mirror of
https://github.com/myronblair/infra
synced 2026-06-30 17:50:10 -05:00
docs: update CLAUDE.md with 2026-06-17 infrastructure changes
- Ollama VM (PVE1 VM 210) marked deleted - Arc Reactor daemon documented (location, deploy, restart, AI routing table) - Guardian/SITREP/Vision text routes moved to Groq; image analysis stays Claude - api.php session skip logic clarified (machine-agent only, not browser routes) - agent.php split auth documented (browser vs X-Agent-Key) - facts_collector.php: local site health checks, correct $fresh() column name - kb_engine.php: storeFact() updated_at=NOW() requirement documented - kb_facts schema noted (category not fact_category) - Arc Reactor DB tables added to table list - Cloudflare Rocket Loader rule: all script tags need data-cfasync=false - Cloudflare cache-busting: bump ?v= param after JS changes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -14,10 +14,11 @@ This is a home-lab / managed-hosting environment. There is no local codebase to
|
|||||||
| FusionPBX | 134.209.72.226 | `root / Joker1974!@#` | FreeSWITCH PBX |
|
| FusionPBX | 134.209.72.226 | `root / Joker1974!@#` | FreeSWITCH PBX |
|
||||||
| PVE1 (Proxmox) | orbisne.fortiddns.com (10.48.200.90) | `root / Joker1974!!!` | Primary hypervisor — FortiGate DDNS, auto-updates if IP changes |
|
| PVE1 (Proxmox) | orbisne.fortiddns.com (10.48.200.90) | `root / Joker1974!!!` | Primary hypervisor — FortiGate DDNS, auto-updates if IP changes |
|
||||||
| PVE2 (Proxmox) | 10.48.200.91 | `root / Joker1974!!!` | Secondary hypervisor |
|
| PVE2 (Proxmox) | 10.48.200.91 | `root / Joker1974!!!` | Secondary hypervisor |
|
||||||
| Ollama VM | 10.48.200.95 | `myron → sudo` | llama3.2 local LLM (PVE1 VM 210) |
|
| ~~Ollama VM~~ | ~~10.48.200.95~~ | — | **DELETED** — PVE1 VM 210 no longer exists |
|
||||||
| Home Assistant | 10.48.200.97 | `myron → sudo` | HA VM 101 |
|
| Home Assistant | 10.48.200.97 | `myron → sudo` | HA VM 101 |
|
||||||
| NetworkBackup | 10.48.200.99 | `myron → sudo` | Backup VM (PVE2 VM 302) |
|
| NetworkBackup | 10.48.200.99 | `myron → sudo` | Backup VM (PVE2 VM 302) |
|
||||||
| MediaStack | 10.48.200.35 | `root via PVE1 key` | Sonarr/Radarr/Prowlarr/qBittorrent (PVE1 VM 113) |
|
| MediaStack | 10.48.200.35 | `root via PVE1 key` | Sonarr/Radarr/Prowlarr/qBittorrent (PVE1 VM 113) |
|
||||||
|
| NovaCPX | 10.48.200.110 | `root / Joker1974!!!` (direct SSH works) | Custom hosting control panel (PVE1 VM 120) |
|
||||||
|
|
||||||
**SSH password order** (try in sequence if first fails): `Joker1974!@#` → `Joker1974!!!` → `Joker1974!`
|
**SSH password order** (try in sequence if first fails): `Joker1974!@#` → `Joker1974!!!` → `Joker1974!`
|
||||||
|
|
||||||
@@ -34,7 +35,7 @@ sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@orbisne.fortiddns
|
|||||||
For commands inside VMs on PVE1:
|
For commands inside VMs on PVE1:
|
||||||
```bash
|
```bash
|
||||||
sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@orbisne.fortiddns.com \
|
sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@orbisne.fortiddns.com \
|
||||||
'qm guest exec 210 -- bash -c "commands here"'
|
'qm guest exec <VMID> -- bash -c "commands here"'
|
||||||
```
|
```
|
||||||
|
|
||||||
## Websites on DO (165.22.1.228)
|
## Websites on DO (165.22.1.228)
|
||||||
@@ -83,15 +84,16 @@ Gitignored credentials (never in GitHub): `api/config.php` (JARVIS, epictravelex
|
|||||||
Iron Man-style AI dashboard at `https://jarvis.orbishosting.com`. All files on DO at `/home/jarvis.orbishosting.com/`.
|
Iron Man-style AI dashboard at `https://jarvis.orbishosting.com`. All files on DO at `/home/jarvis.orbishosting.com/`.
|
||||||
|
|
||||||
**Architecture:**
|
**Architecture:**
|
||||||
- `public_html/api.php` — API router; has `session_write_close()` guard (must skip for `auth` endpoint to prevent LSAPI session deadlock)
|
- `public_html/api.php` — API router; `session_start()` skipped only for machine-agent sub-actions (heartbeat/metrics/ha_state/command_result/register); browser-facing agent routes (list/status/myip) need session. Has `session_write_close()` guard (must skip for `auth` endpoint to prevent LSAPI session deadlock).
|
||||||
- `api/config.php` — all credentials/constants (gitignored)
|
- `api/config.php` — all credentials/constants (gitignored)
|
||||||
- `api/endpoints/chat.php` — 4-tier AI: KB intent → Ollama (10.48.200.95:11434) → Groq (`compound-beta-mini`) → Claude API; includes Tier 0.7 planner intents (tasks/appointments/briefing)
|
- `api/endpoints/chat.php` — 4-tier AI: KB intent → Groq (`compound-beta-mini`) → Claude API; includes Tier 0.7 planner intents (tasks/appointments/briefing). Ollama VM deleted — no longer in chain.
|
||||||
- `api/endpoints/agent.php` — push-based agent registration/heartbeat/metrics
|
- `api/endpoints/agent.php` — push-based agent registration/heartbeat/metrics; browser actions (list/status/myip) auth via `$_SESSION`, machine actions auth via `X-Agent-Key` header
|
||||||
- `api/endpoints/alerts.php` — auto-generates alerts (CPU >85%, RAM >85%, disk >88%, offline agents, site down); dispatches restart commands to agents when their services fail
|
- `api/endpoints/alerts.php` — auto-generates alerts (CPU >85%, RAM >85%, disk >88%, offline agents, site down); dispatches restart commands to agents when their services fail
|
||||||
- `api/endpoints/facts_collector.php` — runs every 3 min via cron; collects agent metrics, KB facts, Proxmox/HA/Ollama status, and all 7 site HTTP health checks
|
- `api/endpoints/facts_collector.php` — runs every 3 min via cron; collects agent metrics, KB facts, Proxmox/HA status, and all 7 site HTTP health checks. Site checks use `http://127.0.0.1` with `Host:` header (avoids Cloudflare CDN timeouts). `$fresh()` queries `WHERE category=?` (not `fact_category`).
|
||||||
- `api/endpoints/stats_cache.php` — runs every 5 min via cron; weather/news/Proxmox cache refresh
|
- `api/endpoints/stats_cache.php` — runs every 5 min via cron; weather/news/Proxmox cache refresh
|
||||||
- `api/endpoints/planner.php` — tasks & appointments CRUD; routes: `planner/tasks`, `planner/appointments`, `planner/today`, `planner/done`
|
- `api/endpoints/planner.php` — tasks & appointments CRUD; routes: `planner/tasks`, `planner/appointments`, `planner/today`, `planner/done`
|
||||||
- `api/endpoints/ha.php` — HA entity list reads from `ha_entities` table (real-time agent push); service calls go direct to HA_URL (`http://orbisne.fortiddns.com:8123`)
|
- `api/endpoints/ha.php` — HA entity list reads from `ha_entities` table (real-time agent push); service calls go direct to HA_URL (`http://orbisne.fortiddns.com:8123`)
|
||||||
|
- `api/lib/kb_engine.php` — `storeFact()` ON DUPLICATE KEY UPDATE always sets `updated_at=NOW()` explicitly; without this, unchanged values don't bump the timestamp and freshness checks break.
|
||||||
|
|
||||||
**Voice system (index.html):**
|
**Voice system (index.html):**
|
||||||
- Continuous SpeechRecognition; mic stays open always (mute toggle button)
|
- Continuous SpeechRecognition; mic stays open always (mute toggle button)
|
||||||
@@ -114,7 +116,22 @@ Agent installer (one-liner for any Linux host): `curl -sk https://jarvis.orbisho
|
|||||||
Watchdog log: `/home/jarvis.orbishosting.com/logs/watchdog.log`
|
Watchdog log: `/home/jarvis.orbishosting.com/logs/watchdog.log`
|
||||||
|
|
||||||
**JARVIS DB:** `jarvis_db` on localhost. User: `jarvis_user / J4rv1s_Pr0t0c0l_2026!`. phpMyAdmin at `/phpmyadmin` (myron / Joker1974!!!).
|
**JARVIS DB:** `jarvis_db` on localhost. User: `jarvis_user / J4rv1s_Pr0t0c0l_2026!`. phpMyAdmin at `/phpmyadmin` (myron / Joker1974!!!).
|
||||||
Tables (18 total): agent_commands, agent_metrics, alerts, api_cache, appointments, conversations, ha_entities, kb_facts, kb_intents, kb_ollama_models, kb_preferences, known_commands, metrics_history, network_devices, registered_agents, tasks, users + (see schema for full column list)
|
Core tables: agent_commands, agent_metrics, alerts, api_cache, appointments, conversations, ha_entities, kb_facts, kb_intents, kb_ollama_models, kb_preferences, known_commands, metrics_history, network_devices, registered_agents, tasks, users. Arc Reactor adds: arc_jobs, guardian_events, guardian_config, agent_screenshots.
|
||||||
|
|
||||||
|
`kb_facts` schema: `(id, category, fact_key, fact_value, host, expires_at, updated_at)` — column is `category` not `fact_category`.
|
||||||
|
|
||||||
|
**Arc Reactor daemon:** Python service at `/opt/jarvis-arc/reactor.py`, port 7474, managed by `systemctl restart jarvis-arc`. Deploy source: `deploy/reactor.py` in the jarvis repo. After pushing to GitHub, the auto-deploy pulls to `/home/jarvis.orbishosting.com/deploy/reactor.py` — then manually `cp deploy/reactor.py /opt/jarvis-arc/reactor.py && systemctl restart jarvis-arc`. Log: `/home/jarvis.orbishosting.com/logs/arc_reactor.log`.
|
||||||
|
|
||||||
|
**Arc Reactor AI routing:**
|
||||||
|
| Feature | Provider | Model |
|
||||||
|
|---------|----------|-------|
|
||||||
|
| Guardian anomaly alerts | Groq | `llama-3.3-70b-versatile` |
|
||||||
|
| SITREP | Groq | `llama-3.3-70b-versatile` |
|
||||||
|
| Vision: text-only sysinfo snapshot | Groq | `llama-3.3-70b-versatile` |
|
||||||
|
| Vision: actual screenshot image | Claude | `claude-opus-4-8-20251101` |
|
||||||
|
| Email drafting, research, tool_loop | Claude | `claude-sonnet-4-6` |
|
||||||
|
|
||||||
|
`llm_call(messages, provider)` cascades: groq → ollama on failure. Pass `"groq"` or `"claude"` as provider.
|
||||||
|
|
||||||
**Groq API note:** Use model name `compound-beta-mini` directly — NOT `groq/compound-beta-mini` (that's OpenAI router syntax and will 404 on api.groq.com).
|
**Groq API note:** Use model name `compound-beta-mini` directly — NOT `groq/compound-beta-mini` (that's OpenAI router syntax and will 404 on api.groq.com).
|
||||||
|
|
||||||
@@ -147,6 +164,24 @@ Automated media server on PVE1 VM 113. All traffic routes through WireGuard VPN
|
|||||||
**GitHub:** `myronblair/mediastack` (private) — config files, systemd units, README with full setup notes.
|
**GitHub:** `myronblair/mediastack` (private) — config files, systemd units, README with full setup notes.
|
||||||
**JARVIS agent quirks:** needs `jarvis_url`, `registration_key` (`f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518`), `ssl_verify: false` in config.
|
**JARVIS agent quirks:** needs `jarvis_url`, `registration_key` (`f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518`), `ssl_verify: false` in config.
|
||||||
|
|
||||||
|
## NovaCPX Panel
|
||||||
|
|
||||||
|
Custom web hosting control panel at `https://10.48.200.110` (PVE1 VM 120). Admin: `admin / Admin2026!`. Root SSH: `sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.110` (direct, no hop needed — PVE1 SSH currently broken).
|
||||||
|
|
||||||
|
**Ports:** 8880 (user) · 8881 (reseller) · 8882 (admin) · 8883 (Roundcube webmail)
|
||||||
|
|
||||||
|
**Paths:** Panel web root `/srv/novacpx/public/` · Git repo `/opt/novacpx-src/` · DB `/var/lib/novacpx/panel.db` (SQLite) · Config `/etc/novacpx/config.ini`
|
||||||
|
|
||||||
|
**GitHub:** `myronblair/novacpx` (private). Auto-deploy active: push to `main` (stable) or `beta` → webhook → VM pulls. GitHub Actions auto-bumps VERSION: main→PATCH, beta→-beta.N suffix. Current version: 1.0.27.
|
||||||
|
|
||||||
|
**Update channels:** `stable` tracks `origin/main`, `beta` tracks `origin/beta`. Set in Admin → Settings → Update Channel.
|
||||||
|
|
||||||
|
**Local clone:** `/tmp/novacpx/` on this machine. All edits go here first, then `git push origin main`.
|
||||||
|
|
||||||
|
**JARVIS agent:** Installed, online. Agent ID: `novacpx_e3b07264`.
|
||||||
|
|
||||||
|
**SQLite quirk:** Never use MySQL syntax (ON DUPLICATE KEY, NOW(), DATE_ADD, etc.). DB.php has translate() layer but endpoints must also use SQLite syntax directly.
|
||||||
|
|
||||||
## Parker Slingshot Rentals
|
## Parker Slingshot Rentals
|
||||||
|
|
||||||
Admin portal at `/admin/index.php` uses HMAC-signed cookie auth (not PHP sessions — sessions were unreliable under LiteSpeed caching). Admin: `admin / Parker2026!`. DB: `epic_parkersling / epic_parkersling / Joker1974!!!`.
|
Admin portal at `/admin/index.php` uses HMAC-signed cookie auth (not PHP sessions — sessions were unreliable under LiteSpeed caching). Admin: `admin / Parker2026!`. DB: `epic_parkersling / epic_parkersling / Joker1974!!!`.
|
||||||
@@ -182,6 +217,10 @@ CyberPanel uses `lsphp85`. Run PHP scripts directly with:
|
|||||||
For PHP syntax checking use `php8.3 -l file.php` — lsphp segfaults on `-l` flag.
|
For PHP syntax checking use `php8.3 -l file.php` — lsphp segfaults on `-l` flag.
|
||||||
When a PHP endpoint uses `ob_start()` + `header.php` pattern, add `ob_end_clean()` before any CSV/JSON response output.
|
When a PHP endpoint uses `ob_start()` + `header.php` pattern, add `ob_end_clean()` before any CSV/JSON response output.
|
||||||
|
|
||||||
|
**Cloudflare Rocket Loader:** JARVIS uses `data-cfasync="false"` on every `<script>` tag in `index.html` (including CDN scripts like face-api.js). One untagged script is enough to trigger Rocket Loader's bootstrap, which injects `mainScript.js` and causes `SyntaxError: Identifier 'mainScriptFlag' has already been declared`. `Cache-Control: no-store, no-cache, must-revalidate, no-transform` is set in `index.php` but tag every new script with `data-cfasync="false"` anyway.
|
||||||
|
|
||||||
|
**Cloudflare auto-deploy cache problem:** After pushing JS fixes, Cloudflare CDN serves stale cached files even on hard refresh. Bump the `?v=YYYYMMDD` query param on script tags in `index.html` to force a cache miss. Current version param: `?v=20260617`.
|
||||||
|
|
||||||
## GitHub Repos
|
## GitHub Repos
|
||||||
|
|
||||||
| Repo | Site | DB Schema |
|
| Repo | Site | DB Schema |
|
||||||
@@ -198,6 +237,7 @@ When a PHP endpoint uses `ob_start()` + `header.php` pattern, add `ob_end_clean(
|
|||||||
| myronblair/mediastack | MediaStack VM 113 | config/, systemd units, wg0.conf, README |
|
| myronblair/mediastack | MediaStack VM 113 | config/, systemd units, wg0.conf, README |
|
||||||
| myronblair/do-server-config | DO server backup | scripts, systemd, WG, OLS vhosts, restore.sh |
|
| myronblair/do-server-config | DO server backup | scripts, systemd, WG, OLS vhosts, restore.sh |
|
||||||
| myronblair/proxmox-config | PVE1+PVE2 backup | shared cluster configs + per-node, restore.sh |
|
| myronblair/proxmox-config | PVE1+PVE2 backup | shared cluster configs + per-node, restore.sh |
|
||||||
|
| myronblair/novacpx | 10.48.200.110:8882 | db/schema.sql (SQLite, 19+ tables) |
|
||||||
| myronblair/fusionpbx-config | FusionPBX backup | PostgreSQL dump (gzip) + FS configs, restore.sh |
|
| myronblair/fusionpbx-config | FusionPBX backup | PostgreSQL dump (gzip) + FS configs, restore.sh |
|
||||||
|
|
||||||
All repos are private. Each has `config/vhost/` with OLS vhost config. The jarvis repo also has `deploy/` (watchdog, deploy runner, systemd units) and `agent/jarvis-agent.py`.
|
All repos are private. Each has `config/vhost/` with OLS vhost config. The jarvis repo also has `deploy/` (watchdog, deploy runner, systemd units) and `agent/jarvis-agent.py`.
|
||||||
|
|||||||
Reference in New Issue
Block a user