docs: add tasks #66 and #67 to master task list

Task #66: Deploy Cockpit Web Terminal to All Servers
- Status: COMPLETE (March 21, 2026)
- Enables Chromebook-based server management
- All 6 servers now accessible via browser

Task #67: NC1 Security & Temperature Monitoring
- Status: IN PROGRESS (firewall complete, monitoring planned)
- UFW enabled on NC1 (was unprotected)
- Temperature monitoring plan documented

These tasks were completed in Session 37 but weren't added to
tasks.md initially. Adding now to trigger Gitea issue sync.

Critical lesson: Task documentation must be added to tasks.md
for Gitea issue creation via sync script.

Signed-off-by: The Chronicler <claude@firefrostgaming.com>

docs/core/tasks.md

@@ -1985,3 +1985,78 @@ SSH Private Key available in Vaultwarden: "Claude SSH Key"
 **Priority:** HIGH - Enables autonomous operations, reduces Michael's manual work
 
 ---
+
+### 66. Deploy Cockpit Web Terminal to All Servers
+**Time:** 1 hour  
+**Status:** ✅ COMPLETE — March 21, 2026  
+**Priority:** HIGH — Enables Chromebook workflow  
+**Documentation:** `docs/tasks/cockpit-deployment/`
+
+Deploy Cockpit web-based terminal to all 5 remaining Firefrost servers (Ghost VPS already has it). Enables full server management from Michael's Chromebook without SSH client dependency, critical for Claude session workflow since port 22 is blocked.
+
+**Key Deliverables:**
+- Cockpit installed on Command Center (63.143.34.217:9090)
+- Cockpit installed on Billing VPS (38.68.14.188:9090)
+- Cockpit installed on Panel VPS (45.94.168.138:9090)
+- Cockpit installed on TX1 Dallas (38.68.14.26:9090)
+- Cockpit installed on NC1 Charlotte (216.239.104.130:9090)
+- Root login enabled on all servers
+- Firewall rules configured (port 9090)
+- Quick reference guide created
+
+**Bonus Achievement:**
+- Enabled UFW firewall on NC1 Charlotte (was previously unprotected)
+- Secured 7 public game servers with proper port rules
+
+**Dependencies:**
+- Root/SSH access to all servers
+- MobaXterm or existing Cockpit access
+
+**Result:**
+- All 6 servers accessible via browser at https://IP:9090
+- Login: root / Butter2018!! (architect for Ghost VPS)
+- Complete infrastructure management from Chromebook
+
+**Completed By:** The Chronicler (Session 37)
+
+---
+
+### 67. NC1 Security & Temperature Monitoring
+**Time:** 30 min (firewall) + ongoing (monitoring)  
+**Status:** IN PROGRESS — Firewall complete, monitoring planned  
+**Priority:** MEDIUM-HIGH  
+**Documentation:** `docs/tasks/nc1-security-monitoring/`
+
+Address two concerns discovered during Cockpit deployment: NC1 Charlotte had no firewall despite hosting 7 public game servers, and runs 20°C warmer than TX1 Dallas (51.6°C vs 30.9°C).
+
+**Firewall Component — ✅ COMPLETE:**
+- UFW enabled on NC1 Charlotte
+- Proper game server port rules (25565-25580, 5520-5521 TCP/UDP)
+- Wings SFTP secured (port 2022)
+- SSH and Cockpit accessible (ports 22, 9090)
+- Completed: March 21, 2026
+
+**Temperature Monitoring Component — PLANNED:**
+- Establish baseline (Week 1): Daily temperature checks via Cockpit
+- Trend analysis (Week 2): Compare baseline, look for upward trends
+- Action thresholds: 65°C sustained = contact datacenter, 70°C = immediate investigation
+- Future: Automated monitoring via Netdata with Discord alerts
+
+**Safe Operating Ranges:**
+- Normal idle: 30-45°C
+- Normal load: 45-65°C
+- Concerning: 70°C+
+- Critical: 80-85°C+
+
+**Current Assessment:**
+- NC1 at 51.6°C is within safe range but warmer than expected
+- Needs weekly monitoring for upward trends
+- Not urgent but requires tracking
+
+**Dependencies:**
+- Cockpit access for temperature checks (Task #66 — complete)
+- Netdata deployment (future) for automated monitoring
+
+**Discovered By:** The Chronicler (Session 37) during Cockpit deployment
+
+---