# Task: Deploy Cockpit to All Servers

## Priority: HIGH
**Reason:** Enable Chromebook-based management without SSH dependency

## Current State

**Servers with Cockpit:**
- ✅ Ghost VPS (64.50.188.14:9090) - Currently operational

**Servers needing Cockpit:**
- ❌ Command Center (63.143.34.217)
- ❌ Billing VPS (38.68.14.188)
- ❌ Panel VPS (45.94.168.138)
- ❌ TX1 Dallas (38.68.14.26)
- ❌ NC1 Charlotte (216.239.104.130)

## Why Cockpit

**Benefits:**
- Web-based terminal (no SSH client needed)
- System resource monitoring
- Service management (systemd)
- Works perfectly on Chromebook
- Port 9090 (standard, easy to remember)
- Lightweight (~50MB RAM usage)

**Use case:** Michael uses Chromebook frequently - Cockpit means full server access from any device with a browser.

## Deployment Process (Per Server)

### Standard Installation (Ubuntu/Debian)
```bash
# Update package list
sudo apt update

# Install Cockpit
sudo apt install -y cockpit

# Enable and start service
sudo systemctl enable --now cockpit.socket

# Verify it's running
sudo systemctl status cockpit.socket

# Check it's listening on port 9090
sudo ss -tulpn | grep 9090
```

### Firewall Configuration
```bash
# Allow Cockpit through UFW (if enabled)
sudo ufw allow 9090/tcp

# Verify UFW status
sudo ufw status
```

### Access Testing
- URL format: `https://SERVER_IP:9090`
- Login: Use existing server credentials (e.g., `architect` on Ghost VPS)
- Accept self-signed certificate warning (expected for self-hosted)

## Deployment Order (Recommended)

**Phase 1: VPS Tier (Quick wins)**
1. Command Center (63.143.34.217) - Backend hub
2. Billing VPS (38.68.14.188) - Financial isolation
3. Panel VPS (45.94.168.138) - Control plane

**Phase 2: Dedicated Tier (Game servers)**
4. TX1 Dallas (38.68.14.26) - 251GB RAM dedicated
5. NC1 Charlotte (216.239.104.130) - 251GB RAM dedicated

## Server-Specific Notes

### Command Center (63.143.34.217)
- **OS:** Ubuntu (verify version first)
- **Current services:** Gitea, Uptime Kuma, Code-Server, Automation
- **User:** Likely `root` or `frostystyle`
- **Test after install:** Terminal access, service status view

### Billing VPS (38.68.14.188)
- **OS:** Ubuntu
- **Current services:** Paymenter (8081), Mailcow (8080/8443)
- **User:** Likely `root`
- **Critical:** Don't interfere with Mailcow ports

### Panel VPS (45.94.168.138)
- **OS:** Ubuntu
- **Current services:** Pterodactyl Panel
- **User:** Likely `root` or `pterodactyl`
- **Test after install:** Panel service status visible in Cockpit

### TX1 Dallas (38.68.14.26)
- **OS:** Ubuntu
- **Current services:** Pterodactyl Wings, 7 game servers
- **RAM:** 251GB
- **User:** Likely `root`
- **Test after install:** Resource monitoring shows all 251GB

### NC1 Charlotte (216.239.104.130)
- **OS:** Ubuntu
- **Current services:** Pterodactyl Wings, 7 game servers
- **RAM:** 251GB
- **User:** Likely `root`
- **Test after install:** Resource monitoring shows all 251GB

## Post-Deployment Verification

For each server:
- [ ] Access Cockpit at https://IP:9090
- [ ] Login with server credentials works
- [ ] Terminal tab loads and is functional
- [ ] Services tab shows systemd services
- [ ] System tab shows CPU/RAM/disk correctly
- [ ] Network tab shows interfaces
- [ ] Logs tab accessible

## Security Considerations

**Cockpit is secure by default:**
- HTTPS only (self-signed cert)
- Uses existing PAM authentication
- Session timeout configurable
- No new attack surface (uses existing user accounts)

**Additional hardening (optional):**
- Limit Cockpit to specific IPs (via firewall)
- Use SSH key authentication instead of passwords
- Enable fail2ban for Cockpit login attempts

## Success Criteria

- [ ] All 6 servers have Cockpit accessible at port 9090
- [ ] Michael can access any server from Chromebook via browser
- [ ] Terminal functionality works on all servers
- [ ] Service management works on all servers
- [ ] No SSH dependency for basic server management

## Rollback Plan

If issues arise:
```bash
# Stop Cockpit
sudo systemctl stop cockpit.socket

# Disable Cockpit
sudo systemctl disable cockpit.socket

# Uninstall (if needed)
sudo apt remove --purge cockpit
```

## Estimated Time

- **Per VPS:** ~10 minutes (install + test)
- **Per Dedicated:** ~10 minutes (install + test)
- **Total:** ~1 hour for all 5 servers

## Documentation Updates Needed

After deployment:
- [ ] Update infrastructure-manifest.md with Cockpit status
- [ ] Add Cockpit access info to server quick-reference
- [ ] Document standard Cockpit URL format in session-start docs
- [ ] Update accessibility notes (Chromebook-friendly management)

---

**Created:** Session 37 (The Chronicler)  
**Status:** READY TO EXECUTE  
**Blocks:** None (enhances existing infrastructure)  
**Enables:** Full Chromebook-based server management