codexadmin work log

High-level record of lab infrastructure work, grouped by date and general effort so follow-up tasks are easier to find.

Last updated: 2026-06-28 16:03:15 UTC

2026-06-28

Daily online demos and presence check

Public Status Sweep

  • Verified that see.creosote.net still aliases to focaccio.github.io and that https://see.creosote.net/what-codex-and-i-are-up-to.html returns HTTP 200 from GitHub Pages.
  • Verified that port2ai.com still publishes Cloudflare email-routing MX records and SPF, but no public apex A or AAAA record, so the domain still does not resolve as a website.
  • Recorded that downstream ask@port2ai.com forwarding to Microsoft still cannot be confirmed from public DNS alone.
  • Observed the live page still serving the prior June 27 body during this run, so refreshed the published HTML to force a new GitHub Pages deployment.

Tracked Demo And Profile Gaps

  • Found no safe public verification endpoint today for the DigitalOcean IER1 BGP router peering with d42; a publishable check target is still needed.
  • Found no safe public verification target today for obx1 Tailscale/TST port forwarding; the public port and expected success response are still needed.
  • Found no confirmed public port2ai profile URL today for Twitter/X, Upwork, or Freelancer, so those exact public links remain to be added.

2026-06-27

Daily online demos and presence check

Public Status Sweep

  • Verified that see.creosote.net still aliases to focaccio.github.io and that the public status page returns HTTP 200 from GitHub Pages.
  • Verified that port2ai.com still publishes Cloudflare email-routing MX records and SPF, but no public apex web host record, so the site does not resolve over HTTPS.
  • Recorded that the downstream ask@port2ai.com forwarding path to Microsoft cannot be confirmed from public DNS alone.

Tracked Demo And Profile Gaps

  • Found no new public verification endpoint for the DigitalOcean IER1 BGP router peering with d42; a safe public check target is still needed.
  • Found no new public verification target for obx1 Tailscale/TST port forwarding; the public port and expected response are still needed.
  • Found no confirmed public port2ai profile URL today for Twitter/X, Upwork, or Freelancer, so those exact links remain to be added.

2026-06-26

Daily online demos and presence check

Public Page Publication Process

  • Traced what-codex-and-i-are-up-to.html to the Focaccio/focaccio.github.io GitHub Pages repository.
  • Confirmed the prior daily presence automation was reporting in Codex but was not editing, committing, or pushing the GitHub Pages source files.
  • Updated the public wrapper page and this embedded work log so the live page has a visible June 26 update.
  • Adjusted the daily automation instructions so future runs update the Pages repository and push the site, instead of only posting a chat summary.

Online Demos And Presence Status

  • Verified that see.creosote.net resolves through focaccio.github.io and returns HTTP 200 from GitHub Pages.
  • Verified that port2ai.com has Cloudflare email-routing MX records but still has no apex A record, so https://port2ai.com does not resolve as a website.
  • Recorded that Demo 1, the DigitalOcean IER1 BGP router peering with d42, still needs a check command or endpoint before it can be verified automatically.
  • Recorded that Demo 2, TST/Tailscale port forwarding for obx1, still needs the public port, target host/port, and expected success test.
  • Recorded that exact public profile URLs or handles are still needed for port2ai on Twitter/X, Upwork, and Freelancer.

Recent Accounting Overview

Everything currently reflected in this public work log

This section makes the current accounting visible up front. The dated entries below remain the chronological record, but this overview names the full set of recent work areas so the page is not just a latest-update marker.

Custom-ISO Workspace

  • Reviewed the Custom-ISO workspace structure, package sets, profiles, service definitions, documentation, and native binary artifacts.
  • Accounted for the Server 101 offline ISO effort, including offline package workflows, local repository support, first-boot troubleshooting material, and implementation guides.
  • Included the supporting management scripts for services such as Bind, Gitea, Observium, Oxidized, Samba, SFTP, Graylog, dashboard tooling, and XRDP remediation.

Burnjobs And Staged Artifacts

  • Accounted for burnjob bundles from the June work, including Oxidized, KDE, SFTP, Observium, Bind, and Graylog staging artifacts.
  • Included the Graylog site-two burnjob README material and the June 14 through June 21 Graylog archive package.
  • Recorded the Aruba/Silver Peak materials found with the burnjob work, including Orchestrator and ECOS release packages, API Swagger bundles, release notes, and the Orchestrator GIP image.

port2ai Workspace And Prospect Package

  • Accounted for the port2ai workspace setup, including README, research, work tracking, lead and proposal records, templates, and daily review calendar material.
  • Included the Prospect-FL-26-001 Proxmox SDN/BGP integration package, with submission plan, flowchart assets, PowerPoint proposal, and PDF proposal.
  • Reflected the port2ai administrative work log, including repository setup, public publishing, proposal packaging, and AI-staff disclaimer work.

Lab Infrastructure And Services

  • Recorded the main lab host validation work around Observium, Oxidized, Bind, repository updates, work-log updates, services, shares, and attached storage expectations.
  • Included NAS share review work related to the expected attachable share on the NAS host.
  • Captured storage replacement planning for the lab machine, including translating the installed drive into practical 1-2 TB SATA replacement guidance.

Mac Laptop, VMware, DNS, And Host Identity

  • Recorded investigation of the old Mac laptop running VMware Fusion and whether it had enough resources for an Aruba Orchestrator test VM.
  • Included hostname and static-address work to make the machine persist as fnxc15 in the lab domain.
  • Captured the DNS follow-up to add the host entry on the lab name server.

Public Pages And Work-Log Publication

  • Recorded updates to the public GitHub Pages site, including the codexadmin work log and the "What Codex and I are up to" page.
  • Added and revised the requested Nota Bene language: "This page was directed by GF and built by Codex."
  • Verified publishing through GitHub Pages and checked live-page content after deployment so the public site reflects the repository changes.

2026-06-21

Expanded accounting of recent lab and public-site work

Work Log Reconciliation

  • Reviewed the public work-log clone and confirmed the recent entries were too brief to be useful as an accounting of the work.
  • Expanded the newest section so the page records the categories of work completed since the prior refresh rather than only noting that the page was refreshed.
  • Kept the public page focused on useful operational history while avoiding publication of passwords, tokens, and overly specific internal addressing details.

Storage And Replacement Planning

  • Identified the physical storage type in the main lab host and translated the installed model into practical replacement requirements.
  • Separated the Mac laptop storage question from the lab host storage question so the replacement recommendation matched the actual machine being serviced.
  • Narrowed replacement guidance to 1-2 TB class 3.5-inch SATA drives, favoring CMR/NAS-suitable models over older discontinued desktop-green models.

Main Lab Host Service Validation

  • Verified the main lab host was back online after maintenance and checked the expected SSH, web, repository, and network-config backup surfaces.
  • Confirmed the important services were container-backed where expected and distinguished those healthy containers from inactive host-level systemd units.
  • Checked the work-log updater, diagnosed a boot-order failure caused by the repository service not being ready yet, reran the updater successfully, and confirmed future scheduling.
  • Checked the repository synchronization path, confirmed the sync job could complete cleanly, and restored its timer so updates continue automatically.
  • Verified that monitoring and DNS responsibilities belonged to the appropriate supporting hosts rather than assuming they were all running on the main lab host.

NAS And Share Review

  • Resolved the NAS host and verified it was offering file-sharing services.
  • Identified the likely SMB share used from client machines.
  • Checked the NFS export state and noted that one export was intentionally limited by client allow-list rather than generally available to every lab host.

Custom ISO, Burn Job, And Port2AI Project Accounting

  • Expanded the public accounting beyond the Pages repository by inspecting local project evidence from the Custom-ISO, burnjob, and port2ai workspaces.
  • Accounted for the Custom-ISO work as a git-backed offline server build effort: implementation guides, first-boot troubleshooting notes, offline package management helpers, service installers, Docker image artifacts, native binaries, and service configuration payloads.
  • Accounted for the burnjob series as staged deliverable bundles rather than ordinary git commits, including Graylog site build materials, dashboard helper scripts, SFTP/BIND/Observium/Oxidized/KDE builder archives, and packaged handoff archives.
  • Accounted for the Aruba/Silver Peak artifact staging work, including Orchestrator and ECOS images, release notes, and API Swagger archives used for lab and scripting preparation.
  • Accounted for the port2ai workspace as a local-first business-development/project workspace with research, proposal tracking, reusable templates, an online-presence review calendar, and a formal Proxmox SDN/BGP prospect package.
  • Included the port2ai prospect artifacts at a high level: submission plan, phased workflow diagram, client-facing slide deck, PDF export, and supervised-AI role/disclaimer language.

Old Mac Laptop And VMware Assessment

  • Identified the old Mac laptop on the lab network and confirmed it was reachable through standard remote-management services.
  • Checked the laptop hardware profile, memory, disk headroom, and VMware Fusion presence.
  • Compared the laptop capacity against Aruba Orchestrator VM requirements and concluded it was not a comfortable fit for a real Orchestrator lab VM without a larger host.
  • Preserved the laptop as a useful lightweight Fusion lab system while avoiding overcommitting it to a workload that wants more memory and storage.

Hostname, Static Addressing, And DNS

  • Renamed the old Mac laptop to the requested lab name across the macOS host-name, local-host-name, and computer-name settings.
  • Identified the physical Ethernet service carrying the desired lab address and made that address persistent on the existing interface.
  • Updated the local authoritative DNS zone with the new laptop record, validated the zone, reloaded DNS, and verified name-based SSH access.
  • Cleaned up stale local SSH host-key state where prior address reuse made a valid host look suspicious to the client.

Public GitHub Pages Updates

  • Located the local checkout for the public Pages repository and confirmed it was the source for the live custom-domain site.
  • Added the requested directed-build attribution to the landing page and later changed the label to Nota Bene.
  • Added the same Nota Bene attribution to the What Codex and I are up to... page and matched its existing visual style.
  • Resolved GitHub authentication by switching to the correct account token, rebased safely over newer remote landing-page work, and pushed without clobbering the newer page design.
  • Verified GitHub Pages deployments and checked both the direct Pages URL and the custom domain after cache propagation.

Public Work Log Publication

  • Added missing public work-log sections for storage planning, service validation, NAS review, laptop setup, DNS updates, and GitHub Pages publication work.
  • Updated the public work-log timestamp and jump list so the newest work is visible at the top of the page.
  • Rechecked the live custom-domain work-log page after deployment to confirm the current file was being served rather than an older cached copy.

2026-06-01

GitHub Pages attribution and public work-log refresh

Public Site Attribution

  • Updated the public GitHub Pages landing page with the requested directed-build attribution.
  • Changed the attribution label from Disclaimer: to Nota Bene: and verified the live site served the updated text after normal Pages cache propagation.

Public Work Log Clone

  • Located the local checkout for the public Pages repository and confirmed this static work-log clone had fallen behind recent lab activity.
  • Added public-safe summaries for the recent storage, service validation, NAS review, laptop host setup, DNS, and publication work.

2026-05-29

Lab service validation, NAS review, laptop setup, and DNS updates

Core Lab Service Check

  • Verified that the main lab services came back online after maintenance and checked the associated web, repository, monitoring-adjacent, and configuration-backup entry points.
  • Confirmed container-backed services were running and that scheduled update jobs were either healthy or rerun successfully after boot ordering caused an early failure.
  • Re-enabled the existing repository synchronization timer after confirming the sync job itself completed cleanly.

NAS And Share Review

  • Confirmed the NAS host was reachable and reviewed the available file-sharing protocols.
  • Identified the likely SMB share path for client attachment and confirmed a separate NFS export exists with a restricted client allow-list.

Old Mac Laptop Reconfiguration

  • Identified the old Mac laptop on the lab network, checked its available resources, and confirmed VMware Fusion was installed.
  • Renamed the host to the requested lab name, made the selected physical network address persistent, and verified SSH access by the new name.

Local DNS Update

  • Updated the local authoritative DNS zone with the new laptop record.
  • Validated the zone, reloaded DNS, and confirmed the new fully qualified name resolves correctly.

2026-05-22

Lab host storage identification and replacement planning

Storage Inventory

  • Identified the installed spinning disk in the lab host and translated the model into practical replacement requirements.
  • Recommended a compatible 1-2 TB class replacement focused on 3.5-inch SATA CMR/NAS-suitable drives rather than hunting for the older original model.

2026-05-17

QEMU, DNS, SNMP, Observium, and work-log cleanup

QEMU Debian VM: qd248

  • Finished the Debian ARM64 QEMU VM build under /Users/000qemu000/debian-arm64 with a 28 GB root disk, 4 GB RAM, and 1 vCPU.
  • Expanded the guest root partition and filesystem after the KDE installation initially exhausted the smaller default partition.
  • Set the persistent hostname to qd248.tst.areafx.net.
  • Configured persistent bridged networking for 192.168.86.248/24, gateway 192.168.86.1, DNS 1.1.1.1, and domain tst.areafx.net.
  • Installed KDE Plasma and TigerVNC, enabled the vncserver-autouser.service systemd service, and verified Plasma starts behind VNC on port 5901.
  • Added an EFI startup.nsh fallback so the VM boots Debian instead of stopping at the UEFI shell.

Local DNS And Resolver Updates

  • Confirmed the Mac split-DNS resolver for tst.areafx.net points at Binder on 192.168.86.33.
  • Added the missing Binder DNS record qd248.tst.areafx.net A 192.168.86.248.
  • Bumped the BIND zone serial to 2026051701, validated the zone with named-checkzone, and reloaded BIND with rndc.
  • Verified direct DNS resolution for qd248.tst.areafx.net through Binder.

Mac SNMP Monitoring

  • Configured the Mac f16xc built-in Net-SNMP daemon for read-only SNMPv2c polling from Observium only.
  • Restricted the SNMP community [redacted-public-copy] to obx1.tst.areafx.net at 192.168.86.42.
  • Verified obx1 can poll f16xc over SNMP and retrieve sysName and sysDescr.
  • Confirmed macOS bundled Net-SNMP is version 5.6.2.1 and does not cleanly support the requested SHA-256/AES-256 SNMPv3 profile, so SNMPv2c was retained for compatibility.

Observium Onboarding And Graph Repair

  • Added f16xc to Observium from the nms-app container using add_device.php -p because the Mac does not answer ICMP echo from obx1.
  • Ran discovery and polling for Observium device ID 16; Observium identified the host as Darwin, Apple, workstation, with the SNMPv2c community redacted in this public copy.
  • Troubleshot missing traffic graphs for en0; confirmed SNMP counters and MySQL port rates were valid, but the RRD graph files were owned by root:root.
  • Changed the f16xc RRD tree ownership to www-data:www-data so the scheduled Observium poller can update graph data.
  • Verified a poller run as www-data updates port-14.rrd for en0 and that RRD graph rendering succeeds.
  • Disabled duplicate/test Observium cron entries that could launch overlapping pollers, leaving the normal poller-wrapper.py and scheduled discovery path in place.

codexadmin Work Log

  • Reformatted ca-work-log.html from a flat daily bullet list into date sections with general effort headings and task bullets.
  • Added a date jump list and cleaner card-style formatting while keeping the log as a single static HTML file.
  • Added the 2026-05-17 updates for QEMU, DNS, SNMP, Observium, and this work-log cleanup.

2026-05-15

kg55 package work, VM Shuttle testing, and f16codex setup

kg55 Optical Drive And Desktop Tooling

  • Upgraded kg55 packages and installed K3b 25.04.0-1 for GUI optical burning.
  • Verified no remaining upgradable packages, no reboot required, and active Docker/libvirt/nginx/SMB/XRDP services.
  • Verified Gitea is reachable on port 3000, optical drive /dev/sr0 is present, and the K3b desktop launcher/help works under XRDP.
  • Installed optical drive tooling for the ATAPI iHAS324 B writer: wodim, genisoimage, growisofs, dvd+rw-tools, cdrdao, cdparanoia, libcdio-utils, eject, and udftools.
  • Verified /dev/sr0 and /dev/cdrom are present and greg has cdrom/device access.

VM Tool Shuttle Test 3

  • Ran VM Tool Shuttle test 3 on kg55 using updated runbook commit 677fbaf.
  • Created vm-shuttle-test03 and verified LAN IP 192.168.86.40, SSH access for greg, su - root validation, and QEMU guest agent operation.
  • Performed clean shutdown, QCOW2 export, streamOptimized VMDK export, checksums, qemu-img checks, and ESXi import notes.
  • Stored test 3 export evidence under /srv/vms/vm-shuttle-test03/exports/20260515-1049.

VM Tool Shuttle Test 2 Cleanup And Retest

  • Cleanly removed vm-shuttle-test02: confirmed it was shut off, undefined it from libvirt, removed /srv/vms/vm-shuttle-test02, removed export artifacts, and verified virsh list was empty.
  • Updated VM Tool Shuttle runbooks to set and validate a root password for lab su - usage.
  • Applied the root password setting to vm-shuttle-test02, validated su - root returns UID 0, shut down cleanly, and regenerated the ESXi export bundle under /srv/vms/vm-shuttle-test02/exports/20260515-0218-rootpass.
  • Ran VM Tool Shuttle test 2, verified LAN SSH access at 192.168.86.38, exported QCOW2 and streamOptimized VMDK artifacts, verified checksums and qemu-img checks, and updated workflow guides to remove cloud-init self-wait from runcmd.

f16codex Host Setup

  • Configured f16codex at 192.168.86.122.
  • Corrected the hostname to f16codex.tst.areafx.net.
  • Made enx8cae4ce1ca72 persistent static at 192.168.86.122/24 with gateway 192.168.86.1.
  • Added the Binder DNS A record f16codex.tst.areafx.net -> 192.168.86.122 and verified DNS, ping, and SSH by FQDN.

Runbook Precheck Updates

  • Updated all VM Tool Shuttle workflow guides with the 2026-05-15 precheck findings.
  • Documented that sshpass and nmap are required host tools.
  • Documented that prior vm-shuttle-test01 state should not be reused for a clean retest.
  • Documented that VMDKs must be regenerated after post-export SSH repairs.

2026-05-14

VM Shuttle foundations, Gitea previews, and work-log process repair

VM Tool Shuttle Documentation

  • Updated workflow documents to require end-of-test SSH access validation.
  • Added openssh-server setup, sshd configuration validation, non-loopback LAN IP parsing, and successful SSH login evidence requirements for future tests.

VM Tool Shuttle Test 1

  • Ran VM Tool Shuttle workflow test 1 on kg55.
  • Created a Debian cloud VM on br0, verified LAN IP 192.168.86.49, shut it down cleanly, exported QCOW2, converted to VMDK, and generated evidence/checksum bundle.

kg55 KVM Networking And Toolchain

  • Created persistent bridge br0 on kg55 using enp5s0f0 as the LAN-facing bridge port for VM access on 192.168.86.0/24.
  • Left kg55 management on enp4s0f0 unchanged.
  • Downloaded the official Debian 13 trixie genericcloud amd64 QCOW2 image from cloud.debian.org to /srv/isos and verified it with SHA512SUMS.
  • Prepared the Debian cloud image as the VM Tool Shuttle source.
  • Reviewed the VM Tool Shuttle Codex test runbook and installed/prepared the kg55 KVM/libvirt toolchain needed for VM creation, QCOW2 inspection, VMDK conversion, OVMF boot, libguestfs tooling, and cloud-init seed media.

Gitea DOCX Preview Support

  • Enabled Gitea DOCX previews on kg55 by building a persistent gitea/gitea-docx image with Pandoc.
  • Added the .docx external markup renderer configuration.

codexadmin Work Log Process

  • Reviewed and repaired the codexadmin work-log process after confirming the daily timer was only regenerating existing static entries.
  • Backfilled missing 2026-05-13 operational changes.
  • Added a helper command for appending future high-level work-log entries.

2026-05-13

SMB sharing and Git/GitHub publication workflow

kg55 SMB Share

  • Installed and configured Samba on kg55.tst.areafx.net.
  • Published /localsharekg55 as the localsharekg55 SMB3 share.
  • Verified SMB3 read/write access.

Gitea To GitHub Sync

  • Created the codexadmin/tstcodex_publicworks1 Gitea repository on kg55.
  • Configured automated GitHub synchronization to Focaccio/tstcodex_publicworks1.
  • Installed a GitHub deploy key for kg55-to-GitHub sync and verified push access after the key was added to GitHub.
  • Changed the GitHub sync scheduler from a five-minute systemd timer to a reboot-persistent cron job that runs every six hours.

Published Public Works Artifacts

  • Added hello-world.txt to tstcodex_publicworks1 and pushed it from kg55 Gitea to GitHub.
  • Added VM-tool-shuttle-workflow.txt from /localsharekg55 to tstcodex_publicworks1 and pushed it to GitHub.
  • Added airgapped_local_codex_research_paper_cli_layer_options.docx from /localsharekg55 to tstcodex_publicworks1 and pushed it to GitHub.
  • Added local-ai-agent-101-v2-20260507-bookmarked.pdf from /localsharekg55 to tstcodex_publicworks1 and pushed it to GitHub.

2026-05-12

Initial lab services, DNS, monitoring, PXE, and config backup

kg55 Base Services

  • Built kg55.tst.areafx.net as a Debian Docker host with Docker Engine, Compose, KDE Plasma, xrdp, Chrome, Netdata, iotop, and Gitea.
  • Configured kg55 static networking and DNS so tst.areafx.net systems resolve through Binder.
  • Created the codexadmin Gitea admin account and codexadmin repository for ongoing change tracking.
  • Installed nginx on kg55 and served ca-work-log.html directly from the checked-out Gitea repository.

Binder DNS

  • Configured binder1.tst.areafx.net as the local authoritative DNS server for tst.areafx.net.
  • Added LAN host records for lab systems.
  • Configured Binder to publish tst-records.txt into the codexadmin repository whenever the tst.areafx.net BIND zone changes.

Oxidized Network Config Backup

  • Created the Oxidized container on kg55 from oxidized/oxidized.
  • Exposed the Oxidized web UI on port 8888 and stored persistent data under /opt/oxidized.
  • Added sw1.tst.areafx.net and sw2.tst.areafx.net to Oxidized and verified both switch configs were collected.
  • Created the codexadmin-runbooks-tst Gitea repository and documented the Oxidized container build and switch onboarding procedure.

Monitoring, PXE, And Time Sync

  • Configured SNMPv3 authPriv monitoring on supported Linux hosts with the codexsnmp settings.
  • Configured nas1.tst.areafx.net PXE/TFTP storage and routing support for the 10.69.0.0/16 PXE network.
  • Configured NTP/UTC on lab systems including switches, Binder, Observium, ier2, and codex1.