mirror of
https://github.com/myronblair/infra
synced 2026-06-30 17:50:10 -05:00
Remove stale completed-task memory files
Deleted: jarvis_improvements_list (all 13 done), novacpx_todo (all done), jarvis_migration (complete — JARVIS on VM 211). Updated MEMORY.md index.
This commit is contained in:
@@ -21,14 +21,11 @@
|
||||
- [Cloudflare Rocket Loader](feedback_cloudflare_rocket_loader.md) — breaks inline onclick= handlers and defers scripts; fix with Cache-Control: no-transform in PHP
|
||||
- [MediaStack VM](project_mediastack.md) — VM 113 on PVE1; all services admin/Joker1974!!!; NordVPN (not CT110); IPTorrents uid=2237410 cookie; download dirs must be qbittorrent-owned; NFS to Jellyfin
|
||||
- [NovaCPX Panel](project_novacpx.md) — VM 120 @ 10.48.200.110 (direct SSH works); v1.0.27; admin/Admin2026!; stable/beta channels; JARVIS agent online; 140-app Docker catalog
|
||||
- [NovaCPX TODO](project_novacpx_todo.md) — Numbered TODO #1-#35 + security fixes + 140-app Docker catalog — all done as of 2026-06-10
|
||||
- [NovaCPX Dev Tools](project_novacpx_tools.md) — Direct SSH/SCP to 10.48.200.110 (PVE1 hop broken); API session-cookie auth pattern; key VM paths
|
||||
- [Proxmox Config Backup](project_proxmox_backup.md) — myronblair/proxmox-config; weekly cron on PVE1+PVE2; restore.sh wizard; VM configs + network + scripts + systemd; PBS covers VM disks
|
||||
- [DO Server Backup](project_do_backup.md) — myronblair/do-server-config; weekly cron Sunday 4am; scripts/systemd/WG/OLS vhosts/mysql; restore.sh 8-phase wizard; DBs covered by jarvis-backup.sh daily
|
||||
- [FusionPBX Backup](project_fusionpbx_backup.md) — myronblair/fusionpbx-config; weekly cron Sunday 5am; PostgreSQL dump (gzip, 29MB) IS the config; restore.sh 10-phase wizard; SSH via DO relay only
|
||||
- [Context Management](feedback_context_management.md) — Warn before context limit; finish/commit current task cleanly; don't start large features if context is already long
|
||||
- [JARVIS TODO](project_jarvis_todo.md) — Master TODO: Workers page, Phase 2/3 modularization, agent fixes, install-agent.sh, Arc Reactor systemd, Jellyfin, Claude credits
|
||||
- [JARVIS Improvements List](project_jarvis_improvements_list.md) — All 13 items complete as of 2026-06-17
|
||||
- [JARVIS Migration](project_jarvis_migration.md) — Moving JARVIS DO→PVE1 VM 211 (10.48.200.211, 8c/16GB); NPM VM 200 (10.48.200.200); Ollama VM 210 (10.48.200.95); VMs 200+211 SSH-ready via PVE1 key; full step-by-step next steps inside
|
||||
- [Cryptex Safe](user_cryptex.md) — Physical 3D-printed Cryptex key: NEBYMJ (Creality K2 Pro)
|
||||
- [Infrastructure TODO](project_infra_todo.md) — Open items: CT110 read-only fs, wg-clients auto-start, MediaStack guest agent, Tailscale PVE1 re-auth, stale ARP watch
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
---
|
||||
name: jarvis-improvements-list
|
||||
description: "JARVIS \"make it stand out\" improvement list — remaining items to implement"
|
||||
metadata:
|
||||
node_type: memory
|
||||
type: project
|
||||
originSessionId: 16664adb-5228-4a2a-bffb-7e783ad13af1
|
||||
---
|
||||
|
||||
Second improvements list ("what would make JARVIS stand out"). All 13 items tracked below.
|
||||
|
||||
**Why:** Ongoing JARVIS enhancement sessions. Pick up where left off each session.
|
||||
**How to apply:** Show this list when user says "back to the list" or "what's left." Implement chosen numbers.
|
||||
|
||||
| # | Feature | Status |
|
||||
|---|---------|--------|
|
||||
| 1 | Live voice waveform — Web Audio API bars animate in mic button area | ✅ Done 2026-06-17 |
|
||||
| 2 | Ambient dim mode — panels fade to 12% after 90s idle, restore on move | ✅ Done 2026-06-17 |
|
||||
| 3 | Live voice transcript — real-time subtitle bar shows what JARVIS hears | ✅ Done 2026-06-17 |
|
||||
| 4 | Keyboard shortcuts — F5/Esc/1-4/M/N/Space + shown in Ctrl+K footer | ✅ Done 2026-06-17 |
|
||||
| 5 | Agent topology map — ring-based canvas in AGENTS tab, toggle with card view | ✅ Done 2026-06-17 |
|
||||
| 6 | Streaming AI replies — Groq SSE token-by-token; frontend ReadableStream | ✅ Done 2026-06-17 |
|
||||
| 7 | Quick-note capture — N key or "note: text" → saves to kb_facts instantly | ✅ Done 2026-06-17 |
|
||||
| 8 | Cancel in-flight request — AbortController + CANCEL button in thinking bubble | ✅ Done 2026-06-17 |
|
||||
| 9 | Accent color themes — Stark Blue / Widow Red / Hulk Green, localStorage | ✅ Done 2026-06-17 |
|
||||
| 10 | Browser push notifications — critical alerts when tab is backgrounded | ✅ Done 2026-06-17 |
|
||||
| 11 | Smart morning briefing — auto-speaks tasks/alerts/weather at first login <noon | ✅ Done 2026-06-17 |
|
||||
| 12 | Command palette — Ctrl+K fuzzy search, 20 commands, keyboard nav | ✅ Done 2026-06-17 |
|
||||
| 13 | Boot animation — numbers count from 0, Arc Reactor rings spin in | ✅ Done 2026-06-17 |
|
||||
|
||||
**ALL 13 ITEMS COMPLETE as of 2026-06-17.**
|
||||
|
||||
**Context:** JARVIS is modularized into:
|
||||
- `assets/css/jarvis.css`
|
||||
- `assets/js/jarvis-effects.js` (canvas, sparklines)
|
||||
- `assets/js/jarvis-overlays.js` (sleep, network map)
|
||||
- `assets/js/jarvis-app.js` (globals, init, chat, voice, panels)
|
||||
- `assets/js/jarvis-protocols.js` (protocols, agent topo, suggestions, etc.)
|
||||
@@ -1,165 +0,0 @@
|
||||
---
|
||||
name: project-jarvis-migration
|
||||
description: JARVIS migration from DO to PVE1 VM 211 — in progress as of 2026-06-17
|
||||
metadata:
|
||||
node_type: memory
|
||||
type: project
|
||||
originSessionId: 16664adb-5228-4a2a-bffb-7e783ad13af1
|
||||
---
|
||||
|
||||
# JARVIS Migration: DO → PVE1
|
||||
|
||||
**Why:** DO server is single-core, Cloudflare SSL hammers it with 22+ connections. PVE1 has 377GB RAM, many cores, direct LAN access to all home network resources.
|
||||
|
||||
**Architecture:** JARVIS on PVE1 LAN → FortiGate port-forwards a dedicated port externally → no Cloudflare SSL overhead on origin. NPM VM handles 80/443 for other future internal sites.
|
||||
|
||||
## New VMs (all on PVE1, created 2026-06-17)
|
||||
|
||||
| VMID | Name | IP | Specs | Status |
|
||||
|------|------|----|-------|--------|
|
||||
| 210 | Ollama-95 | 10.48.200.95 | 4c/8GB/30GB | Running, SSH not yet ready (still upgrading packages) |
|
||||
| 200 | NPM-200 | 10.48.200.200 | 2c/2GB/20GB | ✅ SSH ready (root@10.48.200.200, PVE1 key) |
|
||||
| 211 | JARVIS-211 | 10.48.200.211 | 8c/16GB/50GB | ✅ SSH ready (root@10.48.200.211, PVE1 key) |
|
||||
|
||||
**SSH access:** From PVE1 (`ssh -i /root/.ssh/id_rsa root@<IP>`) OR `sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@<IP>` once password auth confirmed working.
|
||||
|
||||
**PVE1 SSH key path:** `/root/.ssh/id_rsa` (added to all VMs via cloud-init sshkeys)
|
||||
|
||||
## Current State (2026-06-18)
|
||||
|
||||
All 3 VMs running on PVE1, all on Tailscale:
|
||||
- **JARVIS VM 211** (100.77.178.42 / 10.48.200.211): nginx + PHP 8.3 + MariaDB + Redis + Arc Reactor running. API live at http://10.48.200.211/api/ping. jarvis_db imported. All DO references updated in code. Git pushed to GitHub main.
|
||||
- **NPM VM 200** (100.110.239.71 / 10.48.200.200): Docker + NPM container running. Admin UI at http://10.48.200.200:81 (admin@example.com / changeme — change on first login)
|
||||
- **Ollama VM 210** (100.96.100.113 / 10.48.200.95): Ollama installed, models pulling (llama3.2 + llama3.1:8b). DNS via systemd-resolved + Tailscale.
|
||||
|
||||
**nginx vhost on JARVIS VM:**
|
||||
- Root: `/var/www/jarvis/public_html`
|
||||
- `/api` → fastcgi directly to api.php preserving REQUEST_URI
|
||||
- Port: 80 internally; FortiGate will forward external 1972 → 10.48.200.211:80
|
||||
|
||||
**Arc Reactor:** Running at /opt/jarvis-arc/reactor.py, port 7474, systemd service `jarvis-arc`
|
||||
|
||||
**Crons on JARVIS VM (all using php8.3 not lsphp):**
|
||||
- `*/3` facts_collector, `*/5` stats_cache, `*/15` calendar_sync → `/var/www/jarvis/logs/cron.log`
|
||||
|
||||
**DNS fix on all VMs:** `ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf && tailscale set --accept-dns=true`
|
||||
|
||||
**Key config changes from DO migration:**
|
||||
- JARVIS_IP: 10.48.200.211 (was 165.22.1.228)
|
||||
- HA_URL: http://10.48.200.97:8123 (direct LAN, was orbisne DDNS)
|
||||
- Proxmox API: https://10.48.200.90:8006 (direct LAN, was orbisne DDNS)
|
||||
- DO_SERVER_IP: 165.22.1.228 (kept — DO still hosts 6 websites)
|
||||
- Ollama model: llama3.2 / llama3.1:8b (not 1b/70b)
|
||||
|
||||
## Todo List (as of 2026-06-18)
|
||||
|
||||
1. **Remaining agents offline** — NovaCPX, PVE2, MediaStack, HomeBridge, WireGuard (API key mismatch — need force re-register)
|
||||
2. **HA missing entities** — update HA custom component URL → http://10.48.200.211 (HA web terminal only)
|
||||
3. **Gmail triage** — verify Arc Reactor email credentials on new VM
|
||||
4. **GitHub auto-deploy webhook** — point to new JARVIS VM (currently still deploys to DO)
|
||||
5. **NPM SSL certs** — Let's Encrypt for hoa.orbishosting.com + novacpx.orbishosting.com via http://10.48.200.200:81
|
||||
6. **Ollama models** — confirm llama3.2 + llama3.1:8b finished pulling (VM 210 at 10.48.200.210)
|
||||
7. **DO server cleanup** — remove JARVIS files from DO once stable (6 websites stay)
|
||||
8. **Vision Protocol AI** — test screenshot + AI analysis on new VM
|
||||
9. **Memory Core** — will populate naturally as chat is used
|
||||
|
||||
## Completed Items (2026-06-18)
|
||||
- ✅ JARVIS VM API live at https://jarvis.orbishosting.com
|
||||
- ✅ Admin at https://jarvis.orbishosting.com/admin/
|
||||
- ✅ nginx absolute_redirect off (port preserved in redirects)
|
||||
- ✅ Service monitor updated (nginx/php-fpm/mariadb/redis/arc/agent)
|
||||
- ✅ DO server WEB HOST block added to front page (agent metrics via Tailscale)
|
||||
- ✅ DO server agent (jarvis-do) pointing to new JARVIS via Tailscale (100.77.178.42)
|
||||
- ✅ JARVIS agent installed on JARVIS VM (jarvis-vm_JARVIS-2, online)
|
||||
- ✅ PVE1 (claude), NetworkBackup agents online
|
||||
- ✅ Ollama IP changed from 10.48.200.95 → 10.48.200.210 (Reolink owns .95)
|
||||
- ✅ All FortiGate VIPs updated to 97.247.237.97
|
||||
- ✅ JARVIS-1972 and HOA-8123 VIPs + policies created in FortiGate
|
||||
- ✅ NPM running at http://10.48.200.200:81
|
||||
- ✅ Facts collector fixed for external site checks (JARVIS not web host anymore)
|
||||
- ✅ All code committed to GitHub (commit b7aea13)
|
||||
|
||||
## Next Steps (pick up here next session)
|
||||
|
||||
### ✅ DONE: Install JARVIS stack on VM 211
|
||||
```bash
|
||||
# From PVE1 hop:
|
||||
ssh -i /root/.ssh/id_rsa root@10.48.200.211
|
||||
apt-get update && apt-get install -y nginx php8.3 php8.3-fpm php8.3-mysql php8.3-curl \
|
||||
php8.3-json php8.3-mbstring php8.3-xml php8.3-zip php8.3-redis \
|
||||
mariadb-server redis-server python3 python3-pip python3-venv git curl
|
||||
```
|
||||
|
||||
### 2. Clone JARVIS repo
|
||||
```bash
|
||||
cd /var/www
|
||||
git clone https://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@github.com/myronblair/jarvis.git jarvis
|
||||
```
|
||||
|
||||
### 3. Migrate jarvis_db from DO
|
||||
```bash
|
||||
# On DO: dump DB
|
||||
sshpass -p 'Gonewalk1974!@#' ssh root@165.22.1.228 \
|
||||
'mysqldump -u jarvis_user -pJ4rv1s_Pr0t0c0l_2026! jarvis_db | gzip' > /tmp/jarvis_db.sql.gz
|
||||
# Copy to PVE1 then into VM 211
|
||||
scp /tmp/jarvis_db.sql.gz root@10.48.200.211:/tmp/
|
||||
# On VM 211: import
|
||||
mysql -u root < /tmp/jarvis_db.sql.gz
|
||||
```
|
||||
|
||||
### 4. Configure nginx + PHP-FPM on VM 211
|
||||
- nginx vhost for jarvis.orbishosting.com on port 80 (or 443 with self-signed cert)
|
||||
- php8.3-fpm as FastCGI backend
|
||||
- Copy api/config.php from DO (credentials file, gitignored)
|
||||
|
||||
### 5. Install Python deps for Arc Reactor on VM 211
|
||||
```bash
|
||||
mkdir -p /opt/jarvis-arc && cd /opt/jarvis-arc
|
||||
python3 -m venv venv
|
||||
venv/bin/pip install aiohttp aiomysql anthropic duckduckgo-search trafilatura python-dateutil pytz
|
||||
cp /var/www/jarvis/deploy/reactor.py /opt/jarvis-arc/
|
||||
# Create systemd service
|
||||
```
|
||||
|
||||
### 6. Install Docker + NPM on VM 200
|
||||
```bash
|
||||
ssh -i /root/.ssh/id_rsa root@10.48.200.200
|
||||
curl -fsSL https://get.docker.com | sh
|
||||
docker run -d -p 80:80 -p 443:443 -p 81:81 \
|
||||
-v npm_data:/data -v npm_letsencrypt:/etc/letsencrypt \
|
||||
--restart unless-stopped jc21/nginx-proxy-manager:latest
|
||||
# NPM admin: port 81, default admin@example.com / changeme
|
||||
```
|
||||
|
||||
### 7. Install Ollama on VM 210
|
||||
```bash
|
||||
ssh -i /root/.ssh/id_rsa root@10.48.200.95 # once SSH ready
|
||||
curl -fsSL https://ollama.ai/install.sh | sh
|
||||
systemctl enable --now ollama
|
||||
ollama pull llama3.2
|
||||
# JARVIS config: OLLAMA_HOST = http://10.48.200.95:11434
|
||||
```
|
||||
|
||||
### 8. FortiGate port forward
|
||||
- Add VIP: external port XXXX → 10.48.200.211:80 (or 443)
|
||||
- User does this in FortiGate UI
|
||||
|
||||
### 9. Update JARVIS config
|
||||
- OLLAMA_HOST: `http://10.48.200.95:11434` (same as before, no change needed)
|
||||
- DB host: `localhost` (MariaDB on same VM)
|
||||
- PROXMOX_HOST: `10.48.200.90` (direct LAN, no DDNS needed)
|
||||
- HA_URL: `http://10.48.200.97:8123` (direct LAN)
|
||||
|
||||
### 10. Update DO after cutover
|
||||
- Update jarvis GitHub webhook URL to point to new VM
|
||||
- Grey-cloud jarvis.orbishosting.com in Cloudflare (DNS only)
|
||||
- All agents already bypass Cloudflare (use direct IP) → update their jarvis_url to new LAN IP
|
||||
|
||||
## DO Server Issues (ongoing, separate from migration)
|
||||
- OLS single-core saturates from Cloudflare SSL connections (22+ persistent)
|
||||
- Fixed: crons switched from lsphp85 → php8.3 (no LSAPI worker overhead)
|
||||
- Fixed: facts_collector pings removed (was pinging unreachable LAN IPs)
|
||||
- facts_collector Ollama check still hits 10.48.200.95 (will resolve once Ollama VM is up)
|
||||
- LSAPI children raised 10→25 (configs in myronblair/do-server-config)
|
||||
</content>
|
||||
</invoke>
|
||||
@@ -1,199 +0,0 @@
|
||||
---
|
||||
name: project-novacpx-todo
|
||||
description: NovaCPX numbered TODO list — reference by number when requesting work
|
||||
metadata:
|
||||
node_type: memory
|
||||
type: project
|
||||
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
|
||||
---
|
||||
|
||||
NovaCPX pre-production TODO. Reference items by number (e.g. "work on #3").
|
||||
|
||||
## 🔴 CRITICAL — Blocking for any real use
|
||||
|
||||
**#1 — Auto-deploy pipeline on VM** ✅ DONE
|
||||
Webhook at https://10.48.200.110:8882/deploy/webhook.php. GitHub webhook fires on push to main or beta. Deploy-runner.sh cron every minute processes queue. Accepts both main+beta branches; reads update_channel from DB to pull correct branch.
|
||||
|
||||
**#2 — Sessions table in schema** ✅ DONE
|
||||
Confirmed sessions table exists. Also added settings and api_tokens tables.
|
||||
|
||||
**#3 — End-to-end account creation test** ✅ DONE
|
||||
Fixed: systemd ProtectSystem=full blocked /etc writes. Fixed: sudo mkdir/chown needed for home dir setup. All working: Linux user + home dir + public_html + vhost + DNS zone + Apache serving.
|
||||
|
||||
**#4 — Mail server virtual domain config** ✅ DONE
|
||||
vmail user + /var/mail/vhosts. Postfix + Dovecot fully wired.
|
||||
|
||||
**#5 — DNS zone files working** ✅ DONE
|
||||
named running, dig @localhost verified, AppArmor allows reads.
|
||||
|
||||
**#6 — Let's Encrypt SSL tested live** ✅ DONE (infrastructure verified)
|
||||
Certbot 2.9.0 installed. Will work with real public domains.
|
||||
|
||||
---
|
||||
|
||||
## 🟡 IMPORTANT — Needed before real traffic
|
||||
|
||||
**#9 — Password change** ✅ DONE
|
||||
**#10 — Webmail SSO** ✅ DONE
|
||||
**#11 — DKIM provisioning** ✅ DONE
|
||||
**#12 — File manager security audit** ✅ DONE
|
||||
**#13 — PHP syntax guard on admin.js load** ✅ DONE
|
||||
**#7 — User/reseller panel pages connected to real data** ✅ DONE
|
||||
**#8 — Reseller account isolation audit** ✅ DONE
|
||||
|
||||
---
|
||||
|
||||
## 🟠 FEATURES — Expected in beta
|
||||
|
||||
**#14 — WordPress Manager** ✅ DONE (backend + admin UI)
|
||||
**#15 — Backup system** ✅ DONE
|
||||
**#16 — Cloudflare API integration** ✅ DONE
|
||||
**#17 — Two-factor auth (TOTP)** ✅ DONE
|
||||
|
||||
**#18 — Reseller white-label** ✅ DONE
|
||||
reseller_branding table, branding.php endpoint, _branding.php server-side helper.
|
||||
|
||||
**#19 — Server monitoring charts** ✅ DONE
|
||||
server_stats table + collect-stats.php cron (every 5 min). Chart.js lazy-loaded.
|
||||
|
||||
**#20 — Cron job manager (user panel)** ✅ DONE
|
||||
**#21 — Package limits enforcement** ✅ DONE
|
||||
**#22a — Multiple FTP server options** ✅ DONE
|
||||
**#22b — WHMCS billing bridge** ✅ DONE
|
||||
**#22c — Multiple mail server options** ✅ DONE
|
||||
**#22d — Multiple web server options** ✅ DONE
|
||||
**#22e — DNS options + NS health checker** ✅ DONE
|
||||
|
||||
---
|
||||
|
||||
## 🔵 POLISH — Pre-production
|
||||
|
||||
**#23 — Documentation** ✅ DONE
|
||||
**#24 — Audit log UI** ✅ DONE
|
||||
**#25 — Email notifications** ✅ DONE
|
||||
**#26 — Mobile-responsive CSS pass** ✅ DONE
|
||||
**#27 — Custom error pages** ✅ DONE
|
||||
**#28 — API rate limiting middleware** ✅ DONE
|
||||
**#29 — Session management UI** ✅ DONE
|
||||
**#30 — Installer idempotency** ✅ DONE
|
||||
|
||||
---
|
||||
|
||||
## 🐳 DOCKER — Tiered container management
|
||||
|
||||
**#31-35 — Docker Engine + admin/reseller/user panels** ✅ DONE
|
||||
DockerManager.php. **140-app catalog** across 15+ categories. "My Apps" tab backed by docker_compose_stacks (not docker_containers). Async background launch with nohup. Email domain dropdown (local-part + domain select from DB).
|
||||
|
||||
**Docker catalog history:**
|
||||
- Initial: 9 apps (wordpress, ghost, nextcloud, gitea, matomo, vaultwarden, nodejs, flask, static)
|
||||
- 2026-06-09: Expanded to 60 apps (added monitoring, wiki, messaging, security, business, design categories)
|
||||
- 2026-06-10: Expanded to 140 apps (added AI/LLM, dev tools, databases, networking, CMS/commerce, project mgmt, communication, file/storage, ERP/business, media, smart home, dashboards)
|
||||
|
||||
**Per-account uninstall** ✅ DONE (uninstall-account API, user panel "Remove All My Apps" button)
|
||||
**Per-stack Reinstall** ✅ DONE (Reinstall button in stacks table, stack-reinstall API, pull→down→up)
|
||||
**Admin App Catalog tab** ✅ DONE (launch apps on behalf of accounts from admin Docker page)
|
||||
|
||||
---
|
||||
|
||||
## 🛠️ ADMIN ROOT CONTROLS (added 2026-06-20)
|
||||
|
||||
**#41 — phpMyAdmin root section** ✅ DONE
|
||||
Quick-access buttons + tool cards in DB Manager (mysql-manager page). phpMyAdmin at /phpmyadmin, Adminer at /adminer.php. db-tools API detects installed tools and serves URLs.
|
||||
|
||||
**#42 — Docker root GUI** ✅ DONE
|
||||
Full docker page: containers, images, volumes, networks, compose stacks, app catalog, user quotas. All actions (start/stop/remove/logs/inspect) work. Sync-orphans endpoint for post-restore.
|
||||
|
||||
**#43 — PostgreSQL root GUI** ✅ DONE
|
||||
Adminer installed at /adminer.php (handles MySQL + PostgreSQL). Separate PostgreSQL Databases section in DB Manager with direct Adminer PG link. db-tools API detects adminer.php.
|
||||
|
||||
**#44 — Mail server root controls** ✅ DONE
|
||||
mail-server page: service controls (postfix/dovecot/rspamd), mail queue viewer + flush, virtual mail domains list with email counts, mail log tail.
|
||||
|
||||
**#45 — FTP controls section** ✅ DONE
|
||||
ftp-server page: FTP service status + restart/reload/stop, all FTP accounts from DB with username/directory/permissions.
|
||||
|
||||
**#46 — Nginx proxy controls** ✅ DONE
|
||||
nginx-proxy page: comprehensive proxy host management with add/edit/delete, upstream sync, settings, setup guide.
|
||||
|
||||
**#47 — Web server root controls** ✅ DONE
|
||||
web-server page: CPU/RAM/disk/uptime stats, services with restart/reload/stop, PHP defaults, log viewer (nginx-error/access/panel/deploy).
|
||||
|
||||
---
|
||||
|
||||
**#49 — Disable/remove conflicting web servers on install** ✅ DONE (install.sh updated)
|
||||
|
||||
**#51 — Server settings sections in admin panel** ✅ DONE
|
||||
All service pages exist in admin: web-server (#47), mail-server (#44), ftp-server (#45), docker, mysql-manager, nginx-proxy, firewall, fail2ban. Each shows install/running status.
|
||||
|
||||
**#50 — Post-restore automation script** ✅ DONE (v2)
|
||||
`/usr/local/bin/novacpx-post-restore` at deploy/novacpx-post-restore.sh: fixes config.ini, cleans orphaned pools, bumps PHP-FPM max_children, pulls latest code+migrations, cleans orphaned DB users before creating webacct, deploys dashboard+notes, Basic Auth, disables Apache2. --no-git flag available.
|
||||
|
||||
**#48 — Collapsible sidebar navigation** ✅ DONE
|
||||
CSS in nova.css, JS in nova.js (_initCollapsibleNav exposed on window). Admin: runs on DOMContentLoaded. Reseller + user: called after renderRNav()/renderNav(). State persisted in localStorage.
|
||||
|
||||
---
|
||||
|
||||
## 🆕 NEW FEATURES (added 2026-06-20)
|
||||
|
||||
**#36 — Sub-domains section** ✅ DONE
|
||||
Admin: global view across all accounts. Reseller: filtered to their customers. User: create/remove own subdomains. Backend was already in domains.php (add-subdomain, list, remove).
|
||||
|
||||
**#37 — Parked domains section** ✅ DONE
|
||||
Admin: global view across all accounts. Reseller: filtered to their customers. User: park/remove domains. Backend was already in domains.php (add-alias, list, remove).
|
||||
|
||||
**#38 — Settings section (account-level)** ✅ DONE
|
||||
User panel Account > Settings: shows account info, resource usage gauges, PHP config (version/memory/upload/exec time), quick links to SSL/2FA/password change.
|
||||
|
||||
**#39 — Default index file on new account** ✅ DONE
|
||||
AccountManager now creates a dark-themed modern index.html on account creation. Admin can set a custom HTML template in Server Options (default_index_template setting, {domain}/{username} placeholders). Falls back to built-in if none set.
|
||||
|
||||
**#40 — Linux uninstaller** ✅ DONE
|
||||
`uninstall.sh` at repo root. Full backup → confirmation → removes accounts/users/pools/vhosts/systemd/sudoers/cron/DKIM/DNS/postfix/fail2ban/all dirs. Prints scp + temp HTTP download options. --yes flag to skip confirm. Usage: `bash uninstall.sh [--yes]`
|
||||
|
||||
---
|
||||
|
||||
## 🔒 SECURITY FIXES (2026-06-09, code review)
|
||||
|
||||
**Shell injection fixes** ✅ DONE
|
||||
- WordPressManager.php: escapeshellarg() on all exec() paths in cloneStaging(); delete() reordered (DB first, filesystem second)
|
||||
- PHPManager.php: sudo rm -f for FPM pool deletion (www-data can't unlink root-owned files); SQLite syntax for updateConfig()
|
||||
- WP-CLI download: 30s timeout + 100KB size validation
|
||||
|
||||
**install.sh sudoers hardening** ✅ DONE
|
||||
- Replaced `ufw *` wildcard with 9 specific subcommands
|
||||
- Removed `curl *` NOPASSWD entirely (code doesn't need it)
|
||||
- Removed `env *` NOPASSWD entirely (security risk)
|
||||
|
||||
---
|
||||
|
||||
## 🔧 RECENT FIXES (2026-06-09/10)
|
||||
|
||||
**SSL cert SAN** ✅ DONE
|
||||
Cert regenerated with subjectAltName=IP:10.48.200.110 — required for Chrome fetch() to work.
|
||||
|
||||
**Update caching + nightly cron** ✅ DONE
|
||||
check-novacpx-update + check-os-update cache in settings table (12h TTL, ?force=1 bypass). Nightly cron at 2am: /srv/novacpx/public/bin/cache-update-check.php.
|
||||
|
||||
**OS upgrade script** ✅ DONE
|
||||
Fixed date format bug (date -u +"%H:%M:%S UTC"). Fixed backup dir (/tmp/novacpx-backup-TIMESTAMP instead of /var/novacpx/).
|
||||
|
||||
**SEO meta tags** ✅ DONE
|
||||
All 3 panel index.php files have description, keywords, robots=noindex,nofollow.
|
||||
|
||||
**Version tracking** ✅ DONE
|
||||
deploy-runner.sh and apply-novacpx-update both write to novacpx_version table + settings.panel_version after every deploy. Current: 1.0.27.
|
||||
|
||||
**VERSION file sync** ✅ DONE (2026-06-10)
|
||||
deploy-runner.sh now copies VERSION from repo root to /srv/novacpx/public/VERSION after each deploy.
|
||||
|
||||
**Update channels (stable/beta)** ✅ DONE
|
||||
Settings page loads/saves channel from DB. check-novacpx-update reads channel and checks correct remote branch. apply-novacpx-update pulls from correct branch. deploy-runner.sh reads channel from DB. beta branch created on GitHub. GitHub Actions auto-bumps: main→PATCH, beta→-beta.N.
|
||||
|
||||
**Settings page DB sync** ✅ DONE
|
||||
settings() function loads panel_name, default_php, nameservers, update_channel from server-options API. Saves via save-option API on submit.
|
||||
|
||||
**JARVIS agent** ✅ DONE
|
||||
Installed 2026-06-09. Agent ID: novacpx_e3b07264. Online and reporting.
|
||||
|
||||
**Parker Slingshot JARVIS monitoring** ✅ DONE
|
||||
Updated from parkerslingshot.epictravelexpeditions.com → parkerslingshotrentals.com in facts_collector.php, alerts.php, do_server.php.
|
||||
Reference in New Issue
Block a user