diff --git a/CLAUDE.md b/CLAUDE.md index ed4a3a9..05cb5ea 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -6,15 +6,32 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co This is a home-lab / managed-hosting environment. There is no local codebase to build or test — work consists of editing PHP/JS files on remote servers via SSH and managing infrastructure across several machines. All tool calls use `sshpass` with password auth. +## Tailscale Network + +All key hosts are on Tailscale (myronblair@gmail.com). Use Tailscale IPs for SSH — no relay or port forwarding needed. + +| Host | Tailscale IP | LAN IP | Password | +|------|-------------|--------|----------| +| Claude VM (this) | 100.69.120.58 | 10.48.200.29 | — | +| PVE1 | 100.80.188.8 | 10.48.200.90 | `Joker1974!!!` | +| FusionPBX | 100.74.46.120 | 134.209.72.226 | `Joker1974!@#` | +| JARVIS VM (new) | 100.77.178.42 | 10.48.200.211 | `Joker1974!!!` | +| NPM VM | 100.110.239.71 | 10.48.200.200 | `Joker1974!!!` | +| Ollama VM | 100.96.100.113 | 10.48.200.95 | `Joker1974!!!` | +| HomeBridge | 100.124.182.18 | 10.48.200.18 | — | +| WireGuard CT | 100.122.55.10 | 10.48.200.19 | — | + ## Server Map | Host | IP | SSH | Purpose | |------|-----|-----|---------| -| DO (main) | 165.22.1.228 | `root / Gonewalk1974!@#` | CyberPanel/OLS — all websites + JARVIS | -| FusionPBX | 134.209.72.226 | `root / Joker1974!@#` | FreeSWITCH PBX | -| PVE1 (Proxmox) | orbisne.fortiddns.com (10.48.200.90) | `root / Joker1974!!!` | Primary hypervisor — FortiGate DDNS, auto-updates if IP changes | +| DO (main) | 165.22.1.228 | `root / Gonewalk1974!@#` | CyberPanel/OLS — all websites (not JARVIS after migration) | +| FusionPBX | 134.209.72.226 | `root / Joker1974!@#` (via Tailscale 100.74.46.120) | FreeSWITCH PBX | +| PVE1 (Proxmox) | orbisne.fortiddns.com (10.48.200.90) | `root / Joker1974!!!` (via Tailscale 100.80.188.8) | Primary hypervisor | | PVE2 (Proxmox) | 10.48.200.91 | `root / Joker1974!!!` | Secondary hypervisor | -| ~~Ollama VM~~ | ~~10.48.200.95~~ | — | **DELETED** — PVE1 VM 210 no longer exists | +| JARVIS VM | 10.48.200.211 | `root / Joker1974!!!` (via Tailscale 100.77.178.42) | JARVIS dashboard — PVE1 VM 211, 8c/16GB | +| NPM VM | 10.48.200.200 | `root / Joker1974!!!` (via Tailscale 100.110.239.71) | Nginx Proxy Manager — PVE1 VM 200 | +| Ollama VM | 10.48.200.95 | `root / Joker1974!!!` (via Tailscale 100.96.100.113) | Local LLM — PVE1 VM 210, 4c/8GB | | Home Assistant | 10.48.200.97 | `myron → sudo` | HA VM 101 | | NetworkBackup | 10.48.200.99 | `myron → sudo` | Backup VM (PVE2 VM 302) | | MediaStack | 10.48.200.35 | `root via PVE1 key` | Sonarr/Radarr/Prowlarr/qBittorrent (PVE1 VM 113) | @@ -195,7 +212,11 @@ Admin portal at `/admin/index.php` uses HMAC-signed cookie auth (not PHP session Production at 134.209.72.226. Web: `https://fusion.orbishosting.com` (admin / fY7XP5swgtpbzrYLhkeVYkA4744). SIP profiles served via Lua XML handler — config changes require deleting `/var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` to force reload. Extension 1000 (Yealink T48S at 10.48.200.43) registered on production server via port 5080 with `aggressive-nat-detection=true` to bypass FortiGate SIP ALG. -**SSH access:** Port 22 firewalled from internet — only from 107.178.2.130 / 97.154.109.245. Relay all SSH through DO: +**SSH access:** Direct via Tailscale (preferred): +```bash +sshpass -p 'Joker1974!@#' ssh -o StrictHostKeyChecking=no root@100.74.46.120 +``` +Fallback if Tailscale down — relay through DO: ```bash sshpass -p 'Gonewalk1974!@#' ssh -o StrictHostKeyChecking=no root@165.22.1.228 \ 'sshpass -p "Joker1974!@#" ssh -o StrictHostKeyChecking=no root@134.209.72.226 "command"'