From f98b11119340c19f531d7d1f17b8092905d4fc1f Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Fri, 5 Jun 2026 17:25:13 -0700 Subject: [PATCH] docs(wiki): full IX server inventory from live SSH Expand wiki/systems/ix-server.md with a 2026-06-05 live SSH inventory: - Host: CloudLinux 9.7, cPanel/WHM 134, 64-core Xeon Gold 6130, 62 GiB, 4.4 T /home; Apache 2.4.67, MariaDB 10.11.16, ea-php 5.6-8.5, Exim 4.99.4, Dovecot 2.4.2, BIND 9.16. - 72 cPanel accounts / 185 domains / 101 WordPress; full account -> primary-domain -> disk map (the "where does client X live" reference). - ACG subdomain docroots (radio, community/Flarum, analytics/Matomo, portal, support, etc.) under the azcomputerguru account. - GuruRMM agent enrolled (gururmm-agent.service). - Backups appear unconfigured (/backup ~178M vs 1.6T /home) - flagged. - SSH key auth from GURU-5070 now works; updated reference_ix_server_access memory (was stale: claimed key auth not set up) + index summary. Co-Authored-By: Claude Opus 4.8 (1M context) --- .claude/memory/reference_ix_server_access.md | 22 +- wiki/index.md | 2 +- wiki/systems/ix-server.md | 242 ++++++++++++++----- 3 files changed, 193 insertions(+), 73 deletions(-) diff --git a/.claude/memory/reference_ix_server_access.md b/.claude/memory/reference_ix_server_access.md index e9d23c6..7a21aa4 100644 --- a/.claude/memory/reference_ix_server_access.md +++ b/.claude/memory/reference_ix_server_access.md @@ -1,25 +1,27 @@ --- name: IX server access — network + SSH -description: How to reach ix.azcomputerguru.com (172.16.3.10) — Tailscale-on means it's directly reachable, no separate VPN. SSH currently uses sshpass with the root password (key auth was never set up after GURU-5070 was reinstalled to Windows 11). Setting up key auth would simplify this. +description: How to reach ix.azcomputerguru.com (172.16.3.10) — Tailscale-on means it's directly reachable, no separate VPN. SSH KEY AUTH from GURU-5070 now works (verified 2026-06-05); sshpass+password is only the fallback. Also enrolled in GuruRMM (gururmm-agent.service). Full inventory: wiki/systems/ix-server.md. type: reference --- ## Network reachability -- **Host:** `ix.azcomputerguru.com` / `172.16.3.10` -- **Access:** directly reachable when Tailscale is on. No separate VPN connection required. +- **Host:** `ix.azcomputerguru.com` / `172.16.3.10` (also `172.16.1.39`) +- **Access:** directly reachable when Tailscale is on. No separate VPN connection required. External `72.194.62.5:22` is firewalled — internal only. +- **Also enrolled in GuruRMM** (`gururmm-agent.service`, binary `/usr/local/bin/gururmm-agent`, config `/etc/gururmm/agent.toml`) — drivable via `/rmm` when SSH isn't handy. ## SSH -> **VERIFY 2026-05-26** — the no-key-auth note was written under the old CachyOS install on GURU-5070; the machine is now Windows 11. Re-confirm whether key auth got set up before relying on the sshpass fallback below. - - **User:** `root` -- **Password:** vault — see `credentials.md` or SOPS. -- **SSH key auth:** NOT configured from GURU-5070 (the old `guru@wsl` key was authorized but the workstation was reinstalled; new pubkey hasn't been added to IX's `authorized_keys` yet). -- **Current workflow (sshpass):** +- **SSH key auth: WORKS from GURU-5070** (verified 2026-06-05 via system OpenSSH, internal IP, Tailscale up): + ```bash + /c/Windows/System32/OpenSSH/ssh.exe -o BatchMode=yes root@172.16.3.10 'whmapi1 listaccts' + ``` +- **Password fallback:** vault `infrastructure/ix-server.sops.yaml` (root password). Use sshpass only if key auth ever breaks: ```bash sshpass -p "$PASSWORD" ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no root@172.16.3.10 ``` -- **Suppress sshpass warnings:** pipe through `grep -v WARNING | grep -v 'not using'` or `tail`. +- **Account-level (`gurushow`) paths from scripts:** paramiko with `look_for_keys=False, allow_agent=False` (that account's key auth is disabled). -**Recommended:** add GURU-5070's pubkey to IX's `~/.ssh/authorized_keys` to drop the sshpass dance. +## What's on it +Full systems inventory (host specs, web/mail/DB stack versions, 72 cPanel accounts → domains → disk, ACG subdomain docroots, backup gap) is documented in **`wiki/systems/ix-server.md`** (live SSH inventory 2026-06-05). cPanel 134, CloudLinux 9.7, 64-core Xeon, 4.4 T /home. [[reference_radio_website]] is hosted here. diff --git a/wiki/index.md b/wiki/index.md index 4f110c8..2f90a58 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -70,7 +70,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks. | [Jupiter](systems/jupiter.md) | 172.16.3.20 — Unraid primary NAS; virsh host for all VMs; Docker: NPM, Gitea, Seafile; iDRAC at 172.16.1.73 | 2026-05-24 | | [Pluto (Claude-Builder)](systems/pluto.md) | 172.16.3.36 — Windows Server 2019 virsh VM on Jupiter; exclusive Windows MSI + cargo build server for GuruRMM | 2026-05-24 | | [Uranus](systems/uranus.md) | 172.16.3.21 — Unraid secondary (Dell R730xd); OwnCloud archive storage only; formerly Saturn's IP (reused Apr 2026); RAM too low for VMs | 2026-05-24 | -| [IX Web Hosting Server](systems/ix-server.md) | 172.16.3.10 / 72.194.62.5 — cPanel/WHM (CloudLinux 9.7); hosts ACG static sites incl. **radio.azcomputerguru.com** (Astro, source in `projects/radio-show/website/`), public site, Flarum community, Matomo analytics + ~87 client WordPress; behind Cloudflare tunnel `acg-origin` | 2026-06-05 | +| [IX Web Hosting Server](systems/ix-server.md) | 172.16.3.10 / 72.194.62.5 — cPanel/WHM 134 on CloudLinux 9.7 (64-core Xeon, 4.4 T /home); **72 cPanel accounts / 185 domains / 101 WordPress** + ACG sites (radio Astro, Flarum community, Matomo analytics); GuruRMM-enrolled; SSH key auth from GURU-5070; behind Cloudflare tunnel `acg-origin`; **backups look unconfigured (gap)**. Live SSH inventory 2026-06-05 — full account→domain map in the article | 2026-06-05 | ## Patterns diff --git a/wiki/systems/ix-server.md b/wiki/systems/ix-server.md index 5432497..e428e7e 100644 --- a/wiki/systems/ix-server.md +++ b/wiki/systems/ix-server.md @@ -5,8 +5,9 @@ display_name: IX Web Hosting Server last_compiled: 2026-06-05 compiled_by: GURU-5070/claude-main sources: + - live SSH inventory 2026-06-05 (root@172.16.3.10, key auth from GURU-5070) - .claude/memory/reference_radio_website.md - - .claude/memory/reference_resource_map.md + - .claude/memory/reference_ix_server_access.md - wiki/clients/internal-infrastructure.md - projects/radio-show/website/ (source tree) --- @@ -14,102 +15,219 @@ sources: # IX Web Hosting Server `ix.azcomputerguru.com` — Arizona Computer Guru's cPanel/WHM shared-hosting box. -It hosts ACG's own public-facing static sites (including **radio.azcomputerguru.com**), -the community forum, the analytics server, and ~87 client WordPress installs. +It hosts ACG's own static sites (incl. **radio.azcomputerguru.com**), the Flarum +community forum, Matomo analytics, and ~72 client cPanel accounts (185 domains, +101 WordPress installs). -> Deep operational detail (cPanel account hygiene, WordPress hygiene, mail -> accounts, the Cox→Cloudflare BGP workaround) lives in +> Operational history (account cleanups, WordPress hygiene, mail routing, the +> Cox→Cloudflare BGP workaround) lives in > [`wiki/clients/internal-infrastructure.md`](../clients/internal-infrastructure.md). -> This article is the **systems-level** record and the home for the ACG static -> sites deployed here. +> **This article is the systems-level inventory** — what the box is, what runs on +> it, and where each hosted thing lives. Last verified by live SSH 2026-06-05. ## Host facts | Item | Value | |---|---| | Hostname | `ix.azcomputerguru.com` | -| Internal IP | `172.16.3.10` (Tailscale required) | -| External IP | `72.194.62.5` | -| Stack | CloudLinux 9.7, Apache, WHM/cPanel, per-account MySQL/MariaDB | -| WHM | `https://ix.azcomputerguru.com:2087` — **DNS-only / grey-cloud** in Cloudflare (`:2087`/`:2083` can't traverse the tunnel) | -| SSH | `ssh root@172.16.3.10` (internal) or `ssh root@72.194.62.5` (external) | -| Vault | `infrastructure/ix-server.sops.yaml` | -| Edge | Cloudflare tunnel `acg-origin` (UUID `78d3e58f-1979-4f0e-a28b-98d6b3c3d867`) on Jupiter routes the ACG hostnames to IX `:443` | +| Internal IP | `172.16.3.10` (also `172.16.1.39`); Tailscale or office LAN required | +| External IP | `72.194.62.5` (SSH `:22` firewalled from WAN — internal only) | +| OS | CloudLinux 9.7 (Pavel Popovich), kernel `5.14.0 ...tuxcare.els` (TuxCare ELS) | +| CPU / RAM | 64× Intel Xeon Gold 6130 @ 2.10 GHz / 62 GiB | +| Disk | `/` 70 G (xfs, 50% used); **`/home` 4.4 T (xfs, 1.6 T used, 35%)**; `/boot` + EFI on `sdb` | +| Control panel | cPanel/WHM **134.0 (build 35)** | +| Web | Apache **2.4.67** (cPanel EA4) | +| DB | MariaDB **10.11.16** (per-account MySQL) | +| PHP | ea-php **5.6 → 8.5** installed; default CLI **8.1.34** | +| Mail | Exim **4.99.4**, Dovecot **2.4.2** | +| DNS | BIND **9.16** (104 local zones) | +| WHM / cPanel UI | `https://ix.azcomputerguru.com:2087` (WHM) · `:2083` (cPanel) · `:2096` (webmail) — **must stay grey-cloud / DNS-only** in Cloudflare (non-standard ports can't traverse the tunnel) | -[WARNING] Do NOT attempt interactive/key-based SSH from scripts to the `gurushow` -account host path — for that account use paramiko with `look_for_keys=False, -allow_agent=False`. Root SSH uses the vault password (`infrastructure/ix-server.sops.yaml`). +### Access -## Hosted ACG sites +| From | How | +|---|---| +| **GURU-5070** | `ssh root@172.16.3.10` — **SSH key auth works** (verified 2026-06-05). System OpenSSH, internal IP, Tailscale up. | +| Scripts to `gurushow` paths | paramiko `look_for_keys=False, allow_agent=False` (account-level key auth disabled) | +| Password fallback | Vault `infrastructure/ix-server.sops.yaml` (root password) | +| WHM API | `whmapi1 ` over SSH (e.g. `whmapi1 listaccts`) | +| RMM | `gururmm-agent.service` is enrolled and running — drive via `/rmm` when SSH isn't handy | -| Hostname | Stack | cPanel account / doc root | -|---|---|---| -| **radio.azcomputerguru.com** | Astro static (+ React islands) | `azcomputerguru` → `/home/azcomputerguru/public_html/radio` | -| azcomputerguru.com | Astro static (public site) | `acg` / `azcomputerguru` | -| community.azcomputerguru.com | Flarum forum | (forum DB) | -| analytics.azcomputerguru.com | Matomo | — | -| (radio audio archive) | static MP3 archive | `gurushow` → `/home/gurushow/public_html/archive/Radio/` | -| ~87 client sites | WordPress | per-client cPanel accounts | +### Edge / routing -All four ACG hostnames above reach IX through the Cloudflare tunnel (all returned -HTTP 200 via tunnel as of the 2026-04-13 cutover). `ix.azcomputerguru.com` itself -stays grey-cloud (direct to `72.194.62.5`) so WHM/cPanel ports work. +Cloudflare tunnel **`acg-origin`** (UUID `78d3e58f-1979-4f0e-a28b-98d6b3c3d867`, +`cloudflared` container on Jupiter) fronts the ACG hostnames → IX `:443`. +`ix.azcomputerguru.com` itself is grey-cloud (direct to `72.194.62.5`) so WHM/cPanel +ports route. This tunnel is the workaround for the Cox BGP→Cloudflare routing break +(see internal-infrastructure.md). + +### GuruRMM agent + +- Service: `gururmm-agent.service` (active/running), binary `/usr/local/bin/gururmm-agent` +- Config: `/etc/gururmm/agent.toml` (root-only, 0600) +- Means IX is reachable through the GuruRMM fleet as well as SSH. + +### Backups — gap to watch + +`/backup` exists but is only **~178 M** against a 1.6 T `/home`, and no WHM remote +backup-transport destinations are configured. cPanel account backups do **not** +appear to be comprehensively enabled/offloaded. [WARNING] Treat IX as **not +currently backed up** until verified — flag before any risky account/site work. --- -## radio.azcomputerguru.com — "The Computer Guru Show" website +## ACG-owned sites on IX -The public site for the radio show. **Built by Claude; source lives in the -ClaudeTools repo**, not on the server — the server only holds the built `dist/`. +The **`azcomputerguru`** cPanel account (`/home/azcomputerguru/public_html/`) hosts +ACG's own sites as subdirectories. `gurushow` and `acg` are separate accounts. + +| Hostname | Stack | Document root | +|---|---|---| +| **radio.azcomputerguru.com** | Astro static + React 19 islands | `.../public_html/radio` | +| azcomputerguru.com | Astro static (public site) | `.../public_html` | +| community.azcomputerguru.com | Flarum forum | `.../public_html/community/public` | +| analytics.azcomputerguru.com | Matomo | `.../public_html/analytics` | +| portal / clientportal / clients / support / express / rdb / logos / adlice / khalsaportal .azcomputerguru.com | misc apps/portals | `.../public_html/` | +| phoenixmanagedservices.com (+ subdomain) | site | `.../public_html/phoenixmanagedservices.com` | +| gurushow.com | radio show brand site | account `gurushow` → `/home/gurushow/public_html` | +| (radio audio archive) | static MP3 archive | account `gurushow` → `/home/gurushow/public_html/archive/Radio/` | +| acghosting.com | hosting brand | account `acg` | + +(`*.cprapid.com` auto-domains are cPanel temporary URLs — ignore.) + +### radio.azcomputerguru.com — "The Computer Guru Show" website + +Public site for the radio show. **Built by Claude; source in the ClaudeTools repo** +(`projects/radio-show/website/`) — the server holds only the built `dist/`. Live +build confirmed 2026-06-05 (``, dark-mode via localStorage; +last deploy ~Mar 2026). | Item | Value | |---|---| | URL | https://radio.azcomputerguru.com | | Source | `projects/radio-show/website/` (ClaudeTools repo) | | Framework | Astro `^6.0.4`, `output: 'static'` | -| Islands / libs | `@astrojs/react` (React 19), `@astrojs/mdx`, `@astrojs/sitemap`, `@astrojs/rss`; `wavesurfer.js` (episode audio waveform), `fuse.js` (client-side search) | +| Islands / libs | `@astrojs/react` (React 19), MDX, sitemap, RSS; `wavesurfer.js` (episode audio), `fuse.js` (client search) | | Node | `>= 22.12.0` | -| Content | Markdown/MDX collections at `src/content/episodes/` and `src/content/blog/` (`src/content.config.ts`) | -| Pages | `index`, `about`, `community`, `contact`, `live`, `subscribe`, `episodes/`, `blog/`, `feed.xml` (RSS), `404` | -| Layout | single `src/layouts/BaseLayout.astro`; components under `src/components/{global,home,episodes}/` | +| Content | MD/MDX collections `src/content/episodes/`, `src/content/blog/` | +| Pages | index, about, community, contact, live, subscribe, episodes/, blog/, feed.xml (RSS), 404 | +| Layout | `src/layouts/BaseLayout.astro`; components under `src/components/{global,home,episodes}/` | | Analytics | Matomo site ID 3 — tracker injected into built HTML before `` | -### Build & deploy - +**Build & deploy** (pure static — no server runtime): ```bash cd projects/radio-show/website -npm install # first time only (node >= 22.12.0) -npm run build # -> dist/ -# deploy: rsync dist/ contents to the IX doc root -rsync -az --delete dist/ :/home/azcomputerguru/public_html/radio/ +npm install # first time (node >= 22.12.0) +npm run build # -> dist/ +rsync -az --delete dist/ root@172.16.3.10:/home/azcomputerguru/public_html/radio/ ``` -`astro.config.mjs` pins `site: 'https://radio.azcomputerguru.com'` (correct -canonical URLs + sitemap + RSS). There is no server-side runtime — it is a pure -static deploy. +It is tier 1/3 of the post-show content workflow in +[`wiki/projects/radio-show.md`](../projects/radio-show.md) (episode pages + blog +posts generated per episode). The audio pipeline / archive DB / FastAPI UI are +separate from this static site. -### Relationship to the radio-show project +**human-flow note:** the AST scanner can analyze the `.tsx` island components under +`src/components`; it skips `.astro` page templates (those need a manual/heuristic pass). -The website is **tier 1/3** of the post-show content workflow documented in -[`wiki/projects/radio-show.md`](../projects/radio-show.md): each episode produces -an episode page (`src/content/episodes/sXXeYY-slug.md`) and 1–3 deep-dive blog -posts (`src/content/blog/.md`), generated from show-prep + debrief and -deployed here. The audio-processing pipeline, archive DB, and FastAPI browse UI -are separate from this static site. +--- -### human-flow note +## Client cPanel accounts (72 accounts, 185 domains) -The site is Astro static but ships **React 19 islands**, so the `human-flow` -AST scanner can analyze its `.tsx` island components (it skips `.astro` -templates). Point it at `projects/radio-show/website/src/components` for a -component-level Friction Index; the page-level `.astro` flows still need a -manual/heuristic pass. +The "where does client X's website live" map — primary domain per account, sorted by +disk. Account home is `/home//`, web root `/home//public_html/`. +**101 WordPress installs** across these accounts. + +| Disk | Account | Primary domain | +|---|---|---| +| 85 G | westernt | westerntire.com | +| 38 G | azcomputerguru | azcomputerguru.com (ACG — see above) | +| 27 G | grabblaw | grabblaw.com | +| 25 G | voicesofthewest | voicesofthewest.net | +| 18 G | computergurume | computerguru.me | +| 8.7 G | acg | acghosting.com (ACG) | +| 8.7 G | gurushow | gurushow.com (ACG — radio archive) | +| 8.0 G | sparcora | sparcoracing.com | +| 7.6 G | azrestaurant | azrestaurantsupply.com | +| 7.0 G | acepickupparts | acepickupparts.com | +| 6.7 G | perkins | classicsingleaction.com | +| 6.1 G | danaise | danaise.com | +| 5.3 G | sandtekomachine | sandtekomachinery.com | +| 4.4 G | remotesystems | remotesystems.us | +| 4.3 G | thegirlsestate | thegirlsestatesales.com | +| 3.0 G | upracing | upracing.com | +| 2.8 G | farwest | farwestwell.com | +| 2.6 G | tucsonadobe | tucsonadobe.com | +| 2.5 G | hightechmortgage | hightechmortgage.com | +| 2.1 G | bruceext | bruceexterminating.com | +| 2.0 G | outaboundssports | outaboundssports.com | +| 1.9 G | jrkco | jrkco.com | +| 1.9 G | compoundfitness | compoundfunctionalfitness.com | +| 1.7 G | ezfastautoglass | ezfastautoglass.com | +| 1.5 G | rednourlaw | rednourlaw.com | +| 1.4 G | johnmartell | martellappraisals.com | +| 1.4 G | peacefulspirit | bestmassageintucson.com | +| 1.1 G | rrspc | rrspc.com (active local mail, MX to mail.rrspc.com) | +| 1.1 G | nwpool | northwestpoolcare.com | +| 898 M | azwebdesign | arizonawebsitedesign.pro | +| 835 M | berman | agingwithoutfamily.org | +| 819 M | arizonahatters | arizonahatters.com | +| 805 M | tucsongc | tucsongoldencorral.com | +| 795 M | pcatucson | pcatucson.com | +| 774 M | themarcgroup | themarcgroup.com | +| 722 M | fsgtucson | fsgtucson.com | +| 680 M | antivaxxer | anti-vaxxer.org | +| 635 M | desertfox | tucsonpaintball.net | +| 604 M | tarafulcreations | tarafulcreations.com | +| 583 M | phxpropane | phxpropane.com | +| 568 M | gentlemansacres | gentlemansacres.com | +| 518 M | rarengineer | rarengineer.com (MX may resolve to IX) | +| 492 M | ucryo | ucryo.com | +| 479 M | packetdial | packetdial.com | +| 358 M | royalweedcontrol | royalweedcontrol.net | +| 356 M | drsticken | drsticken.com | +| 345 M | photonicapps | photonicapps.com | +| 340 M | thrive | thriveappraisalservices.com | +| 325 M | cryoweave | cryoweave.com | +| 299 M | atlantisbevco | atlantisbevcollc.com | +| 267 M | zammit | valleydevelopmentcorp.com | +| 258 M | blackswanarchery | blackswanarchery.com | +| 242 M | lifelong | lifelonglearningacademy.com | +| 239 M | thecentu | thecenturions.com | +| 151 M | ultraper | ultraperformance.com | +| 80 M | goldench | goldenchoicecatering.com | +| 78 M | cascades | cascadestucson.com | +| 67 M | jefffurr | jefffurrier.com | +| 37 M | lamaddux | lamaddux.com | +| 34 M | martylryan | martylryan.com | +| 33 M | hoopevents | hoopevents.news | +| 27 M | grygutis | barbaragrygutis.com | +| 25 M | bardach | bardach.net | +| 24 M | wolkin | rswolkin.com | +| 20 M | devconllc | devconllc.com | +| 19 M | horseshoemgt | horseshoemgt.com | +| 16 M | starrpass | starrpass.com | +| 16 M | jparkinsonaz | jparkinsonaz.com | +| 16 M | heieck | heieck.org | +| 8 M | jackfurr | jackfurrier.com | +| 8 M | glaztech | glaztech.com | +| 3 M | drelenaparra | drelenaparra.com | + +> Several of these map to ACG managed-service clients — e.g. `cryoweave` +> (CryoWeave), `rednourlaw` (Rednour Law), `peacefulspirit` (Peaceful Spirit), +> `grabblaw` (Grabb & Durando), `ucryo` (Universal Cryogenics), `horseshoemgt` +> (Horseshoe Mgmt), `glaztech` (Glaz-Tech), `westernt`/`jackfurr`/`jefffurr` +> (Furrier / Western Tire). 185 total domains include addon/parked/subdomains. + +To regenerate this inventory: `ssh root@172.16.3.10` then `whmapi1 listaccts` (full +account data), `/etc/trueuserdomains` (primary domain → account), `/etc/userdomains` +(all domains → account), `/var/cpanel/userdata//` (per-domain docroot). --- ## Backlinks -- [`wiki/clients/internal-infrastructure.md`](../clients/internal-infrastructure.md) — full IX operational record (cPanel/WordPress hygiene, mail, Cox/Cloudflare) -- [`wiki/projects/radio-show.md`](../projects/radio-show.md) — the radio show project (audio pipeline + post-show workflow) -- [`wiki/systems/jupiter.md`](jupiter.md) — runs the `cloudflared` tunnel container that fronts IX -- Memory: `reference_radio_website.md`, `reference_ix_server_ssh.md`, `reference_resource_map.md` +- [`wiki/clients/internal-infrastructure.md`](../clients/internal-infrastructure.md) — IX operational record (cPanel/WordPress hygiene, mail, Cox/Cloudflare tunnel) +- [`wiki/projects/radio-show.md`](../projects/radio-show.md) — radio show project (audio pipeline + post-show workflow) +- [`wiki/systems/jupiter.md`](jupiter.md) — runs the `cloudflared` tunnel container fronting IX +- Memory: `reference_radio_website.md`, `reference_ix_server_access.md`, `reference_resource_map.md`