Add CT 115 Vaultwarden, update kernel pin gotcha, kocka-novinky gotchas, active projects

00_index.md

@@ -1,5 +1,5 @@
 # 00 — Master Index
-> Last updated: 2026-06-12
+> Last updated: 2026-06-14
 > Quick-reference card for Claude. Read this first, then load specific files only as needed.
 
 ---
@@ -15,7 +15,7 @@
 | **Domain** | `spendlik.sk` |
 | **Gitea owner** | `spendlik` |
 | **MCP server** | `mcp.spendlik.sk` (CT 112) |
-| **Proxmox kernel** | `6.14.11-5-pve` (6.17.x breaks NVIDIA 550 DKMS) |
+| **Proxmox kernel** | `6.14.11-5-pve` PINNED — 6.17.x and 7.0.x break NVIDIA 550 DKMS |
 
 ---
 
@@ -36,10 +36,12 @@
 | 110 | windows11 (VM) | 192.168.1.227 | — | RTX 4060 passthrough, Rhino 7 + Sunshine |
 | 111 | paperless | 192.168.1.111 | paperless.spendlik.sk | Document management (6-lang OCR, media on NAS) |
 | 112 | mcp-server | 192.168.1.100 | mcp.spendlik.sk | MCP bridge — Proxmox + Gitea tools for Claude |
-| 114 | euro-office | 192.168.1.114 | office.spendlik.sk | Online office suite (Euro-Office, Docker) |
+| 113 | *(unassigned)* | — | — | Available |
+| 114 | *(unassigned)* | — | — | Planned: Euro-Office (office.spendlik.sk) |
+| 115 | vaultwarden | 192.168.1.115 | vault.spendlik.sk | Password manager (Vaultwarden, Docker, Bitwarden-compatible) |
 
-> Next available CT ID: **115** · Next available IP: **192.168.1.115** (check before assigning)
+> Next available CT ID: **116** · Next available IP: **192.168.1.116** (check before assigning)
-> CT 113 was removed (AppFlowy → replaced by Obsidian)
+> CT 113 was removed (AppFlowy → replaced by Obsidian) — ID available for reuse
 
 ---
 
@@ -48,8 +50,8 @@
 | Device | OS | Key Detail |
 |---|---|---|
 | Main PC | CachyOS (Arch), KDE Plasma 6 / Wayland | i7-13700K, RTX 4060 Ti, 32GB DDR5 |
-| Galaxy S25 | Android | WireGuard VPN client; MGit for Obsidian sync |
+| Galaxy S25 | Android | WireGuard VPN client; MGit for Obsidian sync; Bitwarden |
-| Galaxy Tab S9 | Android | MGit for Obsidian sync |
+| Galaxy Tab S9 | Android | MGit for Obsidian sync; Bitwarden |
 | Bambu A1 + AMS Lite | — | LAN Only Mode, OrcaSlicer |
 
 ---
@@ -69,7 +71,7 @@
 | `09_gpu_setup.md` | RTX 4060 passthrough, VFIO, kernel 6.14 pin, Sunshine |
 | `10_ddns_deployment.md` | CT 108 — WebSupport API v2, HMAC-SHA1 auth, record IDs |
 | `11_gitea_deployment.md` | CT 109 — Gitea binary install, nginx, SSL |
-| `12_euro_office_deployment.md` | CT 114 — Euro-Office Docker deploy, nginx, Authelia, SSL |
+| `12_euro_office_deployment.md` | CT 114 — Euro-Office Docker deploy, nginx, Authelia, SSL (planned) |
 | `homelab-goals.md` | Roadmap and long-term infrastructure goals |
 
 > 💡 Load only the file(s) relevant to the current task. Do not load all files by default.
@@ -83,29 +85,29 @@
 | **nginx / certbot** | Certbot corrupts configs — always inspect after cert issuance; check for duplicate `server_name` and missing closing braces |
 | **NFS mounts** | Use `soft,timeo=30,retrans=3` — hard NFS can freeze Proxmox host |
 | **DDNS script** | `/tmp/ddns_last_ip` cache; reboot clears it fine — but stale cache can miss IP change |
-| **WebSupport DNS** | Two separate management pages — missing the second caused an outage; update both |
+| **WebSupport DNS** | Two separate management pages — missing the second caused an outage; update both. DNS A record must exist before certbot can verify. |
 | **Gitea writes** | Always read file content before writing — writes replace entire file |
-| **Proxmox kernel** | Stay on `6.14.11-5-pve` — 6.17.x breaks NVIDIA 550 DKMS |
+| **Proxmox kernel** | PINNED to `6.14.11-5-pve` via `proxmox-boot-tool kernel pin`. 6.17.x and 7.0.x kernels still installed but won't boot. Do NOT unpin or upgrade kernel without verifying NVIDIA 550 DKMS support first. |
 | **OpenRGB** | Uninstalled — SMBus interaction with ADATA XPG GAMMIX D35 poses hardware risk |
 | **Hairpin NAT** | Slovak Telekom router blocks hairpin — test external domains from mobile data, not LAN |
 | **WebSupport API** | Uses numeric service ID `15056760`, not domain name; HMAC-SHA1 signed requests |
+| **kocka-novinky.sk** | Wordfence blocks login — keep disabled. wp-config.php WP_SITEURL/WP_HOME hardcoded to www.kocka-novinky.sk. Zen browser has Content-Encoding issue — use Firefox/Chrome. |
 
 ---
 
-## 🔄 Active Projects (as of 2026-06-12)
+## 🔄 Active Projects (as of 2026-06-14)
 
 | Project | Next Action | Reference |
 |---|---|---|
-| Euro-Office | Deploy CT 114 per `12_euro_office_deployment.md` | CT 114 |
+| kocka-novinky.sk automation | Build n8n POC workflow: Brickset → Claude → WordPress lego-set + post | CT 100 |
-| Paperless-ngx | Migrate media dir to NAS ✅ done; next: Gemini post-processing | CT 111 |
+| Paperless-ngx | Processing ~730 new documents; next: Gemini post-processing | CT 111 |
 | Gemini post-processing | Get Gemini API key → install Python package in CT 111 | CT 111 |
-| kocka-novinky.sk automation | Set up Brickset API credentials in n8n | CT 100 |
+| Euro-Office | Deploy CT 114 | CT 114 (planned) |
 | WireGuard DDNS | Add `vpn.spendlik.sk` DNS record + update CT 108 script | CT 107/108 |
-| Vaultwarden | Decide CT ID and IP → deploy Docker LXC | CT 115+ (planned) |
+| Bookmark manager | Decide tool (Linkding / Hoarder / Shiori) → deploy | CT 116 (planned) |
-| Bookmark manager | Decide tool (Linkding / Hoarder / Shiori) → deploy | CT 115+ (planned) |
+| BAMbuddy | Check Bambu A1 Developer Mode → deploy | CT 116 (planned) |
-| BAMbuddy | Check Bambu A1 Developer Mode → deploy | CT 115+ (planned) |
 | Authelia enforcement | Extend 2FA to Jellyfin, Audiobookshelf, Gitea | CT 102/101 |
-| Spendlikpapermodels redesign | Set up /dev subdomain on WebSupport | WebSupport |
+| Vaultwarden | ✅ Deployed — remaining: import existing passwords | CT 115 |
 
 > Full task list: `obsidian-vault/Tasks.md`
 
@@ -152,6 +154,7 @@
 | Notifications | Matrix (automation alerts) | CT 103 |
 | DNS management | WebSupport REST API v2 | CT 108 |
 | Affiliate site | WordPress on WebSupport hosting | kocka-novinky.sk |
+| Password manager | Vaultwarden | CT 115 / vault.spendlik.sk |
 
 ---