WRKLOG-2026-03-20

k3s NAT verification

NAT rule 170 for 10.42.0.0/16 pod network - test internet connectivity

2026-03-09

29

P0 - BLOCKING

Wazuh indexer recovery

Restart pod after NAT confirmed working - SIEM visibility blocked

2026-03-09

29

P0 - Blocked by k3s

Strongline Gateway VLAN fix

8 devices in wrong identity group (David Rukiza assigned)

2026-03-16

22

P0 - TODO

Monad Pipeline Evaluation

Test pipeline creation, input sources, transforms (LEAD ROLE)

2026-03-11

27

P1 - TODO

Vocera EAP-TLS Supplicant Fix

~10 phones failing 802.1X, missing supplicant config

2026-03-12

26

P1 - TODO

ISE MnT Messaging Service

Enable "Use ISE Messaging Service for UDP syslogs delivery"

2026-03-12

26

P2 - TODO

ISE Patch 9 upgrade

ISE 3.2 Patch 9 addresses known replication issues

2026-03-12

26

P2 - TODO

Z Fold 7 Termux

gopass and SSH not working

2026-03-10

25

BLOCKER — Cannot access passwords on mobile

gopass v3 organization

Inconsistent structure, poor key-value usage

2026-03-20

15

Inefficient password management, no aggregation

Housing Search

Granada Hills area - apartments/rooms

TBD

In Progress

Quality of life, commute

CISSP

ISC² — Certified Information Systems Security Professional

June 1, 2026

ACTIVE — Phase 0 (Project)

Required for performance review

RHCSA 9

Red Hat Certified System Administrator

June 1, 2026

ACTIVE — 21-phase curriculum (Project)

Required for performance review

Linux Research (Xianming Ding)

EAP-TLS for Linux workstations, dACL, UFW

Evan

BEHIND

02-24

Certificate "password required" - nmcli fix documented

iPSK Manager

Pre-shared key automation

Ben Castillo

BEHIND

 — 

DB replication issues

MSCHAPv2 Migration

Legacy auth deprecation

Evan

BEHIND

 — 

No progress on planning

Research Segmentation

All endpoints to Untrusted VLAN

Evan

BLOCKED

 — 

CISO decision pending

ISE 3.4 Migration

Upgrade from 3.2p9

Evan

Blocked

Q1 2026

Switch Upgrades

IOS-XE fleet update (C9300, 3560CX)

Evan

Pending

Q1 2026

Spikewell BYOD VPN

dACL SQL, AD group integration

Evan

Active

 — 

Strongline Gateway

MAC capture, Identity Group setup

Evan

Active

 — 

QRadar → Sentinel Migration

Full SIEM platform transition, Monad evaluation

Evan

Active

Q2 2026

HHS Regulatory Compliance

New HHS security policies implementation

TBD

NOT STARTED

InfoSec Reporting Dashboard

PowerBI metrics for executives

TBD

NOT STARTED

EDR Migration (AMP → Defender)

Endpoint protection consolidation

TBD

NOT STARTED

Azure Legacy Migration

Modern landing zone

Team

In Progress

ChromeOS EAP-TLS

SCEP + Victor, Paul testing

Victor

In Progress

k3s Platform

Production k3s cluster on kvm-01

Active

Prometheus, Grafana, Wazuh deployed

Wazuh Archives

Enable archives indexing in Filebeat

Active

PVC fix pending

kvm-02 Hardware

Supermicro B deployment

Active

Hardware ready, RAM upgrade done

Vault HA (3-node)

vault-02, vault-03 on kvm-02

Q1 2026

kvm-02 deployment

k3s HA (3-node)

Control plane HA

Q1 2026

kvm-02 deployment

ArgoCD GitOps

k3s GitOps deployment

After k3s stable

 — 

MinIO S3

Object storage for k3s

After ArgoCD

 — 

Domus Inventory

Personal asset management (YAML + CLI + AsciiDoc)

Q2 2026

Schema approved

Wazuh agent deployment

Deploy agents to all infrastructure hosts

P2

Pending

After archives fix

k3s Platform

Production k3s cluster on kvm-01

P1

In Progress

 — 

Wazuh Archives

Enable archives indexing in Filebeat, PVC fix

P1

In Progress

 — 

kvm-02 Hardware

Supermicro B deployment, RAM upgrade done

P1

In Progress

 — 

Configure 4th YubiKey

SSH FIDO2 keys

P1

TODO

 — 

Cold storage M-DISC backup

age-encrypted archives

P1

TODO

After YubiKey setup

netapi Commercialization

Go CLI rewrite with Cobra-style argument discovery, package for distribution

P0

Active

 — 

Ollama API Service

FastAPI (17 endpoints), productize — config audit, doc tools, runbook gen

P0

Active

 — 

Shell functions (fe, fec, fef)

File hunting helpers

P3

TODO

 — 

D2 Catppuccin Mocha styling

domus-* spoke repos (177 files total)

P3

In Progress

 — 

Amazon order history import

Download CSV from Privacy Central → parse with awk → populate subscriptions tracker

P1

Waiting

Pending Amazon data export (requested 2026-04-04)

No active education tasks — see education trackers

ThinkPad T16g Setup

Arch install, stow dotfiles, Ollama stack, netapi dev env

P0

Pending

 — 

P50 Arch to Ubuntu migration

CR-2026-03-12

P2

In Progress

 — 

X1 Carbon Ubuntu installs

2 laptops, LUKS encryption

P2

In Progress

 — 

P50 Steam Test

Test Flatpak Steam + apt cleanup of broken i386 packages

P3

Pending

 — 

What

Open-source personal AI agent (248k+ GitHub stars)

Architecture

Local deployment → Your LLM API key → Chat apps (WhatsApp, Telegram, Slack, Discord)

Target Machine

TBD - homelab VM or dedicated box

Why Separate

Broad permissions (email, calendar, messaging) = security risk on primary workstation

API Key

Bring your own (Claude, GPT, DeepSeek)

SIELE C1

Instituto Cervantes / UNAM / Salamanca

Q2 2026

ACTIVE

Computer-based, faster results - take FIRST

DELE C1

Instituto Cervantes

Q3/Q4 2026

PLANNED

After SIELE success, harder exam

DELE C2

Instituto Cervantes

2027

FUTURE

Mastery level - requires extensive immersion

Autores Mencionados

Feliciano de Silva, autor de Belianís, other libros de caballerías authors referenced

Personajes y Arquetipos

Character types: caballero andante, escudero, ventero, labrador, etc.

Intertextualidad

Amadís de Gaula, Belianís de Grecia, Palmerín, Orlando Furioso, La Biblia

Vocabulario Especial

Arcaísmos (fecho, fermosura), dobles sentidos (cola = peluca Y sexualidad)

Referencias Bíblicas/Clásicas

Biblical allusions, classical mythology, historical references

Juegos de Palabras

Cervantes' wordplay and linguistic humor

Domus Digitalis

docs.domusdigitalis.dev

Active

Validate, harden, improve

Architectus

docs.architectus.dev

Active

Public portfolio site - maintain

VyOS HA

vyos-01 (kvm-01) + vyos-02 (kvm-02) with VRRP VIP

✅ COMPLETE

2026-03-07 - pfSense decommissioned

BIND DNS HA

bind-01 (kvm-01) + bind-02 (kvm-02) with AXFR

✅ COMPLETE

Zone transfer operational

Vault HA

Raft cluster (vault-01/02/03)

✅ COMPLETE

Integrated with PKI

Keycloak Rebuild

keycloak-01 corrupted, rebuild from scratch

🔄 NEXT

Priority P3 - SSO broken

FreeIPA HA

ipa-02 replica planned

📋 PLANNED

Linux auth redundancy

AD DC HA

home-dc02 replication

📋 PLANNED

Windows auth redundancy

iPSK Manager HA

ipsk-mgr-02 with MySQL replication

📋 PLANNED

PSK portal redundancy

ISE HA

PAN HA (ise-01 reconfigure)

⏳ DEFERRED

Wait until ise-02 stable

ISE 3.5 Migration

Upgrade path: 3.2p9 → 3.4 (P1) → 3.5 (target)

📋 PLANNED

After 3.4 Migration completes (Q2 2026)

ISE (ise-02)

All 802.1X stops - wired and wireless auth fails

ise-01 reconfiguration deferred until ise-02 stable

Keycloak (keycloak-01)

SAML/OIDC SSO broken (ISE admin, Grafana, etc.)

NEXT PRIORITY - Rebuild runbook

FreeIPA (ipa-01)

Linux auth, sudo rules, HBAC fails

ipa-02 replica planned

AD DC (home-dc01)

Windows auth, Kerberos, GPO fails

home-dc02 replica planned

iPSK Manager

Self-service PSK portal unavailable

ipsk-mgr-02 with MySQL replication planned

docs.domusdigitalis.dev validation

Test all cross-references, search, rendering

TODO

docs.domusdigitalis.dev hardening

HTTPS, CSP headers, security review

TODO

docs.architectus.dev validation

Public site content review

TODO

Hub-spoke sync verification

All components building correctly

Ongoing