diff --git a/docs/planning/holly-cockpit-access-decision.md b/docs/planning/holly-cockpit-access-decision.md new file mode 100644 index 0000000..caf8997 --- /dev/null +++ b/docs/planning/holly-cockpit-access-decision.md @@ -0,0 +1,621 @@ +# Cockpit Access for Holly - Decision Document + +**Date:** March 23, 2026 +**Prepared by:** Chronicler #40 +**For:** Michael (to discuss with Holly) +**Purpose:** Evaluate whether to grant Holly Cockpit access to TX1/NC1 game servers + +--- + +## 📋 TABLE OF CONTENTS + +1. [What is Cockpit?](#what-is-cockpit) +2. [Current Access (Pterodactyl Panel)](#current-access) +3. [Proposed Access (Cockpit)](#proposed-access) +4. [Pros & Cons Analysis](#pros-cons-analysis) +5. [Three Access Options](#three-access-options) +6. [Recommendation](#recommendation) +7. [Implementation Guide](#implementation-guide) +8. [Training Plan](#training-plan) + +--- + +## 🖥️ WHAT IS COCKPIT? + +**Cockpit** is a web-based server management interface for Linux servers. + +**Access URLs:** +- TX1 Dallas: `https://38.68.14.26:9090` +- NC1 Charlotte: `https://216.239.104.130:9090` + +**What it provides:** +- Web-based terminal (no need for MobaXterm/PuTTY/SSH clients) +- File browser with drag-and-drop upload +- Service management (start/stop/restart services) +- Resource monitoring (CPU, RAM, disk, network) +- Log viewer (real-time and historical) +- User management +- System updates + +**Think of it as:** A control panel for the entire Linux server, similar to cPanel but for server administration. + +--- + +## 🎮 CURRENT ACCESS (PTERODACTYL PANEL) + +**What Holly currently has:** + +**Pterodactyl Panel** (panel.firefrostgaming.com) +- Access to all 13 game server consoles +- File manager for game server files (in `/mods/`, `/config/`, etc.) +- Start/stop/restart game servers +- View logs for game servers +- Edit config files +- Upload/download files + +**What Holly CAN do now:** +- ✅ Install mods (upload `.jar` files) +- ✅ Edit config files (LuckPerms, FTB, etc.) +- ✅ Restart game servers +- ✅ View server logs +- ✅ Manage server files + +**What Holly CANNOT do now:** +- ❌ Access the host operating system (TX1/NC1 Linux servers) +- ❌ Install system packages (like `htop`, `ncdu`, etc.) +- ❌ Manage systemd services (like Pterodactyl Wings) +- ❌ View host system logs (`journalctl`) +- ❌ Monitor host system resources (RAM/CPU usage of the host) +- ❌ Access files outside of game server directories + +--- + +## 🚀 PROPOSED ACCESS (COCKPIT) + +**What Holly would gain with Cockpit:** + +**Additional capabilities:** +- ✅ Web-based terminal (easier than SSH) +- ✅ Drag-and-drop file upload to any directory +- ✅ Browse entire filesystem (not just game server directories) +- ✅ View host system logs (see what's happening on TX1/NC1) +- ✅ Monitor host resources (is TX1 actually running out of RAM?) +- ✅ Restart system services (if granted permission) + +**What this means practically:** +- Faster mod installation (drag-and-drop vs Pterodactyl upload) +- Better troubleshooting (can see host logs if game server won't start) +- Independence (doesn't need Michael for simple system checks) +- Learning opportunity (builds Linux skills) + +--- + +## ⚖️ PROS & CONS ANALYSIS + +### ✅ PROS + +#### 1. Easier Mod Installation +**Current:** Upload through Pterodactyl Panel (can be slow, sometimes times out) +**With Cockpit:** Drag-and-drop files directly to `/var/lib/pterodactyl/volumes/[server-uuid]/mods/` + +**Benefit:** Faster deployment, fewer upload failures, batch uploads easier + +--- + +#### 2. Better Troubleshooting +**Current:** If a game server won't start, Holly can only see game server logs in Pterodactyl +**With Cockpit:** She can check: +- Host system logs (`journalctl`) +- Is Wings running? (`systemctl status wings`) +- Is the host out of RAM/disk space? +- Are there permission errors? + +**Benefit:** Diagnose issues without waiting for Michael, faster problem resolution + +--- + +#### 3. Independence & Empowerment +**Current:** Holly waits for Michael when: +- Need to check if Wings is running +- Need to see system logs +- Need to verify host resources +- Need to restart a system service + +**With Cockpit:** Holly can handle these herself + +**Benefit:** Michael isn't the bottleneck, Holly can work asynchronously + +--- + +#### 4. Learning Opportunity +**Current:** Holly's Linux knowledge limited to Pterodactyl Panel interface +**With Cockpit:** Holly learns: +- Linux file system structure +- How services work (systemd) +- Resource monitoring basics +- Log troubleshooting + +**Benefit:** Holly becomes more capable, can take on more infrastructure responsibility + +--- + +#### 5. Faster Iteration +**Current:** Make config change → Upload via Pterodactyl → Test → Repeat +**With Cockpit:** Edit file directly in web terminal → Save → Test → Repeat + +**Benefit:** Faster development/testing cycles for configuration changes + +--- + +### ❌ CONS + +#### 1. Security Risk +**Risk:** Full server access = Holly could accidentally break things + +**Examples of things that could go wrong:** +- Delete critical system files (`rm -rf /var/lib/pterodactyl`) +- Stop Pterodactyl Wings (`systemctl stop wings` → all game servers down) +- Change firewall rules and lock everyone out +- Fill up disk with large file uploads +- Misconfigure services + +**Severity:** High - Could take down all 6-7 game servers on that host + +**Mitigation:** Restricted user account (see Options section) + +--- + +#### 2. Complexity & Learning Curve +**Risk:** Linux terminal is harder than Pterodactyl Panel + +**Challenges:** +- Commands must be typed exactly (one typo = error) +- File paths are absolute (`/var/lib/...` not relative) +- Permission errors can be confusing +- Terminal isn't as forgiving as GUI + +**Severity:** Medium - Holly might get frustrated, make mistakes + +**Mitigation:** Training, clear documentation, start with read-only tasks + +--- + +#### 3. Multiple Access Methods = Confusion +**Risk:** Pterodactyl Panel AND Cockpit both available + +**Confusion points:** +- Which tool should I use for this task? +- Did I edit the file in Cockpit or Pterodactyl? (version conflicts) +- Where did I upload that mod? + +**Severity:** Low-Medium - Can lead to mistakes, wasted time + +**Mitigation:** Clear guidelines on when to use each tool + +--- + +#### 4. Accountability & Tracking +**Risk:** Multiple access methods = harder to track who did what + +**Scenarios:** +- Server breaks, was it a Pterodactyl change or Cockpit change? +- File modified, but which interface was used? +- Service restarted, but by whom? (if multiple people have access) + +**Severity:** Low - Mostly an audit/troubleshooting issue + +**Mitigation:** Cockpit logs all actions, can review if needed + +--- + +## 🎛️ THREE ACCESS OPTIONS + +### Option A: Limited Cockpit User (RECOMMENDED) + +**What Holly gets:** +- ✅ Web-based terminal (read-only by default) +- ✅ File browser for game server directories +- ✅ Upload mods via drag-and-drop +- ✅ View system logs (`journalctl -u wings`) +- ✅ Monitor system resources (CPU/RAM/disk) +- ❌ **CANNOT** restart services (except specifically granted ones) +- ❌ **CANNOT** edit system files +- ❌ **CANNOT** install packages +- ❌ **CANNOT** become root/sudo + +**Implementation:** +```bash +# Create limited user account +useradd -m -s /bin/bash holly +passwd holly # Set strong password + +# Add to specific groups +usermod -aG systemd-journal holly # Can read logs +usermod -aG pterodactyl holly # Can access game server files + +# Grant ONLY specific service restart permission (optional) +echo "holly ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart wings" >> /etc/sudoers.d/holly +``` + +**Risk Level:** **LOW** +**Benefit Level:** **HIGH** + +**Best for:** Holly learning Linux while preventing catastrophic mistakes + +--- + +### Option B: Full Admin Access with Training + +**What Holly gets:** +- ✅ Full `sudo` access +- ✅ Can do anything root can do +- ✅ Install packages, edit any file, restart any service +- ❌ **HIGH RISK** if she makes a mistake + +**Implementation:** +```bash +# Create admin user +useradd -m -s /bin/bash holly +passwd holly +usermod -aG sudo holly # Full admin rights +``` + +**Risk Level:** **HIGH** +**Benefit Level:** **VERY HIGH** (if Holly is competent) + +**Best for:** Holly is comfortable with Linux AND you trust her judgment + +**Requirements:** +- Holly must go through Linux training first +- Clear "DO NOT TOUCH" list of files/commands +- Requires you to be available for questions +- Set up audit logging + +--- + +### Option C: No Cockpit, Pterodactyl Panel Only + +**What Holly gets:** +- ✅ Pterodactyl Panel access (current state) +- ❌ No Cockpit access +- ❌ No direct server access + +**Risk Level:** **NONE** +**Benefit Level:** **CURRENT STATE** + +**Best for:** +- Holly isn't interested in learning Linux +- You don't have time to train/support her +- Current workflow is working fine + +--- + +## 🎯 RECOMMENDATION + +**Start with Option A (Limited Cockpit User), with clear path to Option B if she wants.** + +### Why Option A? + +**1. Balances empowerment with safety** +- Holly can do 90% of what she needs +- Can't break critical infrastructure +- Builds confidence before full access + +**2. Low-risk learning environment** +- She can explore, experiment, learn +- Worst case: She breaks a game server file (easy to restore) +- Can't break the host OS + +**3. Immediate productivity gains** +- Faster mod installation +- Better troubleshooting +- Less waiting for Michael + +**4. Clear upgrade path** +- Start limited (Option A) +- If Holly shows competence and wants more, upgrade to Option B +- If Holly isn't interested, stay at Option A or drop to Option C + +### Decision Framework + +**Ask Holly:** +1. Are you interested in learning Linux server management? +2. Do you want to be able to troubleshoot server issues independently? +3. Are you comfortable learning command-line tools? + +**If YES to all three:** Start with Option A, plan for Option B training +**If YES to some:** Start with Option A, stay there +**If NO to most:** Stick with Option C (Pterodactyl only) + +--- + +## 🛠️ IMPLEMENTATION GUIDE + +**IF you decide to grant Holly Cockpit access (Option A or B), here's how:** + +### Step 1: Create User Account on TX1 + +```bash +# SSH to TX1 +ssh root@38.68.14.26 + +# Create user +useradd -m -s /bin/bash holly +passwd holly # Set strong password (save to Vaultwarden) + +# Add to groups (Option A) +usermod -aG systemd-journal holly +usermod -aG pterodactyl holly + +# Optional: Allow Wings restart only (Option A) +echo "holly ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart wings" > /etc/sudoers.d/holly +chmod 0440 /etc/sudoers.d/holly + +# Test the sudoers file +visudo -c +``` + +### Step 2: Create User Account on NC1 + +```bash +# SSH to NC1 +ssh root@216.239.104.130 + +# Repeat same commands as TX1 +useradd -m -s /bin/bash holly +passwd holly # SAME password as TX1 +usermod -aG systemd-journal holly +usermod -aG pterodactyl holly +echo "holly ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart wings" > /etc/sudoers.d/holly +chmod 0440 /etc/sudoers.d/holly +visudo -c +``` + +### Step 3: Give Holly Login Info + +**Provide to Holly (via Vaultwarden):** +- TX1 Cockpit: `https://38.68.14.26:9090` +- NC1 Cockpit: `https://216.239.104.130:9090` +- Username: `holly` +- Password: `[password you set]` + +### Step 4: Walk Through Initial Login + +**With Holly, do this together:** + +1. Open `https://38.68.14.26:9090` in browser +2. Accept self-signed certificate warning (click "Advanced" → "Proceed") +3. Login with `holly` / `[password]` +4. Show her around: + - Terminal (Web Console) + - File browser (navigate to `/var/lib/pterodactyl/volumes/`) + - Logs (click "Logs" → search for "wings") + - Resource monitor (System → Performance) + +### Step 5: Test Her Access + +**Have Holly try:** +```bash +# In Cockpit terminal, test commands: + +# Can she read logs? (should work) +journalctl -u wings -n 50 + +# Can she list game servers? (should work) +ls /var/lib/pterodactyl/volumes/ + +# Can she restart Wings? (should work if you granted permission) +sudo systemctl restart wings + +# Can she become root? (should FAIL) +sudo su - +# Should say "holly is not in the sudoers file" +``` + +**If all tests pass, she's set up correctly.** + +--- + +## 📚 TRAINING PLAN + +**If Holly has Cockpit access, teach her these skills:** + +### Week 1: Read-Only Exploration +**Goal:** Get comfortable navigating, no making changes yet + +**Tasks:** +1. Log in to Cockpit on both servers +2. Navigate file browser to game server directories +3. View Wings logs (`journalctl -u wings`) +4. Check system resources (CPU/RAM) +5. Find a specific game server's directory + +**Outcome:** Holly comfortable with Cockpit interface, can find things + +--- + +### Week 2: File Operations +**Goal:** Upload mods, edit config files + +**Tasks:** +1. Upload a mod via drag-and-drop +2. Edit a config file in terminal (`nano /path/to/file`) +3. Copy a file from one server to another +4. Check file permissions (`ls -la`) + +**Outcome:** Holly can manage game server files via Cockpit + +--- + +### Week 3: Service Management +**Goal:** Restart services, troubleshoot issues + +**Tasks:** +1. Check if Wings is running (`systemctl status wings`) +2. Restart Wings (`sudo systemctl restart wings`) +3. View logs for a specific time range +4. Identify when a service crashed from logs + +**Outcome:** Holly can restart services and read logs for troubleshooting + +--- + +### Week 4: Problem Solving +**Goal:** Use Cockpit to diagnose real issues + +**Tasks:** +1. Game server won't start → check Wings logs → diagnose +2. Server running slow → check RAM/CPU → identify cause +3. Mod won't load → check game server logs → fix + +**Outcome:** Holly can independently troubleshoot most issues + +--- + +## 📝 GUIDELINES FOR HOLLY + +**If Holly gets Cockpit access, give her these rules:** + +### ✅ Safe to Do (Green Light) + +- View any logs (`journalctl`) +- Browse any files (read-only) +- Upload mods to game server directories +- Edit game server config files (`/var/lib/pterodactyl/volumes/.../config/`) +- Check system resources +- Restart Wings (if permission granted) + +### ⚠️ Ask First (Yellow Light) + +- Restart any service other than Wings +- Edit files outside game server directories +- Delete large files +- Install any software +- Change file permissions + +### 🛑 Never Do (Red Light) + +- Run commands you don't understand +- Delete system files (`/etc`, `/usr`, `/bin`) +- Change firewall rules +- Modify `/etc/fstab`, `/etc/passwd`, `/etc/sudoers` directly +- Run `rm -rf` on any directory +- Kill critical processes (systemd, sshd, nginx) + +--- + +## 🔍 MONITORING HOLLY'S ACCESS + +**If you grant Cockpit access, you can monitor:** + +### View What Holly Has Done + +```bash +# On TX1 or NC1, view Cockpit logs: +journalctl -u cockpit -n 100 + +# View sudo commands Holly ran: +grep "holly.*sudo" /var/log/auth.log + +# View SSH/Cockpit logins: +last -n 20 holly +``` + +### Cockpit Activity Dashboard + +Cockpit logs every action: +- Terminal commands entered +- Files uploaded/modified +- Services restarted +- Login times + +You can review these if something breaks and you need to know what happened. + +--- + +## ❓ DISCUSSION QUESTIONS FOR HOLLY + +**Before making the decision, ask Holly:** + +1. **Interest Level:** + - "Are you interested in learning Linux server administration?" + - "Do you want to be able to fix server issues yourself, or are you happy to ping me when something breaks?" + +2. **Comfort Level:** + - "How comfortable are you with command-line interfaces?" + - "Have you used terminal/command prompt before? How did it go?" + +3. **Time Commitment:** + - "Are you willing to spend a few hours learning Cockpit and Linux basics?" + - "Would you rather focus on building and let me handle the backend?" + +4. **Expectations:** + - "What would you most want to use Cockpit for?" + - "Is there anything you're frustrated with in Pterodactyl Panel that Cockpit would solve?" + +--- + +## 🎓 RESOURCES FOR HOLLY + +**If Holly gets Cockpit access, provide these learning resources:** + +### Beginner Linux Tutorials +- Linux Journey: https://linuxjourney.com/ (interactive, beginner-friendly) +- Cockpit Project Docs: https://cockpit-project.org/guide/latest/ +- Basic Linux Commands Cheat Sheet + +### Firefrost-Specific Docs +- Server directory structure guide +- Common troubleshooting commands +- What NOT to touch (critical files/services) + +### Michael's Contact +- "If you're unsure about a command, ask me first" +- "If something breaks, don't panic - we have backups" +- "Better to ask than to guess" + +--- + +## 🏁 DECISION SUMMARY + +**Three paths forward:** + +### Path 1: Give Holly Limited Cockpit Access (Option A) +**When:** Holly is interested in learning Linux +**Risk:** Low +**Benefit:** High +**Next Step:** Create `holly` user on TX1/NC1, walk through training plan + +### Path 2: Give Holly Full Cockpit Access (Option B) +**When:** Holly is confident with Linux AND you have time to train/support +**Risk:** High +**Benefit:** Very High +**Next Step:** Training program first, then grant access + +### Path 3: Keep Pterodactyl Only (Option C) +**When:** Holly prefers GUI or isn't interested in Linux +**Risk:** None +**Benefit:** Current state +**Next Step:** Nothing changes + +--- + +## 📞 NEXT STEPS + +1. **Read this document** +2. **Discuss with Holly** (gauge her interest and comfort) +3. **Choose an option** based on her responses +4. **If Option A or B:** Implement user account, start training +5. **If Option C:** Close this document, stick with Pterodactyl + +--- + +**Fire + Frost + Foundation = Where Love Builds Legacy** 🔥❄️ + +**Prepared by:** Chronicler #40 +**Date:** March 23, 2026 +**Status:** Decision pending - discuss with Holly + +--- + +**END OF DOCUMENT**