d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
2a6d3cfc7f765252f92066b511c898e957ebc546
proxmox/docs/00-meta/NEXT_STEPS_ALL.md
defiQUG b3a8fe4496
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
chore: sync all changes to Gitea 
- Config, docs, scripts, and backup manifests
- Submodule refs unchanged (m = modified content in submodules)

Made-with: Cursor
2026-03-02 11:37:34 -08:00

7.7 KiB
Raw Blame History

All Next Steps — Consolidated List

Last Updated: 2026-02-08
Purpose: Single ordered list of everything left to do (Dev/Codespaces + general operator).
Run-order checklist: CONTINUE_AND_COMPLETE.md (archived) — commands in order when ready.
References: DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md | NEXT_STEPS_OPERATOR.md
Completion evidence: DEV_CODESPACES_COMPLETION_20260207.md
Secrets & remaining actions: REMAINING_ITEMS_DOTENV_AND_ACTIONS.md

Completed 2026-02-07 (automated/scripted)

  • Fourth NPMplus: Script fixed to use NPM_URL_FOURTH; run requires first-time login and NPM_PASSWORD_FOURTH in .env. Placeholder added in .env.
  • SSH keys: scripts/dev-vm/add-dev-user-ssh-keys.sh added — adds one public key to dev1dev4 on CT 5700 via Proxmox host.
  • Security: scripts/security/run-security-on-proxmox-hosts.sh added — SSH key-only + UFW 8006 on all three Proxmox hosts (default dry-run; --apply when ready).
  • Verification: dev.d-bis.org, gitea.d-bis.org, codespaces.d-bis.org return HTTP 200; pve.* and 76.53.10.40 time out from workspace (verify from LAN if needed).

Already done (no action)

  • Fourth NPMplus LXC 10236 at 192.168.11.170; NPMplus + cloudflared installed; tunnel connector running (systemd).
  • Dev VM 5700 at 192.168.11.59; users dev1dev4, Gitea; tunnel + DNS configured.
  • UDM Pro port forward 76.53.10.40 → 192.168.11.170 (80/81/443) and → 192.168.11.59 (22, 3000).

1. Dev/Codespaces — Fourth NPMplus proxy hosts — DONE (2026-02-08)

All six proxy hosts added (script + same credentials). Let's Encrypt (Certbot) requested in UI; all six show Online, TLS Certbot, Public. No further action.

2. Dev/Codespaces — SSH keys for dev1dev4 — DONE (2026-02-08)

Keys added via add-dev-user-ssh-keys.sh from repo root. Test: ssh dev1@192.168.11.59.

3. Dev/Codespaces — Gitea first-run — DONE (2026-02-08)

Installer completed (git user, SQLite, paths under /opt/gitea/data, app.ini writable). Create repos in UI at https://gitea.d-bis.org as needed.

4. Dev/Codespaces — Rsync projects + dotenv — DONE (partial; re-run for full sync)

Initial rsync run from repo root; large tree may need a second run from your terminal:
cd ~/projects/proxmox && bash scripts/dev-vm/rsync-projects-to-dev-vm.sh
Ensure dotenv files are under /srv/projects (see DEV_CODESPACES_76_53_10_40.md § 6).

5. Dev/Codespaces — Gitea repos and remotes — DONE (2026-02-08)

Org d-bis and 18 repos created. Pushed to Gitea: proxmox (master), dbis_core (main), smom-dbis-138 (main), miracles_in_motion (main). Future pushes: use GITEA_TOKEN with scripts/dev-vm/push-to-gitea.sh.

6. Dev/Codespaces — Verification — DONE (2026-02-08)

  • HTTPS: dev.d-bis.org, gitea.d-bis.org, codespaces.d-bis.org → 200. pve.* and 76.53.10.40 verify from LAN if needed.
  • SSH: ssh dev1@192.168.11.59 confirmed; projects visible under /srv/projects/. Cursor Remote-SSH → /srv/projects/proxmox.
  • Proxmox: Confirm noVNC/console for pve.ml110, pve.r630-01, pve.r630-02 from browser when on LAN.

7. General — Bridge (W0-2)

Secrets: PRIVATE_KEY in smom-dbis-138/.env; same wallet holds LINK for bridge fees.
Check: bash scripts/bridge/run-send-cross-chain.sh 0.01 --dry-run (already verified).
To run real: bash scripts/bridge/run-send-cross-chain.sh 0.01

8. General — Security (W1-1, W1-2)

Check: Ensure SSH key login works to all three hosts before --apply.
Run from repo root: bash scripts/security/run-security-on-proxmox-hosts.sh --apply (disables password SSH, restricts 8006 to 192.168.11.0/24). No .env secrets needed.

9. General — 25062508 (destroyed 2026-02-08)

Containers 2506, 2507, 2508 were destroyed 2026-02-08 on all Proxmox hosts. Besu RPC range is 25002505 only. No JWT/identity action for 25062508. See MISSING_CONTAINERS_LIST.md.

10. General — Explorer SSL

If explorer.d-bis.org shows certificate warning: NPMplus at https://192.168.11.167:81 → SSL Certificates → Let's Encrypt for explorer.d-bis.org → assign to proxy host, Force SSL. See EXPLORER_TROUBLESHOOTING.md.

11. General — NPMplus cert 134 (cross-all.defi-oracle.io)

If verification reports "cert files missing": NPMplus at https://192.168.11.167:81 → SSL Certificates → find cross-all.defi-oracle.io → re-request Let's Encrypt or re-save to restore cert files.

12. General — Wave 2 & 3

Per WAVE2_WAVE3_OPERATOR_CHECKLIST.md: monitoring stack, Grafana + Cloudflare Access, VLAN enablement, CCIP Ops/Admin (54005401), DBIS services, NPMplus HA (optional), CCIP Fleet, Phase 4 tenant isolation. (25062508 destroyed 2026-02-08.)

13. General — Smart contracts (deploy and verify)

Secrets: PRIVATE_KEY (and RPC_URL_138, LINK_TOKEN_CHAIN138, CCIPWETH9_BRIDGE_CHAIN138) in smom-dbis-138/.env. Same wallet for deployment and bridge (holds LINK).

Remaining: Deploy any contracts not yet deployed; verify on Blockscout.

  • Deploy (Chain 138): cd smom-dbis-138 && source .env && bash scripts/deployment/deploy-all-contracts.sh (or deploy-contracts-unified.sh --mode ordered). WETH bridge: GAS_PRICE=1000000000 ./scripts/deploy-and-configure-weth9-bridge-chain138.sh from repo root.
  • Verify: source smom-dbis-138/.env && ./scripts/verify/run-contract-verification-with-proxy.sh

References: CONTRACT_DEPLOYMENT_RUNBOOK.md, CONTRACTS_TO_DEPLOY.md, REMAINING_ITEMS_DOTENV_AND_ACTIONS.md § 13.

Quick command index

Goal Command
Fourth NPMplus proxy hosts NPM_PASSWORD_FOURTH='...' bash scripts/nginx-proxy-manager/update-npmplus-fourth-proxy-hosts.sh
Add dev user SSH keys PUBLIC_KEY="$(cat ~/.ssh/id_ed25519.pub)" bash scripts/dev-vm/add-dev-user-ssh-keys.sh
Rsync to dev VM bash scripts/dev-vm/rsync-projects-to-dev-vm.sh [--dry-run] (after SSH keys)
Dev/Codespaces tunnel+DNS bash scripts/cloudflare/configure-dev-codespaces-tunnel-and-dns.sh
Security on Proxmox hosts bash scripts/security/run-security-on-proxmox-hosts.sh [--apply]
NPMplus backup bash scripts/verify/backup-npmplus.sh
Wave 0 via SSH bash scripts/run-via-proxmox-ssh.sh wave0 --host 192.168.11.11
Bridge (real) bash scripts/bridge/run-send-cross-chain.sh 0.01
Deploy contracts (Chain 138) cd smom-dbis-138 && source .env && bash scripts/deployment/deploy-all-contracts.sh
Verify contracts (Blockscout) source smom-dbis-138/.env && ./scripts/verify/run-contract-verification-with-proxy.sh
Push all projects to Gitea GITEA_TOKEN=xxx bash scripts/dev-vm/push-all-projects-to-gitea.sh
Add as4-411 submodule to Sankofa (Phoenix) bash scripts/dev-vm/add-as4-411-submodule-to-sankofa.sh
SSH key auth bash scripts/security/setup-ssh-key-auth.sh --apply (on each host)
Firewall 8006 bash scripts/security/firewall-proxmox-8006.sh --apply
Reference in New Issue View Git Blame Copy Permalink