Changelog

2026-03-16 — APT repo fixes + wiki via Caddy

wiki.yooshtek.com set up — Caddy on immichbox proxies to MkDocs on attic-gremlin:8000
Port 8000 UFW rule on attic-gremlin tightened to immichbox only (was LAN-wide)
Caddy GPG key re-fetched to fix NO_PUBKEY ABA1F9B8875A6661 error on apt update
Docker APT source pinned to amd64 to eliminate spurious i386 warnings

UFW enabled on attic-gremlin and immichbox with default-deny incoming
All rules scoped to legitimate traffic only (LAN, specific IPs, localhost)
Caddy confirmed as sole external entry point on immichbox (ports 80/443)
Matrix Synapse confirmed on loopback only; no port 8448 required (federation via .well-known)
Caddyfile audited — public subdomains: jellyfin, immich, ha, mainsail, matrix, element, yooshtek.com
bazzite (192.168.4.100 eth / .101 wifi) documented as gaming PC
SSH key (ed25519) generated on framework-16; deployed to attic-gremlin and immichbox
Password auth disable deferred until bazzite keys are also set up
Creality Ender V3 KE documented (192.168.4.200 / ender.lan, Klipper/Mainsail on port 4409)
mainsail.yooshtek.com external access noted as broken/unknown cause — added to Future Work
Wiki split into per-section pages; mkdocs.yml nav updated

Node Exporter installed and verified on attic-gremlin and immichbox
Graphite Exporter installed on attic-gremlin; TrueNAS Graphite push configured on smaug
Prometheus 3.10.0 installed and configured on attic-gremlin
Blackbox Exporter 0.28.0 installed; all 7 services probing successfully
Grafana 12.4.1 installed; Prometheus data source configured
Node Exporter Full dashboard (1860) imported and working for both machines
Blackbox Exporter dashboard (7587) imported and fixed for Grafana 12
Custom smaug TrueNAS dashboard built and imported (smaug-truenas-001)
immichbox memory leak identified and resolved (gnome-system-monitor, 8 GB recovered)
MkDocs wiki set up on attic-gremlin, served via systemd user service on port 8000