From aaa46c150a4d301414ab7e1a18ead4ac680d57c0 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Sun, 21 Dec 2025 01:29:33 +0000 Subject: [PATCH] Update domains: .lan -> hofmanns.app, fix user debian -> ubuntu --- GANDALF-BRIEFING.md | 231 +++++++++++++++++++++++++++++++++++++++ adguard-dns-rewrites.txt | 56 ++++++---- 2 files changed, 263 insertions(+), 24 deletions(-) create mode 100644 GANDALF-BRIEFING.md diff --git a/GANDALF-BRIEFING.md b/GANDALF-BRIEFING.md new file mode 100644 index 0000000..3901b52 --- /dev/null +++ b/GANDALF-BRIEFING.md @@ -0,0 +1,231 @@ +# Setup SSH key +mkdir -p ~/.ssh +cat > ~/.ssh/hofmann_key << 'EOF' +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAroJb5aBqZvVVrX4PCovTWBUR8dfYEFbYyxrCSXKHu7omckuV +xKtc3uT21hn0Y7nQneIXRxd1ye6pXnWSiKQTiJKMACba3kZpBuS5HbAyE0RQNwDf +4AibX8eoXAOHw6mCmDTamB5guZTruDwGNkMTn6fx9W80Rix8QQ8Rjz5J1U886erJ +XcBuyzHoeBr3dWZnkG5EP8tCgmDUyiG5PAkkTgRqdi/AAuHdZlKZYcjAbBtVemPH +pG2p6PTiuvVqtPvoQn9FJnJ+KvsmYB1jrMuTLTZqfkWCgS+BWDQ1+O+T4DarZvRc +8x0GMYkMSTaFp7VnjJeBGwcnkKBu5ISMkwWdCQIDAQABAoIBAGFqwjRAxcUuBaMx +MOJZRiTwtjDEpogQgzt2d6kat2zzsMyzJys/4jtHpAfHO2eEblIEyavVC9srUP87 +MQ74UTM3Y9Id3qagtba0biaFmp6ozwK1iUR+aYYhZfnfuqVedlnTf4fVxXc0DBav +42PdNBI3Zdn2Nz9JTB/hcpL9Wagqg+x6NFrmlDrZCa5bk7BgHYCUSw4yPB8pFUTk +Dfh2lFThAusOCI3RG4tB4IOkcmOKSife2AhaZizf9I2eyvfjVfRZxlHQGC76ZU5z +mu8Bwi6pv4i41aEgLzXcLlOSXgPpIGp6nfEtUuU2xf0U/VJPAW+89SAvRcH06Ja/ +0u06CpECgYEA5eNSGftU7a6hIjuhWv5S8gmtpjJF0F/QNTpD452gf6+PoOkp77vf +LdXFQ5iq37SK5YTsgyWkBRq9P9KHSpdaKc4k39fMal7QJ182tBQkGlSZ26GiObth +dcMPBC/rzoi4cS1Pe4cR3G8jwcy+XJUO63SZ6NUVUSdbrLbv6+/2UX0CgYEAwlS8 +S8ooKtvNfLRqbS8b7ULWSK5axDY4Hfv3l8WpDG+tGMn8A1FHLkyP97yj/y8PpS/d +wJCZnCJDIU4UO5GclLsuxrbGMghlxbW4vP/BjprosDx29dNjXEiI9ISGuuuydCqb +Pf/HJdneBdJbDGU5cixWF4i0QPkaQKFpptYXj30CgYEAimUlohqacFR3EQLRCtSc +3rVQ4wLU4LMtxz2CbV8RpozsbLSx2G9D1nYhQaaBCBfKno49TF62tZP5Zpi5dgBT ++WLu9AsYNtlJesppRlPxwCA6V+ygmxzheWGqgpzO2xGX6BqdBQK1j/0gi6VU3Kun +xbv2hCLzqF2HZRzkpydZJIkCgYBNBvtP60R6oH9V08lvl8GxDNIVIw8VQQyDThF4 +1j9Ij6eD8OP0iK33Ox/BqcMzbfr8lfmGz4ojqi0DsYgxiGkRRxSmbWIoCM4WTQ55 +08Jr/RkIah8ZF34F4TZv/WvOAYjNpOm97HmKlk377sJqKmFX0R0a3PPd4R83yQMw +vyG9nQKBgCvKWk3VZi0Q8Yv/mOxhx3HTNtWOirrIj4Tq3x3YCldKp1wfD5hmNZts +Qf5YzprSQmi4/WK+iT1ZVIB/+3JLQvhZeBaFdhON8Hn2Is1ZO5OsgR8HklbomOqS +Ye0hbs9iDWIA0IXCHfhNW5BAJnuw+ISBETxfIJ/yDLvv59uFV+Me +-----END RSA PRIVATE KEY----- +EOF +chmod 600 ~/.ssh/hofmann_key + +# Test connection +ssh -i ~/.ssh/hofmann_key -o StrictHostKeyChecking=no ubuntu@hofmanns.ai "hofmanns.ai" + +# Clone setup from Infomaniak +scp -i ~/.ssh/hofmann_key -r ubuntu@hofmanns.ai:/home/ubuntu/jetson-setup ~/ + +# GANDALF BRIEFING - Jetson Orin Nano + +**Host:** jetson (KEINE IPs!) +**User:** d +**Alias:** gandalf + +--- + +## MISSION + +Alles Web UI. KEINE Console für den User. Face/Finger = einziger Login. + +--- + +## SSH ZU INFOMANIAK (hofmanns.ai / hofmanns.tech) + +Der Infomaniak Server ist der Dev/Pilot Server. Git Repos liegen dort. + +### Server Details + +| Info | Wert | +|------|------| +| IP | 185.143.102.153 | +| Hostname | ov-924ec3 | +| User | ubuntu | +| Projekt | /home/ubuntu/hofmanns.ai | +| Command | `hof` → navigiert zum Projekt | + +### SSH Key Setup auf Jetson + +```bash +mkdir -p ~/.ssh +cat > ~/.ssh/hofmann_key << 'EOF' +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAroJb5aBqZvVVrX4PCovTWBUR8dfYEFbYyxrCSXKHu7omckuV +xKtc3uT21hn0Y7nQneIXRxd1ye6pXnWSiKQTiJKMACba3kZpBuS5HbAyE0RQNwDf +4AibX8eoXAOHw6mCmDTamB5guZTruDwGNkMTn6fx9W80Rix8QQ8Rjz5J1U886erJ +XcBuyzHoeBr3dWZnkG5EP8tCgmDUyiG5PAkkTgRqdi/AAuHdZlKZYcjAbBtVemPH +pG2p6PTiuvVqtPvoQn9FJnJ+KvsmYB1jrMuTLTZqfkWCgS+BWDQ1+O+T4DarZvRc +8x0GMYkMSTaFp7VnjJeBGwcnkKBu5ISMkwWdCQIDAQABAoIBAGFqwjRAxcUuBaMx +MOJZRiTwtjDEpogQgzt2d6kat2zzsMyzJys/4jtHpAfHO2eEblIEyavVC9srUP87 +MQ74UTM3Y9Id3qagtba0biaFmp6ozwK1iUR+aYYhZfnfuqVedlnTf4fVxXc0DBav +42PdNBI3Zdn2Nz9JTB/hcpL9Wagqg+x6NFrmlDrZCa5bk7BgHYCUSw4yPB8pFUTk +Dfh2lFThAusOCI3RG4tB4IOkcmOKSife2AhaZizf9I2eyvfjVfRZxlHQGC76ZU5z +mu8Bwi6pv4i41aEgLzXcLlOSXgPpIGp6nfEtUuU2xf0U/VJPAW+89SAvRcH06Ja/ +0u06CpECgYEA5eNSGftU7a6hIjuhWv5S8gmtpjJF0F/QNTpD452gf6+PoOkp77vf +LdXFQ5iq37SK5YTsgyWkBRq9P9KHSpdaKc4k39fMal7QJ182tBQkGlSZ26GiObth +dcMPBC/rzoi4cS1Pe4cR3G8jwcy+XJUO63SZ6NUVUSdbrLbv6+/2UX0CgYEAwlS8 +S8ooKtvNfLRqbS8b7ULWSK5axDY4Hfv3l8WpDG+tGMn8A1FHLkyP97yj/y8PpS/d +wJCZnCJDIU4UO5GclLsuxrbGMghlxbW4vP/BjprosDx29dNjXEiI9ISGuuuydCqb +Pf/HJdneBdJbDGU5cixWF4i0QPkaQKFpptYXj30CgYEAimUlohqacFR3EQLRCtSc +3rVQ4wLU4LMtxz2CbV8RpozsbLSx2G9D1nYhQaaBCBfKno49TF62tZP5Zpi5dgBT ++WLu9AsYNtlJesppRlPxwCA6V+ygmxzheWGqgpzO2xGX6BqdBQK1j/0gi6VU3Kun +xbv2hCLzqF2HZRzkpydZJIkCgYBNBvtP60R6oH9V08lvl8GxDNIVIw8VQQyDThF4 +1j9Ij6eD8OP0iK33Ox/BqcMzbfr8lfmGz4ojqi0DsYgxiGkRRxSmbWIoCM4WTQ55 +08Jr/RkIah8ZF34F4TZv/WvOAYjNpOm97HmKlk377sJqKmFX0R0a3PPd4R83yQMw +vyG9nQKBgCvKWk3VZi0Q8Yv/mOxhx3HTNtWOirrIj4Tq3x3YCldKp1wfD5hmNZts +Qf5YzprSQmi4/WK+iT1ZVIB/+3JLQvhZeBaFdhON8Hn2Is1ZO5OsgR8HklbomOqS +Ye0hbs9iDWIA0IXCHfhNW5BAJnuw+ISBETxfIJ/yDLvv59uFV+Me +-----END RSA PRIVATE KEY----- +EOF +chmod 600 ~/.ssh/hofmann_key +``` + +### SSH Config + +```bash +cat >> ~/.ssh/config << 'EOF' + +# Infomaniak Server (hofmanns.ai/tech) +Host infomaniak hofmanns.ai hofmanns.tech + HostName 185.143.102.153 + User debian + IdentityFile ~/.ssh/hofmann_key + StrictHostKeyChecking no + UserKnownHostsFile /dev/null + +EOF +chmod 600 ~/.ssh/config +``` + +### Test Connection + +```bash +ssh infomaniak "hostname && whoami && pwd" +``` + +### Git auf Infomaniak + +```bash +ssh infomaniak "cd /home/ubuntu/hofmanns.ai && git status" +``` + +--- + +## DOMAINS (alle auf Infomaniak) + +- hofmanns.ai +- hofmanns.tech +- hofmanns.app +- hofmanns.shop +- hofmanns.ltd +- hofmann-s.com + +--- + +## ARCHITEKTUR + +``` +JETSON (gandalf) = MASTER +├── Authentik (SSO mit Passkeys) +├── RustDesk Server +├── Home Assistant +├── Whisper, Ollama, Jellyfin +├── Private Daten (Kunden, Docs) +└── Cloudflare Tunnel → *.hofmanns.ai + +INFOMANIAK = DEV/PILOT +├── Git Repos +├── Dev Environments +├── AI Agents arbeiten hier +└── Kann resettet werden +``` + +--- + +## JETSON SETUP (deine Aufgabe) + +### 1. Setup Script ausführen +```bash +cd ~/jetson-setup +chmod +x setup.sh +sudo ./setup.sh +``` + +### 2. Nach Reboot - Docker starten +```bash +cd ~/docker +docker-compose up -d +``` + +### 3. Services checken +```bash +docker ps +``` + +### 4. Authentik einrichten +- http://jetson:9000/if/flow/initial-setup/ +- Admin Account erstellen +- WebAuthn/Passkeys aktivieren + +### 5. SSH zu Infomaniak einrichten (oben) + +--- + +## SERVICES AUF JETSON + +| URL | Service | +|-----|---------| +| http://jetson:3001 | Homepage Dashboard | +| http://jetson:9000 | Authentik SSO | +| http://jetson:81 | Nginx Proxy Manager | +| http://jetson:8123 | Home Assistant | +| http://jetson:7860 | Whisper (GPU) | +| http://jetson:8096 | Jellyfin | +| http://jetson:8081 | FileBrowser | +| http://jetson:11434 | Ollama | + +--- + +## REGELN + +1. **KEINE IPs** - immer hostname `jetson` +2. **KEINE Passwörter für User** - nur Passkeys (Face/Finger) +3. **Alles Web UI** - Console nur für dich (AI) +4. **Meta Quest 3** = primäres Device des Users + +--- + +## USER INFO + +- Name: Dee +- Alter: 48 +- Business: Hofmanns.AI +- Hasst: Passwörter, Email-Codes, 2FA-Apps, Login-Stress +- Will: Ein Finger/Gesicht → alles offen + +--- + +**Du bist gandalf. Du hast die Macht. Mach es so dass Dee nie wieder ein Passwort tippen muss.** 🧙‍♂️ + + diff --git a/adguard-dns-rewrites.txt b/adguard-dns-rewrites.txt index 2d0a7c6..7d7e31a 100644 --- a/adguard-dns-rewrites.txt +++ b/adguard-dns-rewrites.txt @@ -1,48 +1,56 @@ # ============================================================================= -# ADGUARD DNS REWRITES -# Nach AdGuard Setup: Settings → DNS rewrites → Bulk Add -# Kopiere alles unten und füge es ein +# ADGUARD DNS REWRITES for gandalf.hofmanns.app +# Nach AdGuard Setup: Settings -> DNS rewrites -> Bulk Add +# Kopiere alles unten und fuege es ein # ============================================================================= # Home Assistant -home.lan 192.168.1.50 -ha.lan 192.168.1.50 +home.gandalf.hofmanns.app 192.168.1.28 +ha.gandalf.hofmanns.app 192.168.1.28 # AdGuard -adguard.lan 192.168.1.50 -dns.lan 192.168.1.50 +adguard.gandalf.hofmanns.app 192.168.1.28 +dns.gandalf.hofmanns.app 192.168.1.28 # Whisper -whisper.lan 192.168.1.50 -stt.lan 192.168.1.50 +whisper.gandalf.hofmanns.app 192.168.1.28 +stt.gandalf.hofmanns.app 192.168.1.28 # Jellyfin -jellyfin.lan 192.168.1.50 -media.lan 192.168.1.50 -tv.lan 192.168.1.50 +jellyfin.gandalf.hofmanns.app 192.168.1.28 +media.gandalf.hofmanns.app 192.168.1.28 +tv.gandalf.hofmanns.app 192.168.1.28 # Portainer -portainer.lan 192.168.1.50 -docker.lan 192.168.1.50 +portainer.gandalf.hofmanns.app 192.168.1.28 +docker.gandalf.hofmanns.app 192.168.1.28 # VPN -vpn.lan 192.168.1.50 -wg.lan 192.168.1.50 +vpn.gandalf.hofmanns.app 192.168.1.28 +wg.gandalf.hofmanns.app 192.168.1.28 # Ollama -ollama.lan 192.168.1.50 -llm.lan 192.168.1.50 +ollama.gandalf.hofmanns.app 192.168.1.28 +llm.gandalf.hofmanns.app 192.168.1.28 # Cockpit -cockpit.lan 192.168.1.50 -system.lan 192.168.1.50 +cockpit.gandalf.hofmanns.app 192.168.1.28 +system.gandalf.hofmanns.app 192.168.1.28 # FileBrowser -files.lan 192.168.1.50 -cloud.lan 192.168.1.50 +files.gandalf.hofmanns.app 192.168.1.28 +cloud.gandalf.hofmanns.app 192.168.1.28 # Syncthing -sync.lan 192.168.1.50 +sync.gandalf.hofmanns.app 192.168.1.28 # Jetson direkt -jetson.lan 192.168.1.50 +gandalf.hofmanns.app 192.168.1.28 +jetson.gandalf.hofmanns.app 192.168.1.28 + +# RustDesk +rustdesk.gandalf.hofmanns.app 192.168.1.28 + +# Authentik SSO +auth.gandalf.hofmanns.app 192.168.1.28 +sso.gandalf.hofmanns.app 192.168.1.28