MASTER-DOKU: DevBoxNSA Infrastructure
Version: 2.0 · 04. März 2026
Server: vmd181486.contaboserver.net (207.180.207.183 / VPN: 100.64.0.1)
Lokal: Pop!_OS 22.04 LTS (VPN: 100.64.0.2)
Zentrale Referenz für alle Infrastruktur-Entscheidungen.
Claude Code lädt diese Datei als Kontext: cat ~/MASTER-DOKU.md
Speicherort: ~/MASTER-DOKU.md (Server) + ~/projects/intel-platform/MASTER-DOKU.md
1. NETZWERK-ARCHITEKTUR
┌─────────────────────────┐
│ INTERNET │
└────────────┬────────────┘
│
┌────────────▼────────────┐
│ CLOUDFLARE (DNS/CDN) │
│ *.devboxnsa.org │
│ DDoS + SSL Termination │
└────────────┬────────────┘
│ :80/:443
┌────────────▼────────────┐
│ CONTABO VPS │
│ 207.180.207.183 │
│ Ubuntu 24.04 LTS │
│ 6-Core EPYC · 12GB RAM │
│ 193GB SSD (50% used) │
│ Uptime: 145 Tage │
│ │
│ NGINX (16 Sites + SSL) │
│ │ │
│ DOCKER (37 Container) │
│ (17 Networks, 11 Vol.) │
│ │
│ HEADSCALE VPN │
│ 100.64.0.1 │
└────────────┬────────────┘
│ WireGuard
┌────────────▼────────────┐
│ POP!_OS LAPTOP │
│ 100.64.0.2 │
│ 30GB RAM · 929GB SSD │
└─────────────────────────┘
Öffentliche Ports (UFW)
| Port |
Dienst |
| 80 |
Nginx HTTP |
| 443 |
Nginx HTTPS |
| 2222 |
Forgejo Git SSH |
| 3478/udp |
Headscale STUN |
| 22 |
SSH (nur VPN: 100.64.0.0/10) |
SSH Config (Lokal: ~/.ssh/config)
Host devbox / server / contabo
HostName 100.64.0.1
User nsa
IdentityFile ~/.ssh/id_ed25519
2. ALLE 37 DOCKER-CONTAINER
Öffentliche Web-Services (via Nginx + SSL)
| # |
Service |
Domain |
Port |
Stack |
| 1 |
Intel Platform |
intel.devboxnsa.org |
3002/8002 |
Next.js, FastAPI, Redis, PostGIS, LibreTranslate |
| 2 |
Finance Terminal |
finance.devboxnsa.org |
3004/8003 |
Next.js, FastAPI, Redis, PostgreSQL |
| 3 |
Job-Tracker |
jobs.devboxnsa.org |
3001 |
Next.js, PostgreSQL, n8n |
| 4 |
Forgejo |
git.devboxnsa.org |
3003/2222 |
Forgejo (Git Server) |
| 5 |
Nextcloud |
cloud.devboxnsa.org |
8888 |
Nextcloud, PostgreSQL, Redis |
| 6 |
Outline Wiki |
wiki.devboxnsa.org |
3012 |
Outline, MinIO, PostgreSQL, Redis |
| 7 |
BookStack |
kb.devboxnsa.org |
6875 |
BookStack, MariaDB |
| 8 |
SilverBullet |
vinyl.devboxnsa.org |
3010 |
SilverBullet |
| 9 |
MkDocs |
docs.devboxnsa.org |
8090 |
MkDocs Material |
| 10 |
Authentik |
auth.devboxnsa.org |
9000 |
Authentik, PostgreSQL, Redis |
| 11 |
Vaultwarden |
vault.devboxnsa.org |
3013 |
Vaultwarden (Bitwarden) |
| 12 |
n8n |
n8n.devboxnsa.org |
5678 |
n8n Workflow |
| 13 |
Miniflux |
rss.devboxnsa.org |
8080 |
Miniflux, PostgreSQL |
| 14 |
Uptime Kuma |
status.devboxnsa.org |
— |
Monitoring |
| 15 |
Headscale |
vpn.devboxnsa.org |
8085 |
VPN Coordination |
| 16 |
Open WebUI |
chat.devboxnsa.org |
8089 |
LLM Chat |
Interne Services (nur VPN/Lokal)
| Service |
Port |
Beschreibung |
| Portainer |
127.0.0.1:9443 |
Docker Management UI |
| Ollama |
0.0.0.0:11434 |
LLM (llama3.2:3b, llama3.1:8b) |
Container nach Stack
Intel Platform ─── frontend (3002) + backend (8002) + postgres (5433) + redis + libretranslate
Finance Terminal ── frontend (3004) + backend (8003) + postgres + redis
Job-Tracker ────── frontend + app + n8n (5678) + postgres (5432)
Nextcloud ──────── app (8888) + postgres + redis + cron
Outline Wiki ───── app (3012) + minio (9002) + postgres + redis + minio-setup (exited)
Authentik ──────── server (9000) + worker + postgres + redis
BookStack ──────── app (6875) + mariadb
Miniflux ──────── app (8080) + postgres
Standalone ────── portainer, forgejo, silverbullet, mkdocs, headscale, uptime-kuma, vaultwarden
Architektur
112 RSS Feeds (Miniflux) → Event Stream (60s) → Cross-Ref Detection → Redis Sliding Window (2h)
↓
Threat Clustering + Escalation
↓
Frontend (D3.js SVG Maps, Trends, Briefings)
Seiten
| Seite |
Features |
| Dashboard |
Politics Map (5 Kategorien), Atlas Map, Timeline, Top 20 Trends, Multi-Vergleich (4 Länder) |
| Threat Board |
Monitoring → Developing → Breaking → Confirmed |
| History |
Volltextsuche, 44k+ Artikel, Filter |
| Atlas |
War Room, D3.js SVG, SITREP Overlay |
| Sources |
Grid + Matrix, Reliability Scores |
| Settings |
112 Feeds, API Health, System Stats |
| Kategorie |
Anzahl |
| Mainstream DE/EN |
~45 |
| Reddit & Social |
~10 |
| Investigativ |
~5 |
| Early Signals: Government |
9 |
| Early Signals: Finance |
6 |
| Early Signals: Science & Tech |
6 |
| Early Signals: OSINT |
6 |
| Early Signals: Think Tanks |
7 |
5-Kategorie Geopolitik
| Kategorie |
Farbe |
Anzahl |
| NATO-Kern |
#1a3a8a |
38 |
| Westlich-Aligned |
#3a6aaa |
21 |
| Swing States |
#4a2a6a |
34+ |
| Östlich-Aligned |
#8a4a3a |
28 |
| Östlicher Kern |
#8a1a1a |
7 |
API Endpoints
GET /api/events/threats?category=...
GET /api/events/threats/geo?hours=24
GET /api/news/?source=...&language=...&sort_by=...
GET /api/news/country?name=iran&limit=20
GET /api/briefing/today?category=...
GET /api/briefing/summary?period=today|week|month
GET /api/sources/enriched
GET/POST/PUT/DELETE /api/settings/feeds
POST /api/settings/feeds/import
GET /api/settings/feeds/export
GET /api/settings/health
GET /api/settings/system
Git Log (Session 03-04.03.2026)
5e2ee5e 5-category geopolitical system, conflict clustering, zoom
003a139 Static map, click-on-land, multi-compare up to 4
b433771 Block F2: Politics Map Redesign
5805744 Leaflet → D3.js SVG world map
8ce08cd Block F1: Geopolitical Politics Map
e92c4ed Block E: Dashboard Command Center
2d1d765 Block D: Settings
4ba40b9 Block C: Atlas War Room
01d1555 Block B: Sources Merge + Threat Board Polish
fb36b71 Block A: Dashboard Redesign
0c7aa1a Bugfix: Signal detection + Cross-Ref fixes
4. FINANCE TERMINAL
| Phase |
Feature |
Status |
| 1-4 |
Dashboard, Charts, Paper Trading, WebSocket |
✅ |
| 5 |
Signal Engine (Intel → Trading Signale) |
⚠️ Fallback dominant |
Probleme: Ollama Timeout 15s→120s, Relevanzfilter fehlt, 68% NEUTRAL.
5. LOKALES SETUP (Pop!_OS)
| Eigenschaft |
Wert |
| OS |
Pop!_OS 22.04 LTS, Kernel 6.17.9 |
| RAM |
30 GB (9.4 GB genutzt) |
| Disk |
929 GB SSD (5% belegt) |
| Swap |
19 GB (unbenutzt) |
| Verschlüsselung |
LUKS Full Disk + VeraCrypt + SECURESTICK USB (233 GB) |
| Node.js |
v20.20.0 (nvm) |
| Python |
3.10.12 |
| Tools |
VS Code, Kitty, Docker, Git, Proton VPN, Tor, Obsidian |
Home Directory – Aufräumbedarf
| Ordner |
Größe |
Frage |
| ~/Projekte |
936 KB |
Leer? Sync mit Server? |
| ~/keepass-pakete |
19 MB |
Migration zu Bitwarden? |
| ~/vault.devbox |
240 KB |
Noch relevant? |
| ~/Contabo-Server 1 |
40 KB |
Legacy? |
| ~/knowledge_backup |
2.3 MB |
Backup wovon? |
6. SICHERHEIT
✅ Was gut ist
- UFW deny-by-default, 5 offene Ports
- SSH: Kein Root, kein Passwort, nur Key-Auth, nur VPN
- Headscale VPN: 2 Nodes, beide online
- 16 SSL-Zertifikate, Auto-Renew alle 12h
- Fail2Ban aktiv (0 Bans, 0 fremde IPs)
- Tägliche Backups 3:00 Uhr + Nextcloud separat + 7-Tage-Retention
- Health Check täglich 8:00 Uhr + Docker Status alle 6h
- Unattended Upgrades aktiv
- Alle Services auf 127.0.0.1 gebunden
⚠️ Was verbessert werden muss
| Problem |
Priorität |
| Kein Offsite Backup (nur lokal auf Server) |
KRITISCH |
| RAM knapp (12 GB, 3.1 GB Swap für 37 Container) |
HOCH |
| 18 defekte RSS-Feeds |
MITTEL |
| SSL jobs.devboxnsa.org in 31 Tagen |
MITTEL |
| Kein Container Auto-Update (Watchtower fehlt) |
MITTEL |
| Nur 1 von 17 Projekten in Forgejo |
NIEDRIG |
| 1 anonymes Docker Volume |
NIEDRIG |
| slooth (462 MB) – noch gebraucht? |
NIEDRIG |
7. CREDENTIALS
| Service |
User |
Password |
| Intel Platform API |
admin |
T0ky0N1ght!2026 |
| Miniflux |
admin |
HWLpKiT6zBWtY3pH28ynneqKqNEpLgDQ |
| Portainer |
admin |
(neu gesetzt 04.03.2026 → Bitwarden) |
| SSH |
nsa |
Key-Auth only |
8. PROJEKT-VERZEICHNIS (Server)
~/projects/ Gesamt: ~2.5 GB
├── intel-platform/ 544 MB ← Hauptprojekt (Forgejo)
├── job-tracker/ 1.1 GB ← Größtes Projekt
├── slooth/ 462 MB ← Prüfen
├── forgejo/ 194 MB
├── bookstack/ 160 MB
├── uptime-kuma/ 33 MB
├── finance-terminal/ 1.3 MB ← Forgejo
├── vaultwarden/ 2.2 MB
├── headscale/ 856 KB
├── authentik/ 384 KB
├── portainer/ 384 KB
├── outline/ 304 KB
├── silverbullet/ 144 KB
├── dotfiles/ 160 KB
├── dockge/ 60 KB ← Noch genutzt?
├── status-dashboard/ 44 KB ← Legacy?
└── miniflux/ 16 KB
9. BACKUPS (aktuell)
| Was |
Wann |
Wo |
Retention |
| System (~/projects, configs) |
Täglich 3:00 |
~/backups/ |
~9 Tage (~2.8 GB) |
| Nextcloud |
Täglich 3:00 |
~/backups/nextcloud/ |
7 Tage |
| Docker Status Log |
Alle 6h |
~/backups/docker-status.log |
— |
| Health Check |
Täglich 8:00 |
~/backups/health.log |
— |
FEHLT: Offsite Backup (Restic → Backblaze/Hetzner Storage Box)
10. UPDATE-SEQUENZEN
# Intel Platform deployen
cd ~/projects/intel-platform
docker compose build frontend backend && docker compose up -d frontend backend
git add -A && git commit -m "..." && git push forgejo master
# SSL-Zertifikate
sudo certbot renew --dry-run && sudo certbot renew && sudo systemctl reload nginx
# System-Updates
sudo apt update && sudo apt upgrade -y
# Docker-Images
cd ~/projects/PROJEKT && docker compose pull && docker compose up -d && docker image prune -f
# Backup manuell
~/scripts/backup.sh && ~/nextcloud/backup.sh
11. CLAUDE CODE QUICK REFERENCE
# Kontext laden
cat ~/MASTER-DOKU.md | head -50
# Status prüfen
cd ~/projects/intel-platform && docker compose ps && git log --oneline -5
curl -s -o /dev/null -w "%{http_code}" http://localhost:3002
# Backend Auth
TOKEN=$(python3 -c "import requests; r=requests.post('http://127.0.0.1:8002/api/auth/login',json={'username':'admin','password':'T0ky0N1ght!2026'}); print(r.json()['token'])")
curl -H "Authorization: Bearer $TOKEN" http://localhost:8002/api/events/threats
# Miniflux
curl -u "admin:HWLpKiT6zBWtY3pH28ynneqKqNEpLgDQ" http://127.0.0.1:8080/v1/feeds | python3 -c "import sys,json; print(len(json.load(sys.stdin)))"
12. NÄCHSTE SCHRITTE
Kritisch
- Offsite Backup einrichten (Restic)
- 18 defekte Feeds reparieren
- Certbot Auto-Renew testen
- Watchtower installieren
- Homepage Dashboard installieren
Wichtig
- Politics Map Feinschliff (Zoom, Klick, Größe)
- Länder-Daten erweitern (nur 20 von 177 klickbar)
- Trends besser kategorisieren und clustern
- Medien-Reliability Scoring verbessern
- X/Twitter + Socials anbinden
- RAM-Situation evaluieren (Swap 3.1 GB)
- Cockpit installieren
Medium-Term
- Economics + Military + Environment Layer
- Finance Terminal Fixes
- Alle 17 Projekte in Forgejo
- Lokale Ordner aufräumen
Letzte Aktualisierung: 04. März 2026, 03:30 UTC+1