firefrost-operations-manual/docs/planning/holly-cockpit-access-decision.md

Cockpit Access for Holly - Decision Document

Date: March 23, 2026
Prepared by: Chronicler #40
For: Michael (to discuss with Holly)
Purpose: Evaluate whether to grant Holly Cockpit access to TX1/NC1 game servers

---

📋 TABLE OF CONTENTS

1. What is Cockpit?
2. Current Access (Pterodactyl Panel)
3. Proposed Access (Cockpit)
4. Pros & Cons Analysis
5. Three Access Options
6. Recommendation
7. Implementation Guide
8. Training Plan

---

🖥️ WHAT IS COCKPIT?

Cockpit is a web-based server management interface for Linux servers.

Access URLs:

• TX1 Dallas: https://38.68.14.26:9090
• NC1 Charlotte: https://216.239.104.130:9090

What it provides:

• Web-based terminal (no need for MobaXterm/PuTTY/SSH clients)
• File browser with drag-and-drop upload
• Service management (start/stop/restart services)
• Resource monitoring (CPU, RAM, disk, network)
• Log viewer (real-time and historical)
• User management
• System updates

Think of it as: A control panel for the entire Linux server, similar to cPanel but for server administration.

---

🎮 CURRENT ACCESS (PTERODACTYL PANEL)

What Holly currently has:

Pterodactyl Panel (panel.firefrostgaming.com)

• Access to all 13 game server consoles
• File manager for game server files (in /mods/, /config/, etc.)
• Start/stop/restart game servers
• View logs for game servers
• Edit config files
• Upload/download files

What Holly CAN do now:

• ✅ Install mods (upload .jar files)
• ✅ Edit config files (LuckPerms, FTB, etc.)
• ✅ Restart game servers
• ✅ View server logs
• ✅ Manage server files

What Holly CANNOT do now:

• ❌ Access the host operating system (TX1/NC1 Linux servers)
• ❌ Install system packages (like htop, ncdu, etc.)
• ❌ Manage systemd services (like Pterodactyl Wings)
• ❌ View host system logs (journalctl)
• ❌ Monitor host system resources (RAM/CPU usage of the host)
• ❌ Access files outside of game server directories

---

🚀 PROPOSED ACCESS (COCKPIT)

What Holly would gain with Cockpit:

Additional capabilities:

• ✅ Web-based terminal (easier than SSH)
• ✅ Drag-and-drop file upload to any directory
• ✅ Browse entire filesystem (not just game server directories)
• ✅ View host system logs (see what's happening on TX1/NC1)
• ✅ Monitor host resources (is TX1 actually running out of RAM?)
• ✅ Restart system services (if granted permission)

What this means practically:

• Faster mod installation (drag-and-drop vs Pterodactyl upload)
• Better troubleshooting (can see host logs if game server won't start)
• Independence (doesn't need Michael for simple system checks)
• Learning opportunity (builds Linux skills)

---

⚖️ PROS & CONS ANALYSIS

✅ PROS

1. Easier Mod Installation

Current: Upload through Pterodactyl Panel (can be slow, sometimes times out)
With Cockpit: Drag-and-drop files directly to /var/lib/pterodactyl/volumes/[server-uuid]/mods/

Benefit: Faster deployment, fewer upload failures, batch uploads easier

---

2. Better Troubleshooting

Current: If a game server won't start, Holly can only see game server logs in Pterodactyl
With Cockpit: She can check:

• Host system logs (journalctl)
• Is Wings running? (systemctl status wings)
• Is the host out of RAM/disk space?
• Are there permission errors?

Benefit: Diagnose issues without waiting for Michael, faster problem resolution

---

3. Independence & Empowerment

Current: Holly waits for Michael when:

• Need to check if Wings is running
• Need to see system logs
• Need to verify host resources
• Need to restart a system service

With Cockpit: Holly can handle these herself

Benefit: Michael isn't the bottleneck, Holly can work asynchronously

---

4. Learning Opportunity

Current: Holly's Linux knowledge limited to Pterodactyl Panel interface
With Cockpit: Holly learns:

• Linux file system structure
• How services work (systemd)
• Resource monitoring basics
• Log troubleshooting

Benefit: Holly becomes more capable, can take on more infrastructure responsibility

---

5. Faster Iteration

Current: Make config change → Upload via Pterodactyl → Test → Repeat
With Cockpit: Edit file directly in web terminal → Save → Test → Repeat

Benefit: Faster development/testing cycles for configuration changes

---

❌ CONS

1. Security Risk

Risk: Full server access = Holly could accidentally break things

Examples of things that could go wrong:

• Delete critical system files (rm -rf /var/lib/pterodactyl)
• Stop Pterodactyl Wings (systemctl stop wings → all game servers down)
• Change firewall rules and lock everyone out
• Fill up disk with large file uploads
• Misconfigure services

Severity: High - Could take down all 6-7 game servers on that host

Mitigation: Restricted user account (see Options section)

---

2. Complexity & Learning Curve

Risk: Linux terminal is harder than Pterodactyl Panel

Challenges:

• Commands must be typed exactly (one typo = error)
• File paths are absolute (/var/lib/... not relative)
• Permission errors can be confusing
• Terminal isn't as forgiving as GUI

Severity: Medium - Holly might get frustrated, make mistakes

Mitigation: Training, clear documentation, start with read-only tasks

---

3. Multiple Access Methods = Confusion

Risk: Pterodactyl Panel AND Cockpit both available

Confusion points:

• Which tool should I use for this task?
• Did I edit the file in Cockpit or Pterodactyl? (version conflicts)
• Where did I upload that mod?

Severity: Low-Medium - Can lead to mistakes, wasted time

Mitigation: Clear guidelines on when to use each tool

---

4. Accountability & Tracking

Risk: Multiple access methods = harder to track who did what

Scenarios:

• Server breaks, was it a Pterodactyl change or Cockpit change?
• File modified, but which interface was used?
• Service restarted, but by whom? (if multiple people have access)

Severity: Low - Mostly an audit/troubleshooting issue

Mitigation: Cockpit logs all actions, can review if needed

---

🎛️ THREE ACCESS OPTIONS

Option A: Limited Cockpit User (RECOMMENDED)

What Holly gets:

• ✅ Web-based terminal (read-only by default)
• ✅ File browser for game server directories
• ✅ Upload mods via drag-and-drop
• ✅ View system logs (journalctl -u wings)
• ✅ Monitor system resources (CPU/RAM/disk)
• ❌ CANNOT restart services (except specifically granted ones)
• ❌ CANNOT edit system files
• ❌ CANNOT install packages
• ❌ CANNOT become root/sudo

Implementation:

# Create limited user account
useradd -m -s /bin/bash holly
passwd holly  # Set strong password

# Add to specific groups
usermod -aG systemd-journal holly  # Can read logs
usermod -aG pterodactyl holly      # Can access game server files

# Grant ONLY specific service restart permission (optional)
echo "holly ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart wings" >> /etc/sudoers.d/holly

Risk Level: LOW
Benefit Level: HIGH

Best for: Holly learning Linux while preventing catastrophic mistakes

---

Option B: Full Admin Access with Training

What Holly gets:

• ✅ Full sudo access
• ✅ Can do anything root can do
• ✅ Install packages, edit any file, restart any service
• ❌ HIGH RISK if she makes a mistake

Implementation:

# Create admin user
useradd -m -s /bin/bash holly
passwd holly
usermod -aG sudo holly  # Full admin rights

Risk Level: HIGH
Benefit Level: VERY HIGH (if Holly is competent)

Best for: Holly is comfortable with Linux AND you trust her judgment

Requirements:

• Holly must go through Linux training first
• Clear "DO NOT TOUCH" list of files/commands
• Requires you to be available for questions
• Set up audit logging

---

Option C: No Cockpit, Pterodactyl Panel Only

What Holly gets:

• ✅ Pterodactyl Panel access (current state)
• ❌ No Cockpit access
• ❌ No direct server access

Risk Level: NONE
Benefit Level: CURRENT STATE

Best for:

• Holly isn't interested in learning Linux
• You don't have time to train/support her
• Current workflow is working fine

---

🎯 RECOMMENDATION

Start with Option A (Limited Cockpit User), with clear path to Option B if she wants.

Why Option A?

1. Balances empowerment with safety

• Holly can do 90% of what she needs
• Can't break critical infrastructure
• Builds confidence before full access

2. Low-risk learning environment

• She can explore, experiment, learn
• Worst case: She breaks a game server file (easy to restore)
• Can't break the host OS

3. Immediate productivity gains

• Faster mod installation
• Better troubleshooting
• Less waiting for Michael

4. Clear upgrade path

• Start limited (Option A)
• If Holly shows competence and wants more, upgrade to Option B
• If Holly isn't interested, stay at Option A or drop to Option C

Decision Framework

Ask Holly:

1. Are you interested in learning Linux server management?
2. Do you want to be able to troubleshoot server issues independently?
3. Are you comfortable learning command-line tools?

If YES to all three: Start with Option A, plan for Option B training
If YES to some: Start with Option A, stay there
If NO to most: Stick with Option C (Pterodactyl only)

---

🛠️ IMPLEMENTATION GUIDE

IF you decide to grant Holly Cockpit access (Option A or B), here's how:

Step 1: Create User Account on TX1

# SSH to TX1
ssh root@38.68.14.26

# Create user
useradd -m -s /bin/bash holly
passwd holly  # Set strong password (save to Vaultwarden)

# Add to groups (Option A)
usermod -aG systemd-journal holly
usermod -aG pterodactyl holly

# Optional: Allow Wings restart only (Option A)
echo "holly ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart wings" > /etc/sudoers.d/holly
chmod 0440 /etc/sudoers.d/holly

# Test the sudoers file
visudo -c

Step 2: Create User Account on NC1

# SSH to NC1
ssh root@216.239.104.130

# Repeat same commands as TX1
useradd -m -s /bin/bash holly
passwd holly  # SAME password as TX1
usermod -aG systemd-journal holly
usermod -aG pterodactyl holly
echo "holly ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart wings" > /etc/sudoers.d/holly
chmod 0440 /etc/sudoers.d/holly
visudo -c

Step 3: Give Holly Login Info

Provide to Holly (via Vaultwarden):

• TX1 Cockpit: https://38.68.14.26:9090
• NC1 Cockpit: https://216.239.104.130:9090
• Username: holly
• Password: [password you set]

Step 4: Walk Through Initial Login

With Holly, do this together:

1. Open https://38.68.14.26:9090 in browser
2. Accept self-signed certificate warning (click "Advanced" → "Proceed")
3. Login with holly / [password]
4. Show her around:
   • Terminal (Web Console)
   • File browser (navigate to /var/lib/pterodactyl/volumes/)
   • Logs (click "Logs" → search for "wings")
   • Resource monitor (System → Performance)

Step 5: Test Her Access

Have Holly try:

# In Cockpit terminal, test commands:

# Can she read logs? (should work)
journalctl -u wings -n 50

# Can she list game servers? (should work)
ls /var/lib/pterodactyl/volumes/

# Can she restart Wings? (should work if you granted permission)
sudo systemctl restart wings

# Can she become root? (should FAIL)
sudo su -
# Should say "holly is not in the sudoers file"

If all tests pass, she's set up correctly.

---

📚 TRAINING PLAN

If Holly has Cockpit access, teach her these skills:

Week 1: Read-Only Exploration

Goal: Get comfortable navigating, no making changes yet

Tasks:

1. Log in to Cockpit on both servers
2. Navigate file browser to game server directories
3. View Wings logs (journalctl -u wings)
4. Check system resources (CPU/RAM)
5. Find a specific game server's directory

Outcome: Holly comfortable with Cockpit interface, can find things

---

Week 2: File Operations

Goal: Upload mods, edit config files

Tasks:

1. Upload a mod via drag-and-drop
2. Edit a config file in terminal (nano /path/to/file)
3. Copy a file from one server to another
4. Check file permissions (ls -la)

Outcome: Holly can manage game server files via Cockpit

---

Week 3: Service Management

Goal: Restart services, troubleshoot issues

Tasks:

1. Check if Wings is running (systemctl status wings)
2. Restart Wings (sudo systemctl restart wings)
3. View logs for a specific time range
4. Identify when a service crashed from logs

Outcome: Holly can restart services and read logs for troubleshooting

---

Week 4: Problem Solving

Goal: Use Cockpit to diagnose real issues

Tasks:

1. Game server won't start → check Wings logs → diagnose
2. Server running slow → check RAM/CPU → identify cause
3. Mod won't load → check game server logs → fix

Outcome: Holly can independently troubleshoot most issues

---

📝 GUIDELINES FOR HOLLY

If Holly gets Cockpit access, give her these rules:

✅ Safe to Do (Green Light)

• View any logs (journalctl)
• Browse any files (read-only)
• Upload mods to game server directories
• Edit game server config files (/var/lib/pterodactyl/volumes/.../config/)
• Check system resources
• Restart Wings (if permission granted)

⚠️ Ask First (Yellow Light)

• Restart any service other than Wings
• Edit files outside game server directories
• Delete large files
• Install any software
• Change file permissions

🛑 Never Do (Red Light)

• Run commands you don't understand
• Delete system files (/etc, /usr, /bin)
• Change firewall rules
• Modify /etc/fstab, /etc/passwd, /etc/sudoers directly
• Run rm -rf on any directory
• Kill critical processes (systemd, sshd, nginx)

---

🔍 MONITORING HOLLY'S ACCESS

If you grant Cockpit access, you can monitor:

View What Holly Has Done

# On TX1 or NC1, view Cockpit logs:
journalctl -u cockpit -n 100

# View sudo commands Holly ran:
grep "holly.*sudo" /var/log/auth.log

# View SSH/Cockpit logins:
last -n 20 holly

Cockpit Activity Dashboard

Cockpit logs every action:

• Terminal commands entered
• Files uploaded/modified
• Services restarted
• Login times

You can review these if something breaks and you need to know what happened.

---

❓ DISCUSSION QUESTIONS FOR HOLLY

Before making the decision, ask Holly:

1. Interest Level:

   • "Are you interested in learning Linux server administration?"
   • "Do you want to be able to fix server issues yourself, or are you happy to ping me when something breaks?"

2. Comfort Level:

   • "How comfortable are you with command-line interfaces?"
   • "Have you used terminal/command prompt before? How did it go?"

3. Time Commitment:

   • "Are you willing to spend a few hours learning Cockpit and Linux basics?"
   • "Would you rather focus on building and let me handle the backend?"

4. Expectations:

   • "What would you most want to use Cockpit for?"
   • "Is there anything you're frustrated with in Pterodactyl Panel that Cockpit would solve?"

---

🎓 RESOURCES FOR HOLLY

If Holly gets Cockpit access, provide these learning resources:

Beginner Linux Tutorials

• Linux Journey: https://linuxjourney.com/ (interactive, beginner-friendly)
• Cockpit Project Docs: https://cockpit-project.org/guide/latest/
• Basic Linux Commands Cheat Sheet

Firefrost-Specific Docs

• Server directory structure guide
• Common troubleshooting commands
• What NOT to touch (critical files/services)

Michael's Contact

• "If you're unsure about a command, ask me first"
• "If something breaks, don't panic - we have backups"
• "Better to ask than to guess"

---

🏁 DECISION SUMMARY

Three paths forward:

Path 1: Give Holly Limited Cockpit Access (Option A)

When: Holly is interested in learning Linux
Risk: Low
Benefit: High
Next Step: Create holly user on TX1/NC1, walk through training plan

Path 2: Give Holly Full Cockpit Access (Option B)

When: Holly is confident with Linux AND you have time to train/support
Risk: High
Benefit: Very High
Next Step: Training program first, then grant access

Path 3: Keep Pterodactyl Only (Option C)

When: Holly prefers GUI or isn't interested in Linux
Risk: None
Benefit: Current state
Next Step: Nothing changes

---

📞 NEXT STEPS

1. Read this document
2. Discuss with Holly (gauge her interest and comfort)
3. Choose an option based on her responses
4. If Option A or B: Implement user account, start training
5. If Option C: Close this document, stick with Pterodactyl

---

Fire + Frost + Foundation = Where Love Builds Legacy 🔥❄️

Prepared by: Chronicler #40
Date: March 23, 2026
Status: Decision pending - discuss with Holly

---

END OF DOCUMENT