WRKLOG-2026-03-25
Summary
Tuesday. Behind on multiple fronts - carrying over significant backlog. Focus on Claude Code Features implementation (P0). Continue AsciiDoc mentoring topics.
| Heavy carryover from 2026-03-24. Prioritize P0 items. |
URGENT - All Domains
Carryover Backlog (CRITICAL)
| Task | Details | Origin | Days | Status |
|---|---|---|---|---|
k3s NAT verification |
NAT rule 170 for 10.42.0.0/16 pod network - test internet connectivity |
2026-03-09 |
29 |
P0 - BLOCKING |
Wazuh indexer recovery |
Restart pod after NAT confirmed working - SIEM visibility blocked |
2026-03-09 |
29 |
P0 - Blocked by k3s |
Strongline Gateway VLAN fix |
8 devices in wrong identity group (David Rukiza assigned) |
2026-03-16 |
22 |
P0 - TODO |
Monad Pipeline Evaluation |
Test pipeline creation, input sources, transforms (LEAD ROLE) |
2026-03-11 |
27 |
P1 - TODO |
Vocera EAP-TLS Supplicant Fix |
~10 phones failing 802.1X, missing supplicant config |
2026-03-12 |
26 |
P1 - TODO |
ISE MnT Messaging Service |
Enable "Use ISE Messaging Service for UDP syslogs delivery" |
2026-03-12 |
26 |
P2 - TODO |
ISE Patch 9 upgrade |
ISE 3.2 Patch 9 addresses known replication issues |
2026-03-12 |
26 |
P2 - TODO |
| Professional backlog remains critical. Check Days column for priorities. |
BLOCKERS — Fix Immediately
| Task | Details | Origin | Days | Impact |
|---|---|---|---|---|
Z Fold 7 Termux |
gopass and SSH not working |
2026-03-10 |
25 |
BLOCKER — Cannot access passwords on mobile |
gopass v3 organization |
Inconsistent structure, poor key-value usage |
2026-03-20 |
15 |
Inefficient password management, no aggregation |
URGENT - Requires Immediate Action
| Item | Details | Deadline | Status | Impact |
|---|---|---|---|---|
Housing Search |
Granada Hills area - apartments/rooms |
TBD |
In Progress |
Quality of life, commute |
URGENT — Performance Review Deadline (June 1, 2026)
| Certification | Provider | Deadline | Status | Impact |
|---|---|---|---|---|
CISSP |
ISC² — Certified Information Systems Security Professional |
June 1, 2026 |
ACTIVE — Phase 0 (Project) |
Required for performance review |
RHCSA 9 |
Red Hat Certified System Administrator |
June 1, 2026 |
ACTIVE — 21-phase curriculum (Project) |
Required for performance review |
| 55 days remaining until June 1st deadline. |
Early Morning - 5:30am
Regex Training (CRITICAL CARRYOVER)
-
Session 3 - Character classes, word boundaries
-
Practice drills from regex-mastery curriculum
-
Status: 7 days carried over - DO THIS TODAY
| Regex training continues to slip. This is the foundation for all CLI mastery. |
Work (CHLA)
| CHARGE TIME IN PEOPLESOFT - CRITICAL. Do this NOW before anything else. |
Critical (P0)
| Project | Description | Owner | Status | Due | Blocker |
|---|---|---|---|---|---|
Linux Research (Xianming Ding) |
EAP-TLS for Linux workstations, dACL, UFW |
Evan |
BEHIND |
02-24 |
Certificate "password required" - nmcli fix documented |
iPSK Manager |
Pre-shared key automation |
Ben Castillo |
BEHIND |
— |
DB replication issues |
MSCHAPv2 Migration |
Legacy auth deprecation |
Evan |
BEHIND |
— |
No progress on planning |
Research Segmentation |
All endpoints to Untrusted VLAN |
Evan |
BLOCKED |
— |
CISO decision pending |
High Priority (P1)
| Project | Description | Owner | Status | Target |
|---|---|---|---|---|
ISE 3.4 Migration |
Upgrade from 3.2p9 |
Evan |
Blocked |
Q1 2026 |
Switch Upgrades |
IOS-XE fleet update (C9300, 3560CX) |
Evan |
Pending |
Q1 2026 |
Spikewell BYOD VPN |
dACL SQL, AD group integration |
Evan |
Active |
— |
Strongline Gateway |
MAC capture, Identity Group setup |
Evan |
Active |
— |
QRadar → Sentinel Migration |
Full SIEM platform transition, Monad evaluation |
Evan |
Active |
Q2 2026 |
Strategic (P2)
| Project | Description | Owner | Status |
|---|---|---|---|
HHS Regulatory Compliance |
New HHS security policies implementation |
TBD |
NOT STARTED |
InfoSec Reporting Dashboard |
PowerBI metrics for executives |
TBD |
NOT STARTED |
EDR Migration (AMP → Defender) |
Endpoint protection consolidation |
TBD |
NOT STARTED |
Azure Legacy Migration |
Modern landing zone |
Team |
In Progress |
ChromeOS EAP-TLS |
SCEP + Victor, Paul testing |
Victor |
In Progress |
Today’s Priorities
-
P0 - MSCHAPv2 Migration: Run netapi endpoint report + pandas graph for team (URGENT — team meeting)
-
P0 - Enterprise Linux 802.1X: Standardize Shahab/Ding deployment (CISO priority)
-
P0 - Strongline Gateway VLAN fix (17 days - blocking Arin)
-
P0 - k3s NAT verification (24 days - CRITICAL)
-
P1 - Abnormal Security: ESA → API migration (Cisco→Microsoft shift)
-
P1 - DMZ Migration: External services audit behind NetScaler
-
P1 - Sentinel KQL: Build proficiency, distinguish from team
-
P1 - Monad Pipeline Evaluation (22 days - lead role assigned)
-
P1 - Vocera/Wyse iTrack RCA: Complete root cause report
-
P1 - GCC ISE Support: 3/4 nodes restored, PSN-04 deferred (NE-Systems)
-
P1 - Wazuh indexer recovery (blocked by NAT)
-
P1 - Vocera EAP-TLS Supplicant Fix (21 days)
Service Requests (SR)
| SR# | Request | Requestor | Opened | Status |
|---|---|---|---|---|
3508542 |
Zoll cards connection issue |
TBD |
TBD |
TODO |
3508524 |
Disable dot1x on (2) network ports - 5th floor 3250 Wilshire (PXE-boot imaging issues) |
TBD |
TBD |
Follow-up: Issues persisted after disable - plan to test re-enable |
Incidents (INC)
| INC# | Priority | Description | Opened | SLA | Status |
|---|---|---|---|---|---|
1911859 |
TBD |
Strongline Gateways in Miscellaneous Subnet |
TBD |
TBD |
TODO |
Change Requests - Emergency (ECAB)
| CR# | Description | Opened | Scheduled | Status |
|---|---|---|---|---|
No emergency changes |
Change Requests - Normal
| CR# | Description | Opened | Scheduled | Status |
|---|---|---|---|---|
No normal changes |
Change Requests - Scheduled/Standard
| CR# | Description | Opened | Window | Status |
|---|---|---|---|---|
No scheduled changes |
Change Requests - Root Cause / Post-Incident
| CR# | Description | Related INC | Opened | Status |
|---|---|---|---|---|
100451 |
Vocera Phones and Wyse devices went off network |
TBD |
TBD |
TODO |
Session Accomplishments (Claude Code)
Carryover from 2026-03-24
AsciiDoc Mentoring (continued):
-
Markdown vs AsciiDoc syntax comparison
-
Document structure (headers, sections, attributes)
-
Tables, lists, admonitions
-
Code blocks with syntax highlighting
-
Cross-references and includes
-
Antora integration basics
Claude Code Features Implementation
Project: PRJ-claude-code-features
Focus: Tier 1 - Custom Skills
-
/worklogskill - Create daily worklog with partials -
/deployskill - Push spoke + trigger hub rebuild
dots-quantum Migration Prep
Project: PRJ-dots-quantum
Completed:
-
Built consolidated tmux.conf (~350 lines from tmux-config)
-
Copied 39 tmuxinator session YAMLs
-
Created CR document with full specification
-
Updated PRJ-dots-quantum.adoc (29 packages)
-
Ran comprehensive stow compatibility audit
-
Added stow helper functions (
dq-stow,dq-list) -
Added navigation aliases (
dq,dots,dots-quantum)
Audit Results:
-
21 packages ready for stow - all structurally correct
-
Zero conflicts with dotfiles-optimus (separate namespaces)
-
Zero internal conflicts between quantum packages
-
tmux package includes Aethelred theme + vim-tmux-navigator
Commits:
-
da7e029- feat(tmux): Add consolidated tmux package -
d0ddc1d- feat(zsh): Add dots-quantum stow helpers -
eb42d12- docs(prj): Add tmux package CR and update dots-quantum
Personal
In Progress
| Project | Description | Status | Notes |
|---|---|---|---|
k3s Platform |
Production k3s cluster on kvm-01 |
Active |
Prometheus, Grafana, Wazuh deployed |
Wazuh Archives |
Enable archives indexing in Filebeat |
Active |
PVC fix pending |
kvm-02 Hardware |
Supermicro B deployment |
Active |
Hardware ready, RAM upgrade done |
Planned
| Project | Description | Target | Blocked By |
|---|---|---|---|
Vault HA (3-node) |
vault-02, vault-03 on kvm-02 |
Q1 2026 |
kvm-02 deployment |
k3s HA (3-node) |
Control plane HA |
Q1 2026 |
kvm-02 deployment |
ArgoCD GitOps |
k3s GitOps deployment |
After k3s stable |
— |
MinIO S3 |
Object storage for k3s |
After ArgoCD |
— |
Personal asset management (YAML + CLI + AsciiDoc) |
Q2 2026 |
Schema approved |
Active — Infrastructure
| Task | Details | Priority | Status | Due |
|---|---|---|---|---|
Wazuh agent deployment |
Deploy agents to all infrastructure hosts |
P2 |
Pending |
After archives fix |
k3s Platform |
Production k3s cluster on kvm-01 |
P1 |
In Progress |
— |
Wazuh Archives |
Enable archives indexing in Filebeat, PVC fix |
P1 |
In Progress |
— |
kvm-02 Hardware |
Supermicro B deployment, RAM upgrade done |
P1 |
In Progress |
— |
Active — Security & Encryption
| Task | Details | Priority | Status | Due |
|---|---|---|---|---|
Configure 4th YubiKey |
SSH FIDO2 keys |
P1 |
TODO |
— |
Cold storage M-DISC backup |
age-encrypted archives |
P1 |
TODO |
After YubiKey setup |
Active — Development & Tools
| Task | Details | Priority | Status | Due |
|---|---|---|---|---|
netapi Commercialization |
Go CLI rewrite with Cobra-style argument discovery, package for distribution |
P0 |
Active |
— |
Ollama API Service |
FastAPI (17 endpoints), productize — config audit, doc tools, runbook gen |
P0 |
Active |
— |
Shell functions (fe, fec, fef) |
File hunting helpers |
P3 |
TODO |
— |
Active — Documentation
| Task | Details | Priority | Status | Due |
|---|---|---|---|---|
D2 Catppuccin Mocha styling |
domus-* spoke repos (177 files total) |
P3 |
In Progress |
— |
Active — Financial
| Task | Details | Priority | Status | Due |
|---|---|---|---|---|
Amazon order history import |
Download CSV from Privacy Central → parse with awk → populate subscriptions tracker |
P1 |
Waiting |
Pending Amazon data export (requested 2026-04-04) |
Active — Education
| Task | Details | Priority | Status | Due |
|---|---|---|---|---|
No active education tasks — see education trackers |
Active — Personal & Life Admin
| Task | Details | Priority | Status | Due |
|---|---|---|---|---|
ThinkPad T16g Setup |
Arch install, stow dotfiles, Ollama stack, netapi dev env |
P0 |
Pending |
— |
P50 Arch to Ubuntu migration |
P2 |
In Progress |
— |
|
X1 Carbon Ubuntu installs |
2 laptops, LUKS encryption |
P2 |
In Progress |
— |
P50 Steam Test |
Test Flatpak Steam + apt cleanup of broken i386 packages |
P3 |
Pending |
— |
Documentation Sites
-
docs.domusdigitalis.dev - Private documentation hub
-
docs.architectus.dev - Public portfolio site
Education
Claude Code Mastery
| Resource | Details | Progress | Status |
|---|---|---|---|
Claude Code Full Course (4 hrs) |
Nick Saraev - YouTube comprehensive course |
26:49 / 4:00:00 |
IN PROGRESS |
Claude Code Certification |
Anthropic official certification (newly released) |
Not started |
GOAL |
Active Tracks (Focus)
-
Don Quijote - Primera Parte
Skills Mastery (Critical)
-
Regex Mastery - 10-module curriculum
-
AsciiDoc Docs - Documentation format
-
Antora Docs - Documentation pipeline
Certification Deadlines
-
CISSP - Before June 1, 2026 (performance review)
-
RHCSA 9 - Before June 1, 2026 (performance review)
-
LPIC-1 - Renewal required (blocks LPIC-2)
Spanish C1 Certification Goals
| Certification | Provider | Target | Status | Strategy |
|---|---|---|---|---|
Instituto Cervantes / UNAM / Salamanca |
Q2 2026 |
ACTIVE |
Computer-based, faster results - take FIRST |
|
Q3/Q4 2026 |
PLANNED |
After SIELE success, harder exam |
||
2027 |
FUTURE |
Mastery level - requires extensive immersion |
| SIELE is computer-adaptive, results in 3 weeks. DELE is paper-based, results in 3-4 months. Do SIELE first to validate readiness. |
Don Quijote Writing Practice - DELE C1/C2 Initiative
Method:
-
Read chapter in original Spanish
-
Write personal analysis/understanding en espanol
-
AI review for grammar, vocabulary, register
-
Build comprehensive understanding of literary elements
Today’s Study
-
Focus: CISSP study (55 days to June 1), domus-api Phase 3 prep
-
Secondary: RHCSA curriculum, Spanish DELE/SIELE
-
CISSP — begin Phase 0 domain review
-
RHCSA — continue curriculum phase
-
Spanish — Don Quijote reading + analysis
-
domus-api — evaluate Ollama RAG architecture for Phase 3
Regex Training (CRITICAL)
-
Status: 7 days carried over
-
Priority: After PeopleSoft, before Quijote
-
Session: Character classes, word boundaries
Infrastructure
Documentation Sites
| Site | URL | Status | Actions Needed |
|---|---|---|---|
Domus Digitalis |
Active |
Validate, harden, improve |
|
Architectus |
Active |
Public portfolio site - maintain |
HA Deployment Status
| System | Description | Status | Notes |
|---|---|---|---|
VyOS HA |
vyos-01 (kvm-01) + vyos-02 (kvm-02) with VRRP VIP |
✅ COMPLETE |
2026-03-07 - pfSense decommissioned |
BIND DNS HA |
bind-01 (kvm-01) + bind-02 (kvm-02) with AXFR |
✅ COMPLETE |
Zone transfer operational |
Vault HA |
Raft cluster (vault-01/02/03) |
✅ COMPLETE |
Integrated with PKI |
Keycloak Rebuild |
keycloak-01 corrupted, rebuild from scratch |
🔄 NEXT |
Priority P3 - SSO broken |
FreeIPA HA |
ipa-02 replica planned |
📋 PLANNED |
Linux auth redundancy |
AD DC HA |
home-dc02 replication |
📋 PLANNED |
Windows auth redundancy |
iPSK Manager HA |
ipsk-mgr-02 with MySQL replication |
📋 PLANNED |
PSK portal redundancy |
ISE HA |
PAN HA (ise-01 reconfigure) |
⏳ DEFERRED |
Wait until ise-02 stable |
ISE 3.5 Migration |
Upgrade path: 3.2p9 → 3.4 (P1) → 3.5 (target) |
📋 PLANNED |
After 3.4 Migration completes (Q2 2026) |
Single Points of Failure (CRITICAL)
| These systems have NO redundancy - outage impacts production. |
| System | Impact if Down | Mitigation |
|---|---|---|
ISE (ise-02) |
All 802.1X stops - wired and wireless auth fails |
ise-01 reconfiguration deferred until ise-02 stable |
Keycloak (keycloak-01) |
SAML/OIDC SSO broken (ISE admin, Grafana, etc.) |
NEXT PRIORITY - Rebuild runbook |
FreeIPA (ipa-01) |
Linux auth, sudo rules, HBAC fails |
ipa-02 replica planned |
AD DC (home-dc01) |
Windows auth, Kerberos, GPO fails |
home-dc02 replica planned |
iPSK Manager |
Self-service PSK portal unavailable |
ipsk-mgr-02 with MySQL replication planned |
Validation Tasks
| Task | Details | Status |
|---|---|---|
docs.domusdigitalis.dev validation |
Test all cross-references, search, rendering |
TODO |
docs.domusdigitalis.dev hardening |
HTTPS, CSP headers, security review |
TODO |
docs.architectus.dev validation |
Public site content review |
TODO |
Hub-spoke sync verification |
All components building correctly |
Ongoing |
Quick Commands
gopass-personal-docs Usage
\# Interactive entry creation gopass-personal-docs \# Categories: 1) Bills 2) Subscriptions 3) Housing 4) Vehicles 5) Insurance
gopass-query Usage
\# List all recurring bills with totals gopass-query bills \# List storage units with gate codes gopass-query storage \# Export category to JSON gopass-query export bills
API: domus-api — Documentation System REST API
Source: 2026-04-06 — First domus-api session, querying 2,928 .adoc files via REST endpoints
\# Start the API server (localhost:8080, Tailscale accessible)
cd ~/atelier/_projects/personal/domus-api && uv run uvicorn domus_api.main:app --host 0.0.0.0 --port 8080
\# Health check — document counts
curl -s localhost:8080/ | jq
\# Full repository stats by category
curl -s localhost:8080/stats | jq
\# All 20+ standards as JSON
curl -s localhost:8080/standards | jq
\# Standards — extract just ID and title (awk-style with jq)
curl -s localhost:8080/standards | jq -r '.standards[] | "\(.id)\t\(.title)"'
\# Full-text search across all files
curl -s 'localhost:8080/search?q=mandiant' | jq
\# Search — extract just path, title, match count
curl -s 'localhost:8080/search?q=mandiant' | jq '.results[] | {path, title, match_count}'
\# Scoped search (standards only)
curl -s 'localhost:8080/search?q=RFC+2119&scope=standards' | jq
\# Get specific page with full content + metadata
curl -s localhost:8080/pages/standards/operations/change-control | jq
\# List pages filtered by category
curl -s 'localhost:8080/pages?category=standards' | jq
curl -s 'localhost:8080/pages?category=codex&limit=10' | jq
\# All antora.yml attributes (127)
curl -s localhost:8080/attributes | jq
\# Swagger UI (open in browser)
\# http://localhost:8080/docs
\# Kill server on port 8080
kill $(lsof -ti:8080)
API: Incident & Change Record Queries
Source: 2026-04-07 — Querying incidents and CRs via domus-api for work reporting
\# ─── INCIDENT QUERIES ───
\# Get incident title
curl -s localhost:8080/pages/case-studies/incidents/INC-2026-04-06-domus-iot-vpn-connectivity | jq -r '.title'
\# Read incident content as plain text (jq -r unescapes \n)
curl -s localhost:8080/pages/case-studies/incidents/INC-2026-04-06-domus-iot-vpn-connectivity | jq -r '.content' | head -50
\# List all incidents
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("incidents")) | "\(.title)\t\(.path)"'
\# Search incidents by keyword
curl -s 'localhost:8080/search?q=IOT_WAN' | jq -r '.results[] | "\(.title)\t\(.path)"'
\# Search for all VPN-related content
curl -s 'localhost:8080/search?q=GlobalProtect' | jq -r '.results[] | "\(.title)\t\(.path)"'
\# ─── CHANGE RECORD QUERIES ───
\# Get CR title
curl -s localhost:8080/pages/case-studies/changes/CR-2026-04-07-iot-wan-vpn-passthrough | jq -r '.title'
\# Read CR content
curl -s localhost:8080/pages/case-studies/changes/CR-2026-04-07-iot-wan-vpn-passthrough | jq -r '.content' | head -80
\# List all change records
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("changes")) | "\(.title)\t\(.path)"'
\# ─── WORKFLOW: INCIDENT TO CR TRACEABILITY ───
\# Find all documents related to an incident
curl -s 'localhost:8080/search?q=INC-2026-04-06-001' | jq -r '.results[] | "\(.path)"'
\# Find the CR linked to an incident
curl -s 'localhost:8080/search?q=CR-2026-04-07-iot-wan' | jq -r '.results[] | {title, path}'
\# ─── FORMAT FOR REPORTING ───
\# Incident summary as TSV (paste into spreadsheet)
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("incidents")) | [.title, .path] | @tsv'
\# Pipe to column for terminal table
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("incidents")) | [.title, .path] | @tsv' | column -t -s $'\t'
\# Export incident as markdown (basic conversion)
curl -s localhost:8080/pages/case-studies/incidents/INC-2026-04-06-domus-iot-vpn-connectivity | jq -r '.content' > /tmp/incident-report.txt
Security: Mandiant Vulnerability Assessment Discovery
Source: 2026-04-06 — Searching domus-captures + Principia for pentest findings, dACLs, and remediation content
\# Search for Mandiant references across domus-captures
grep -ri 'mandiant' docs/modules/ROOT/ | awk 'NR<=30'
\# Find dACL / downloadable ACL content
grep -ri 'dacl\|downloadable.acl' docs/modules/ROOT/ | awk 'NR<=30'
\# Search Principia vault (legacy PKM) for Mandiant data
grep -ri 'mandiant' ~/atelier/_bibliotheca/Principia/ 2>/dev/null | awk 'NR<=30'
\# Find files with security assessment terms in the name
find docs/ -name '*mandiant*' -o -name '*vuln*' -o -name '*dacl*'
\# Find dACL diagram source files
find docs/modules/ROOT/images/diagrams -name 'dacl*'
\# Posture redirect ACL references (the critical finding)
grep -ri 'posture.*redirect\|redirect.*acl\|pre.auth.*acl' docs/modules/ROOT/ | awk 'NR<=20'
\# Cross-repo vulnerability search
grep -ri 'vulnerability.assess\|pentest\|penetration.test' docs/modules/ROOT/pages/2026/ | awk 'NR<=20'
\# Principia asset directory discovery (OPS-* and PRJ-* directories)
find ~/atelier/_bibliotheca/Principia/02_Assets -maxdepth 1 -type d \( -name 'OPS-*' -o -name 'PRJ-*' \)
\# Raspberry Pi OUI detection (from pentest findings)
\# netapi ise mnt --format json sessions | jq -r '.[] | select(.calling_station_id | startswith("B8:27:EB") or startswith("DC:A6:32") or startswith("E4:5F:01")) | [.calling_station_id, .framed_ip_address, .nas_ip_address] | @tsv'
Audio: PipeWire Validation (Post-Reboot)
Source: 2026-04-06 — P16g audio testing after sof-firmware install
\# PipeWire status (replaces pulseaudio pavucontrol for status) wpctl status \# List all audio sinks (short format) pactl list sinks short \# Play audio through default sink (native PipeWire — no alsa-utils needed) pw-play /usr/share/sounds/freedesktop/stereo/bell.oga \# Play through specific sink by ID pw-play --target 65 /usr/share/sounds/freedesktop/stereo/bell.oga \# Kernel audio firmware messages (Intel SOF) journalctl -b --grep='sof|cs35l56|cs42l43' --no-pager | tail -20 \# ALSA sound cards cat /proc/asound/cards
Git: Cross-Repo Activity Audit
Source: 2026-04-06 — Reconstructing daily AI session history across all domus repos
\# All commits on a specific date across all domus repos
for repo in ~/atelier/_bibliotheca/domus-*/ ~/atelier/_projects/personal/domus-*/; do
[ -d "$repo/.git" ] || continue
name=$(basename "$repo")
git -C "$repo" log --since="2026-04-06" --until="2026-04-07" --format="%h %aI %s" 2>/dev/null |
awk -v r="$name" '{print r, $0}'
done
\# Structured commit log as JSON (pipe to jq)
git -C ~/atelier/_bibliotheca/domus-captures log --pretty=format:'{"hash":"%h","date":"%aI","subject":"%s"}' -20 |
jq -s 'sort_by(.date) | reverse'
\# Commits per month (aggregation)
git -C ~/atelier/_bibliotheca/domus-captures log --pretty=format:'{"date":"%aI"}' -100 |
jq -s 'map(.date | split("T")[0] | split("-")[0:2] | join("-")) | group_by(.) | map({month: .[0], count: length}) | sort_by(.month)'
\# Cross-repo search via GitHub API (quote URL for zsh)
gh search code "vault seal" --owner EvanusModestus --json repository,path,textMatches |
jq '.[] | {repo: .repository.full_name, file: .path, match: .textMatches[].fragment}'
\# List .adoc files in a repo via GitHub API
gh api 'repos/EvanusModestus/domus-captures/git/trees/main?recursive=1' |
jq '[.tree[] | select(.path | endswith(".adoc"))] | length'
\# Cross-repo activity dashboard (last 5 per repo)
for repo in domus-captures domus-infra-ops domus-ise-linux domus-netapi-docs domus-secrets-ops; do
git -C ~/atelier/_bibliotheca/$repo log --pretty=format:"{\"repo\":\"$repo\",\"date\":\"%aI\",\"subject\":\"%s\"}" -5 2>/dev/null
done | jq -s 'sort_by(.date) | reverse | .[:15] | .[] | "\(.date | split("T")[0]) [\(.repo)] \(.subject)"' -r
\# Antora attribute comparison across repos
for f in ~/atelier/_bibliotheca/domus-*/docs/asciidoc/antora.yml; do
repo=$(basename "$(dirname "$(dirname "$(dirname "$f")")")")
count=$(yq '.asciidoc.attributes | length // 0' "$f")
printf "%-30s %s attributes\n" "$repo" "$count"
done
Attribute Includes
// Home documents
// ========================================================================
// SHARED ATTRIBUTES -- Home & Personal
// ========================================================================
// Source of truth for personal identity, home infrastructure, and
// document defaults used across daily worklogs and captures.
//
// Usage:
// include::partial$attributes.adoc[]
//
// For work-specific attributes (CHLA), also include:
// include::partial$attributes-work.adoc[]
//
// For HTML status styling, also include:
// include::partial$attributes-styles.adoc[]
//
// Per-document attributes (revdate, document-id, capture-date,
// focus-areas, etc.) remain in each file's header.
// ========================================================================
// ========================================================================
// DOCUMENT DEFAULTS
// ========================================================================
:id: UNSET
:document-id: {id}
// ========================================================================
// AUTHOR & IDENTITY
// ========================================================================
:author-name: Evan Rosado
:author-email-home: evan.rosado@domusdigitalis.dev
:author-email-work: erosado@chla.usc.edu
:author-email-personal: evan.rosado@outlook.com
// ========================================================================
// HOME ENTERPRISE DOMAINS
// ========================================================================
:home-domain: domusdigitalis.dev
:home-domain-internal: inside.domusdigitalis.dev
:home-domain-guest: guest.domusdigitalis.dev
:home-env-name: Home Enterprise ({home-domain})
// ========================================================================
// HOME ENTERPRISE INFRASTRUCTURE
// ========================================================================
// ISE Cluster (Home)
:home-ise-version: 3.3
:home-ise-pan-ip: 10.50.1.21
:home-ise-pan-host: ise-02.inside.domusdigitalis.dev
:home-ise-01-ip: 10.50.1.20
:home-ise-01-host: ise-01.inside.domusdigitalis.dev
:home-ise-02-ip: 10.50.1.21
:home-ise-02-host: ise-02.inside.domusdigitalis.dev
// DNS (BIND)
:home-dns-primary: 10.50.1.90
:home-dns-secondary: 10.50.1.1
:home-bind-ip: 10.50.1.90
:home-bind-host: bind-01.inside.domusdigitalis.dev
// Active Directory
:home-ad-server: HOME-DC01.inside.domusdigitalis.dev
:home-ad-ca: HOME-ROOT-CA
// Network (VyOS replaced pfSense 2026-03-07)
:home-vyos-ip: 10.50.1.2
:home-vyos-host: vyos-01.inside.domusdigitalis.dev
:home-switch-ip: 10.50.1.10
:home-wlc-ip: 10.50.1.40
:home-wlc-host: wlc.inside.domusdigitalis.dev
// Storage
:nas-ip: 10.50.1.70
:nas-name: nas-01
:nas-nfs-path: /volume1/ise_backups
// ========================================================================
// PERSONAL PROJECTS
// ========================================================================
:prj-ipsk-home: PRJ-ISE-IPSK-HOME-ANTORA
:prj-home-linux: PRJ-ISE-HOME-LINUX-ANTORA
:prj-home-lab: PRJ-ISE-HOME-LINUX-ANTORA
:prj-netapi: PRJ-NETAPI-ANTORA
:prj-secrets: PRJ-SECRETS
:prj-recovery: PRJ-RECOVERY
:prj-infra-ops: PRJ-INFRA-OPS-ANTORA
// ========================================================================
// PERSONAL TOOLS
// ========================================================================
:tool-netapi: netapi (Personal ISE automation CLI)
:tool-dsec: dsec (Secrets management)
:tool-ansible: Ansible
:tool-git: Git
// Work documents
// ========================================================================
// SHARED ATTRIBUTES -- Home & Personal
// ========================================================================
// Source of truth for personal identity, home infrastructure, and
// document defaults used across daily worklogs and captures.
//
// Usage:
// include::partial$attributes.adoc[]
//
// For work-specific attributes (CHLA), also include:
// include::partial$attributes-work.adoc[]
//
// For HTML status styling, also include:
// include::partial$attributes-styles.adoc[]
//
// Per-document attributes (revdate, document-id, capture-date,
// focus-areas, etc.) remain in each file's header.
// ========================================================================
// ========================================================================
// DOCUMENT DEFAULTS
// ========================================================================
:id: UNSET
:document-id: {id}
// ========================================================================
// AUTHOR & IDENTITY
// ========================================================================
:author-name: Evan Rosado
:author-email-home: evan.rosado@domusdigitalis.dev
:author-email-work: erosado@chla.usc.edu
:author-email-personal: evan.rosado@outlook.com
// ========================================================================
// HOME ENTERPRISE DOMAINS
// ========================================================================
:home-domain: domusdigitalis.dev
:home-domain-internal: inside.domusdigitalis.dev
:home-domain-guest: guest.domusdigitalis.dev
:home-env-name: Home Enterprise ({home-domain})
// ========================================================================
// HOME ENTERPRISE INFRASTRUCTURE
// ========================================================================
// ISE Cluster (Home)
:home-ise-version: 3.3
:home-ise-pan-ip: 10.50.1.21
:home-ise-pan-host: ise-02.inside.domusdigitalis.dev
:home-ise-01-ip: 10.50.1.20
:home-ise-01-host: ise-01.inside.domusdigitalis.dev
:home-ise-02-ip: 10.50.1.21
:home-ise-02-host: ise-02.inside.domusdigitalis.dev
// DNS (BIND)
:home-dns-primary: 10.50.1.90
:home-dns-secondary: 10.50.1.1
:home-bind-ip: 10.50.1.90
:home-bind-host: bind-01.inside.domusdigitalis.dev
// Active Directory
:home-ad-server: HOME-DC01.inside.domusdigitalis.dev
:home-ad-ca: HOME-ROOT-CA
// Network (VyOS replaced pfSense 2026-03-07)
:home-vyos-ip: 10.50.1.2
:home-vyos-host: vyos-01.inside.domusdigitalis.dev
:home-switch-ip: 10.50.1.10
:home-wlc-ip: 10.50.1.40
:home-wlc-host: wlc.inside.domusdigitalis.dev
// Storage
:nas-ip: 10.50.1.70
:nas-name: nas-01
:nas-nfs-path: /volume1/ise_backups
// ========================================================================
// PERSONAL PROJECTS
// ========================================================================
:prj-ipsk-home: PRJ-ISE-IPSK-HOME-ANTORA
:prj-home-linux: PRJ-ISE-HOME-LINUX-ANTORA
:prj-home-lab: PRJ-ISE-HOME-LINUX-ANTORA
:prj-netapi: PRJ-NETAPI-ANTORA
:prj-secrets: PRJ-SECRETS
:prj-recovery: PRJ-RECOVERY
:prj-infra-ops: PRJ-INFRA-OPS-ANTORA
// ========================================================================
// PERSONAL TOOLS
// ========================================================================
:tool-netapi: netapi (Personal ISE automation CLI)
:tool-dsec: dsec (Secrets management)
:tool-ansible: Ansible
:tool-git: Git
// ========================================================================
// WORK ATTRIBUTES -- CHLA Environment
// ========================================================================
// Contains sensitive work-specific infrastructure, personnel, and project
// attributes. Include only in work-related documents.
//
// Usage:
// include::partial$attributes-work.adoc[]
// ========================================================================
// ========================================================================
// DOMAINS (Work)
// ========================================================================
:domain: chla.usc.edu
:ad-domain: la.ad.chla.org
:krb5-realm: LA.AD.CHLA.ORG
:ise-domain: ise.chla.org
:work-env-name: Enterprise (CHLA)
// ========================================================================
// ISE CLUSTER (CHLA Production)
// ========================================================================
// Primary PAN
:ise-ppan-ip: 10.101.2.121
:ise-ppan-host: ppan.ise.chla.org
// Secondary PAN
:ise-span-ip: 10.101.2.122
:ise-span-host: span.ise.chla.org
:ise-span: {ise-span-host}
// Primary MnT
:ise-pmnt-ip: 10.101.2.123
:ise-pmnt-host: pmnt.ise.chla.org
// Secondary MnT
:ise-smnt-ip: 10.101.2.124
:ise-smnt-host: smnt.ise.chla.org
// Policy Service Nodes -- Building 1
:ise-psn-1-ip: 10.101.2.131
:ise-psn-2-ip: 10.101.2.132
// Policy Service Nodes -- Building 2
:ise-psn-3-ip: 10.248.11.134
:ise-psn-4-ip: 10.248.11.135
:ise-version: 3.2 Patch 6
// ========================================================================
// DNS SERVERS (CHLA)
// ========================================================================
:dns-primary: 10.112.142.41
:dns-secondary: 10.192.142.41
:dns-backup: 10.112.142.42
// ========================================================================
// ACTIVE DIRECTORY DOMAIN CONTROLLERS (CHLA)
// ========================================================================
// Building 1
:ad-dc-1: 10.112.118.141
:ad-dc-2: 10.112.118.143
// Building 2
:ad-pdc: 10.100.11.28
:ad-dc-3: 10.100.11.27
// ========================================================================
// NETWORK INFRASTRUCTURE (CHLA)
// ========================================================================
:nas-research: 10.134.144.109
:remediation-server: remediation.chla.org
// ========================================================================
// PERSONNEL
// ========================================================================
:user-ben: Ben Castillo (SysEng)
:user-shahab: Dr. Shahab Asgharzadeh
:user-shahab-dept: Spatial Biology and Genomics Core (TSRI SBG)
:user-shahab-mac: b4:e9:b8:f6:c8:17
:user-samuel: Samuel John (Database Architect, Digital Dev & Solutions Architecture)
:user-argam: Argam Darbinian (Endpoint Engineer I)
:user-levitt: Dr. Pat Levitt
:user-levitt-email: plevit@chla.usc.edu
:user-carlos: Carlos (InfoSec)
:user-victor: Victor (Cloud/AD)
// Person shorthand
:person-sarah: Sarah Clizer (CISO)
:person-shahab: {user-shahab}
:person-ben: {user-ben}
:person-victor: {user-victor}
:person-carlos: {user-carlos}
// Teams
:team-infosec: Information Security Team
:team-network: Network Engineering Team
:team-endpoint: Endpoint Engineering Team
// ========================================================================
// PROJECTS
// ========================================================================
:prj-ipsk-chla: PRJ-ISE-IPSK-CHLA-ANTORA
:prj-chla-linux: PRJ-ISE-CHLA-LINUX-ANTORA
:prj-sentinel-migration: PRJ-SENTINEL-MIGRATION
:prj-mschapv2-migration: PRJ-MSCHAPV2-TO-EAPTLS
// ========================================================================
// iPSK ATTRIBUTES
// ========================================================================
:ipsk-primary-hostname: ipsk-mgr-01
:ipsk-secondary-hostname: ipsk-mgr-02
:ssid-iot: CHLA_IoT
:policy-set-name: IoT WIFI iPSK
:odbc-source-name: iPSKManager
:mysql-port: 3306
:db-name: ipsk
// ========================================================================
// TOOLS & PLATFORMS (Security Stack)
// ========================================================================
// SIEM & Security Analytics
:tool-qradar: IBM QRadar SIEM (Legacy - migrating from)
:tool-sentinel: Microsoft Sentinel (Target SIEM)
:tool-defender: Microsoft Defender for Endpoint
:tool-xdr: Microsoft Defender XDR
// Threat Intelligence
:tool-abuseipdb: AbuseIPDB
:tool-virustotal: VirusTotal
:tool-urlscan: URLScan.io
:tool-talos: Cisco Talos Intelligence
// Infrastructure & Access
:tool-claroty: Claroty XDome (OT Security)
:tool-umbrella: Cisco Secure Umbrella (DNS Filtering)
:tool-posture: Cisco Secure Client Posture Module
:tool-ise: Cisco Identity Services Engine
:tool-adcs: Active Directory Certificate Services
// Collaboration & Ticketing
:tool-teams: Microsoft Teams
:tool-servicenow: ServiceNow
:tool-slack: Slack
// Development & Automation
:tool-azure-devops: Azure DevOps
// ========================================================================
// PEOPLESOFT TIME TRACKING
// ========================================================================
// Standard Admin Codes (CHLA InfoSec Engineering)
:ps-account: 605010
:ps-fund-code: 1010
:ps-department: 8492000
:ps-pc-unit: PC100
// ----------------------------------------------------------------------------
// Active Projects (Project # | Combo Code | Activity Code)
// Usage: {prj-<name>}, {combo-<name>}, {activity-<name>}
// ----------------------------------------------------------------------------
// EDR Migration (AMP to Defender)
:prj-edr-migration: 000017633
:combo-edr-migration: 000018546
:activity-edr-migration: 21
// Windows 11 Device Hardening
:prj-win11-hardening: 000017706
:combo-win11-hardening: 000018549
:activity-win11-hardening: 21
// iPad Refresh (Spectrum TV App & GetWell SSID)
:prj-ipad-refresh: 000016444
:combo-ipad-refresh: 000018551
:activity-ipad-refresh: 20
// Immunity Lab Move
:prj-immunity-lab: 000017481
:combo-immunity-lab:
:activity-immunity-lab: 21
// Mind DLP Proof of Value
:prj-mind-dlp: 000017956
:combo-mind-dlp: 000018452
:activity-mind-dlp: 21
// iSensix dACL + IoT VLAN Assignment
:prj-isensix-dacl:
:combo-isensix-dacl:
:activity-isensix-dacl: 21
// Cisco Catalyst Center (DNA Center Migration)
:prj-catalyst-center:
:combo-catalyst-center:
:activity-catalyst-center:
// ----------------------------------------------------------------------------
// Activity Hour Baselines (realistic end-to-end effort)
// ----------------------------------------------------------------------------
// Meetings & Collaboration
:hrs-meeting: 1.0
:hrs-stakeholder-meeting: 1.5
:hrs-workshop: 2.0
:hrs-vendor-call: 1.5
:hrs-cab-attendance: 1.0
// ISE / Network Policy
:hrs-ise-policy-mac: 3.0
:hrs-ise-policy-win: 4.5
:hrs-ise-policy-linux: 4.0
:hrs-dacl-design: 3.5
:hrs-authz-profile: 3.0
:hrs-policy-set: 4.0
// Change Management
:hrs-change-request: 3.5
:hrs-cab-prep: 2.0
:hrs-cutover: 4.0
:hrs-rollback-planning: 2.0
// Testing & Validation
:hrs-device-testing: 2.5
:hrs-pilot-validation: 4.0
:hrs-integration-testing: 3.5
// Support & Operations
:hrs-support: 2.0
:hrs-incident-response: 3.0
:hrs-troubleshooting: 2.5
:hrs-post-cutover-support: 2.5
// Discovery & Documentation
:hrs-discovery: 3.0
:hrs-documentation: 2.0
:hrs-architecture-design: 4.0
// ========================================================================
// STYLE ATTRIBUTES -- HTML Status Styling
// ========================================================================
// Contains CSS styling for status indicators and priority markers.
// Only applied when rendering to HTML (backend-html5).
//
// Usage:
// include::partial$attributes-styles.adoc[]
//
// Styling classes:
// .pass, .fail, .pending, .active
// .status-complete, .status-inprogress, .status-blocked, .status-pending, .status-notstarted
// .priority-critical, .priority-high, .priority-normal
// ========================================================================
++++
<style>
.pass { color: #22c55e; font-weight: bold; }
.fail { color: #ef4444; font-weight: bold; }
.pending { color: #f59e0b; font-weight: bold; }
.active { color: #3b82f6; font-weight: bold; }
.status-complete { color: #22c55e; font-weight: bold; }
.status-inprogress { color: #3b82f6; font-weight: bold; }
.status-blocked { color: #ef4444; font-weight: bold; }
.status-pending { color: #f59e0b; font-weight: bold; }
.status-notstarted { color: #94a3b8; font-weight: bold; font-style: italic; }
.priority-critical { background-color: #fef2f2; border-left: 4px solid #ef4444; padding: 0.5em; margin: 0.5em 0; }
.priority-high { background-color: #fef9c3; border-left: 4px solid #f59e0b; padding: 0.5em; margin: 0.5em 0; }
.priority-normal { background-color: #f0f9ff; border-left: 4px solid #3b82f6; padding: 0.5em; margin: 0.5em 0; }
</style>
++++