s8n
f59a6e90d0
STATE.md = source-of-truth for current state + pending decisions. Append to changelog when state changes. Don't rewrite history. COBBLESTONE-INTAKE.md = template the operator fills before agent A2 runs the cobblestone audit. Captures network/SSH/hardware/OS/docker state + operator-driven migration decisions (LUKS, DE, userns-remap, RC revive-or-retire, Headscale SPOF, cockpit).
79 lines
2.5 KiB
Markdown
79 lines
2.5 KiB
Markdown
# Cobblestone intake — operator hand-off
|
|
|
|
When operator brings cobblestone online for migration prep, fill in
|
|
this template, then unblock agent A2 (cobblestone audit).
|
|
|
|
## Network
|
|
|
|
| Field | Value | Notes |
|
|
|---|---|---|
|
|
| LAN IP | TBD | static recommended; reservation in router OR static `/etc/network/interfaces` |
|
|
| Hostname | `cobblestone` | matches CLAUDE.md device registry |
|
|
| Tailscale IP | TBD (when joined) | preserve via `/var/lib/tailscale/state` carry-over OR re-enroll |
|
|
| MAC | TBD | |
|
|
| Router port-forwards | TBD: 80, 443, 25565, ?222 | `222` for Forgejo SSH (long-deferred fix from nullstone era) |
|
|
|
|
## SSH
|
|
|
|
| Field | Value |
|
|
|---|---|
|
|
| Default user | TBD (Debian default = first-install user) |
|
|
| ssh key from onyx authorized? | TBD (if no, run `ssh-copy-id <user>@<ip>`) |
|
|
| sshd config | hardened? | nullstone pattern: `AllowUsers user`, no root, no pw auth |
|
|
|
|
After hand-over, add to `~/.ssh/config` on onyx:
|
|
|
|
```
|
|
Host cobblestone
|
|
HostName <IP>
|
|
User user
|
|
IdentityFile ~/.ssh/id_ed25519
|
|
```
|
|
|
|
## Hardware
|
|
|
|
| Field | Value |
|
|
|---|---|
|
|
| CPU | TBD (model + cores) |
|
|
| RAM | TBD (GB) |
|
|
| Disk(s) | TBD (NVMe? SATA SSD? size?) |
|
|
| GPU | TBD (none / iGPU / discrete) |
|
|
| TPM2 chip | TBD (`ls /dev/tpm*`) |
|
|
|
|
## OS state
|
|
|
|
| Field | Value |
|
|
|---|---|
|
|
| Debian version | TBD (`cat /etc/debian_version`) |
|
|
| Kernel | TBD (`uname -r`) |
|
|
| LUKS at install | TBD (`lsblk -f` looking for `crypto_LUKS`) ⚠️ |
|
|
| Desktop env | TBD (XFCE / GNOME / KDE / MATE / Cinnamon) |
|
|
| Display manager | TBD (`systemctl status display-manager`) |
|
|
|
|
⚠️ **If LUKS=NO at install**: see [DE-DECISION-cobblestone.md](DE-DECISION-cobblestone.md)
|
|
section "post-install LUKS-on-file fallback". Better to reinstall
|
|
with LUKS2 from scratch — this is the F4 regression fix.
|
|
|
|
## Docker
|
|
|
|
| Field | Value |
|
|
|---|---|
|
|
| Docker installed | TBD |
|
|
| Version | TBD |
|
|
| daemon.json | not yet — match nullstone pattern |
|
|
| userns-remap | **DROP** per migration recommendation |
|
|
|
|
## Operator-driven decisions (fill before cutover)
|
|
|
|
- [ ] LUKS reinstall: yes / LUKS-on-file fallback / accept-no-LUKS
|
|
- [ ] DE: strip-now / 30-day soak then strip / keep-forever
|
|
- [ ] userns-remap: drop / keep
|
|
- [ ] RocketChat: revive on cobblestone / retire (delete volumes)
|
|
- [ ] Headscale + step-ca: keep on cobblestone / move to $4 VPS
|
|
- [ ] cockpit web admin: install / skip
|
|
|
|
## Once filled in
|
|
|
|
Commit + push this file. Then say "agent A2 go" — A2 ssh's into
|
|
cobblestone, runs the audit commands from `MIGRATION-...md` section
|
|
1, writes `COBBLESTONE-AUDIT-<date>.md` next to this file.
|