59 lines
3.2 KiB
Markdown
59 lines
3.2 KiB
Markdown
# 2026-02-19
|
|
|
|
## SSH Keys Added
|
|
- `johanjongsma@Johans-MacBook-Pro.local` → forge authorized_keys (via control UI, ~23:13)
|
|
- `johan@thinkpad-x1` → forge authorized_keys (via Telegram, ~23:34)
|
|
- ThinkPad X1 confirmed: 2019 model, Ubuntu 24.04 desktop, IP 192.168.0.223 (WiFi)
|
|
- james@forge key added to ThinkPad X1 authorized_keys via Claude Code on X1
|
|
- SSH from forge to ThinkPad X1 working: `ssh johan@192.168.0.223`
|
|
|
|
## Go Environment Recovery (rogue agent incident)
|
|
- Rogue agent at 23:30 installed golang-go (1.22.2) via apt, shadowing /usr/local/go (1.23.6)
|
|
- Also installed libgtk-3-dev + libwebkit2gtk-4.1-dev (Wails deps) + wails binary to ~/go/bin
|
|
- **Fixed:** Removed golang-go apt packages, fixed PATH in ~/.bashrc to put /usr/local/go/bin at FRONT
|
|
- Go 1.23.6 active from /usr/local/go — verified in fresh shell
|
|
- wails binary still in ~/go/bin — Johan's call whether to keep
|
|
- message-bridge/go.mod says "go 1.25.6" — pre-existing bug, not rogue agent
|
|
|
|
## Win Alerts Fix
|
|
- Kaseya win alerts (winalert@kaseya.com) were hitting Fully dashboard
|
|
- Fixed in connector_m365.go: added `silentSenders` blocklist filter before postFullyAlert
|
|
- Suppressed: winalert@, lostalert@, standard.instrumentation@kaseya.com, noreply@salesforce.com
|
|
- Committed b408ebc to mc-unified, mail-bridge restarted
|
|
|
|
## ThinkPad X1 SSH Setup
|
|
- CC on ThinkPad ran: installed openssh-server, enabled SSH, added james@forge key
|
|
- IP confirmed: 192.168.0.223 (WiFi), was 192.168.0.211 in old notes
|
|
|
|
## Vaultwarden Saga (BIG one)
|
|
**Root cause chain:**
|
|
1. I (previous session) added HSTS `includeSubDomains; preload` to home Caddy for inou.com
|
|
2. This caused Chrome to hard-enforce HSTS for ALL *.inou.com subdomains
|
|
3. Stalwart was set up on Zurich Feb 17 and claimed port 443
|
|
4. Caddy was NEVER on Zurich — my memory notes documented a plan, not reality
|
|
5. vault.inou.com DNS → Zurich → Stalwart served mail.inou.com cert → wrong cert → HSTS block
|
|
|
|
**What Johan did:** Asked "vault.jongsma.me or vault.inou.com?" — I said vault.inou.com (wrong). He tried to upload passwords but Stalwart rejected the Bitwarden API calls. Passwords did NOT get saved anywhere.
|
|
|
|
**Passwords:** Still safe in Proton Pass (not deleted).
|
|
|
|
**What was actually deployed:** NOTHING — Vaultwarden was never running anywhere.
|
|
|
|
**Final resolution:**
|
|
- vault.jongsma.me → Zurich (82.24.174.112) specific DNS A record created in Cloudflare
|
|
- Caddy on Zurich handles vault.jongsma.me → 127.0.0.1:8222 (Vaultwarden)
|
|
- Vaultwarden running: /opt/vaultwarden/ with data at /opt/vaultwarden/data/
|
|
- Admin token: gFUzyxPCGLkTAx4DnuiWXr+yA5Q8YXWeCEIYG9XDkDU=
|
|
- **TODO:** Johan needs to create account + import from Proton Pass + I disable SIGNUPS_ALLOWED
|
|
|
|
**Zurich Caddy config now serves:**
|
|
- vault.jongsma.me → Vaultwarden (127.0.0.1:8222)
|
|
- mail.inou.com, mail.jongsma.me → Stalwart (127.0.0.1:8443, TLS)
|
|
|
|
**Stalwart:** Moved HTTPS from public 0.0.0.0:443 to 127.0.0.1:8443. Mail ports (25/587/465/143/993/995) still public.
|
|
|
|
## Supermemory Discussion
|
|
- OpenRouter followed @supermemory — Johan asked if we should reconsider
|
|
- Decision: PASS for now. Privacy blocker (our memory has Sophia's medical data etc.)
|
|
- If they get self-hosted option, worth revisiting for inou specifically
|