Daily Worklog: 2026-02-08 (Sunday)

Overview

Date: 2026-02-08 (Sunday)

Location: Remote

Focus: Vault PKI Migration, 802.1X EAP-TLS, Backup Strategy

Sessions

Session 1: modestus-aw Vault PKI Migration

Duration: ~2 hours

Accomplishments:

  • Migrated modestus-aw (Alienware) to Vault PKI for 802.1X EAP-TLS

  • Issued new certificate via vault write pki_int/issue/domus-client

  • Configured NetworkManager for wired and WiFi 802.1X

  • Verified successful authentication against ISE

Certificate Details:

# Issued certificate
vault write pki_int/issue/domus-client \
    common_name="modestus-aw.inside.domusdigitalis.dev" \
    ttl=8760h

Session 2: Tier 2 WARM Backups

Accomplishments:

  • Refreshed all Tier 2 WARM backups on NAS

  • ISE configuration backup

  • WLC configuration backup

  • pfSense configuration backup

  • KVM VM snapshots

  • Keycloak realm export

Session 3: pfSense SSH YubiKey Fix

Issue: SSH to pfSense failing with YubiKey authentication

Root Cause: Admin user (uid=0) uses /root/.ssh/ not /home/admin/.ssh/

Resolution:

# On pfSense
mkdir -p /root/.ssh
# Add public key to /root/.ssh/authorized_keys

Documented in: domus-infra-ops runbooks

Session 4: Borg Backup Documentation

  • Updated borg-backup.adoc with comprehensive NFS mount procedure

  • Added troubleshooting section for common issues

  • Documented kernel module dependency (nfs module)

Session 5: Backup Strategy Updates

  • Updated backup-strategy.adoc with Seagate USB drives (Tier 3 COLD)

  • Documented drive locations and rotation schedule

  • Added verification procedures

Session 6: Documentation Migration

  • Copied OPS-RECOVERY content from Principia to domus-infra-ops

  • Consolidated recovery procedures

  • Updated cross-references

Learnings

  • pfSense admin (uid=0) SSH keys go in /root/.ssh/, not /home/admin/.ssh/

  • NFS module may need reboot after kernel update (modprobe nfs fails until reboot)

  • Borg backup requires NFS mount before running

Known Issues

  • NFS mount fails after kernel update until reboot

  • SWITCH_9300 (10.50.1.11) powered off - high power draw

Tomorrow

  • Windows Server 2025 Core DC deployment

  • Test Tier 3 COLD storage (Seagate USB drives)

  • Reboot workstation for NFS/Borg testing