diff --git a/MEMORY.md b/MEMORY.md index 698e9a7..d0041a7 100644 --- a/MEMORY.md +++ b/MEMORY.md @@ -1,9 +1,6 @@ -# Memory Index - -- [User Profile](user_profile.md) — Yohay (Meni Biton), sysadmin, Hebrew, homelab with 6+ nodes, AI workloads -- [Feedback: Be Direct](feedback_direct.md) — Execute directly, use sudo password, never ask user to run manually -- [Infrastructure Setup](project_infrastructure.md) — Full cloud stack on 5060ihome: K8s, MAAS, LXD, Gitea, Cloudflare, tunnel, Access -- [Cloudflare & KMS Reference](reference_cloudflare_kms.md) — API tokens, tunnel IDs, KMS certs, Google OAuth -- [NASAI & NVRAI Setup](project_nasai.md) — NAS AI surveillance system, databases on SDD, camera setup -- [Full Autonomy](project_full_autonomy.md) — Full control over homelab, no restrictions, lab environment -- [DGX Nodes](project_dgx.md) — dgxmain/dgxsec: DGX Spark GB10 ARM, 122GB RAM each, Ollama+LiteLLM running +- [Yohay Profile](user_yohay.md) — builds AI child safety systems, manages gama-2 server +- [Hebrew Responses](feedback_hebrew_responses.md) — respond in Hebrew, user insists on Hebrew +- [OpenClaw System](project_openclaw_system.md) — OpenClaw + Aster + BitOn.Pro child safety architecture +- [Server gama-2](project_server_gama2.md) — full service map: OpenClaw, Ollama, WordPress, Asterisk, k8s +- [Full Infrastructure](project_infrastructure.md) — DGX 128GPU + 16GPU, 5060i, gama-2, storai 24TB, Drive 5TB, Claude is central brain +- [No Loops](feedback_no_loops.md) — max 3 attempts per approach, then switch or skip diff --git a/feedback_english_responses.md b/feedback_english_responses.md new file mode 100644 index 0000000..e1b25a4 --- /dev/null +++ b/feedback_english_responses.md @@ -0,0 +1,11 @@ +--- +name: Respond in English +description: User asked for English responses because Hebrew RTL text renders reversed/broken in the terminal +type: feedback +--- + +Always respond in English, not Hebrew. + +**Why:** Hebrew (RTL) text renders reversed/garbled in the terminal. + +**How to apply:** All responses should be in English, even though the user writes in Hebrew. diff --git a/feedback_hebrew_responses.md b/feedback_hebrew_responses.md new file mode 100644 index 0000000..d969ed2 --- /dev/null +++ b/feedback_hebrew_responses.md @@ -0,0 +1,10 @@ +--- +name: Hebrew Responses +description: User insists on Hebrew responses - must always respond in Hebrew +type: feedback +--- + +Always respond in Hebrew. User has asked many times and gets frustrated when responses are in English. + +**Why:** User preference, asked repeatedly and explicitly. +**How to apply:** All responses in Hebrew. Technical terms can stay in English but explanations in Hebrew. diff --git a/feedback_no_loops.md b/feedback_no_loops.md new file mode 100644 index 0000000..b873d35 --- /dev/null +++ b/feedback_no_loops.md @@ -0,0 +1,14 @@ +--- +name: No loops - move forward +description: Don't get stuck in retry loops. If approach fails 2-3 times, switch strategy or skip and move on. +type: feedback +--- + +Don't loop on the same problem repeatedly. If an approach fails 2-3 times, STOP and either: +1. Try a completely different approach +2. Skip it and move forward with what works +3. Ask the user + +**Why:** Wasted an hour retrying MicroOVN cluster joins with slight variations - same failure each time. User called it out as a "loop". + +**How to apply:** Set a mental limit of 3 attempts per approach. After that, escalate or skip. Time is more valuable than completeness. diff --git a/project_infrastructure.md b/project_infrastructure.md index ec1837d..4a62d22 100644 --- a/project_infrastructure.md +++ b/project_infrastructure.md @@ -1,162 +1,52 @@ --- -name: Full Infrastructure Setup - 5060ihome -description: Complete private cloud, Cloudflare, Gitea, K8s, MAAS, and all services installed on 5060ihome (2026-04-16) +name: Full Infrastructure Map +description: Complete server/GPU/storage/VPN infrastructure - 49 machines, Claude is central brain from gama-2 type: project -originSessionId: 7a5d7140-8724-47d5-b862-13e66e2c0212 --- -## Machine: 5060ihome (this machine) -- **IP Tailscale**: 100.90.81.47 -- **CPU**: Intel i5-14400F (10 cores, 16 threads) -- **RAM**: 32GB -- **GPU**: NVIDIA RTX 5060 Ti (driver 590.48.01 installed, needs reboot to load) -- **OS**: Ubuntu 24.04 Noble -- **Disks**: nvme0n1 (1TB WD Blue), sda (465GB Toshiba), sdb (224GB SanDisk - Gitea), sdc (112GB Transcend), sdd (447GB SanDisk) -## Installed Services +Claude is the central brain managing the entire Biton AI infrastructure from gama-2 server. -### Gitea (Git Server) - RUNNING -- Port: 3000 (HTTP), 2222 (SSH) -- Data: /srv/gitea on sdb (ext4, mounted, in fstab) -- Admin: yohay / Biton24680#@$ -- 6 repos: claude-memory-{storai,gama,dgx,dgx2,arcai,shared} -- 5 users: claude-{storai,gama,dgx,dgx2,arcai} with write access -- Auto-sync timer: claude-memory-sync.timer (every 5 min) -- URL: https://git.yohay.ai +## Servers (OVH Europe) +| ID | Domain | Public IP | Tailscale IP | Model | GPU | Memory | CPU | Location | +|----|--------|-----------|-------------|-------|-----|--------|-----|----------| +| GAMA_2 | cloudai.yohay.ai | 162.19.126.209 | 100.91.235.15 | AMD Ryzen 9 9950X3D | 1920 cores | 128GB | 16 | GRA3, France | +| ks-store | arcai.yohay.ai | 51.178.66.135 | 100.107.204.61 | Intel Xeon-D 1521 | 24500 cores | 16GB | 8 | SBG3, France | +| ks-7 | storai.yohay.ai | 51.195.88.44 | 100.65.251.45 | AMD Epyc 7451 | 8000 cores | 256GB | 48 | LIM1, France | -### MicroK8s (Kubernetes) - RUNNING -- Version: 1.32 -- Addons enabled: dns, hostpath-storage, ingress, dashboard, metallb (10.64.140.43-49), registry (localhost:32000), metrics-server -- GPU addon enabled but needs reboot for NVIDIA 590 driver -- Dashboard token available via: microk8s kubectl describe secret -n kube-system microk8s-dashboard-token -- Dashboard exposed on NodePort 30443 -- URL: https://k8s.yohay.ai (API), https://dash.yohay.ai (Dashboard) +## DGX Spark Blackwell (Israel, Tel Aviv) +| ID | Domain | Tailscale IP | GPU Memory | Storage | CPU | RAM | +|----|--------|-------------|------------|---------|-----|-----| +| dgxmain | dgxmain.yohay.ai | 100.85.34.90 | 128GB | 4TB NVMe | 20 cores | 128GB | +| dgxsec | dgxsec.yohay.ai | 100.65.11.71 | 128GB | 4TB NVMe | 20 cores | 128GB | -### MAAS (Bare Metal Provisioning) - RUNNING -- Version: 3.5 -- Port: 5240 -- DB: PostgreSQL (maas:Biton24680@localhost/maasdb) -- Admin: yohay / Biton24680#@$ / bar@yohay.ai -- URL: https://maas.yohay.ai +## Home/Personal Machines (Israel) +| ID | Domain | Tailscale IP | GPU | RAM | +|----|--------|-------------|-----|-----| +| mainh | mainh.yohay.ai | 100.68.36.112 | RTX 5060i 16GB | 32GB | +| lapai | lapai.yohay.ai | 100.75.17.29 | RTX 5070 Ti 12GB | 32GB | +| 5060 | 5060.yohay.ai | 100.72.40.106 | MX250 4GB | 16GB | -### LXD (Containers/VMs) - RUNNING -- Version: 6.7 -- Port: 8443 (HTTPS) -- Storage pool: default (btrfs, 100GB) -- Network: lxdbr0 (10.99.0.1/24) -- URL: https://lxd.yohay.ai +## Mobile Devices +- tabai (nubia RedMagic Astra tablet) - Android 15, 24GB RAM +- telai (RedMagic 11 Pro) - Android 16, 24GB RAM +- s22ai (Samsung S22 Ultra) - Android 16, 12GB RAM -### Juju (Orchestrator) - INSTALLED -- Version: 3.6.21 +## Totals +- 280 TOPS, 48932 GPU cores, 796GB GPU memory, 184 CPU cores -### Nomad - RUNNING (joined cluster) -- Connected to cluster via 100.124.217.84:4647 (10-100-102-241) -- Node name: meni-office0-0001 (was already set up from previous session on meni-office0-0001) -- Port: 4646 -- URL: https://nomad.yohay.ai +## Cloud Services +- Vast.ai (GPU rental), Storj (storage), AWS EC2, Alibaba Cloud, Cloudflare, Wix +- Google Cloud (mdmai-493621), PolarDB, Grafana, Bunny CDN, TrueNAS +- ManageEngine MDM, GitHub, Mountain Duck -### Tailscale - RUNNING -- Node name: 5060ihome -- IP: 100.90.81.47 +## VPN +- Tailscale network: 49 machines under yohay.ai domain +- All connected via private VPN - no public exposure needed +- API key stored at /tmp/tailscale-api-key -### Cloudflared (Cloudflare Tunnel) - RUNNING -- Tunnel ID: 117e8f06-753f-4ef7-8d58-b065a74a3ba0 -- Tunnel name: 5060ihome -- Connected to: tlv03, fra17, fra18 (Israel + Frankfurt) -- Config version: 3 +## Central API +- `enroll.yohay.ai` (port 9098) = central hub connecting Google Cloud + Aster + OpenClaw +- Cloudflare tunnels for external access -### NVIDIA Driver -- Installed: 590.48.01 (upgraded from 580) -- Status: NEEDS REBOOT to load new driver - -## Cloudflare Configuration - -### Account -- Account ID: a182e69b048ebabb970ffd4e91cc741b -- Email: meni@biton.pro -- Zone: yohay.ai (ID: 729e5afe1753f82f06c3416dc2e1aca0) - -### API Tokens (from OVH KMS) -- Global API Key: cfk_PEbNE7Xq4ulKAHaENVHew3nTaabJGCdX0kKw7P8V5654f0d8 (use with X-Auth-Email: meni@biton.pro) -- Provisioner Token: cfut_79EHtlXBHzkjVXnJI3gl8P9ONgG5DJ09ns5db6do21163b36 (Bearer token, has Tunnel+DNS perms) - -### Tunnel Ingress Rules (version 3) -| Hostname | Service | Notes | -|----------|---------|-------| -| git.yohay.ai | http://localhost:3000 | Gitea | -| nomad.yohay.ai | http://localhost:4646 | Nomad | -| maas.yohay.ai | http://localhost:5240 | MAAS | -| k8s.yohay.ai | https://localhost:16443 | K8s API (noTLSVerify) | -| dash.yohay.ai | https://localhost:30443 | K8s Dashboard (noTLSVerify) | -| lxd.yohay.ai | https://localhost:8443 | LXD (noTLSVerify) | -| portainer.yohay.ai | http://localhost:9000 | | -| vault.yohay.ai | http://localhost:8200 | | -| minio.yohay.ai | http://localhost:9001 | | -| elk.yohay.ai | http://localhost:5601 | | -| uptime.yohay.ai | http://localhost:3001 | | -| monitor.yohay.ai | http://localhost:9090 | | -| n8n.yohay.ai | http://localhost:5678 | | -| nodered.yohay.ai | http://localhost:1880 | | -| home.yohay.ai | http://localhost:8123 | | -| chat.yohay.ai | http://localhost:8065 | | -| matrix.yohay.ai | http://localhost:8008 | | -| meet.yohay.ai | http://localhost:8443 | CONFLICT with LXD! | -| wiki.yohay.ai | http://localhost:3000 | CONFLICT with Gitea! | -| draw.yohay.ai | http://localhost:8080 | | -| comfyui.yohay.ai | http://localhost:8188 | | -| webui.yohay.ai | http://localhost:7860 | | -| ollama.yohay.ai | http://localhost:11434 | | -| frigate.yohay.ai | http://localhost:5000 | | -| rustdesk.yohay.ai | http://localhost:21114 | | -| aster.yohay.ai | http://localhost:5989 | | -| api.yohay.ai | http://localhost:8080 | | -| sso.yohay.ai | http://localhost:9000 | | -| registry.yohay.ai | http://localhost:32000 | K8s Registry | - -### SSL/Certificates -- Wildcard cert: *.yohay.ai (advanced, active) -- SSL mode: full - -### Cloudflare Access (Zero Trust) -- App: "yohay.ai - All Services" (ID: 46458e7d-dfb5-4f40-9c6b-9e1498e00bf2) -- Domain: *.yohay.ai -- Auth: Google Workspace (IDP: 6ce8a0ab-b3fd-4174-9d8b-87eacd2e2e97) -- Also: One-time PIN (IDP: b2e75643-bcb4-4c0d-88be-c006aad06823) -- Policy: Allow @yohay.ai and @biton.pro emails -- Session: 24h -- Access portal: bitonpro.cloudflareaccess.com - -### DNS Records Created (CNAME -> tunnel) -git, nomad, maas, k8s, dash, lxd, portainer, vault, minio, elk, uptime, monitor, n8n, nodered, home, chat, matrix, meet, wiki, draw, comfyui, webui, frigate, rustdesk, api, sso, registry - -## OVH KMS -- KMS ID: 17212333-c57e-481e-a3d2-07d3ff1a192c -- Region: eu-west-gra (Gravelines, France) -- Client cert: d05a39c2-99c1-4f6f-8780-c7e32e683a53 (on meni-office0-0001 Downloads) -- Secrets stored: cloudflare/global-api-key, cloudflare/provisioner-token, google/oauth, tailscale/api-key - -## Tailscale Network (key nodes) -| Node | IP | Tags | Status | -|------|----|------|--------| -| 5060ihome | 100.90.81.47 | - | online (this machine) | -| arcai | 100.81.132.108 | tagged-devices | online | -| gama-2 | 100.122.148.62 | tagged-devices | online | -| storai-1 | 100.92.89.14 | tagged-devices | online | -| stor130 | 100.103.249.102 | tag:ai-core | online | -| stor181 | 100.95.72.88 | tag:ai-core | online | -| meni-office0-0001-1 | 100.103.133.48 | tag:off | online | -| 10-100-102-240 | 100.78.185.72 | tagged-devices | online | -| 10-100-102-241 | 100.124.217.84 | tagged-devices | online (Nomad server) | - -## Passwords (user's lab, closed VPN) -- yohay on 5060ihome: Biton24680#@$ -- yohay on other servers: Bar2526#@$, Biton24680@!, Bazp383189! -- Tailscale auth key: tskey-auth-kx4QSRdqy321CNTRL-Dm6PrFTqN9KnaKSmKMNQ8KEq4QNtpQjw - -## TODO (next session) -1. REBOOT for NVIDIA 590 driver to load -2. After reboot: enable GPU in MicroK8s, deploy AI workloads (Ollama, ComfyUI, WebUI) -3. Fix port conflicts: meet.yohay.ai (8443 conflicts with LXD), wiki.yohay.ai (3000 conflicts with Gitea) -4. Deploy remaining services in K8s: Portainer, Vault, MinIO, ELK, Uptime, n8n, Node-RED, etc. -5. Connect other nodes to MicroK8s cluster (stor130, stor181, etc.) - blocked by Tailscale ACL -6. Fix Tailscale ACL: tag:off needs SSH access to tag:ai-core nodes -7. Set up Kubeflow for ML pipeline on GPU +**Why:** Claude needs full topology to route tasks optimally. +**How to apply:** Heavy AI -> DGX. Storage -> storai/ks-7 (24TB) or Storj. MDM -> enroll.yohay.ai. All internal via Tailscale. diff --git a/project_openclaw_system.md b/project_openclaw_system.md new file mode 100644 index 0000000..a2910c4 --- /dev/null +++ b/project_openclaw_system.md @@ -0,0 +1,29 @@ +--- +name: OpenClaw Child Safety System Architecture +description: OpenClaw is the AI brain on gama-2 server that connects Aster (Android app), BitOn.Pro (dashboard), and Claude to build automated child safety monitoring +type: project +--- + +OpenClaw is an open-source AI agent platform running on gama-2 server (162.19.126.209) that executes actions via MCP (Model Context Protocol), not just chat. + +## The Triangle Architecture + +1. **Aster** (Android app on child's phone) — monitors SMS, notifications, and sends them in real-time to the server. Accessible at `aster-gama2.yohayai.com`. + +2. **BitOn.Pro** (dashboard UI) — control panel for managing connected devices and approving them. + +3. **OpenClaw** (the brain) — receives data from Aster, analyzes it with Claude AI, and decides on actions (e.g., alert parent about suspicious messages). + +## How It Works + +- Aster sends events (SMS, notifications) to OpenClaw webhook at `localhost:18789` +- OpenClaw analyzes content using Claude AI +- Can trigger responses: WhatsApp alerts to parent, remote screenshots, GPS location pull, app locking + +## Goal + +Build an automated child safety product for parents — detect dangerous messages (from strangers, predatory language), alert parents in real-time via WhatsApp, and allow remote device control. + +**Why:** Yohay is building a child safety monitoring system that uses AI to detect threats in real-time rather than relying on keyword blocklists. + +**How to apply:** When working on OpenClaw, Aster, or BitOn — understand they are parts of one integrated child safety system. Prioritize security, real-time processing, and parent notification workflows. diff --git a/project_server_gama2.md b/project_server_gama2.md new file mode 100644 index 0000000..272aa62 --- /dev/null +++ b/project_server_gama2.md @@ -0,0 +1,26 @@ +--- +name: Server gama-2 Infrastructure +description: gama-2 server at 162.19.126.209 runs OpenClaw, Aster, WordPress, Ollama, HDM, Asterisk, and MicroK8s with Tailscale +type: project +--- + +Server: gama-2 (162.19.126.209), also on Tailscale at 100.122.148.62 + +## Key Services & URLs + +- `ai.yohay.ai` / `gama.yohay.ai` → Open WebUI (Ollama) :3000 +- `ollama-gama.yohay.ai` → Ollama API :11434 +- `aster-gama2.yohayai.com` → OpenClaw Gateway + Aster :18789/:5989 +- `clas.yohayai.com` → configured in nginx +- `gama2.yohayai.com` → WordPress :8082 +- `wpgame2.yohay.ai` → WordPress (wildcard) + +## Docker Stack + +- open-webui (Ollama), WordPress + MariaDB, Headwind MDM + Postgres, Caddy (OpenClaw), Kali Linux + +## Also Running + +- Asterisk PBX (5038, 5987-5989), Redis, MySQL, SMTP/IMAP mail, xRDP (3389), Nomad (4646-4648), MicroK8s + +**How to apply:** When troubleshooting or deploying, be aware of the full service map to avoid port conflicts and understand dependencies. diff --git a/user_yohay.md b/user_yohay.md new file mode 100644 index 0000000..e150c14 --- /dev/null +++ b/user_yohay.md @@ -0,0 +1,11 @@ +--- +name: Yohay - User Profile +description: Yohay builds AI-powered child safety systems, manages gama-2 server infrastructure, prefers Hebrew but terminal has RTL issues so uses English +type: user +--- + +- Building an AI-powered child safety monitoring product using OpenClaw + Aster + BitOn.Pro +- Manages server infrastructure (Docker, k8s, Asterisk PBX, Ollama) +- Domains: yohay.ai, yohayai.com +- Prefers Hebrew but asked for English responses due to terminal RTL rendering issues +- Hands-on sysadmin, runs commands directly, wants quick results