2026-02-12 15:46:57 -08:00
# All Next Steps — Consolidated List
**Last Updated:** 2026-02-08
**Purpose:** Single ordered list of everything left to do (Dev/Codespaces + general operator).
2026-02-21 15:46:06 -08:00
**Run-order checklist:** [CONTINUE_AND_COMPLETE.md ](../archive/00-meta-pruned/CONTINUE_AND_COMPLETE.md ) (archived) — commands in order when ready.
2026-02-12 15:46:57 -08:00
**References:** [DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md ](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md ) | [NEXT_STEPS_OPERATOR.md ](NEXT_STEPS_OPERATOR.md )
**Completion evidence:** [DEV_CODESPACES_COMPLETION_20260207.md ](../04-configuration/verification-evidence/DEV_CODESPACES_COMPLETION_20260207.md )
**Secrets & remaining actions:** [REMAINING_ITEMS_DOTENV_AND_ACTIONS.md ](../04-configuration/REMAINING_ITEMS_DOTENV_AND_ACTIONS.md )
---
## Completed 2026-02-07 (automated/scripted)
- **Fourth NPMplus:** Script fixed to use NPM_URL_FOURTH; run requires first-time login and `NPM_PASSWORD_FOURTH` in `.env` . Placeholder added in `.env` .
- **SSH keys:** `scripts/dev-vm/add-dev-user-ssh-keys.sh` added — adds one public key to dev1–
- **Security:** `scripts/security/run-security-on-proxmox-hosts.sh` added — SSH key-only + UFW 8006 on all three Proxmox hosts (default dry-run; `--apply` when ready).
- **Verification:** dev.d-bis.org, gitea.d-bis.org, codespaces.d-bis.org return HTTP 200; pve.* and 76.53.10.40 time out from workspace (verify from LAN if needed).
---
## Already done (no action)
- Fourth NPMplus LXC 10236 at 192.168.11.170; NPMplus + cloudflared installed; tunnel connector running (systemd).
2026-02-21 15:46:06 -08:00
- Dev VM 5700 at 192.168.11.59; users dev1–
- UDM Pro port forward 76.53.10.40 → 192.168.11.170 (80/81/443) and → 192.168.11.59 (22, 3000).
2026-02-12 15:46:57 -08:00
---
## 1. Dev/Codespaces — Fourth NPMplus proxy hosts — **DONE (2026-02-08)**
All six proxy hosts added (script + same credentials). Let's Encrypt (Certbot) requested in UI; all six show **Online ** , TLS Certbot, Public. No further action.
---
## 2. Dev/Codespaces — SSH keys for dev1–
2026-02-21 15:46:06 -08:00
Keys added via `add-dev-user-ssh-keys.sh` from repo root. Test: `ssh dev1@192.168.11.59` .
2026-02-12 15:46:57 -08:00
---
## 3. Dev/Codespaces — Gitea first-run — **DONE (2026-02-08)**
Installer completed (git user, SQLite, paths under /opt/gitea/data, app.ini writable). Create repos in UI at https://gitea.d-bis.org as needed.
---
## 4. Dev/Codespaces — Rsync projects + dotenv — **DONE (partial; re-run for full sync)**
Initial rsync run from repo root; large tree may need a second run from your terminal:
`cd ~/projects/proxmox && bash scripts/dev-vm/rsync-projects-to-dev-vm.sh`
Ensure dotenv files are under `/srv/projects` (see [DEV_CODESPACES_76_53_10_40.md § 6 ](../04-configuration/DEV_CODESPACES_76_53_10_40.md#6-dotenv-files-include-in-dev-vm--accessibility )).
---
## 5. Dev/Codespaces — Gitea repos and remotes — **DONE (2026-02-08)**
Org **d-bis ** and 18 repos created. **Pushed ** to Gitea: proxmox (master), dbis_core (main), smom-dbis-138 (main), miracles_in_motion (main). Future pushes: use `GITEA_TOKEN` with `scripts/dev-vm/push-to-gitea.sh` .
---
## 6. Dev/Codespaces — Verification — **DONE (2026-02-08)**
- **HTTPS:** dev.d-bis.org, gitea.d-bis.org, codespaces.d-bis.org → 200. pve.* and 76.53.10.40 verify from LAN if needed.
2026-02-21 15:46:06 -08:00
- **SSH:** `ssh dev1@192.168.11.59` confirmed; projects visible under `/srv/projects/` . Cursor Remote-SSH → `/srv/projects/proxmox` .
2026-02-12 15:46:57 -08:00
- **Proxmox:** Confirm noVNC/console for pve.ml110, pve.r630-01, pve.r630-02 from browser when on LAN.
---
## 7. General — Bridge (W0-2)
**Secrets:** **PRIVATE_KEY ** in **smom-dbis-138/.env ** ; **same wallet ** holds **LINK ** for bridge fees.
**Check:** `bash scripts/bridge/run-send-cross-chain.sh 0.01 --dry-run` (already verified).
**To run real:** `bash scripts/bridge/run-send-cross-chain.sh 0.01`
---
## 8. General — Security (W1-1, W1-2)
**Check:** Ensure SSH key login works to all three hosts before --apply.
**Run from repo root:** `bash scripts/security/run-security-on-proxmox-hosts.sh --apply` (disables password SSH, restricts 8006 to 192.168.11.0/24). No .env secrets needed.
---
2026-03-02 11:37:34 -08:00
## 9. General — 2506–
2026-02-12 15:46:57 -08:00
2026-03-02 11:37:34 -08:00
Containers 2506, 2507, 2508 were **destroyed 2026-02-08 ** on all Proxmox hosts. Besu RPC range is **2500– ** only. No JWT/identity action for 2506– MISSING_CONTAINERS_LIST.md ](../03-deployment/MISSING_CONTAINERS_LIST.md ).
2026-02-12 15:46:57 -08:00
---
## 10. General — Explorer SSL
If explorer.d-bis.org shows certificate warning: NPMplus at https://192.168.11.167:81 → SSL Certificates → Let's Encrypt for explorer.d-bis.org → assign to proxy host, Force SSL. See [EXPLORER_TROUBLESHOOTING.md ](../04-configuration/EXPLORER_TROUBLESHOOTING.md ).
---
## 11. General — NPMplus cert 134 (cross-all.defi-oracle.io)
If verification reports "cert files missing": NPMplus at https://192.168.11.167:81 → SSL Certificates → find cross-all.defi-oracle.io → re-request Let's Encrypt or re-save to restore cert files.
---
## 12. General — Wave 2 & 3
2026-03-02 11:37:34 -08:00
Per [WAVE2_WAVE3_OPERATOR_CHECKLIST.md ](WAVE2_WAVE3_OPERATOR_CHECKLIST.md ): monitoring stack, Grafana + Cloudflare Access, VLAN enablement, CCIP Ops/Admin (5400– –
2026-02-12 15:46:57 -08:00
---
## 13. General — Smart contracts (deploy and verify)
**Secrets:** PRIVATE_KEY (and RPC_URL_138, LINK_TOKEN_CHAIN138, CCIPWETH9_BRIDGE_CHAIN138) in **smom-dbis-138/.env ** . Same wallet for deployment and bridge (holds LINK).
**Remaining:** Deploy any contracts not yet deployed; verify on Blockscout.
- **Deploy (Chain 138):** `cd smom-dbis-138 && source .env && bash scripts/deployment/deploy-all-contracts.sh` (or `deploy-contracts-unified.sh --mode ordered` ). WETH bridge: `GAS_PRICE=1000000000 ./scripts/deploy-and-configure-weth9-bridge-chain138.sh` from repo root.
- **Verify:** `source smom-dbis-138/.env && ./scripts/verify/run-contract-verification-with-proxy.sh`
**References:** [CONTRACT_DEPLOYMENT_RUNBOOK.md ](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md ), [CONTRACTS_TO_DEPLOY.md ](../11-references/CONTRACTS_TO_DEPLOY.md ), [REMAINING_ITEMS_DOTENV_AND_ACTIONS.md § 13 ](../04-configuration/REMAINING_ITEMS_DOTENV_AND_ACTIONS.md#13-smart-contracts--deploy-and-verify ).
---
## Quick command index
| Goal | Command |
|------|---------|
| Fourth NPMplus proxy hosts | `NPM_PASSWORD_FOURTH='...' bash scripts/nginx-proxy-manager/update-npmplus-fourth-proxy-hosts.sh` |
| Add dev user SSH keys | `PUBLIC_KEY="$(cat ~/.ssh/id_ed25519.pub)" bash scripts/dev-vm/add-dev-user-ssh-keys.sh` |
| Rsync to dev VM | `bash scripts/dev-vm/rsync-projects-to-dev-vm.sh [--dry-run]` (after SSH keys) |
| Dev/Codespaces tunnel+DNS | `bash scripts/cloudflare/configure-dev-codespaces-tunnel-and-dns.sh` |
| Security on Proxmox hosts | `bash scripts/security/run-security-on-proxmox-hosts.sh [--apply]` |
| NPMplus backup | `bash scripts/verify/backup-npmplus.sh` |
| Wave 0 via SSH | `bash scripts/run-via-proxmox-ssh.sh wave0 --host 192.168.11.11` |
| Bridge (real) | `bash scripts/bridge/run-send-cross-chain.sh 0.01` |
| Deploy contracts (Chain 138) | `cd smom-dbis-138 && source .env && bash scripts/deployment/deploy-all-contracts.sh` |
| Verify contracts (Blockscout) | `source smom-dbis-138/.env && ./scripts/verify/run-contract-verification-with-proxy.sh` |
| Push all projects to Gitea | `GITEA_TOKEN=xxx bash scripts/dev-vm/push-all-projects-to-gitea.sh` |
| Add as4-411 submodule to Sankofa (Phoenix) | `bash scripts/dev-vm/add-as4-411-submodule-to-sankofa.sh` |
| SSH key auth | `bash scripts/security/setup-ssh-key-auth.sh --apply` (on each host) |
| Firewall 8006 | `bash scripts/security/firewall-proxmox-8006.sh --apply` |
