  8. Join Tailscale
  9. Verify with ss -tlnp — nothing unexpected on 0.0.0.0

Home Assistant API Token

  • URL: http://192.168.1.252:8123
  • Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1MjAyNTkyNmQzZmU0YjFmOWQzOGY5OGUyZTA5ZGQ3OCIsImlhdCI6MTc3MzY0MTE5MiwiZXhwIjoyMDg5MDAxMTkyfQ.AG_nmfHzr-O8fqM2BRncheb-Q9BBKnZsWH-24fpJT2I
  • Updated: 2026-03-16 (changed during Matter switch setup)
  • Used by: alert-dashboard.service (~/.config/systemd/user/alert-dashboard.service)