feat: Major directory reorganization and cleanup

Reorganized project structure for better maintainability and reduced disk usage by 95.9% (11 GB -> 451 MB). Directory Reorganization (85% reduction in root files): - Created docs/ with subdirectories (deployment, testing, database, etc.) - Created infrastructure/vpn-configs/ for VPN scripts - Moved 90+ files from root to organized locations - Archived obsolete documentation (context system, offline mode, zombie debugging) - Moved all test files to tests/ directory - Root directory: 119 files -> 18 files Disk Cleanup (10.55 GB recovered): - Deleted Rust build artifacts: 9.6 GB (target/ directories) - Deleted Python virtual environments: 161 MB (venv/ directories) - Deleted Python cache: 50 KB (__pycache__/) New Structure: - docs/ - All documentation organized by category - docs/archives/ - Obsolete but preserved documentation - infrastructure/ - VPN configs and SSH setup - tests/ - All test files consolidated - logs/ - Ready for future logs Benefits: - Cleaner root directory (18 vs 119 files) - Logical organization of documentation - 95.9% disk space reduction - Faster navigation and discovery - Better portability (build artifacts excluded) Build artifacts can be regenerated: - Rust: cargo build --release (5-15 min per project) - Python: pip install -r requirements.txt (2-3 min) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-18 20:42:28 -07:00
parent 89e5118306
commit 06f7617718
96 changed files with 54 additions and 2639 deletions
--- a/infrastructure/vpn-configs/Reference/PST-NW-VPN-Windows.ovpn
+++ b/infrastructure/vpn-configs/Reference/PST-NW-VPN-Windows.ovpn
@@ -0,0 +1,138 @@
+client
+dev tun
+proto tcp
+remote 64.139.88.249 1194
+resolv-retry infinite
+nobind
+
+# Management interface required for auto-start connections
+management 127.0.0.1 25340
+
+# Windows-compatible: removed user/group (Linux only)
+# user nobody
+# group nogroup
+
+persist-key
+persist-tun
+
+# Auto-login with credentials file
+auth-user-pass PST-NW-VPN-auth.txt
+remote-cert-tls server
+cipher AES-256-CBC
+comp-lzo
+verb 3
+
+auth SHA1
+key-direction 1
+
+reneg-sec 0
+
+redirect-gateway def1
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIIb8aPsAP41VowDQYJKoZIhvcNAQELBQAwgYExCzAJBgNV
+BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxFjAU
+BgNVBAoMDVViaXF1aXRpIEluYy4xGTAXBgNVBAsMEFVuaUZpX09wZW5WUE5fQ0Ex
+GTAXBgNVBAMMEFVuaUZpX09wZW5WUE5fQ0EwHhcNMjYwMTE1MTUyNzA0WhcNNDEw
+MTExMTUyNzA0WjCBgTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREw
+DwYDVQQHDAhOZXcgWW9yazEWMBQGA1UECgwNVWJpcXVpdGkgSW5jLjEZMBcGA1UE
+CwwQVW5pRmlfT3BlblZQTl9DQTEZMBcGA1UEAwwQVW5pRmlfT3BlblZQTl9DQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWAmCWSutfdvZmQDvN0Mcw9
+/rTknqkR1Udsymk6EowuQXA0A6jsc3GytgTDTMqrK7MAaVCa5gZbTy3Fc+6XtNXu
+AHAYfLRqC+t2OZEZCtM+m40iogzjAjo2ABXBklQQl+X1ub/1IA4I3f61+EBioHIR
+8XM6rikVpjBhq7fh1IroKljvBkxhCb2AkvHE8xNGUP3KqxFhmUtyOHiZvsPCKbL8
+UsoQwTSazTRRtS7DWoh/tZOXpU0kc5KRlYOnBkP/XqS80zCNf6OrvBvLfiRlD7WC
+36DQ846FWAqVc/3Vyp9gjc+z7Mq9Iyh5y91vzUGSQympgLvlbtcF618gJfWHuakC
+AwEAAaOB9TCB8jALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zCBtQYDVR0jBIGt
+MIGqgBSvpjxh48yMz4o7zIp3noJFpxV44qGBh6SBhDCBgTELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEWMBQGA1UECgwN
+VWJpcXVpdGkgSW5jLjEZMBcGA1UECwwQVW5pRmlfT3BlblZQTl9DQTEZMBcGA1UE
+AwwQVW5pRmlfT3BlblZQTl9DQYIIb8aPsAP41VowHQYDVR0OBBYEFK+mPGHjzIzP
+ijvMineegkWnFXjiMA0GCSqGSIb3DQEBCwUAA4IBAQCR99JaKoAv9qf1ctavAMGI
+5DQ0IkUoksEaQlZqH+LTM3dOMl3p0EBdkY7Fd6RwWZYPtIXoYXXTnKgfpziTfhoc
+NJIDGVaAIh9wU07V7U+g3uXPzT4wu9QvVptXaKWJJdjvLeEQbiADAcczBJMZD/3z
+uGvOj9gue94reb5c4jLV2LSQrcUj5QmV+B125w1AbNo8/12usnGxbK8yq/kNdla5
+RRlFGNVQ79rdYUkESQRCe4++7ViFkXEFcEEawc9HNPUvasBwbUzDmYjFafc27Y7u
+MgX5JGvk/h8ToBsPdWmJiu68kD5EwFXpvFnIOtLUTtxT6ZL+IUzc/VFxKnEnRUlE
+-----END CERTIFICATE-----
+</ca>
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+aa7cb0c33a8c6981dd2aef5061f18d61
+0d1ea4b401d235266a2def46a4d2655e
+870c868afccb79c229f94f3c13bd1062
+e17520850578ccdb4871e57ca4492661
+70174fe5311aaec6ab6a7c22c696838e
+5e7f82905c4f9530995fa4b82340e466
+06c0f1f6271b9b1ac518f3bac4fd96e6
+422ca4938069b63ccfa0f25c5dcb96f5
+6e3b010c83eb19dbe9bfe5a93d167dba
+5a5c9700955288748887ae378b0280e2
+a2478913c8664dbca0d5f0b027e86cd2
+44b808d037f16eea5234a82729dc35ce
+6507dee41391a4d07b999186a73a104b
+ebea644043218d30cdfb4f887b6aa398
+17a0f2b7fb28902d69ff429b1b8920f2
+72e9bb37fb1f4e74a8109c7ccf0ab149
+-----END OpenVPN Static key V1-----
+</tls-auth>
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIEmDCCA4CgAwIBAgIIJ3DNoa1mKT0wDQYJKoZIhvcNAQELBQAwgYExCzAJBgNV
+BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxFjAU
+BgNVBAoMDVViaXF1aXRpIEluYy4xGTAXBgNVBAsMEFVuaUZpX09wZW5WUE5fQ0Ex
+GTAXBgNVBAMMEFVuaUZpX09wZW5WUE5fQ0EwHhcNMjYwMTE1MTUyNzA0WhcNMzEw
+MTE0MTUyNzA0WjCBiTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREw
+DwYDVQQHDAhOZXcgWW9yazEWMBQGA1UECgwNVWJpcXVpdGkgSW5jLjEdMBsGA1UE
+CwwUVW5pRmlfT3BlblZQTl9DbGllbnQxHTAbBgNVBAMMFFVuaUZpX09wZW5WUE5f
+Q2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYUY3w4UoJYK
+09BKGFDelpGRfyq2veJKYs8VuVIWoYPvHB3fDZCi9ECz84MaJyAtt1Yf3fWUmsGt
+CWiiSNEiTkcOUJUYGcCqIHkJtAlf8NtnLHeAiJ8W5rq7HEqRl5j/caBbsHMXO71
+KrldY6V3YcZfas1lb6eKva3Oh/FCm88n4DgY8oKfTyvI7R+sgJWCix63ukjj3N7z
+tVixOxALpavenYzSBjp7hYfUUbZh7Afb0t/XwDhfNpnrYo7lHINSFZoFuAw1irtO
+VhMCCANWXvCGwQvZCR7QGZrNw6KSe3QcTp9U6nICPIr8OPMbigSU2WquBO+gR8vN
+gGOAPM0CqwIDAQABo4IBCDCCAQQwgbUGA1UdIwSBrTCBqoAUr6Y8YePMjM+KO8yK
+d56CRacVeOKhgYekgYQwgYExCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9y
+azERMA8GA1UEBwwITmV3IFlvcmsxFjAUBgNVBAoMDVViaXF1aXRpIEluYy4xGTAX
+BgNVBAsMEFVuaUZpX09wZW5WUE5fQ0ExGTAXBgNVBAMMEFVuaUZpX09wZW5WUE5f
+Q0GCCG/Gj7AD+NVaMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG
+CCsGAQUFBwMCMB0GA1UdDgQWBBTnDTURnXXSkaSoa/QCURaiXz4N9jANBgkqhkiG
+9w0BAQsFAAOCAQEA3NEPl0zFDE993nsuunM3XYqF+GKJb+4FmlglfcEjneCV322J
+j5AfQmN8Wib46rFsiPhoyoJ5uTc6zw9puNXGHzm/BcYlh/O+Cs83Z9BbAZZ3QWk1
+nirb9ugU181BOu5a++t4mnmzsNLoQC+IUWhC8xyaVTnXuKb6xGizR+rmC1qSxhT0
+25jP/NIBZfauvdmPe2r0q14NEsai+vDNFFvQ0hYm5b+NPrJs9GYwRXBLOCaEblIy
+lFift9ylpCF8zrihMH/b1RHZPgM2ScImFCq0meDr1cWCBoEhCDRg0mSim1O91KdQ
+LWUky4nIGKaFKk1CVyVbCM0KES6azGK1M64OlQ==
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5hRjfDhSglgrT
+0EoYUN6WkZF/Kra94kpizxW5Uhahg+8cHd8NkKL0QLPzgxonIC23Vh/d9ZSawa34
+JaKJI0SJORw5QlRgZwKogeQm0CV/w22csd4CInxbmurscSpGXmP9xoFuwcxc7vUq
+uV1jpXdhxl9qzWVvp4q9rc6H8UKbzyfgOBjygp9PK8jtH6yAlYKLHre6SOPc3vO1
+WLE7EAulq96djNIGOnuFh9RRtmHsB9vS39fAOF82metijuUcg1IVmgW4DDWKu05W
+EwIIA1Ze8IbBC9kJHtAZms3DopJ7dBxOn1TqcgI8ivw48xuKBJTZaq4E76BHy82A
+Y4A8zQKrAgMBAAECggEAVSnhWfv3wiQ+wi965CCzncEjXpI4I4DvDt7rpRAm7WxI
+Zsrbqzl7ZM8TDLVhWxathd0Wcekbl9NTTnfQXk3/V1MNPsfRPhPrp3lBSAQDQtxu
+xCDuvmIgXlkGgRYOBxGrq0LmBfcXHo5fo4ZGdcjuvca35Kp3Z0MtMJfKGKPLJQSw
+1DObhuTvzDyWn1hgLczOjM0WUZ/SVGFiqSCOAB6UYsipnRG8gWS/07XrPPcJSvwn
+S0+RracCNfMWJolo83smuTstErkypFmU743naV2uIbNBYtXnG3tD8O2vTLm3HzjH
+u6aAYCO837HhJT9LwzpXR9yUx3mV4jcy0xYZ0BwbyQKBgQC9yTVzwWbxv7PyM7b7
+yf3+/+c1uDgnNWy4NtvIEVGvDxC7jxWuTS2HACznHMsBDpsKcJFFdT0x5NZz+gau
+VUE8haIpZGhkaKOC9yz/uuioRt31p/pf3Do0snrnkNoZJVHao+SPn6z8y/aPKBqA
+Bw09piph1o9sjyWlX/yhb/VVZwKBgQD6Pt0jkQmDbgYJoILPJAdzH9Vg4lVSWL0C
+2AUozmrsp6ZKBcQXkhFTt9wN84G3lzy4rYM6BC2258dUKpSFze/f99DM/EX9ubD9
+9yNrm+p2ajnNVX1jRyHcgVg+z1gcaGMN/Jpz0b3xA5H6C6kGF/qUDEWGejT2r7JX
+c9Ov5286HQKBgQCbGLH8FVPBwL6X8rdZcauHFy6mchRBxqFAsmROTgkJHTC5dqdr
+OFs6dmQ7wwYLqRn/IBs4PiVyfubbBLstATM8+KCbXxkI5ZKq1sEJhH/Z9YAy38H3
+UQyoQCu8zl3OKveHzGRfE0jVlwG54DY35otllEQSjLvNJfbH/XeBnvNJhQKBgQDE
+QOrjCssANRgtEqGj2+ivw8ZvHfG2C/vnsAyTzRaUFILYSJ9ZsOc/1dCRbGhN2CD5
+4LIqnL5RVILBokcqjLBT4KDzMeGeM7P36IrxyKxfQ72jKCmW42FN8m6Hi8rZNJCC
+lpl2vYYN7zPbequLKOEOnHUmGs9Qq8fcx+y7ZnCXjQKBgGVPn0xU9nLbRbko9Hbx
+/BaWjd4ryA6DDd+MpXqyEotE/UwYECYHhAPjGRRlkMcPVUOQcpurEs4hH1Fgblmy
+UJ8mGfmEErKM5Qm+l3kxY6OazKYSgnHhRfncFsF2iRkZkjyxkz2pGgAlNOh6Bhyg
+SemRwTL0fxdUFksgE+kJo9DY
+-----END PRIVATE KEY-----
+</key>
--- a/infrastructure/vpn-configs/Reference/PST-VPN-Quick-Reference.txt
+++ b/infrastructure/vpn-configs/Reference/PST-VPN-Quick-Reference.txt
@@ -0,0 +1,206 @@
+PST VPN - Quick Reference Guide
+================================
+
+CONFIGURATION SUMMARY
+---------------------
+VPN Name: PST-NW-VPN
+Server: 64.139.88.249
+Type: L2TP/IPsec with Pre-Shared Key (UniFi)
+Username: pst-admin
+Password: 24Hearts$
+PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
+Tunnel Mode: SPLIT-TUNNEL (only remote traffic uses VPN)
+DNS: 192.168.0.2
+Remote Network: 192.168.0.0/24 (auto-routed)
+
+
+INSTALLATION
+------------
+Run as Administrator:
+  cd D:\ClaudeTools
+  .\Setup-PST-L2TP-VPN.ps1
+
+
+CONNECTION METHODS
+------------------
+IMPORTANT: For all-user VPN connections, credentials must be provided!
+
+Method 1: PowerShell Script (RECOMMENDED - includes DNS + route config)
+  powershell -File D:\ClaudeTools\Connect-PST-VPN.ps1
+  (This is what the scheduled task uses)
+
+Method 2: Batch file shortcut (simple connection)
+  Double-click: D:\ClaudeTools\vpn-connect.bat
+  (DNS and route must be configured separately)
+
+Method 3: Command line with credentials
+  rasdial "PST-NW-VPN" pst-admin "24Hearts$"
+  (DNS and route must be configured separately)
+
+Method 4: Windows GUI
+  Settings > Network & Internet > VPN > PST-NW-VPN > Connect
+  Enter credentials when prompted
+  (DNS and route must be configured separately)
+
+Method 5: Automatic at startup
+  Scheduled task connects automatically (uses Method 1)
+
+IMPORTANT: DO NOT use "rasdial PST-NW-VPN" without credentials!
+This will fail with error 691 because saved credentials don't work
+for all-user connections accessed via rasdial.
+
+
+DISCONNECTION
+-------------
+rasdial "PST-NW-VPN" /disconnect
+
+Or use batch file:
+D:\ClaudeTools\vpn-disconnect.bat
+
+
+UNIFI L2TP ROUTE REQUIREMENT (IMPORTANT!)
+------------------------------------------
+UniFi L2TP VPN requires an explicit route to be added for the remote network.
+Without this route, traffic won't flow through the VPN even when connected!
+
+The Connect-PST-VPN.ps1 script automatically adds this route:
+  Route: 192.168.0.0 mask 255.255.255.0 via VPN interface
+
+If you connect manually with "rasdial", you MUST add the route manually:
+  powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
+
+Or manually:
+  route add 192.168.0.0 mask 255.255.255.0 0.0.0.0 if [VPN-INTERFACE-INDEX] metric 1
+
+
+SPLIT-TUNNEL EXPLAINED
+----------------------
+With split-tunnel enabled:
+- Only traffic to the remote network (192.168.0.x) goes through VPN
+- Internet traffic goes directly through your local connection
+- This improves performance for non-VPN traffic
+- Reduces load on the VPN server
+
+Without split-tunnel (full tunnel):
+- ALL traffic would go through the VPN
+- Including internet browsing, streaming, etc.
+- Slower for general internet use
+
+
+DNS CONFIGURATION
+-----------------
+DNS Server: 192.168.0.2
+
+Why this matters:
+- This DNS server can resolve hostnames on the remote network
+- Example: "server.peacefulspirit.local" will resolve correctly
+- Without this DNS, you'd need to use IP addresses
+
+The Connect-PST-VPN.ps1 script automatically sets this DNS
+when connecting through scheduled task or manual script execution.
+
+Manual DNS configuration (if needed):
+  $vpnAdapter = Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*" -and $_.Status -eq "Up"}
+  Set-DnsClientServerAddress -InterfaceIndex $vpnAdapter.InterfaceIndex -ServerAddresses "192.168.0.2"
+
+
+VERIFICATION
+------------
+Check VPN status:
+  rasdial
+
+Check VPN connection details:
+  Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
+
+Check DNS settings:
+  Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "*L2TP*"} | Get-DnsClientServerAddress
+
+Check routing (split-tunnel verification):
+  route print
+  Look for routes to 192.168.0.0/24 through VPN interface
+  Default route (0.0.0.0) should NOT be through VPN
+
+Test DNS resolution:
+  nslookup server.peacefulspirit.local 192.168.0.2
+
+
+AUTO-CONNECT DETAILS
+--------------------
+Scheduled Task: PST-VPN-AutoConnect
+Script Location: C:\Windows\System32\Connect-PST-VPN.ps1
+Trigger: At system startup
+User: SYSTEM (runs before login)
+Delay: 30 seconds after startup
+
+View task:
+  Get-ScheduledTask -TaskName "PST-VPN-AutoConnect"
+
+Disable auto-connect:
+  Disable-ScheduledTask -TaskName "PST-VPN-AutoConnect"
+
+Enable auto-connect:
+  Enable-ScheduledTask -TaskName "PST-VPN-AutoConnect"
+
+Remove auto-connect:
+  Unregister-ScheduledTask -TaskName "PST-VPN-AutoConnect" -Confirm:$false
+
+
+TROUBLESHOOTING
+---------------
+Connection fails:
+  - Verify server is reachable: ping 64.139.88.249
+  - Check Windows Firewall allows L2TP
+  - Verify credentials are correct
+
+VPN connects but can't reach remote network:
+  - THIS IS THE MOST COMMON ISSUE with UniFi L2TP!
+  - The route is missing - run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
+  - Or use Connect-PST-VPN.ps1 which adds route automatically
+  - Verify route exists: route print | findstr 192.168.0.0
+  - Test: ping 192.168.0.2 (should work if route is correct)
+
+DNS not working:
+  - Reconnect using Connect-PST-VPN.ps1 script
+  - Manually set DNS (see DNS CONFIGURATION above)
+  - Check DNS server is reachable: ping 192.168.0.2
+
+Split-tunnel not working:
+  - Verify: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
+  - Check SplitTunneling property is True
+  - Reconnect if changed
+
+Internet slow after VPN connect:
+  - This suggests full-tunnel mode (all traffic through VPN)
+  - Verify split-tunnel: Get-VpnConnection -Name "PST-NW-VPN" -AllUserConnection
+  - Should show: SplitTunneling: True
+  - If False, run: Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection
+
+Route verification:
+  - Check routing table: route print | findstr 192.168.0.0
+  - Should see entry for 192.168.0.0 with metric 1
+  - Interface should be the L2TP adapter
+  - If missing, run: powershell -File D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1
+
+
+MANAGEMENT COMMANDS
+-------------------
+View all VPN connections:
+  Get-VpnConnection -AllUserConnection
+
+Modify split-tunnel setting:
+  Set-VpnConnection -Name "PST-NW-VPN" -SplitTunneling $true -AllUserConnection
+
+Remove VPN connection:
+  Remove-VpnConnection -Name "PST-NW-VPN" -AllUserConnection -Force
+
+View IPsec configuration:
+  Get-VpnConnectionIPsecConfiguration -ConnectionName "PST-NW-VPN"
+
+
+FILES CREATED
+-------------
+D:\ClaudeTools\Setup-PST-L2TP-VPN.ps1 - Main setup script
+D:\ClaudeTools\Connect-PST-VPN.ps1 - Connection helper (with DNS & route config)
+D:\ClaudeTools\Add-PST-VPN-Route-Manual.ps1 - Manual route configuration helper
+C:\Windows\System32\Connect-PST-VPN.ps1 - System copy of connection helper
+D:\ClaudeTools\PST-VPN-Quick-Reference.txt - This file