clawd/memory/infrastructure.md

Infrastructure Map

Updated: 2026-02-15

Home Network

forge (James' Home) — 192.168.1.16

• Role: Primary home for James (OpenClaw, MC, dashboards, all agent services)
• CPU: Intel i7-6700K @ 4.0GHz (4c/8t)
• RAM: 64GB DDR4
• GPU: NVIDIA GTX 970 4GB
• Storage: 477GB NVMe (Samsung 950 PRO 512GB)
• OS: Ubuntu 24.04.1 LTS (headless + minimal GUI for headed Chrome)
• Hostname: forge
• Services: OpenClaw (18789), MC (8025), Alert Dashboard/Fully (9202), James Dashboard (9200), DocSys (9201), OCR (8090), message-bridge (8030), Xvfb:99 + Chrome CDP (9224)

james (Old James Home) — 192.168.1.17

• Role: Retired/backup — kept running "just to be sure"
• Hardware: Lenovo ThinkServer TS140
• CPU: Intel Xeon E3-1225 v3 @ 3.20GHz (4c/4t)
• RAM: 16GB DDR3 ECC (2×8GB, MB issue prevents upgrade)
• Storage: WD Blue SA510 1TB SSD
• OS: Ubuntu 24.04.3 LTS
• Status: Running but not primary. Candidate for decommission once forge proves stable.

staging/dev — 192.168.1.253

• Role: Home server — personal/family services
• Hardware: Lenovo ThinkServer TS140, 4×4TB disks in RAIDZ
• Services: Jellyfin, Immich, and other home services
• Note: This is Johan's home server, not James' domain

prod — 192.168.100.2

• Role: inou production server
• Hardware: Same as staging (TS140 class)
• Location: Home network, dedicated to inou prod
• Status: BROKEN — Johan wants to fix tonight (2026-02-15)
• Note: Different subnet (192.168.100.x)

VPS / Remote

zurich — zurich.inou.com (82.22.36.202) ← REAL ZURICH

• Role: Primary remote infrastructure (security, monitoring, mail, git, vault)
• Location: Zürich, Switzerland (HostKey VPS, separate account from Amsterdam)
• Hostname: hostkey50304
• Specs: 4 vCore, 6GB RAM, 120GB SSD
• OS: Ubuntu 24.04
• Management: Full autonomy — James manages
• Tailscale: 100.70.148.118 (labeled "zurich" in tailnet)
• SSH: root@82.22.36.202 or tailscale ssh root@zurich
• Services:
  • Caddy (80/443) → ntfy.inou.com:2586, kuma.inou.com:3001, vault.inou.com:8080, mail.inou.com/mail.jongsma.me:8880, zurich.inou.com (static), harryhaasjes.nl (static)
  • Uptime Kuma (127.0.0.1:3001) — 8 monitors; push tokens: OC=r1G9JcTYCg, MC=rLdedldMLP
  • Vaultwarden Docker (127.0.0.1:8080) — 2 users registered; /opt/vaultwarden/
  • ntfy (systemd, port 2586) — topic: forge-alerts
  • Stalwart mail server (systemd) — migrated from Amsterdam 2026-02-19; data at /opt/stalwart/data/ (18GB RocksDB); ports 25/465/587/143/993; ACME certs for mail.inou.com + mail.jongsma.me
  • Git server (git user, git-shell) — repos: azure-backup, clawdnode-android, inou-mobile, mail-agent
• Hardened: UFW, fail2ban, key-only SSH, services on localhost
• Updated: 2026-02-19

amsterdam — DECOMMISSIONED 2026-02-21

• IP: 82.24.174.112 (HostKey VPS, server ID 53643)
• Status: ⚰️ All services removed. Cancellation submitted via HostKey invapi. DNS record amsterdam.inou.com deleted.
• What was here: Mail (Stalwart, migrated to Zurich 2026-02-19), Kuma, Vaultwarden, ntfy, Shannon security scanner — all removed
• Git repos: alert-dashboard, dealroom, message-center — all already mirrored on Zurich (confirmed)
• HostKey panel: https://panel.hostkey.com/controlpanel.html?key=639551e73029b90f-c061af4412951b2e (confirm cancellation if needed)

Network Notes

• Home LAN: 192.168.1.0/24 (main), 192.168.100.0/24 (prod), 192.168.2.0/24 (IoT), 192.168.3.0/24 (?)
• Tailscale overlay for remote access
• UDM-Pro as core router

VPS Hardening Checklist (MANDATORY for every new VPS)

1. PasswordAuthentication no in sshd
2. PermitRootLogin prohibit-password
3. Install & configure UFW (deny incoming, allow SSH/80/443/Tailscale)
4. Install & configure fail2ban (sshd jail, 3 retries, 1h ban)
5. Auto-updates enabled
6. All services bound to 127.0.0.1 unless explicitly needed public
7. Caddy for TLS termination
8. Join Tailscale
9. Verify with ss -tlnp — nothing unexpected on 0.0.0.0