mirror of
https://github.com/myronblair/infra
synced 2026-06-30 17:50:10 -05:00
52f6073593
AI context/memory from Claude Code sessions covering all infrastructure: JARVIS, NovaCPX, DO sites, Proxmox, FusionPBX, MediaStack, and project feedback/preferences.
200 lines
9.8 KiB
Markdown
200 lines
9.8 KiB
Markdown
---
|
|
name: project-novacpx-todo
|
|
description: NovaCPX numbered TODO list — reference by number when requesting work
|
|
metadata:
|
|
node_type: memory
|
|
type: project
|
|
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
|
|
---
|
|
|
|
NovaCPX pre-production TODO. Reference items by number (e.g. "work on #3").
|
|
|
|
## 🔴 CRITICAL — Blocking for any real use
|
|
|
|
**#1 — Auto-deploy pipeline on VM** ✅ DONE
|
|
Webhook at https://10.48.200.110:8882/deploy/webhook.php. GitHub webhook fires on push to main or beta. Deploy-runner.sh cron every minute processes queue. Accepts both main+beta branches; reads update_channel from DB to pull correct branch.
|
|
|
|
**#2 — Sessions table in schema** ✅ DONE
|
|
Confirmed sessions table exists. Also added settings and api_tokens tables.
|
|
|
|
**#3 — End-to-end account creation test** ✅ DONE
|
|
Fixed: systemd ProtectSystem=full blocked /etc writes. Fixed: sudo mkdir/chown needed for home dir setup. All working: Linux user + home dir + public_html + vhost + DNS zone + Apache serving.
|
|
|
|
**#4 — Mail server virtual domain config** ✅ DONE
|
|
vmail user + /var/mail/vhosts. Postfix + Dovecot fully wired.
|
|
|
|
**#5 — DNS zone files working** ✅ DONE
|
|
named running, dig @localhost verified, AppArmor allows reads.
|
|
|
|
**#6 — Let's Encrypt SSL tested live** ✅ DONE (infrastructure verified)
|
|
Certbot 2.9.0 installed. Will work with real public domains.
|
|
|
|
---
|
|
|
|
## 🟡 IMPORTANT — Needed before real traffic
|
|
|
|
**#9 — Password change** ✅ DONE
|
|
**#10 — Webmail SSO** ✅ DONE
|
|
**#11 — DKIM provisioning** ✅ DONE
|
|
**#12 — File manager security audit** ✅ DONE
|
|
**#13 — PHP syntax guard on admin.js load** ✅ DONE
|
|
**#7 — User/reseller panel pages connected to real data** ✅ DONE
|
|
**#8 — Reseller account isolation audit** ✅ DONE
|
|
|
|
---
|
|
|
|
## 🟠 FEATURES — Expected in beta
|
|
|
|
**#14 — WordPress Manager** ✅ DONE (backend + admin UI)
|
|
**#15 — Backup system** ✅ DONE
|
|
**#16 — Cloudflare API integration** ✅ DONE
|
|
**#17 — Two-factor auth (TOTP)** ✅ DONE
|
|
|
|
**#18 — Reseller white-label** ✅ DONE
|
|
reseller_branding table, branding.php endpoint, _branding.php server-side helper.
|
|
|
|
**#19 — Server monitoring charts** ✅ DONE
|
|
server_stats table + collect-stats.php cron (every 5 min). Chart.js lazy-loaded.
|
|
|
|
**#20 — Cron job manager (user panel)** ✅ DONE
|
|
**#21 — Package limits enforcement** ✅ DONE
|
|
**#22a — Multiple FTP server options** ✅ DONE
|
|
**#22b — WHMCS billing bridge** ✅ DONE
|
|
**#22c — Multiple mail server options** ✅ DONE
|
|
**#22d — Multiple web server options** ✅ DONE
|
|
**#22e — DNS options + NS health checker** ✅ DONE
|
|
|
|
---
|
|
|
|
## 🔵 POLISH — Pre-production
|
|
|
|
**#23 — Documentation** ✅ DONE
|
|
**#24 — Audit log UI** ✅ DONE
|
|
**#25 — Email notifications** ✅ DONE
|
|
**#26 — Mobile-responsive CSS pass** ✅ DONE
|
|
**#27 — Custom error pages** ✅ DONE
|
|
**#28 — API rate limiting middleware** ✅ DONE
|
|
**#29 — Session management UI** ✅ DONE
|
|
**#30 — Installer idempotency** ✅ DONE
|
|
|
|
---
|
|
|
|
## 🐳 DOCKER — Tiered container management
|
|
|
|
**#31-35 — Docker Engine + admin/reseller/user panels** ✅ DONE
|
|
DockerManager.php. **140-app catalog** across 15+ categories. "My Apps" tab backed by docker_compose_stacks (not docker_containers). Async background launch with nohup. Email domain dropdown (local-part + domain select from DB).
|
|
|
|
**Docker catalog history:**
|
|
- Initial: 9 apps (wordpress, ghost, nextcloud, gitea, matomo, vaultwarden, nodejs, flask, static)
|
|
- 2026-06-09: Expanded to 60 apps (added monitoring, wiki, messaging, security, business, design categories)
|
|
- 2026-06-10: Expanded to 140 apps (added AI/LLM, dev tools, databases, networking, CMS/commerce, project mgmt, communication, file/storage, ERP/business, media, smart home, dashboards)
|
|
|
|
**Per-account uninstall** ✅ DONE (uninstall-account API, user panel "Remove All My Apps" button)
|
|
**Per-stack Reinstall** ✅ DONE (Reinstall button in stacks table, stack-reinstall API, pull→down→up)
|
|
**Admin App Catalog tab** ✅ DONE (launch apps on behalf of accounts from admin Docker page)
|
|
|
|
---
|
|
|
|
## 🛠️ ADMIN ROOT CONTROLS (added 2026-06-20)
|
|
|
|
**#41 — phpMyAdmin root section** ✅ DONE
|
|
Quick-access buttons + tool cards in DB Manager (mysql-manager page). phpMyAdmin at /phpmyadmin, Adminer at /adminer.php. db-tools API detects installed tools and serves URLs.
|
|
|
|
**#42 — Docker root GUI** ✅ DONE
|
|
Full docker page: containers, images, volumes, networks, compose stacks, app catalog, user quotas. All actions (start/stop/remove/logs/inspect) work. Sync-orphans endpoint for post-restore.
|
|
|
|
**#43 — PostgreSQL root GUI** ✅ DONE
|
|
Adminer installed at /adminer.php (handles MySQL + PostgreSQL). Separate PostgreSQL Databases section in DB Manager with direct Adminer PG link. db-tools API detects adminer.php.
|
|
|
|
**#44 — Mail server root controls** ✅ DONE
|
|
mail-server page: service controls (postfix/dovecot/rspamd), mail queue viewer + flush, virtual mail domains list with email counts, mail log tail.
|
|
|
|
**#45 — FTP controls section** ✅ DONE
|
|
ftp-server page: FTP service status + restart/reload/stop, all FTP accounts from DB with username/directory/permissions.
|
|
|
|
**#46 — Nginx proxy controls** ✅ DONE
|
|
nginx-proxy page: comprehensive proxy host management with add/edit/delete, upstream sync, settings, setup guide.
|
|
|
|
**#47 — Web server root controls** ✅ DONE
|
|
web-server page: CPU/RAM/disk/uptime stats, services with restart/reload/stop, PHP defaults, log viewer (nginx-error/access/panel/deploy).
|
|
|
|
---
|
|
|
|
**#49 — Disable/remove conflicting web servers on install** ✅ DONE (install.sh updated)
|
|
|
|
**#51 — Server settings sections in admin panel** ✅ DONE
|
|
All service pages exist in admin: web-server (#47), mail-server (#44), ftp-server (#45), docker, mysql-manager, nginx-proxy, firewall, fail2ban. Each shows install/running status.
|
|
|
|
**#50 — Post-restore automation script** ✅ DONE (v2)
|
|
`/usr/local/bin/novacpx-post-restore` at deploy/novacpx-post-restore.sh: fixes config.ini, cleans orphaned pools, bumps PHP-FPM max_children, pulls latest code+migrations, cleans orphaned DB users before creating webacct, deploys dashboard+notes, Basic Auth, disables Apache2. --no-git flag available.
|
|
|
|
**#48 — Collapsible sidebar navigation** ✅ DONE
|
|
CSS in nova.css, JS in nova.js (_initCollapsibleNav exposed on window). Admin: runs on DOMContentLoaded. Reseller + user: called after renderRNav()/renderNav(). State persisted in localStorage.
|
|
|
|
---
|
|
|
|
## 🆕 NEW FEATURES (added 2026-06-20)
|
|
|
|
**#36 — Sub-domains section** ✅ DONE
|
|
Admin: global view across all accounts. Reseller: filtered to their customers. User: create/remove own subdomains. Backend was already in domains.php (add-subdomain, list, remove).
|
|
|
|
**#37 — Parked domains section** ✅ DONE
|
|
Admin: global view across all accounts. Reseller: filtered to their customers. User: park/remove domains. Backend was already in domains.php (add-alias, list, remove).
|
|
|
|
**#38 — Settings section (account-level)** ✅ DONE
|
|
User panel Account > Settings: shows account info, resource usage gauges, PHP config (version/memory/upload/exec time), quick links to SSL/2FA/password change.
|
|
|
|
**#39 — Default index file on new account** ✅ DONE
|
|
AccountManager now creates a dark-themed modern index.html on account creation. Admin can set a custom HTML template in Server Options (default_index_template setting, {domain}/{username} placeholders). Falls back to built-in if none set.
|
|
|
|
**#40 — Linux uninstaller** ✅ DONE
|
|
`uninstall.sh` at repo root. Full backup → confirmation → removes accounts/users/pools/vhosts/systemd/sudoers/cron/DKIM/DNS/postfix/fail2ban/all dirs. Prints scp + temp HTTP download options. --yes flag to skip confirm. Usage: `bash uninstall.sh [--yes]`
|
|
|
|
---
|
|
|
|
## 🔒 SECURITY FIXES (2026-06-09, code review)
|
|
|
|
**Shell injection fixes** ✅ DONE
|
|
- WordPressManager.php: escapeshellarg() on all exec() paths in cloneStaging(); delete() reordered (DB first, filesystem second)
|
|
- PHPManager.php: sudo rm -f for FPM pool deletion (www-data can't unlink root-owned files); SQLite syntax for updateConfig()
|
|
- WP-CLI download: 30s timeout + 100KB size validation
|
|
|
|
**install.sh sudoers hardening** ✅ DONE
|
|
- Replaced `ufw *` wildcard with 9 specific subcommands
|
|
- Removed `curl *` NOPASSWD entirely (code doesn't need it)
|
|
- Removed `env *` NOPASSWD entirely (security risk)
|
|
|
|
---
|
|
|
|
## 🔧 RECENT FIXES (2026-06-09/10)
|
|
|
|
**SSL cert SAN** ✅ DONE
|
|
Cert regenerated with subjectAltName=IP:10.48.200.110 — required for Chrome fetch() to work.
|
|
|
|
**Update caching + nightly cron** ✅ DONE
|
|
check-novacpx-update + check-os-update cache in settings table (12h TTL, ?force=1 bypass). Nightly cron at 2am: /srv/novacpx/public/bin/cache-update-check.php.
|
|
|
|
**OS upgrade script** ✅ DONE
|
|
Fixed date format bug (date -u +"%H:%M:%S UTC"). Fixed backup dir (/tmp/novacpx-backup-TIMESTAMP instead of /var/novacpx/).
|
|
|
|
**SEO meta tags** ✅ DONE
|
|
All 3 panel index.php files have description, keywords, robots=noindex,nofollow.
|
|
|
|
**Version tracking** ✅ DONE
|
|
deploy-runner.sh and apply-novacpx-update both write to novacpx_version table + settings.panel_version after every deploy. Current: 1.0.27.
|
|
|
|
**VERSION file sync** ✅ DONE (2026-06-10)
|
|
deploy-runner.sh now copies VERSION from repo root to /srv/novacpx/public/VERSION after each deploy.
|
|
|
|
**Update channels (stable/beta)** ✅ DONE
|
|
Settings page loads/saves channel from DB. check-novacpx-update reads channel and checks correct remote branch. apply-novacpx-update pulls from correct branch. deploy-runner.sh reads channel from DB. beta branch created on GitHub. GitHub Actions auto-bumps: main→PATCH, beta→-beta.N.
|
|
|
|
**Settings page DB sync** ✅ DONE
|
|
settings() function loads panel_name, default_php, nameservers, update_channel from server-options API. Saves via save-option API on submit.
|
|
|
|
**JARVIS agent** ✅ DONE
|
|
Installed 2026-06-09. Agent ID: novacpx_e3b07264. Online and reporting.
|
|
|
|
**Parker Slingshot JARVIS monitoring** ✅ DONE
|
|
Updated from parkerslingshot.epictravelexpeditions.com → parkerslingshotrentals.com in facts_collector.php, alerts.php, do_server.php.
|