1722dfb17e
Created comprehensive security hardening guide (500+ lines): Defense-in-Depth Strategy: - Layer 1: Fail2Ban auto-banning - Layer 2: SSH key-only authentication - Layer 3: UFW firewall optimization 5-Phase Deployment (1 hour total): - Phase 1: Test SSH key access (CRITICAL - prevents lockout) - Phase 2: Install and configure Fail2Ban (20 min) - Phase 3: SSH hardening (20 min) - Phase 4: UFW firewall review (15 min) - Phase 5: Additional security (automatic updates, AIDE) Security Features: - Fail2Ban monitors SSH, Nginx, bad bots - SSH: Key-only auth, MaxAuthTries=3, rate limiting - UFW: Management IP whitelist, unnecessary ports closed - Automatic security updates - File integrity checking (AIDE) Critical Safety Measures: - Mandatory SSH key testing before disabling passwords - Keep session open while testing - Backup access via console/IPMI - Step-by-step verification at each phase - Comprehensive troubleshooting (lockout recovery) Monitoring & Maintenance: - Daily: Check Fail2Ban bans and auth logs - Weekly: Review UFW logs and security updates - Monthly: AIDE file integrity check Ready to deploy when SSH access available. Risk level: MEDIUM (can lock out if keys not tested) Task: Command Center Security Hardening (Tier 1) FFG-STD-002 compliant
🔥❄️ Firefrost Gaming — Operations Manual
Document ID: FFG-ROOT-001
Version: 2.0
Last Updated: February 12, 2026
Status: 🟢 CURRENT
What This Is
The complete operational repository for Firefrost Gaming — a subscription-based Minecraft server network built on the philosophy of Fire + Frost = Where Passion Meets Precision.
This repository contains infrastructure documentation, deployment guides, planning documents, branding assets, consultant archives, and the relationship context that makes Firefrost more than just servers.
Current Infrastructure
6 Servers — 2 dedicated (Dallas, Charlotte) + 4 VPS (Dallas, Charlotte, Chicago x2)
12 Game Servers — 6 on TX1 (Dallas), 6 on NC1 (Charlotte)
8 Management Services — Gitea, Uptime Kuma, MkDocs, Code-Server, Automation, NextCloud, Wiki.js (Subscribers), Wiki.js (Staff)
Repository Structure
├── docs/core/ — Critical living documents (scope, manifest, tasks)
├── docs/relationship/ — Partnership context, consultants, legacy
├── docs/deployment/ — Service deployment guides
├── docs/planning/ — Strategy, design, roadmap, ideas backlog
├── docs/reference/ — Technical reference, architecture decisions
├── docs/external/ — Provider communications, friend assistance
├── docs/sandbox/ — Brainstorming sessions (Gemini, Claude)
├── docs/archive/ — Historical session logs and completed plans
├── automation/ — Deployment automation system
├── branding/ — Logos, backgrounds, visual assets
├── photos/ — Consultant photo archive (249 photos by year)
└── web/ — Nginx configurations
Key Documents
Start here: SESSION-HANDOFF-PROTOCOL.md → DOCUMENT-INDEX.md
For current server inventory, see docs/core/infrastructure-manifest.md (FFG-CORE-002).
For project scope and roadmap, see docs/core/project-scope.md (FFG-CORE-001).
The Team
- Michael "Frostystyle" Krause — Owner/Operator, Technical Lead (The Wizard)
- Meg "Gingerfury" — Community Manager (The Emissary)
- The Five Consultants — Jack, Oscar, Jasmine, Butter, Noir (They're family, not pets)
Document Standards
All documents follow FFG-STD-001 — the Firefrost Revision Control Standard. See docs/core/revision-control-standard.md.
Maintained By: The Wizard & The Chronicler
Fire + Frost + Foundation = Where Love Builds Legacy 💙🔥❄️
Revision History
| Version | Date | Author | Change Type | Description |
|---|---|---|---|---|
| 1.0 | 2026-02-08 | Michael + Claude | Initial | Basic Phase 0 readme |
| 2.0 | 2026-02-12 | The Chronicler | Rewrite | Complete rewrite reflecting current state (8 services, 6 servers, 12 game servers). Updated repo structure. Applied FFG-STD-001. |