Claude Based Knowledge: Server-Infrastruktur
Vollständige technische Dokumentation des DevBox NSA Servers.
Server-Spezifikationen
| Eigenschaft |
Wert |
| Hostname |
vmd181486 |
| OS |
Ubuntu 24.04 LTS (Kernel 6.8.0-71-generic) |
| CPU |
6 Cores |
| RAM |
11 GB |
| IPv4 |
207.180.207.183 |
| IPv6 |
2a02:c207:3018:1486::1 |
| Domain |
devboxnsa.org |
| DNS |
Cloudflare |
| User |
nsa (UID 1000) |
Subdomains & Routing
Alle Subdomains werden über Nginx als Reverse Proxy terminiert. SSL wird über Let's Encrypt (Certbot) bereitgestellt.
| Subdomain |
→ Upstream |
Service |
SSL-Zertifikat |
| jobs.devboxnsa.org |
127.0.0.1:3000 |
Job Tracker Frontend |
jobs.devboxnsa.org-0001 |
| git.devboxnsa.org |
127.0.0.1:3003 |
Forgejo |
git.devboxnsa.org |
| n8n.devboxnsa.org |
127.0.0.1:5678 |
n8n |
n8n.devboxnsa.org |
| rss.devboxnsa.org |
127.0.0.1:8080 |
Miniflux |
rss.devboxnsa.org |
| status.devboxnsa.org |
127.0.0.1:3001 |
Uptime Kuma |
status.devboxnsa.org |
| intel.devboxnsa.org |
127.0.0.1:3002 |
Intel Platform |
intel.devboxnsa.org |
| vault.devboxnsa.org |
127.0.0.1:3013 |
Vaultwarden |
vault.devboxnsa.org |
| wiki.devboxnsa.org |
127.0.0.1:6875 |
BookStack |
wiki.devboxnsa.org |
| vinyl.devboxnsa.org |
127.0.0.1:3012 |
Outline |
vinyl.devboxnsa.org |
| auth.devboxnsa.org |
127.0.0.1:9000 |
Authentik |
auth.devboxnsa.org |
| vpn.devboxnsa.org |
127.0.0.1:8085 |
Headscale |
vpn.devboxnsa.org |
| docs.devboxnsa.org |
127.0.0.1:8090 |
MkDocs Material |
docs.devboxnsa.org |
Docker-Container
Job Tracker Stack (~/projects/job-tracker/docker-compose.yml)
| Container |
Image |
Port |
Netzwerk |
Funktion |
| jobtracker-frontend |
job-tracker-frontend |
3000 |
host |
Next.js 16 Frontend |
| jobtracker-app |
job-tracker-tracker |
3005 |
host |
Express API + Puppeteer |
| jobtracker-db |
postgres:16-alpine |
5432 |
bridge |
PostgreSQL Datenbank |
| jobtracker-n8n |
n8nio/n8n:latest |
5678 |
bridge |
Workflow-Automation |
| Container |
Image |
Port |
Funktion |
| intel-platform-frontend-1 |
intel-platform-frontend |
3002 |
Next.js Frontend |
| intel-platform-backend-1 |
intel-platform-backend |
8002 |
FastAPI Backend |
| intel-platform-postgres-1 |
postgis/postgis:16-3.4 |
5433 |
PostGIS Datenbank |
| intel-platform-redis-1 |
redis:7-alpine |
— |
Cache |
| intel-platform-libretranslate-1 |
libretranslate/libretranslate |
— |
Übersetzung |
Standalone Services
| Container |
Image |
Port |
Funktion |
| forgejo |
codeberg.org/forgejo/forgejo:9 |
3003 + SSH:2222 |
Git Hosting |
| miniflux |
miniflux/miniflux:latest |
8080 |
RSS Reader |
| miniflux-db |
postgres:15-alpine |
— |
Miniflux DB |
| uptime-kuma |
louislam/uptime-kuma:1 |
3001 (host) |
Monitoring |
| vaultwarden |
vaultwarden/server:latest |
3013 |
Passwort-Manager |
| bookstack |
linuxserver/bookstack:latest |
6875 |
Wiki |
| bookstack-db |
linuxserver/mariadb:latest |
— |
BookStack DB |
| outline-app |
outlinewiki/outline:latest |
3012 |
Wiki |
| outline-db |
postgres:16 |
— |
Outline DB |
| outline-minio |
minio/minio:latest |
9002 |
S3 Storage |
| outline-redis |
redis:7 |
— |
Outline Cache |
| silverbullet |
zefhemel/silverbullet:latest |
3010 |
PKM |
| authentik-server |
goauthentik/server:latest |
9000 |
SSO/Auth |
| authentik-worker |
goauthentik/server:latest |
— |
Background Worker |
| authentik-db |
postgres:16 |
— |
Authentik DB |
| authentik-redis |
redis:7 |
— |
Authentik Cache |
| headscale |
headscale/headscale:latest |
8085/9090 |
VPN Coordinator |
| portainer |
portainer/portainer-ce:latest |
9443 |
Container Management |
| mkdocs |
squidfunk/mkdocs-material |
8090 |
Diese Dokumentation |
Gesamt: ~27 Container
systemd-Services
Neben Docker laufen folgende relevante systemd-Services:
| Service |
Funktion |
| nginx |
Reverse Proxy, SSL Termination |
| docker |
Container Runtime |
| ssh |
Remote Access |
| tailscaled |
Tailscale VPN Agent |
| fail2ban |
Brute-Force-Schutz |
| containerd |
Container Runtime (low-level) |
| cron |
Scheduled Tasks |
| systemd-resolved |
DNS |
| systemd-timesyncd |
NTP |
| unattended-upgrades |
Auto Security Updates |
Datenbanken
| Datenbank |
Engine |
Container |
Port |
Genutzt von |
| jobtracker |
PostgreSQL 16 |
jobtracker-db |
5432 |
Job Tracker Frontend + Backend |
| intel-platform |
PostGIS 16 |
intel-platform-postgres-1 |
5433 |
Intel Platform |
| miniflux |
PostgreSQL 15 |
miniflux-db |
— |
Miniflux |
| outline |
PostgreSQL 16 |
outline-db |
— |
Outline Wiki |
| authentik |
PostgreSQL 16 |
authentik-db |
— |
Authentik SSO |
| bookstack |
MariaDB |
bookstack-db |
— |
BookStack Wiki |
Verzeichnisstruktur
/home/nsa/
├── projects/
│ ├── job-tracker/ # Mono-Repo (Git: nsa/job-tracker-mono)
│ │ ├── frontend/ # Next.js 16 (Submodule: nsa/job-tracker)
│ │ ├── tracker/ # Express API + Puppeteer
│ │ ├── docker-compose.yml
│ │ └── .env
│ ├── intel-platform/ # OSINT Platform (Git: nsa-lg/intel-platform)
│ │ ├── frontend/ # Next.js
│ │ ├── backend/ # FastAPI
│ │ └── docker-compose.yml
│ ├── dotfiles/ # Shell-Configs
│ │ ├── server/
│ │ └── laptop/
│ ├── uptime-kuma/ # Kuma Data + docker-compose
│ └── MASTER-DESIGN.md # Design-System (Catppuccin Mocha + Tokyo Night)
├── mkdocs/ # Diese Dokumentation
│ ├── docs/
│ ├── mkdocs.yml
│ └── docker-compose.yml
├── bin/ # Eigene Scripts (job.sh, cmd.sh, devbox-session.sh)
└── archive/2026-02-06/ # 11 archivierte Projekte
Git-Repositories (Forgejo)
| Repo |
Sichtbarkeit |
Beschreibung |
| nsa/job-tracker |
Private |
Frontend Submodule (Next.js) |
| nsa/job-tracker-mono |
Private |
Parent Repo (Frontend + Tracker + Docker) |
| nsa/devbox-docs |
Private |
Infrastruktur-Dokumentation |
| nsa-lg/intel-platform |
Public |
OSINT Intelligence Platform |
Forgejo API: http://localhost:3003/api/v1
Forgejo SSH: ssh://git@localhost:2222/
Sicherheit
- SSL: Alle Subdomains über Let's Encrypt (auto-renew via Certbot)
- Binding: Alle Services binden auf 127.0.0.1 (außer SSH, Nginx, Portainer)
- Fail2Ban: Aktiv für SSH
- VPN: Headscale + Tailscale für sicheren Remote-Zugang
- Auth: Authentik als zentraler Identity Provider
- Passwörter: Vaultwarden (Bitwarden-kompatibel)
- Firewall: Nur Ports 22, 80, 443, 2222, 9443 öffentlich
Claude Kontext
Dieser Abschnitt dient als Prompt-Kontext für Claude in neuen Chat-Sessions.
Schnell-Referenz für Claude
Server: Ubuntu 24.04, 6 Cores, 11 GB RAM
User: nsa, Home: /home/nsa
Domain: devboxnsa.org (Cloudflare DNS)
Docker: ~27 Container, verwaltet über mehrere docker-compose.yml
Nginx: Reverse Proxy für alle Subdomains auf 127.0.0.1:PORT
SSL: Let's Encrypt via Certbot
Wichtige Pfade:
- Job Tracker: ~/projects/job-tracker/ (docker-compose)
- Intel Platform: ~/projects/intel-platform/ (docker-compose)
- Nginx Configs: /etc/nginx/sites-available/*.devboxnsa.org
- SSL Certs: /etc/letsencrypt/live/*.devboxnsa.org/
- Design System: ~/projects/MASTER-DESIGN.md
- Memory Files: ~/.claude/projects/*/memory/
Forgejo API: http://localhost:3003/api/v1
Token: in ~/.claude/projects/*/memory/forgejo.md
Bekannte Fallstricke:
- sudo braucht Passwort (nicht aus Claude Code nutzbar ohne User)
- Forgejo SSH Host-Key ändert sich bei Docker-Restart
- Uptime Kuma braucht network_mode: host
- Miniflux bindet nur auf 127.0.0.1
- Node.js bevorzugt IPv6 → immer 127.0.0.1 statt localhost
- NIEMALS docker volume prune (PostgreSQL-Daten!)