Add VPN configuration tools and agent documentation

Created comprehensive VPN setup tooling for Peaceful Spirit L2TP/IPsec connection
and enhanced agent documentation framework.

VPN Configuration (PST-NW-VPN):
- Setup-PST-L2TP-VPN.ps1: Automated L2TP/IPsec setup with split-tunnel and DNS
- Connect-PST-VPN.ps1: Connection helper with PPP adapter detection, DNS (192.168.0.2), and route config (192.168.0.0/24)
- Connect-PST-VPN-Standalone.ps1: Self-contained connection script for remote deployment
- Fix-PST-VPN-Auth.ps1: Authentication troubleshooting for CHAP/MSChapv2
- Diagnose-VPN-Interface.ps1: Comprehensive VPN interface and routing diagnostic
- Quick-Test-VPN.ps1: Fast connectivity verification (DNS/router/routes)
- Add-PST-VPN-Route-Manual.ps1: Manual route configuration helper
- vpn-connect.bat, vpn-disconnect.bat: Simple batch file shortcuts
- OpenVPN config files (Windows-compatible, abandoned for L2TP)

Key VPN Implementation Details:
- L2TP creates PPP adapter with connection name as interface description
- UniFi auto-configures DNS (192.168.0.2) but requires manual route to 192.168.0.0/24
- Split-tunnel enabled (only remote traffic through VPN)
- All-user connection for pre-login auto-connect via scheduled task
- Authentication: CHAP + MSChapv2 for UniFi compatibility

Agent Documentation:
- AGENT_QUICK_REFERENCE.md: Quick reference for all specialized agents
- documentation-squire.md: Documentation and task management specialist agent
- Updated all agent markdown files with standardized formatting

Project Organization:
- Moved conversation logs to dedicated directories (guru-connect-conversation-logs, guru-rmm-conversation-logs)
- Cleaned up old session JSONL files from projects/msp-tools/
- Added guru-connect infrastructure (agent, dashboard, proto, scripts, .gitea workflows)
- Added guru-rmm server components and deployment configs

Technical Notes:
- VPN IP pool: 192.168.4.x (client gets 192.168.4.6)
- Remote network: 192.168.0.0/24 (router at 192.168.0.10)
- PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
- Credentials: pst-admin / 24Hearts$

Files: 15 VPN scripts, 2 agent docs, conversation log reorganization,
guru-connect/guru-rmm infrastructure additions

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

projects/msp-tools/guru-rmm/session-logs/2025-12-15-build-server-setup.md

@@ -0,0 +1,187 @@
+# Session Log: Build Server Setup & Linux Agent Installer
+**Date:** 2025-12-15/16
+**Focus:** Native Windows/Linux service installers, Build server VM setup
+
+---
+
+## Summary
+
+Major session focused on creating production-ready agent installers and setting up a dedicated GuruRMM server VM.
+
+### Completed
+
+1. **Native Windows Service** (from previous context)
+   - Created `agent/src/service.rs` with Windows SCM integration
+   - Uses `windows-service` crate for native service control
+   - Legacy NSSM service detection and cleanup
+   - Install/uninstall/start/stop/status commands
+
+2. **Linux Agent Installer Improvements**
+   - Added `--server-url`, `--api-key`, `--skip-legacy-check` flags to install command
+   - Legacy systemd service detection and cleanup
+   - Auto-starts service when config is complete
+   - **FIXED:** Switched from glibc to musl static linking for universal compatibility
+
+3. **Site Code Authentication**
+   - Added `is_site_code_format()` to detect WORD-WORD-NUMBER patterns
+   - Server now accepts site codes (e.g., `SWIFT-CLOUD-6910`) instead of long API keys
+   - Auto-registers agents under the matching site
+
+4. **Build Server VM (172.16.3.30)**
+   - Ubuntu 22.04 VM created
+   - Installed: nginx, Rust, PostgreSQL, build-essential
+   - GuruRMM server binary deployed and running as systemd service
+   - Database migrated from Jupiter Docker to local PostgreSQL
+   - Nginx configured for downloads and API proxy
+   - Agent binary available at `/downloads/gururmm-agent-linux-amd64`
+
+### Issues Found (To Fix in Installer v2)
+
+1. **glibc version mismatch** - FIXED with musl static linking
+2. **systemd ProtectSystem=strict** blocks remote command execution
+   - Need targeted `ReadWritePaths=/root/.ssh` instead of disabling protection
+   - Or installer flag for "managed" vs "locked down" mode
+
+---
+
+## Credentials & Configuration
+
+### Build Server (172.16.3.30)
+- **Hostname:** gururmm
+- **SSH:** root with WSL key
+- **Services:**
+  - GuruRMM Server: systemd `gururmm-server`, port 3001
+  - PostgreSQL: local, port 5432
+  - Nginx: port 80 (proxy to API + downloads)
+  - GuruRMM Agent: systemd `gururmm-agent`
+
+### Database (now on 172.16.3.30)
+- **Host:** localhost
+- **Database:** gururmm
+- **User:** gururmm
+- **Password:** 43617ebf7eb242e814ca9988cc4df5ad
+
+### Site Codes
+- **Main Office:** `SWIFT-CLOUD-6910`
+
+### Agent Downloads
+- **URL:** http://172.16.3.30/downloads/gururmm-agent-linux-amd64
+- **Or via NPM:** https://rmm-api.azcomputerguru.com/downloads/gururmm-agent-linux-amd64
+
+---
+
+## Key Files Modified
+
+### Agent
+- `agent/Cargo.toml` - Switched to rustls for static linking
+- `agent/src/main.rs` - Added install flags, legacy detection, site code support
+- `agent/src/service.rs` - Windows native service implementation
+- `agent/scripts/install.sh` - Bootstrap installer script
+
+### Server
+- `server/src/ws/mod.rs` - Added `is_site_code_format()`, site code auth support
+
+---
+
+## Install Commands
+
+### Linux (Site Code)
+```bash
+curl -fsSL http://172.16.3.30/downloads/gururmm-agent-linux-amd64 -o /tmp/gururmm-agent && \
+chmod +x /tmp/gururmm-agent && \
+sudo /tmp/gururmm-agent install \
+  --server-url wss://rmm-api.azcomputerguru.com/ws \
+  --api-key SWIFT-CLOUD-6910
+```
+
+### Windows
+```powershell
+# Download and install (from elevated prompt)
+.\gururmm-agent.exe install --server-url wss://rmm-api.azcomputerguru.com/ws --api-key SWIFT-CLOUD-6910
+```
+
+---
+
+## Pending Tasks
+
+1. **Update NPM proxy** - Change rmm-api.azcomputerguru.com to forward to 172.16.3.30:3001
+2. **Stop old Docker containers** on Jupiter (gururmm-server, gururmm-db)
+3. **Fix systemd security** for agent command execution (ReadWritePaths)
+4. **Add Windows binary** to downloads on build server
+5. **Set up dashboard** hosting on build server
+
+---
+
+## Architecture (New)
+
+```
+                    ┌─────────────────────────────────────┐
+                    │     172.16.3.30 (gururmm VM)        │
+                    │                                     │
+ Internet ──────────┼──► nginx (:80)                     │
+   (via NPM)        │       ├──► /api/* → localhost:3001 │
+                    │       ├──► /ws    → localhost:3001 │
+                    │       ├──► /downloads/* → static   │
+                    │       └──► /*     → dashboard      │
+                    │                                     │
+                    │    GuruRMM Server (:3001)          │
+                    │    PostgreSQL (:5432)              │
+                    │    Rust build toolchain            │
+                    └─────────────────────────────────────┘
+```
+
+---
+
+## Commands Reference
+
+### Remote Command via RMM API
+```bash
+curl -X POST "http://172.16.3.30:3001/api/agents/{AGENT_ID}/command" \
+  -H "Content-Type: application/json" \
+  -d '{"command_type": "shell", "command": "whoami"}'
+```
+
+### Check Command Result
+```bash
+curl "http://172.16.3.30:3001/api/commands/{COMMAND_ID}"
+```
+
+### Server Logs
+```bash
+ssh root@172.16.3.30 "journalctl -u gururmm-server -f"
+```
+
+---
+
+## Session Update (End of Session)
+
+### Completed This Session
+- All Docker containers removed from Jupiter (gururmm-server, gururmm-db, gururmm-dashboard, gururmm-downloads)
+- Dashboard deployed to build server at `/var/www/gururmm/dashboard/`
+- Nginx configured to serve dashboard + API + downloads
+- Node.js 20.x installed on build server for future dashboard builds
+- All agents reconnected to new server successfully
+
+### Current State
+- **Build Server (172.16.3.30)** is now the sole GuruRMM server
+- Dashboard: https://rmm-api.azcomputerguru.com/
+- API: https://rmm-api.azcomputerguru.com/api/
+- Downloads: https://rmm-api.azcomputerguru.com/downloads/
+- WebSocket: wss://rmm-api.azcomputerguru.com/ws
+
+### Pending Tasks (Next Session)
+1. Install certbot and get Let's Encrypt SSL certificate
+2. Configure firewall (ufw)
+3. Install and configure fail2ban
+4. Harden SSH configuration
+5. Enable automatic security updates
+6. Optimize PostgreSQL and nginx
+7. Fix systemd ReadWritePaths for agent command execution
+
+### Services Running on 172.16.3.30
+```
+systemctl status gururmm-server  # API server
+systemctl status gururmm-agent   # Local agent
+systemctl status postgresql      # Database
+systemctl status nginx           # Web server
+```