# Cobblestone intake — operator hand-off

When operator brings cobblestone online for migration prep, fill in
this template, then unblock agent A2 (cobblestone audit).

## Network

| Field | Value | Notes |
|---|---|---|
| LAN IP | TBD | static recommended; reservation in router OR static `/etc/network/interfaces` |
| Hostname | `cobblestone` | matches CLAUDE.md device registry |
| Tailscale IP | TBD (when joined) | preserve via `/var/lib/tailscale/state` carry-over OR re-enroll |
| MAC | TBD |  |
| Router port-forwards | TBD: 80, 443, 25565, ?222 | `222` for Forgejo SSH (long-deferred fix from nullstone era) |

## SSH

| Field | Value |
|---|---|
| Default user | TBD (Debian default = first-install user) |
| ssh key from onyx authorized? | TBD (if no, run `ssh-copy-id <user>@<ip>`) |
| sshd config | hardened? | nullstone pattern: `AllowUsers user`, no root, no pw auth |

After hand-over, add to `~/.ssh/config` on onyx:

```
Host cobblestone
    HostName <IP>
    User user
    IdentityFile ~/.ssh/id_ed25519
```

## Hardware

| Field | Value |
|---|---|
| CPU | TBD (model + cores) |
| RAM | TBD (GB) |
| Disk(s) | TBD (NVMe? SATA SSD? size?) |
| GPU | TBD (none / iGPU / discrete) |
| TPM2 chip | TBD (`ls /dev/tpm*`) |

## OS state

| Field | Value |
|---|---|
| Debian version | TBD (`cat /etc/debian_version`) |
| Kernel | TBD (`uname -r`) |
| LUKS at install | TBD (`lsblk -f` looking for `crypto_LUKS`) ⚠️ |
| Desktop env | TBD (XFCE / GNOME / KDE / MATE / Cinnamon) |
| Display manager | TBD (`systemctl status display-manager`) |

⚠️ **If LUKS=NO at install**: see [DE-DECISION-cobblestone.md](DE-DECISION-cobblestone.md)
section "post-install LUKS-on-file fallback". Better to reinstall
with LUKS2 from scratch — this is the F4 regression fix.

## Docker

| Field | Value |
|---|---|
| Docker installed | TBD |
| Version | TBD |
| daemon.json | not yet — match nullstone pattern |
| userns-remap | **DROP** per migration recommendation |

## Operator-driven decisions (fill before cutover)

- [ ] LUKS reinstall: yes / LUKS-on-file fallback / accept-no-LUKS
- [ ] DE: strip-now / 30-day soak then strip / keep-forever
- [ ] userns-remap: drop / keep
- [ ] RocketChat: revive on cobblestone / retire (delete volumes)
- [ ] Headscale + step-ca: keep on cobblestone / move to $4 VPS
- [ ] cockpit web admin: install / skip

## Once filled in

Commit + push this file. Then say "agent A2 go" — A2 ssh's into
cobblestone, runs the audit commands from `MIGRATION-...md` section
1, writes `COBBLESTONE-AUDIT-<date>.md` next to this file.