**Life OS** Server & Infrastructure Configuration **1. Server Overview** ----------------------------------------------------------------------- **Property** **Value** ---------------------- ------------------------------------------------ Provider Hetzner Cloud Server Name defiant-01 Public IP 46.225.166.142 IPv6 2a01:4f8:1c1f:9d94::1 OS Ubuntu 24.04.4 LTS (Noble Numbat) Kernel Linux 6.8.0-90-generic x86_64 CPU Cores 12 RAM 22 GB Disk 451 GB total / \~395 GB available Swap 8 GB ----------------------------------------------------------------------- **1.1 Installed Software** ----------------------------------------------------------------------- **Software** **Version** **Notes** ------------------ --------------- ------------------------------------ Ubuntu 24.04.4 LTS Base OS Python 3.12.3 Host-level, available system-wide Nginx 1.24.0 Host-level reverse proxy, not containerized Docker Active Managing all application containers PostgreSQL (host) Not installed Postgres runs in Docker containers only ----------------------------------------------------------------------- **1.2 Hetzner Cloud Firewall** Firewall name: firewall-1 ------------------------------------------------------------------------------ **Protocol** **Port** **Source** **Purpose** -------------- ---------- ------------------ --------------------------------- TCP 22 0.0.0.0/0 SSH access TCP 80 0.0.0.0/0 HTTP (redirects to HTTPS via Nginx) TCP 443 0.0.0.0/0 HTTPS TCP 8443 0.0.0.0/0 Kasm Workspaces (internal, set during setup) ------------------------------------------------------------------------------ *Note: UFW is inactive on the host. Docker manages iptables rules directly for container port exposure. No host-level firewall changes are needed for new services - Nginx proxies all traffic on 80/443.* **2. DNS Records** Domain registrar / DNS provider: managed by Michael Primary domain: invixiom.com **2.1 Active DNS Records** ----------------------------------------------------------------------------------------------- **Subdomain** **Type** **Value** **Purpose** **Status** ----------------------------- ---------- ---------------- ---------------------- -------------- **kasm.invixiom.com** A 46.225.166.142 Kasm Workspaces **ACTIVE** virtual desktop **files.invixiom.com** A 46.225.166.142 Nextcloud file storage **ACTIVE** **lifeos.invixiom.com** A 46.225.166.142 Life OS PROD **PENDING** application **lifeos-dev.invixiom.com** A 46.225.166.142 Life OS DEV **PENDING** application **code.invixiom.com** A 46.225.166.142 Reserved - future use **RESERVED** ----------------------------------------------------------------------------------------------- *Note: PENDING means DNS record exists but the Nginx config and application container are not yet deployed. ACTIVE means fully configured end-to-end.* **3. Nginx Configuration** Nginx runs directly on the host (not in Docker). Config files located at /etc/nginx/sites-available/. The active config is invixiom (symlinked to sites-enabled). **3.1 SSL Certificates** ---------------------------------------------------------------------------------------------------------- **Certificate** **Path** **Covers** **Provider** ----------------- ------------------------------------------------------- ----------------- -------------- Primary cert /etc/letsencrypt/live/kasm.invixiom.com/fullchain.pem All active Let\'s Encrypt subdomains (wildcard or SAN) Primary key /etc/letsencrypt/live/kasm.invixiom.com/privkey.pem All active Let\'s Encrypt subdomains Legacy cert /etc/nginx/ssl/invixiom.crt Old config only Self-signed or (kasm manual site-available) ---------------------------------------------------------------------------------------------------------- *Note: The Let\'s Encrypt cert path uses kasm.invixiom.com as the primary name. When lifeos.invixiom.com and lifeos-dev.invixiom.com are added to Nginx, the cert will need to be renewed/expanded to cover the new subdomains.* **3.2 Configured Virtual Hosts** ------------------------------------------------------------------------------------- **Server Name** **Listens **Proxies To** **Notes** On** ------------------------- ----------- ------------------------ ---------------------- kasm.invixiom.com 443 ssl https://127.0.0.1:8443 WebSocket support, ssl_verify off, 30min timeout files.invixiom.com 443 ssl http://127.0.0.1:8080 Nextcloud container lifeos-api.invixiom.com 443 ssl http://127.0.0.1:8000 LEGACY - maps to stub container, to be replaced code.invixiom.com 443 ssl http://127.0.0.1:8081 Nothing running on 8081 yet lifeos.invixiom.com 443 ssl http://127.0.0.1:8002 TO BE ADDED - Life OS PROD lifeos-dev.invixiom.com 443 ssl http://127.0.0.1:8003 TO BE ADDED - Life OS DEV ------------------------------------------------------------------------------------- **4. Docker Containers** **4.1 Currently Running Containers** ------------------------------------------------------------------------------------------------------- **Container Name** **Image** **Ports** **Purpose** **Touch?** ------------------------ --------------------------- ------------- ---------------------- ------------- fastapi stack-fastapi 8000-\>8000 Stub health check **REPLACE** only - to be replaced by Life OS PROD nextcloud nextcloud:27-apache 8080-\>80 Nextcloud file storage **DO NOT (files.invixiom.com) TOUCH** redis redis:7-alpine internal Task queue for **DO NOT existing stack TOUCH** kasm_proxy kasmweb/proxy:1.18.0 8443-\>8443 Kasm entry point **DO NOT (kasm.invixiom.com) TOUCH** kasm_rdp_https_gateway kasmweb/rdp-https-gateway internal Kasm RDP gateway **DO NOT TOUCH** kasm_rdp_gateway kasmweb/rdp-gateway 3389-\>3389 Kasm RDP **DO NOT TOUCH** kasm_agent kasmweb/agent:1.18.0 internal Kasm agent **DO NOT TOUCH** kasm_guac kasmweb/kasm-guac internal Kasm Guacamole **DO NOT TOUCH** kasm_api kasmweb/api:1.18.0 internal Kasm API **DO NOT TOUCH** kasm_manager kasmweb/manager:1.18.0 internal Kasm manager **DO NOT TOUCH** kasm_db kasmweb/postgres:1.18.0 internal Kasm dedicated **DO NOT Postgres TOUCH** celery stack-celery internal Celery worker for **DO NOT existing stack TOUCH** postgres postgres:16-alpine internal Postgres for existing **DO NOT stack TOUCH** ------------------------------------------------------------------------------------------------------- **4.2 Planned Life OS Containers** ------------------------------------------------------------------------------------------- **Container **Image** **Port** **Purpose** **Status** Name** --------------- -------------------- ------------- --------------------------- ------------ lifeos-db postgres:16-alpine internal only Dedicated Postgres for Life **ACTIVE** OS - hosts lifeos_prod and lifeos_dev databases lifeos-prod lifeos-app (custom) 8002-\>8002 Life OS PROD application **TO BE (lifeos.invixiom.com) CREATED** lifeos-dev lifeos-app (custom) 8003-\>8003 Life OS DEV application **TO BE (lifeos-dev.invixiom.com) CREATED** ------------------------------------------------------------------------------------------- **4.3 Port Allocation** ----------------------------------------------------------------------------- **Port** **Used By** **Direction** **Notes** ---------- ------------------- --------------- ------------------------------ 22 SSH External Hetzner firewall open inbound 80 Nginx External HTTP redirect to HTTPS inbound 443 Nginx External HTTPS, all subdomains inbound 3389 kasm_rdp_gateway External Hetzner firewall open inbound 8000 fastapi (stub) Internal To be repurposed or removed 8080 nextcloud Internal Proxied via files.invixiom.com 8081 code.invixiom.com Internal Reserved, nothing running 8443 kasm_proxy External Kasm, Hetzner firewall open inbound 8002 lifeos-prod Internal To be created - proxied via lifeos.invixiom.com 8003 lifeos-dev Internal To be created - proxied via lifeos-dev.invixiom.com ----------------------------------------------------------------------------- **5. Docker Networks** ------------------------------------------------------------------------------------ **Network Name** **Driver** **Subnet** **Used By** ---------------------- ----------------- --------------- --------------------------- bridge bridge 172.17.0.0/16 Default Docker bridge kasm_default_network bridge 172.19.0.0/16 All Kasm containers kasm_sidecar_network kasmweb/sidecar 172.20.0.0/16 Kasm sidecar stack_web bridge 172.18.0.0/16 fastapi, celery, redis, postgres containers lifeos_network bridge 172.21.0.0/16 ACTIVE - lifeos-prod, lifeos-dev, lifeos-db ------------------------------------------------------------------------------------ **6. Application Directories** All Life OS application files live under /opt/lifeos on the host, mounted into containers as volumes. -------------------------------------------------------------------------- **Path** **Purpose** **Status** ----------------------------- --------------------------- ---------------- /opt/lifeos/lifeos-setup.sh Infrastructure setup script **ACTIVE** /opt/lifeos/prod PROD application files and **ACTIVE** config /opt/lifeos/prod/files PROD user uploaded files **ACTIVE** storage /opt/lifeos/dev DEV application files and **ACTIVE** config /opt/lifeos/dev/files DEV user uploaded files **ACTIVE** storage lifeos_db_data (Docker Postgres data persistence **ACTIVE** volume) -------------------------------------------------------------------------- **7. Pending Configuration Tasks** The following items are in sequence order and must be completed to finish the infrastructure setup: -------------------------------------------------------------------------------------------- **\#** **Task** **Status** **Notes** -------- ------------------------------ -------------- ------------------------------------- 1 Verify DNS propagation for **COMPLETE** Verified 2026-02-27 lifeos.invixiom.com and lifeos-dev.invixiom.com 2 Create Docker network: **PENDING** lifeos_network 3 Create lifeos-db Postgres **COMPLETE** Container: lifeos-db, image: container postgres:16-alpine 4 Create lifeos_prod and **COMPLETE** lifeos_dev user created with separate lifeos_dev databases inside password lifeos-db 5 Create application directory **COMPLETE** /opt/lifeos/prod, /opt/lifeos/dev, structure on host file storage dirs 6 Migrate existing Supabase **COMPLETE** 3 domains, 10 areas, 18 projects, 73 production data to lifeos_prod tasks, 5 links, 5 daily_focus, 80 capture, 6 context_types. Files table empty - Supabase Storage paths obsolete, files start fresh in R1. 7 Build Life OS Docker image **PENDING** FastAPI app, Python 3.12 (Dockerfile) 8 Create docker-compose.yml for **PENDING** PROD and DEV services Life OS stack 9 Add lifeos.invixiom.com and **PENDING** New server blocks in lifeos-dev.invixiom.com to /etc/nginx/sites-available/invixiom Nginx config 10 Expand SSL cert to cover new **PENDING** Add lifeos.invixiom.com and subdomains (certbot \--expand) lifeos-dev.invixiom.com to cert 11 Remove or retire stub fastapi **PENDING** After Life OS PROD is live container on port 8000 12 Test end-to-end: HTTPS access **PENDING** to lifeos.invixiom.com and lifeos-dev.invixiom.com -------------------------------------------------------------------------------------------- Life OS Server & Infrastructure Configuration \| Last updated: 2026-02-27