MASTER-DOKU: DevBoxNSA Infrastructure
Version: 2.0 · 04. März 2026
Server: vmd181486.contaboserver.net (207.180.207.183 / VPN: 100.64.0.1)
Lokal: Pop!_OS 22.04 LTS (VPN: 100.64.0.2)
Zentrale Referenz für alle Infrastruktur-Entscheidungen.
Claude Code lädt diese Datei als Kontext: cat ~/MASTER-DOKU.md
Speicherort: ~/MASTER-DOKU.md (Server) + ~/projects/intel-platform/MASTER-DOKU.md
1. NETZWERK-ARCHITEKTUR
┌─────────────────────────┐
│ INTERNET │
└────────────┬────────────┘
│
┌────────────▼────────────┐
│ CLOUDFLARE (DNS/CDN) │
│ *.devboxnsa.org │
│ DDoS + SSL Termination │
└────────────┬────────────┘
│ :80/:443
┌────────────▼────────────┐
│ CONTABO VPS │
│ 207.180.207.183 │
│ Ubuntu 24.04 LTS │
│ 6-Core EPYC · 12GB RAM │
│ 193GB SSD (50% used) │
│ Uptime: 145 Tage │
│ │
│ NGINX (16 Sites + SSL) │
│ │ │
│ DOCKER (37 Container) │
│ (17 Networks, 11 Vol.) │
│ │
│ HEADSCALE VPN │
│ 100.64.0.1 │
└────────────┬────────────┘
│ WireGuard
┌────────────▼────────────┐
│ POP!_OS LAPTOP │
│ 100.64.0.2 │
│ 30GB RAM · 929GB SSD │
└─────────────────────────┘
Öffentliche Ports (UFW)
Port Dienst 80 Nginx HTTP 443 Nginx HTTPS 2222 Forgejo Git SSH 3478/udp Headscale STUN 22 SSH (nur VPN: 100.64.0.0/10)
SSH Config (Lokal: ~/.ssh/config)
Host devbox / server / contabo
HostName 100.64.0.1
User nsa
IdentityFile ~/.ssh/id_ed25519
2. ALLE 37 DOCKER-CONTAINER
Öffentliche Web-Services (via Nginx + SSL)
# Service Domain Port Stack 1 Intel Platform intel.devboxnsa.org 3002/8002 Next.js, FastAPI, Redis, PostGIS, LibreTranslate 2 Finance Terminal finance.devboxnsa.org 3004/8003 Next.js, FastAPI, Redis, PostgreSQL 3 Job-Tracker jobs.devboxnsa.org 3001 Next.js, PostgreSQL, n8n 4 Forgejo git.devboxnsa.org 3003/2222 Forgejo (Git Server) 5 Nextcloud cloud.devboxnsa.org 8888 Nextcloud, PostgreSQL, Redis 6 Outline Wiki wiki.devboxnsa.org 3012 Outline, MinIO, PostgreSQL, Redis 7 BookStack kb.devboxnsa.org 6875 BookStack, MariaDB 8 SilverBullet vinyl.devboxnsa.org 3010 SilverBullet 9 MkDocs docs.devboxnsa.org 8090 MkDocs Material 10 Authentik auth.devboxnsa.org 9000 Authentik, PostgreSQL, Redis 11 Vaultwarden vault.devboxnsa.org 3013 Vaultwarden (Bitwarden) 12 n8n n8n.devboxnsa.org 5678 n8n Workflow 13 Miniflux rss.devboxnsa.org 8080 Miniflux, PostgreSQL 14 Uptime Kuma status.devboxnsa.org — Monitoring 15 Headscale vpn.devboxnsa.org 8085 VPN Coordination 16 Open WebUI chat.devboxnsa.org 8089 LLM Chat
Interne Services (nur VPN/Lokal)
Service Port Beschreibung Portainer 127.0.0.1:9443 Docker Management UI Ollama 0.0.0.0:11434 LLM (llama3.2:3b, llama3.1:8b)
Container nach Stack
Intel Platform ─── frontend (3002) + backend (8002) + postgres (5433) + redis + libretranslate
Finance Terminal ── frontend (3004) + backend (8003) + postgres + redis
Job-Tracker ────── frontend + app + n8n (5678) + postgres (5432)
Nextcloud ──────── app (8888) + postgres + redis + cron
Outline Wiki ───── app (3012) + minio (9002) + postgres + redis + minio-setup (exited)
Authentik ──────── server (9000) + worker + postgres + redis
BookStack ──────── app (6875) + mariadb
Miniflux ──────── app (8080) + postgres
Standalone ────── portainer, forgejo, silverbullet, mkdocs, headscale, uptime-kuma, vaultwarden
Architektur
112 RSS Feeds (Miniflux) → Event Stream (60s) → Cross-Ref Detection → Redis Sliding Window (2h)
↓
Threat Clustering + Escalation
↓
Frontend (D3.js SVG Maps, Trends, Briefings)
Seiten
Seite Features Dashboard Politics Map (5 Kategorien), Atlas Map, Timeline, Top 20 Trends, Multi-Vergleich (4 Länder) Threat Board Monitoring → Developing → Breaking → Confirmed History Volltextsuche, 44k+ Artikel, Filter Atlas War Room, D3.js SVG, SITREP Overlay Sources Grid + Matrix, Reliability Scores Settings 112 Feeds, API Health, System Stats
Kategorie Anzahl Mainstream DE/EN ~45 Reddit & Social ~10 Investigativ ~5 Early Signals: Government 9 Early Signals: Finance 6 Early Signals: Science & Tech 6 Early Signals: OSINT 6 Early Signals: Think Tanks 7
5-Kategorie Geopolitik
API Endpoints
GET /api/events/threats?category=...
GET /api/events/threats/geo?hours=24
GET /api/news/?source=...&language=...&sort_by=...
GET /api/news/country?name=iran&limit=20
GET /api/briefing/today?category=...
GET /api/briefing/summary?period=today|week|month
GET /api/sources/enriched
GET/POST/PUT/DELETE /api/settings/feeds
POST /api/settings/feeds/import
GET /api/settings/feeds/export
GET /api/settings/health
GET /api/settings/system
Git Log (Session 03-04.03.2026)
5e2ee5e 5-category geopolitical system, conflict clustering, zoom
003a139 Static map, click-on-land, multi-compare up to 4
b433771 Block F2: Politics Map Redesign
5805744 Leaflet → D3.js SVG world map
8ce08cd Block F1: Geopolitical Politics Map
e92c4ed Block E: Dashboard Command Center
2d1d765 Block D: Settings
4ba40b9 Block C: Atlas War Room
01d1555 Block B: Sources Merge + Threat Board Polish
fb36b71 Block A: Dashboard Redesign
0c7aa1a Bugfix: Signal detection + Cross-Ref fixes
4. FINANCE TERMINAL
Phase Feature Status 1-4 Dashboard, Charts, Paper Trading, WebSocket ✅ 5 Signal Engine (Intel → Trading Signale) ⚠️ Fallback dominant
Probleme: Ollama Timeout 15s→120s, Relevanzfilter fehlt, 68% NEUTRAL.
5. LOKALES SETUP (Pop!_OS)
Eigenschaft Wert OS Pop!_OS 22.04 LTS, Kernel 6.17.9 RAM 30 GB (9.4 GB genutzt) Disk 929 GB SSD (5% belegt) Swap 19 GB (unbenutzt) Verschlüsselung LUKS Full Disk + VeraCrypt + SECURESTICK USB (233 GB) Node.js v20.20.0 (nvm) Python 3.10.12 Tools VS Code, Kitty, Docker, Git, Proton VPN, Tor, Obsidian
Home Directory – Aufräumbedarf
Ordner Größe Frage ~/Projekte 936 KB Leer? Sync mit Server? ~/keepass-pakete 19 MB Migration zu Bitwarden? ~/vault.devbox 240 KB Noch relevant? ~/Contabo-Server 1 40 KB Legacy? ~/knowledge_backup 2.3 MB Backup wovon?
6. SICHERHEIT
✅ Was gut ist
UFW deny-by-default, 5 offene Ports
SSH: Kein Root, kein Passwort, nur Key-Auth, nur VPN
Headscale VPN: 2 Nodes, beide online
16 SSL-Zertifikate, Auto-Renew alle 12h
Fail2Ban aktiv (0 Bans, 0 fremde IPs)
Tägliche Backups 3:00 Uhr + Nextcloud separat + 7-Tage-Retention
Health Check täglich 8:00 Uhr + Docker Status alle 6h
Unattended Upgrades aktiv
Alle Services auf 127.0.0.1 gebunden
⚠️ Was verbessert werden muss
Problem Priorität Kein Offsite Backup (nur lokal auf Server)KRITISCH RAM knapp (12 GB, 3.1 GB Swap für 37 Container)HOCH 18 defekte RSS-Feeds MITTEL SSL jobs.devboxnsa.org in 31 TagenMITTEL Kein Container Auto-Update (Watchtower fehlt)MITTEL Nur 1 von 17 Projekten in Forgejo NIEDRIG 1 anonymes Docker Volume NIEDRIG slooth (462 MB) – noch gebraucht?NIEDRIG
7. CREDENTIALS
Service User Password Intel Platform API admin T0ky0N1ght!2026 Miniflux admin HWLpKiT6zBWtY3pH28ynneqKqNEpLgDQ Portainer admin (neu gesetzt 04.03.2026 → Bitwarden) SSH nsa Key-Auth only
8. PROJEKT-VERZEICHNIS (Server)
~/projects/ Gesamt: ~2.5 GB
├── intel-platform/ 544 MB ← Hauptprojekt (Forgejo)
├── job-tracker/ 1.1 GB ← Größtes Projekt
├── slooth/ 462 MB ← Prüfen
├── forgejo/ 194 MB
├── bookstack/ 160 MB
├── uptime-kuma/ 33 MB
├── finance-terminal/ 1.3 MB ← Forgejo
├── vaultwarden/ 2.2 MB
├── headscale/ 856 KB
├── authentik/ 384 KB
├── portainer/ 384 KB
├── outline/ 304 KB
├── silverbullet/ 144 KB
├── dotfiles/ 160 KB
├── dockge/ 60 KB ← Noch genutzt?
├── status-dashboard/ 44 KB ← Legacy?
└── miniflux/ 16 KB
9. BACKUPS (aktuell)
Was Wann Wo Retention System (~/projects, configs) Täglich 3:00 ~/backups/ ~9 Tage (~2.8 GB) Nextcloud Täglich 3:00 ~/backups/nextcloud/ 7 Tage Docker Status Log Alle 6h ~/backups/docker-status.log — Health Check Täglich 8:00 ~/backups/health.log —
FEHLT: Offsite Backup (Restic → Backblaze/Hetzner Storage Box)
10. UPDATE-SEQUENZEN
# Intel Platform deployen cd ~/projects/intel-platform docker compose build frontend backend && docker compose up -d frontend backend git add -A && git commit -m "..." && git push forgejo master
# SSL-Zertifikate sudo certbot renew --dry-run && sudo certbot renew && sudo systemctl reload nginx
# System-Updates sudo apt update && sudo apt upgrade -y
# Docker-Images cd ~/projects/PROJEKT && docker compose pull && docker compose up -d && docker image prune -f
# Backup manuell ~ /scripts/backup.sh && ~/nextcloud/backup.sh 11. CLAUDE CODE QUICK REFERENCE
# Kontext laden cat ~/MASTER-DOKU.md | head -50
# Status prüfen cd ~/projects/intel-platform && docker compose ps && git log --oneline -5 curl -s -o /dev/null -w "%{http_code}" http://localhost:3002
# Backend Auth TOKEN = $( python3 -c "import requests; r=requests.post('http://127.0.0.1:8002/api/auth/login',json={'username':'admin','password':'T0ky0N1ght!2026'}); print(r.json()['token'])" ) curl -H "Authorization: Bearer $TOKEN " http://localhost:8002/api/events/threats
# Miniflux curl -u "admin:HWLpKiT6zBWtY3pH28ynneqKqNEpLgDQ" http://127.0.0.1:8080/v1/feeds | python3 -c "import sys,json; print(len(json.load(sys.stdin)))" 12. NÄCHSTE SCHRITTE
Kritisch
Offsite Backup einrichten (Restic)
18 defekte Feeds reparieren
Certbot Auto-Renew testen
Watchtower installieren
Homepage Dashboard installieren
Wichtig
Politics Map Feinschliff (Zoom, Klick, Größe)
Länder-Daten erweitern (nur 20 von 177 klickbar)
Trends besser kategorisieren und clustern
Medien-Reliability Scoring verbessern
X/Twitter + Socials anbinden
RAM-Situation evaluieren (Swap 3.1 GB)
Cockpit installieren
Medium-Term
Economics + Military + Environment Layer
Finance Terminal Fixes
Alle 17 Projekte in Forgejo
Lokale Ordner aufräumen
Letzte Aktualisierung: 04. März 2026, 03:30 UTC+1