johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/infrastructure.md

3.3 KiB
Raw Blame History

Infrastructure Map

Updated: 2026-02-15

Home Network

forge (James' Home) — 192.168.1.16

  • Role: Primary home for James (OpenClaw, MC, dashboards, all agent services)
  • CPU: Intel i7-6700K @ 4.0GHz (4c/8t)
  • RAM: 64GB DDR4
  • GPU: NVIDIA GTX 970 4GB
  • Storage: 477GB NVMe (Samsung 950 PRO 512GB)
  • OS: Ubuntu 24.04.1 LTS (headless + minimal GUI for headed Chrome)
  • Hostname: forge
  • Services: OpenClaw (18789), MC (8025), Alert Dashboard/Fully (9202), James Dashboard (9200), DocSys (9201), OCR (8090), message-bridge (8030), Xvfb:99 + Chrome CDP (9224)

james (Old James Home) — 192.168.1.17

  • Role: Retired/backup — kept running "just to be sure"
  • Hardware: Lenovo ThinkServer TS140
  • CPU: Intel Xeon E3-1225 v3 @ 3.20GHz (4c/4t)
  • RAM: 16GB DDR3 ECC (2×8GB, MB issue prevents upgrade)
  • Storage: WD Blue SA510 1TB SSD
  • OS: Ubuntu 24.04.3 LTS
  • Status: Running but not primary. Candidate for decommission once forge proves stable.

staging/dev — 192.168.1.253

  • Role: Home server — personal/family services
  • Hardware: Lenovo ThinkServer TS140, 4×4TB disks in RAIDZ
  • Services: Jellyfin, Immich, and other home services
  • Note: This is Johan's home server, not James' domain

prod — 192.168.100.2

  • Role: inou production server
  • Hardware: Same as staging (TS140 class)
  • Location: Home network, dedicated to inou prod
  • Status: BROKEN — Johan wants to fix tonight (2026-02-15)
  • Note: Different subnet (192.168.100.x)

VPS / Remote

zurich — zurich.inou.com (82.24.174.112)

  • Role: inou supervising/security tools
  • Location: Zurich, Switzerland (VPS)
  • Management: Full autonomy — James manages, Johan has backup SSH key
  • Tailscale: Yes, part of tailnet
  • Services: Uptime Kuma (127.0.0.1:3001), Caddy (80/443), Greenbone (stopped)
  • Hardened 2026-02-15: UFW (deny incoming, allow SSH/80/443/Tailscale), fail2ban, PasswordAuth disabled, PermitRootLogin prohibit-password, Kuma bound to localhost

shannon — amsterdam.inou.com (82.24.174.112)

  • Role: Dedicated Shannon security scanner VPS
  • Location: Netherlands (HostKey VPS, server ID 53643)
  • Management: Full autonomy — James manages, Johan has backup SSH key
  • Hostname: vm-mini
  • Specs: 4 vCore, 6GB RAM, 120GB SSD
  • SSH: root@82.24.174.112 (key auth)
  • Services: Shannon (Temporal + Router + Worker via Docker), no Tailscale (by design)
  • Egress: Locked to inou.com + Anthropic API only
  • DNS: amsterdam.inou.com A-record set 2026-02-15
  • Due date: 2026-03-09 (22 days)
  • HostKey API: key=639551e73029b90f-c061af4412951b2e
  • TODO: Harden per VPS checklist (same as zurich)

Network Notes

  • Home LAN: 192.168.1.0/24 (main), 192.168.100.0/24 (prod), 192.168.2.0/24 (IoT), 192.168.3.0/24 (?)
  • Tailscale overlay for remote access
  • UDM-Pro as core router

VPS Hardening Checklist (MANDATORY for every new VPS)

  1. PasswordAuthentication no in sshd
  2. PermitRootLogin prohibit-password
  3. Install & configure UFW (deny incoming, allow SSH/80/443/Tailscale)
  4. Install & configure fail2ban (sshd jail, 3 retries, 1h ban)
  5. Auto-updates enabled
  6. All services bound to 127.0.0.1 unless explicitly needed public
  7. Caddy for TLS termination
  8. Join Tailscale
  9. Verify with ss -tlnp — nothing unexpected on 0.0.0.0