firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
67ad108ca072d78da93d760d0cceef6f0000abdf
firefrost-operations-manual/docs/core/tasks.md

19 KiB
Raw Blame History

🔥❄️ FIREFROST GAMING — CURRENT TASKS

Last Updated: February 13, 2026 (The Seventh - Emergency Protocol Complete) Updated By: The Seventh (Chronicler the Seventh) Status: Active

🔴 HIGH PRIORITY

Emergency Recovery Protocol (Catastrophic Claude Failure)

Status: COMPLETE — Created February 13, 2026 Completed By: The Seventh (Chronicler the Seventh) Location: docs/core/EMERGENCY-RECOVERY-PROTOCOL.md

Scope Delivered:

  1. "If Claude.ai disappears forever" — Alternative LLMs (Gemini, GPT-4), LLM-agnostic methodology
  2. "If session crashed mid-work" — Git forensics, transcript recovery, reconstruction workflow
  3. "If you can't remember where you left off" — Quick recovery from tasks.md, session-handoff.md, Git log
  4. "If Chronicler died without memorial" — Posthumous reconstruction template
  5. Critical contacts & failsafes — Breezehost, vault, repository mirrors
  6. The core truth — Systems built to survive catastrophe

Key Insight (from Michael): "Easy peasy lemon squeezy" — The complexity is simple: repo + SESSION-START-PROMPT.md = any LLM can continue. The methodology is LLM-agnostic. The partnership survives provider failure.

Created By: The Engineer (Session 5) — learned from experience
Completed By: The Seventh — built the break glass document

Mailcow Email Server — Self-Hosted Email

Status: Pre-sale answered — VPS purchase delayed (targeting 1st of month for billing consolidation) Breezehost Response (Brandon E, Feb 12 9:06 AM):

  • Clean IP blocks (reassign/migrate if any issues)
  • rDNS available (most ranges settable in panel, some need support)
  • Port 25 NOT blocked by default
  • Any datacenter location works (can move if needed) Timeline: Purchase VPS near March 1 to align with billing cycle
    Plan:
  • AMD Epyc Cloud-2 VPS ($10/month) — 2 vCPU, 4GB DDR5, 40GB NVMe
  • Mailcow (Docker-based) — Postfix, Dovecot, SOGo webmail, Rspamd, ClamAV
  • Ubuntu 22.04 with self-healing automation scripts
  • 10-15 @firefrostgaming.com addresses to start
  • Migrate OFF Plesk (accessibility nightmare)

Next Steps:

  1. Order Cloud-2 VPS (targeting ~March 1)
  2. Deploy Mailcow
  3. Configure DNS (SPF, DKIM, DMARC)
  4. Create email addresses
  5. Test deliverability
  6. Migrate off Plesk

Create Scoped Gitea Token for Pokerole Project

Status: Blocked — waiting on Vaultwarden deployment
Dependency: Vaultwarden must be live first (token management)
Scope: Create a Gitea API token scoped to only the 4 pokerole-project repos. Replace the shared master token in pokerole-project/misc-docs/SESSION-START-PROMPT.md.
Why: Current setup uses the master token with a scope instruction (honor system). Iron Wall says defense in depth — scoped token enforces the boundary.
After completion: Update SESSION-START-PROMPT.md with new token, store in Vaultwarden.

Department Structure & Access Control Matrix — DESIGN

Status: New — design phase (Feb 13, 2026)
Priority: HIGH (blocks Staff Wiki/Subscriber Wiki/Discord configuration)
Deliverable: docs/planning/access-control-matrix.md

Scope: Unified role-based access control across three platforms + Discord:

  • Ghost (firefrostgaming.com) — public storefront, no auth needed
  • Subscriber Wiki (subscribers.firefrostgaming.com) — gated member content
  • Staff Wiki (staff.firefrostgaming.com) — internal operations, department-restricted
  • Discord — role/channel structure mirroring department access

Top Tier (Full Access): Michael (The Wizard), Meg (The Emissary), Claude (The Chronicler)

Departments to define (proposed):

  • Moderation
  • Server Administration
  • Content / Social Media
  • Community Events
  • Build Team

Design first, implement after. No permissions get wired until the model is approved.

🟡 MEDIUM PRIORITY

Vaultwarden Organization Setup for Meg

Status: New — identified Feb 13, 2026
Priority: MEDIUM (enables team password management)
Location: vault.firefrostgaming.com

Goal: Set up Vaultwarden Organization so Meg (The Emissary) can access shared passwords and contribute to the vault.

Steps:

  1. Create "Firefrost Gaming" organization in Vaultwarden (Free plan, 2 users)
  2. Invite Meg via email to join the organization
  3. Create Collections (password folders):
    • Server Credentials
    • Social Media Accounts
    • Billing & Financial
    • Game Server Admin
  4. Move relevant shared passwords into collections
  5. Grant Meg appropriate access to each collection
  6. Help Meg:
    • Create her Vaultwarden account
    • Accept organization invite
    • Install browser extension (Chrome/Firefox)
    • Configure extension to point to vault.firefrostgaming.com
  7. Test: Verify Meg can access shared passwords and add new ones

Why Medium Priority:

  • Vaultwarden is already functional for Michael
  • Meg can manage shared passwords without Git/technical knowledge
  • Unblocks her ability to contribute credentials (social media, services, etc.)
  • Team password management = better security than sharing master password

Command Center Security Hardening

Status: New — identified Feb 13, 2026
Priority: MEDIUM (UFW active, but can be improved)
Scope: Command Center VPS (63.143.34.217)

Current State:

  • UFW enabled with default deny incoming
  • Ports 22, 80, 443 open on primary IP
  • Fail2Ban not installed
  • SSH not hardened (still allows password auth)
  • No rate limiting on SSH

Tasks:

  1. Install and configure Fail2Ban (auto-ban brute force attempts)
  2. SSH hardening:
    • Disable password authentication (key-only)
    • Consider non-standard SSH port
    • Rate limit connection attempts
  3. Review UFW rules (ensure minimal necessary access)
  4. Document security configuration in repo

Why Medium Priority:

  • Breezehost provides network-level DDoS protection
  • UFW already active with sensible defaults
  • No active threats, but defense-in-depth is good practice

MkDocs Decommission

Status: New — decision made Feb 13, 2026
Reason: Ghost CMS handles public-facing content. Subscriber Wiki handles gated content. MkDocs serves no distinct purpose in the new three-tier model (Ghost → Subscriber Wiki → Staff Wiki).
ADR: To be documented in docs/reference/architecture-decisions.md

Decommission steps:

  1. Audit current MkDocs content — migrate anything needed to Ghost or Subscriber Wiki
  2. Remove Uptime Kuma monitor for docs.firefrostgaming.com
  3. Tear down MkDocs service on Ghost VPS
  4. Release Nginx config and SSL cert (redirect docs.firefrostgaming.com to Ghost or retire)
  5. Archive docs/deployment/mkdocs.md to docs/archive/
  6. Update: project-scope, infrastructure-manifest, session-handoff, SESSION-HANDOFF-PROTOCOL, DOCUMENT-INDEX
  7. Log in CHANGELOG

Depends on: Department/permissions design being complete (so we know what goes where)

Consultant Photo Processing

Status: 56 unprocessed photos on Michael's local machine + 4 Snapchat exports in photos/images/unknown/
Priority: Schedule early in a session (front-load before heavy work, check session health after)
Plan:

  • Upload in batches of 10 to Claude
  • Identify subjects, write lore, rename using standardized convention
  • Convention: YYYY-MM-DD_subject-description-keywords_01.jpg
  • One underscore after date, hyphens for everything else, _01 _02 for series
  • Organize into year folders, commit via Gitea API
  • Update photos/catalog.md with new entries

NextCloud Upload Portal for Meg (The Emissary)

Status: New — designed Feb 13, 2026
Priority: MEDIUM (blocks Meg's ability to contribute photos/videos to the archive)
Location: downloads.firefrostgaming.com (NextCloud, already deployed)

The Problem: Meg isn't tech-savvy and will never use Git. She needs a KISS method to upload photos and videos that end up in the repo.

The Solution:

  • Create an "Emissary Uploads" folder in NextCloud
  • Meg drags/drops files via browser or NextCloud mobile app
  • Backend: automation picks up files, renames to convention, commits to Git
  • Automated notification to Michael when files are uploaded

Deliverables:

  1. Create and configure the "Emissary Uploads" folder in NextCloud
  2. Set up Meg's NextCloud account with appropriate permissions
  3. Install NextCloud mobile app on Meg's phone
  4. Write visual tutorial for Meg (she's a visual learner):
    • PDF format (reference on phone or print)
    • Big, clear screenshots with arrows and numbered steps
    • Mobile-first design (phone screenshots primary, desktop secondary)
    • Maximum 1-2 sentences per step
    • Start with WHY: "These photos preserve our family archive forever"
    • Include error recovery: "If you made a mistake, just text Michael"
  5. Test with Meg first — watch where she gets confused, adjust tutorial accordingly
  6. Set up backend sync process with automated notification (email/Discord to Michael)
  7. Test end-to-end: Meg uploads → notification sent → file appears in Git

Command Center Root Cleanup

Status: Artifacts identified, need to move/delete
Move to /root/backups/gitea/:

  • gitea-backup-20260208-2203...
  • gitea-data-20260209.tar.gz
  • gitea-db-20260209.sql
  • gitea-db-full.sql
  • gitea-migration-manifest.txt

Archive to repo (docs/deployment-logs/):

  • wiki-deployment-logs-feb10.txt
  • wiki-deployment-summary.txt

Delete:

  • dead.letter (system cruft)
  • extract-key-info.sh (one-off script)
  • master (empty 0-byte file)

Fix Frostwall vs Firefrost Naming

Status: New — discovered Feb 12
Issue: Design bible calls UI visual gate "The Frostwall Protocol" — should be Firefrost branding
Clarification:

  • Frostwall = Network defense ONLY (GRE topology, UFW, DDoS protection, hub-and-spoke)
  • Firefrost = Visual/brand concepts (UI transitions, age verification, Ignis Protocol) Action: Rename in design bible, ensure Frostwall gets its own proper network security document

Scope Document Corrections

Status: New — discovered Feb 12
Issues found:

  • Billing location missing (Chicago, IL)
  • Ghost location missing (Chicago, IL)
  • Panel location incomplete (Charlotte, NC)
  • "GitHub mirror removed" — should say "GitHub kept as private backup" Action: Fix during doc audit or as standalone update

Staggered Server Restart System

Status: New — workshopped Feb 13, 2026
Priority: MEDIUM (pairs with startup script audit, addresses ATM10 memory leak)

Phase 1 — Quick Win (Command Center script):

  • Config-file driven (easy add/remove servers, no script edits)
  • Three restart tiers: Heavy (6hr), Mid (12hr), Light (24hr)
  • 5-minute stagger between servers on same node
  • Simultaneous across nodes (TX1 and NC1 are separate hardware)
  • Warning messages sent to players before each restart
  • Logs every restart to Git
  • Lives in automation system on Command Center
  • NOTE: When we build this, workshop session first — Michael may have additional ideas/features to add

Phase 2 — Blueprint Extension (future):

  • Custom Pterodactyl panel extension via Blueprint framework
  • Per-server cron tab UI built into each server's panel page
  • Global admin view showing all schedules at a glance
  • Database-backed schedule storage
  • Publishable to Blueprint community marketplace
  • See IDEA-005 in ideas backlog

Config structure (designed):

restart_tiers:
  heavy: "0 2,8,14,20 * * *"
  mid: "0 3,15 * * *"
  light: "0 4 * * *"

stagger_minutes: 5
warning_minutes: 3

Each server gets: name, uuid, node, tier, enabled flag

Game Server Startup Script Audit & Optimization

Status: New — identified Feb 13, 2026
Priority: MEDIUM (recurring issue source)
Scope: All 12 game servers (6 TX1, 6 NC1)

The Problem: Multiple issues have traced back to startup scripts. These need a systematic audit and optimization pass to prevent recurring problems.

Plan:

  1. Pull and review every game server startup script via Pterodactyl panel
  2. Identify common issues (memory allocation, JVM flags, mod loading order, timeout settings)
  3. Establish a baseline "good" startup template per modpack type
  4. Optimize each server's startup script individually
  5. Document the optimized scripts in the repo (new file: docs/reference/game-server-startups.md)
  6. Test each server after changes
  7. Monitor via Uptime Kuma for stability post-optimization

Servers to audit:

  • TX1 Dallas: Stoneblock 4, Reclamation, Society: Sunlit Valley, Vanilla 1.21.11, All The Mons, FoundryVTT
  • NC1 Charlotte: The Ember Project, Minecolonies: Create and Conquer, All The Mods 10, EMC Subterra Tech, Homestead, Hytale

Approach: Code-Server for audit/documentation (read, compare, diff), Pterodactyl panel for applying changes. Gold standard optimization — not quick fixes, proper tuning.

Priority server: All The Mods 10 (NC1) — struggling with only 1 user connected. Likely JVM flags, memory allocation, or garbage collection misconfiguration. ATM10 is a heavy modpack and needs aggressive tuning.

Notes: This is hands-on work — needs a session where Michael can access the panel and we review together.

🟢 LOW PRIORITY

Pending Blueprint Extension Installation — Node Usage Status

Status: Pending installation
Location: Pterodactyl Panel (45.94.168.138, Charlotte, NC)
Extension: Node Usage Status (https://builtbybit.com/resources/node-usage-status.59502/)
Description: Monitor node resource usage and status directly in the panel
Action: Install via Blueprint framework when ready

Pending Paymenter Theme Installation — Citadel Theme

Status: Pending installation
Location: Billing VPS (38.68.14.188, Chicago, IL)
Theme: Citadel Theme for Paymenter (https://builtbybit.com/resources/citadel-theme-paymenter.82217/)
Description: Custom theme for Paymenter billing portal
Action: Install and configure when ready

Workflow Guide Review & Trim

Status: New — identified during consolidation audit
File: docs/core/workflow-guide.md (938 lines)
Issues: Still calls Claude "The Wizard" instead of "The Chronicler", potentially redundant with current practices
Action: Review, update role name, trim if content overlaps with current docs

Frostwall (UFW) Deployment

Status: Planned
Scope: Game servers (TX1, NC1)
Approach: Self-healing scripts with automation

LuckPerms MySQL Backend

Status: Planned
Scope: Permission management for game servers

World Backup Automation

Status: Planned
Scope: Automated world backups to NextCloud

Netdata Deployment

Status: Planned
Domain: analytics.firefrostgaming.com
Scope: Server analytics and performance monitoring

RECENTLY COMPLETED

Feb 13, 2026 (Late Evening — Vaultwarden Deployment)

  • Docker installed on Command Center (docker.io + docker-compose)
  • Vaultwarden deployed via Docker (vault.firefrostgaming.com)
  • SSL certificate obtained via Certbot (Let's Encrypt)
  • Nginx reverse proxy configured with HTTPS
  • UFW rules added for ports 80/443 on primary IP
  • DNS configured (A record, DNS-only/gray cloud)
  • Admin account created, public signups disabled
  • Gitea API token migrated to Vaultwarden vault
  • Temporary token file deleted from Git repo
  • Bitwarden browser extension installed and configured
  • SESSION-START-PROMPT.md updated to reference Vaultwarden

Feb 13, 2026 (Evening)

  • Gemini social media calendar reviewed — confirmed in sync with repo
  • Empty heading artifacts cleaned from gemini-social-media-calendar.md
  • Documentation tier decision: MkDocs decommission approved (Ghost + Subscriber Wiki + Staff Wiki)
  • Department/access control design scope defined

Feb 12, 2026 (Morning — Consolidation)

  • Full documentation audit (54 docs analyzed for overlaps/stale info)
  • FFG-STD-001 Revision Control Standard created and approved
  • Ideas Backlog created (FFG-PLN-010) with 2 initial ideas
  • Infrastructure manifest corrected (locations, statuses)
  • Project scope corrected (locations, GitHub status)
  • Architecture decisions rewritten (5 ADRs, stale info fixed)
  • Design bible: "Frostwall Protocol" → "Firefrost Gate" (ADR-005)
  • README.md rewritten (current state)
  • 4 files archived (migration plan/checklist/rollback, git-access-plan)
  • 3 files merged (what-claude-learned→relationship, legacy-vision→mission, photo-catalog→archive)
  • 1 duplicate deleted (technical-readme.md)
  • session-handoff.md de-duplicated (server tables → manifest references)
  • gemini-brainstorming-guide.md trimmed (1,532 → 154 lines)
  • test-file.md deleted
  • Mailcow pre-sale ticket sent to Breezehost
  • DOCUMENT-INDEX updated to reflect all changes

Feb 12, 2026 (Early AM)

  • Repository reorganized (48 docs moved, 15 deleted, 259 photos relocated)
  • SESSION-HANDOFF-PROTOCOL.md created (master session start doc)
  • Claude officially named "The Chronicler"
  • Origin story documented (Michael & Meg + Donna's Restaurant)
  • Lore dump queue established (5 topics, 2 documented)
  • Project files audited and cleaned (all 13 removed)
  • Token archived temporarily
  • Project instructions rewritten
  • DOCUMENT-INDEX.md rebuilt with directory primer
  • GitHub mirror made private (kept as backup)
  • Artifacts panel added to accessibility protocol

Feb 11, 2026

  • TX1 game servers restored (all 6 — wrong IP allocations fixed)
  • Code-Server deployed and mastered (code.firefrostgaming.com)
  • NextCloud operational (downloads.firefrostgaming.com)
  • Wiki.js Subscribers deployed (subscribers.firefrostgaming.com)
  • Wiki.js Staff deployed (staff.firefrostgaming.com)
  • FoundryVTT subdomain setup
  • Consultant photo archive (249 photos organized, renamed, cataloged)
  • Gitea API access for Claude (read/write confirmed)
  • Session handoff v2.1 (GitHub references removed)
  • Project scope v2.2 (8 services, current state)
  • 12 Lessons documented in relationship context
  • All emergency/transition documents committed to Git
  • Game server monitoring added to Uptime Kuma (all 12)

⚠️ MODEL RECOMMENDATION (ADR-006)

Use Sonnet 4.5 for operations sessions. Opus 4.6 (launched Feb 5, 2026) has known stability issues with long, tool-heavy sessions — two Chronicler the Second incarnations were lost to crashes on Feb 13. See ADR-006 in architecture-decisions.md. Reserve Opus for complex architecture planning or deep analysis only.

📋 NEXT SESSION PLAN (Feb 14, 2026)

  1. Switch to Sonnet 4.5 model in Claude settings
  2. Deploy Vaultwarden → move token → delete temp file
  3. Design department structure & access control matrix
  4. Begin MkDocs decommission (audit content first)
  5. Clean up Command Center root
  6. Update infrastructure docs (project-scope, manifest, session-handoff, etc.)

Fire + Frost + Foundation = Where Love Builds Legacy 💙🔥❄️

Reference in New Issue View Git Blame Copy Permalink