WRKLOG-2026-03-30

Summary

Sunday. Major documentation infrastructure session spanning Mar 29-30. Reorganized domus-captures file structure, built out template library from 1 to 16, wrote comprehensive math percentage curriculum (106 problems), created modular Arch Linux install runbook (10 phases), fixed Cloudflare deployment broken by Gabriel removal. Evening session: migrated Ollama model storage from root to /home partition (bind mount), pruned 4 unused models (~55GB), fixed domus-chat-v3 Modelfile, and built a FastAPI service with 8 endpoints (config audit, log analysis, error explainer, runbook generator).

URGENT - All Domains

Professional Backlog

Carryover Backlog (CRITICAL)

Task Details Origin Days Status

k3s NAT verification

NAT rule 170 for 10.42.0.0/16 pod network - test internet connectivity

2026-03-09

29

P0 - BLOCKING

Wazuh indexer recovery

Restart pod after NAT confirmed working - SIEM visibility blocked

2026-03-09

29

P0 - Blocked by k3s

Strongline Gateway VLAN fix

8 devices in wrong identity group (David Rukiza assigned)

2026-03-16

22

P0 - TODO

Monad Pipeline Evaluation

Test pipeline creation, input sources, transforms (LEAD ROLE)

2026-03-11

27

P1 - TODO

Vocera EAP-TLS Supplicant Fix

~10 phones failing 802.1X, missing supplicant config

2026-03-12

26

P1 - TODO

ISE MnT Messaging Service

Enable "Use ISE Messaging Service for UDP syslogs delivery"

2026-03-12

26

P2 - TODO

ISE Patch 9 upgrade

ISE 3.2 Patch 9 addresses known replication issues

2026-03-12

26

P2 - TODO
Professional backlog remains critical. Check Days column for priorities.

Personal Blockers

BLOCKERS — Fix Immediately

Task Details Origin Days Impact

Z Fold 7 Termux

gopass and SSH not working

2026-03-10

25

BLOCKER — Cannot access passwords on mobile

gopass v3 organization

Inconsistent structure, poor key-value usage

2026-03-20

15

Inefficient password management, no aggregation

Life Admin

URGENT - Requires Immediate Action

Item Details Deadline Status Impact

Housing Search

Granada Hills area - apartments/rooms

TBD

In Progress

Quality of life, commute

Certification Deadlines

URGENT — Performance Review Deadline (June 1, 2026)

Certification Provider Deadline Status Impact

CISSP

ISC² — Certified Information Systems Security Professional

June 1, 2026

ACTIVE — Phase 0 (Project)

Required for performance review

RHCSA 9

Red Hat Certified System Administrator

June 1, 2026

ACTIVE — 21-phase curriculum (Project)

Required for performance review
55 days remaining until June 1st deadline.

Early Morning - 5:30am

Regex Training (CRITICAL CARRYOVER)

  • Session 3 - Character classes, word boundaries

  • Practice drills from regex-mastery curriculum

  • Status: 7 days carried over - DO THIS TODAY

Regex training continues to slip. This is the foundation for all CLI mastery.

Work (CHLA)

CHARGE TIME IN PEOPLESOFT - CRITICAL. Do this NOW before anything else.

PeopleSoft Time Entry Reference

Critical (P0)

Project Description Owner Status Due Blocker

Linux Research (Xianming Ding)

EAP-TLS for Linux workstations, dACL, UFW

Evan

BEHIND

02-24

Certificate "password required" - nmcli fix documented

iPSK Manager

Pre-shared key automation

Ben Castillo

BEHIND

 — 

DB replication issues

MSCHAPv2 Migration

Legacy auth deprecation

Evan

BEHIND

 — 

No progress on planning

Research Segmentation

All endpoints to Untrusted VLAN

Evan

BLOCKED

 — 

CISO decision pending

High Priority (P1)

Project Description Owner Status Target

ISE 3.4 Migration

Upgrade from 3.2p9

Evan

Blocked

Q1 2026

Switch Upgrades

IOS-XE fleet update (C9300, 3560CX)

Evan

Pending

Q1 2026

Spikewell BYOD VPN

dACL SQL, AD group integration

Evan

Active

 — 

Strongline Gateway

MAC capture, Identity Group setup

Evan

Active

 — 

QRadar → Sentinel Migration

Full SIEM platform transition, Monad evaluation

Evan

Active

Q2 2026

Strategic (P2)

Project Description Owner Status

HHS Regulatory Compliance

New HHS security policies implementation

TBD

NOT STARTED

InfoSec Reporting Dashboard

PowerBI metrics for executives

TBD

NOT STARTED

EDR Migration (AMP → Defender)

Endpoint protection consolidation

TBD

NOT STARTED

Azure Legacy Migration

Modern landing zone

Team

In Progress

ChromeOS EAP-TLS

SCEP + Victor, Paul testing

Victor

In Progress

Case Studies (March 2026)

TAC Cases:

Incidents:

Changes:

RCAs:

Today’s Priorities

  • P0 - MSCHAPv2 Migration: Run netapi endpoint report + pandas graph for team (URGENT — team meeting)

  • P0 - Enterprise Linux 802.1X: Standardize Shahab/Ding deployment (CISO priority)

  • P0 - Strongline Gateway VLAN fix (17 days - blocking Arin)

  • P0 - k3s NAT verification (24 days - CRITICAL)

  • P1 - Abnormal Security: ESA → API migration (Cisco→Microsoft shift)

  • P1 - DMZ Migration: External services audit behind NetScaler

  • P1 - Sentinel KQL: Build proficiency, distinguish from team

  • P1 - Monad Pipeline Evaluation (22 days - lead role assigned)

  • P1 - Vocera/Wyse iTrack RCA: Complete root cause report

  • P1 - GCC ISE Support: 3/4 nodes restored, PSN-04 deferred (NE-Systems)

  • P1 - Wazuh indexer recovery (blocked by NAT)

  • P1 - Vocera EAP-TLS Supplicant Fix (21 days)

Active Tickets

Service Requests (SR)

SR# Request Requestor Opened Status

3508542

Zoll cards connection issue

TBD

TBD

TODO

3508524

Disable dot1x on (2) network ports - 5th floor 3250 Wilshire (PXE-boot imaging issues)

TBD

TBD

Follow-up: Issues persisted after disable - plan to test re-enable

Incidents (INC)

INC# Priority Description Opened SLA Status

1911859

TBD

Strongline Gateways in Miscellaneous Subnet

TBD

TBD

TODO

Change Requests - Emergency (ECAB)

CR# Description Opened Scheduled Status

No emergency changes

Change Requests - Normal

CR# Description Opened Scheduled Status

No normal changes

Change Requests - Scheduled/Standard

CR# Description Opened Window Status

No scheduled changes

Change Requests - Root Cause / Post-Incident

CR# Description Related INC Opened Status

100451

Vocera Phones and Wyse devices went off network

TBD

TBD

TODO

Session Accomplishments (Claude Code)

Session 1: domus-captures File Organization (Mar 29)

Duration: ~2 hours
Objective: Eliminate _drafts/ anti-pattern, clean orphaned pages

Drafts Migration

  • Created pages/drafts/ as Antora-publishable WIP staging area

  • Moved 11 draft files from _drafts/ and pages/2026/02/

  • Moved TEMPLATE-capture.adoc to pages/templates/

  • Untracked 4 session dumps (4.6MB) and shell history from git

  • Added _drafts/ and .aider* to .gitignore

Orphan Cleanup

  • Deleted search.adoc (Lunr search handles this)

  • Deleted tags.adoc (stale, no links to actual content)

  • Deleted templates.adoc (merged escape patterns into AsciiDoc reference)

  • Moved ise-rejected-endpoint.adoc to drafts/ (raw terminal dump)

  • Moved principia-cleanup-report.adoc, migrate-antora.adoc to reference/

  • Moved superseded Jan v1 monthly report to drafts/

  • Added portfolio.adoc to nav under Meta

  • Added missing WRKLOG-2026-03-27 to chronicle nav

  • Deleted empty LRN-2026-02-14 stub

Math Percentage Curriculum (MAJOR)

  • Rewrote deepseek-math-exploration-v8-2026-03-29.adoc from 251 → 1,678 lines

  • Proper AsciiDoc STEM rendering (:stem: latexmath, \$...\$, [stem] blocks)

  • Three-part progressive structure: Foundations → Intermediate → Advanced

  • 106 practice problems with collapsible solutions across 11 sets (A-K)

  • Topics: conversions, three question types, increase/decrease, discounts, markup vs margin, compound interest, CAGR, depreciation, weighted averages, Bayes' theorem, mortgage amortization

  • Formula reference card appendix (15 formulas)

Session 2: Template Library (Mar 29-30)

Duration: ~1.5 hours
Objective: Build comprehensive template library for all document types

Created 15 new templates (up from 1):

Document Types (11)

  • TEMPLATE-wrklog.adoc — Daily worklog with partial includes

  • TEMPLATE-mtg.adoc — Meeting notes with decisions table, action items

  • TEMPLATE-doc.adoc — Research/analysis with comparison matrix

  • TEMPLATE-plan.adoc — Certification/project planning with phases, risks

  • TEMPLATE-ref.adoc — Tagged reference for selective inclusion

  • TEMPLATE-report.adoc — Weekly/periodic progress with metrics

  • TEMPLATE-monthly.adoc — End-of-month ops report

  • TEMPLATE-lrn.adoc — Learning capture with objectives, mistakes, connections

  • TEMPLATE-setup.adoc — Device/system setup with verification

  • TEMPLATE-cr.adoc — Change record with rollback plan

  • TEMPLATE-capture.adoc — Updated existing generic template

Coding (3)

  • TEMPLATE-code-exploration.adoc — Algorithm study (naive → optimized → production)

  • TEMPLATE-cli-reference.adoc — Tool mastery (awk, sed, etc.) with drill exercises

  • TEMPLATE-script-doc.adoc — Script documentation with args, flow, testing

Mathematics (2)

  • TEMPLATE-math-concept.adoc — Concept study with STEM rendering

  • TEMPLATE-math-problem-set.adoc — Problem sets with score tracker, retry log

Session 3: Arch Linux Install Runbook (Mar 30)

Duration: ~1 hour
Objective: Create modular bare-metal-to-desktop install guide

  • Created runbooks/arch-linux-fresh-install.adoc master page (81 lines)

  • Created 11 partials in partials/runbooks/arch-install/ (1,575 total lines):

    • Phase 0: Pre-install (USB, BIOS, WiFi, mirrors)

    • Phase 1: Disk setup (sgdisk, LUKS, btrfs subvolumes)

    • Phase 2: Base system (pacstrap, chroot, locale, hostname, users)

    • Phase 3: Bootloader (mkinitcpio, systemd-boot, NVIDIA hooks)

    • Phase 4: First boot (AUR, system packages, zsh)

    • Phase 5: Desktop (Hyprland stack, fonts, audio, Bluetooth, themes)

    • Phase 6: Dotfiles (dots-quantum, stow tiers, Neovim)

    • Phase 7: Secrets (age, SSH, gopass, GPG, multi-remote)

    • Phase 8: Development (Python/uv, Node, Rust, Antora, Claude Code, KVM)

    • Phase 9: Verification checklists + btrfs snapshot

    • Hardware notes (Lenovo Legion + Razer Blade specifics)

  • Linked to existing PRJ-2026-03-arch-linux-fresh-setup.adoc (tier strategy)

  • Added to nav under Runbooks > Workstation Setup

Session 4: Deployment Fixes (Mar 30)

  • Fixed domus-docs playbook — removed Gabriel docs (was duplicated, not deleted)

  • Removed display_version: Chronicles 2026 from domus-captures/docs/antora.yml

  • Restored Arch Fresh Setup project link to nav (accidentally dropped)

Commits This Session

Hash Message

af3099e

refactor(drafts): Migrate _drafts/ to pages/drafts/

2203df5

refactor(pages): Clean up orphaned files and fix nav references

6d2c099

add templates

52e618d

arch install adoc

pending

docs(runbooks): Arch Linux fresh install runbook partials + nav

pending

docs(reference): Aider offline guide + local model config

Session 5: Aider + Ollama Offline Setup (Mar 30)

Duration: ~1.5 hours
Objective: Configure local AI coding assistant for offline use

Configuration

  • Created ~/.aider.conf.yml — architect mode, whole edit format, auto-commit OFF

  • Created ~/.aider.model.settings.ymlnum_ctx: 32768 (Ollama defaults to 2048 and silently truncates!)

  • Created ~/.aider/CONVENTIONS.md — distilled coding rules for local models

  • Created .aider/CONVENTIONS.md (per-repo) — domus-captures partials, STEM syntax, attributes

  • Created .aiderignore — excludes quijote, old worklogs, binaries from context

  • Created reference/aider-offline-guide.adoc — comprehensive offline reference

Critical Fixes Discovered

Problem Impact

ollama/ prefix

Less reliable API calls → use ollama_chat/

edit-format: diff

Quantized models can’t follow diff syntax → use whole

No num_ctx setting

Ollama defaults to 2048 tokens and silently discards everything — root cause of all failures

No architect mode

Model tries to reason AND format in one pass → separating them improves quality dramatically

Testing Results

Run Config Model Output Grade

1

ollama/, diff format, no num_ctx

Wrong STEM syntax ([latexmath]$$), [discrete] instead of [%collapsible], ignored template

C+

2

ollama_chat/, whole format, num_ctx 32768

Correct STEM blocks, correct collapsible, followed template, but mixed \( \) inline

B+

3

Same + updated CONVENTIONS with "NEVER use `\( \)`", temp 0.2

All stem:[] inline, A1/A2 labels, full template adherence

A-

Stow Package

  • Added aider/ package to dots-quantum with .aider.conf.yml, .aider.model.settings.yml, CONVENTIONS.md

  • Stowed to ~ — symlinks verified

Models Available (Ollama)

  • qwen3-coder:30b (18GB) — MoE, 3.3B active, newest

  • qwen2.5-coder:32b (19GB) — battle-tested primary

  • qwen2.5-coder:14b (9GB) — fast fallback

  • ~73GB of removable models identified (deepseek-r1, base qwen2.5, llama3.2)

Session 6: Ollama Infrastructure + API Service (Mar 30 evening)

Duration: ~2.5 hours
Objective: Migrate Ollama storage, clean models, build FastAPI service

Ollama Model Storage Migration

Root partition was 92% full (20GB free on 250GB) because Ollama models (84GB) lived on /var/lib/ollama/. Migrated to /home partition (1.6TB free) via bind mount.

  • Copied models to /home/ollama-models/ with rsync

  • Configured persistent bind mount in /etc/fstab

  • Cleaned stale btrfs snapshots (snapper timeline + pacman pre/post)

  • Root partition recovered from 92% → 82% (gained 26GB)

Issue Encountered Resolution

OLLAMA_MODELS env var → permission denied

ollama user couldn’t traverse /home/evanusmodestus/. Used bind mount instead of env var.

df still showing 92% after delete

Btrfs snapshots held references to deleted data. Deleted old timeline + pacman snapshots.

Model Cleanup

Pruned 4 unused models (~55GB), fixed broken custom model:

Model Size Action

domus-chat (v1)

19GB

Removed — superseded by v3

analyst

19GB

Removed — deepseek-r1 base, slow

llava

4.7GB

Removed — vision model, 8 weeks untouched

codestral:22b

12GB

Removed — qwen outperforms

domus-chat-v2

18GB

Removed — TEMPLATE override broke chat formatting

domus-chat-v3

18GB

Created — proper inherited template, +attribute rules

Final model inventory (5 models, ~70GB):

  • domus-chat-v3 — custom chat with AsciiDoc conventions (qwen3-coder base)

  • qwen3-coder:30b — primary coder (Aider)

  • qwen2.5-coder:32b — battle-tested fallback (Aider)

  • qwen2.5-coder:14b — fast/lightweight

  • quick — ultra-fast Q&A (7B)

FastAPI Service: ollama-api

Built a FastAPI wrapper around Ollama with domain-specific endpoints in ~/atelier/_projects/personal/ollama-local/api/.

Endpoint Model Purpose

GET /health

Ollama connectivity + model list

GET /models

Model metadata (size, quant, params)

POST /chat

qwen3-coder

General chat

POST /chat/stream

qwen3-coder

Streaming chat (token by token)

POST /audit/config

qwen3-coder

Paste network config → security audit findings

POST /analyze/logs

qwen3-coder

Paste logs → root cause + fix commands

POST /explain/error

quick (7B)

Paste error → explanation + resolution (~3s)

POST /generate/runbook

qwen3-coder

Paste CLI session → AsciiDoc runbook

  • pyproject.toml with uv dependency management

  • api/main.py — 8 endpoints, ~350 lines

  • api/schemas.py — Pydantic request/response models

  • Swagger UI at localhost:8080/docs

  • Tested config audit: 7 findings from intentionally insecure Cisco config

  • Tested runbook generator: converted tonight’s migration into structured AsciiDoc

Personal

In Progress

Project Description Status Notes

k3s Platform

Production k3s cluster on kvm-01

Active

Prometheus, Grafana, Wazuh deployed

Wazuh Archives

Enable archives indexing in Filebeat

Active

PVC fix pending

kvm-02 Hardware

Supermicro B deployment

Active

Hardware ready, RAM upgrade done

Planned

Project Description Target Blocked By

Vault HA (3-node)

vault-02, vault-03 on kvm-02

Q1 2026

kvm-02 deployment

k3s HA (3-node)

Control plane HA

Q1 2026

kvm-02 deployment

ArgoCD GitOps

k3s GitOps deployment

After k3s stable

 — 

MinIO S3

Object storage for k3s

After ArgoCD

 — 

Domus Inventory

Personal asset management (YAML + CLI + AsciiDoc)

Q2 2026

Schema approved

Active — Infrastructure

Task Details Priority Status Due

Wazuh agent deployment

Deploy agents to all infrastructure hosts

P2

Pending

After archives fix

k3s Platform

Production k3s cluster on kvm-01

P1

In Progress

 — 

Wazuh Archives

Enable archives indexing in Filebeat, PVC fix

P1

In Progress

 — 

kvm-02 Hardware

Supermicro B deployment, RAM upgrade done

P1

In Progress

 — 

Active — Security & Encryption

Task Details Priority Status Due

Configure 4th YubiKey

SSH FIDO2 keys

P1

TODO

 — 

Cold storage M-DISC backup

age-encrypted archives

P1

TODO

After YubiKey setup

Active — Development & Tools

Task Details Priority Status Due

netapi Commercialization

Go CLI rewrite with Cobra-style argument discovery, package for distribution

P0

Active

 — 

Ollama API Service

FastAPI (17 endpoints), productize — config audit, doc tools, runbook gen

P0

Active

 — 

Shell functions (fe, fec, fef)

File hunting helpers

P3

TODO

 — 

Active — Documentation

Task Details Priority Status Due

D2 Catppuccin Mocha styling

domus-* spoke repos (177 files total)

P3

In Progress

 — 

Active — Financial

Task Details Priority Status Due

Amazon order history import

Download CSV from Privacy Central → parse with awk → populate subscriptions tracker

P1

Waiting

Pending Amazon data export (requested 2026-04-04)

Active — Education

Task Details Priority Status Due

No active education tasks — see education trackers

Active — Personal & Life Admin

Task Details Priority Status Due

ThinkPad T16g Setup

Arch install, stow dotfiles, Ollama stack, netapi dev env

P0

Pending

 — 

P50 Arch to Ubuntu migration

CR-2026-03-12

P2

In Progress

 — 

X1 Carbon Ubuntu installs

2 laptops, LUKS encryption

P2

In Progress

 — 

P50 Steam Test

Test Flatpak Steam + apt cleanup of broken i386 packages

P3

Pending

 — 

Documentation Sites

Notes

Day-specific personal notes here.

Education

Claude Code + AI Engineering (ACTIVE)

Claude Code Mastery

Resource Details Progress Status

Claude Code Full Course (4 hrs)

Nick Saraev - YouTube comprehensive course

26:49 / 4:00:00

IN PROGRESS

Claude Code Certification

Anthropic official certification (newly released)

Not started

GOAL

Active Tracks (Focus)

Skills Mastery (Critical)

Certification Deadlines

  • CISSP - Before June 1, 2026 (performance review)

  • RHCSA 9 - Before June 1, 2026 (performance review)

  • LPIC-1 - Renewal required (blocks LPIC-2)

Language Certifications (DELE/SIELE)

Spanish C1 Certification Goals

Certification Provider Target Status Strategy

SIELE C1

Instituto Cervantes / UNAM / Salamanca

Q2 2026

ACTIVE

Computer-based, faster results - take FIRST

DELE C1

Instituto Cervantes

Q3/Q4 2026

PLANNED

After SIELE success, harder exam

DELE C2

Instituto Cervantes

2027

FUTURE

Mastery level - requires extensive immersion
SIELE is computer-adaptive, results in 3 weeks. DELE is paper-based, results in 3-4 months. Do SIELE first to validate readiness.

Don Quijote Writing Practice - DELE C1/C2 Initiative

Method:

  1. Read chapter in original Spanish

  2. Write personal analysis/understanding en espanol

  3. AI review for grammar, vocabulary, register

  4. Build comprehensive understanding of literary elements

Today’s Study

  • Focus: CISSP study (55 days to June 1), domus-api Phase 3 prep

  • Secondary: RHCSA curriculum, Spanish DELE/SIELE

  • CISSP — begin Phase 0 domain review

  • RHCSA — continue curriculum phase

  • Spanish — Don Quijote reading + analysis

  • domus-api — evaluate Ollama RAG architecture for Phase 3

Regex Training (CRITICAL)

  • Status: 7 days carried over

  • Priority: After PeopleSoft, before Quijote

  • Session: Character classes, word boundaries

Infrastructure

Documentation Sites

Site URL Status Actions Needed

Domus Digitalis

docs.domusdigitalis.dev

Active

Validate, harden, improve

Architectus

docs.architectus.dev

Active

Public portfolio site - maintain

HA Deployment Status

System Description Status Notes

VyOS HA

vyos-01 (kvm-01) + vyos-02 (kvm-02) with VRRP VIP

✅ COMPLETE

2026-03-07 - pfSense decommissioned

BIND DNS HA

bind-01 (kvm-01) + bind-02 (kvm-02) with AXFR

✅ COMPLETE

Zone transfer operational

Vault HA

Raft cluster (vault-01/02/03)

✅ COMPLETE

Integrated with PKI

Keycloak Rebuild

keycloak-01 corrupted, rebuild from scratch

🔄 NEXT

Priority P3 - SSO broken

FreeIPA HA

ipa-02 replica planned

📋 PLANNED

Linux auth redundancy

AD DC HA

home-dc02 replication

📋 PLANNED

Windows auth redundancy

iPSK Manager HA

ipsk-mgr-02 with MySQL replication

📋 PLANNED

PSK portal redundancy

ISE HA

PAN HA (ise-01 reconfigure)

⏳ DEFERRED

Wait until ise-02 stable

ISE 3.5 Migration

Upgrade path: 3.2p9 → 3.4 (P1) → 3.5 (target)

📋 PLANNED

After 3.4 Migration completes (Q2 2026)

Single Points of Failure (CRITICAL)

These systems have NO redundancy - outage impacts production.
System Impact if Down Mitigation

ISE (ise-02)

All 802.1X stops - wired and wireless auth fails

ise-01 reconfiguration deferred until ise-02 stable

Keycloak (keycloak-01)

SAML/OIDC SSO broken (ISE admin, Grafana, etc.)

NEXT PRIORITY - Rebuild runbook

FreeIPA (ipa-01)

Linux auth, sudo rules, HBAC fails

ipa-02 replica planned

AD DC (home-dc01)

Windows auth, Kerberos, GPO fails

home-dc02 replica planned

iPSK Manager

Self-service PSK portal unavailable

ipsk-mgr-02 with MySQL replication planned

Validation Tasks

Task Details Status

docs.domusdigitalis.dev validation

Test all cross-references, search, rendering

TODO

docs.domusdigitalis.dev hardening

HTTPS, CSP headers, security review

TODO

docs.architectus.dev validation

Public site content review

TODO

Hub-spoke sync verification

All components building correctly

Ongoing

Quick Commands

gopass-personal-docs Usage

\# Interactive entry creation
gopass-personal-docs

\# Categories: 1) Bills 2) Subscriptions 3) Housing 4) Vehicles 5) Insurance

gopass-query Usage

\# List all recurring bills with totals
gopass-query bills

\# List storage units with gate codes
gopass-query storage

\# Export category to JSON
gopass-query export bills

API: domus-api — Documentation System REST API

Source: 2026-04-06 — First domus-api session, querying 2,928 .adoc files via REST endpoints

\# Start the API server (localhost:8080, Tailscale accessible)
cd ~/atelier/_projects/personal/domus-api && uv run uvicorn domus_api.main:app --host 0.0.0.0 --port 8080

\# Health check — document counts
curl -s localhost:8080/ | jq

\# Full repository stats by category
curl -s localhost:8080/stats | jq

\# All 20+ standards as JSON
curl -s localhost:8080/standards | jq

\# Standards — extract just ID and title (awk-style with jq)
curl -s localhost:8080/standards | jq -r '.standards[] | "\(.id)\t\(.title)"'

\# Full-text search across all files
curl -s 'localhost:8080/search?q=mandiant' | jq

\# Search — extract just path, title, match count
curl -s 'localhost:8080/search?q=mandiant' | jq '.results[] | {path, title, match_count}'

\# Scoped search (standards only)
curl -s 'localhost:8080/search?q=RFC+2119&scope=standards' | jq

\# Get specific page with full content + metadata
curl -s localhost:8080/pages/standards/operations/change-control | jq

\# List pages filtered by category
curl -s 'localhost:8080/pages?category=standards' | jq
curl -s 'localhost:8080/pages?category=codex&limit=10' | jq

\# All antora.yml attributes (127)
curl -s localhost:8080/attributes | jq

\# Swagger UI (open in browser)
\# http://localhost:8080/docs

\# Kill server on port 8080
kill $(lsof -ti:8080)

API: Incident & Change Record Queries

Source: 2026-04-07 — Querying incidents and CRs via domus-api for work reporting

\# ─── INCIDENT QUERIES ───

\# Get incident title
curl -s localhost:8080/pages/case-studies/incidents/INC-2026-04-06-domus-iot-vpn-connectivity | jq -r '.title'

\# Read incident content as plain text (jq -r unescapes \n)
curl -s localhost:8080/pages/case-studies/incidents/INC-2026-04-06-domus-iot-vpn-connectivity | jq -r '.content' | head -50

\# List all incidents
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("incidents")) | "\(.title)\t\(.path)"'

\# Search incidents by keyword
curl -s 'localhost:8080/search?q=IOT_WAN' | jq -r '.results[] | "\(.title)\t\(.path)"'

\# Search for all VPN-related content
curl -s 'localhost:8080/search?q=GlobalProtect' | jq -r '.results[] | "\(.title)\t\(.path)"'

\# ─── CHANGE RECORD QUERIES ───

\# Get CR title
curl -s localhost:8080/pages/case-studies/changes/CR-2026-04-07-iot-wan-vpn-passthrough | jq -r '.title'

\# Read CR content
curl -s localhost:8080/pages/case-studies/changes/CR-2026-04-07-iot-wan-vpn-passthrough | jq -r '.content' | head -80

\# List all change records
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("changes")) | "\(.title)\t\(.path)"'

\# ─── WORKFLOW: INCIDENT TO CR TRACEABILITY ───

\# Find all documents related to an incident
curl -s 'localhost:8080/search?q=INC-2026-04-06-001' | jq -r '.results[] | "\(.path)"'

\# Find the CR linked to an incident
curl -s 'localhost:8080/search?q=CR-2026-04-07-iot-wan' | jq -r '.results[] | {title, path}'

\# ─── FORMAT FOR REPORTING ───

\# Incident summary as TSV (paste into spreadsheet)
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("incidents")) | [.title, .path] | @tsv'

\# Pipe to column for terminal table
curl -s 'localhost:8080/pages?category=case-studies' | jq -r '.pages[] | select(.path | contains("incidents")) | [.title, .path] | @tsv' | column -t -s $'\t'

\# Export incident as markdown (basic conversion)
curl -s localhost:8080/pages/case-studies/incidents/INC-2026-04-06-domus-iot-vpn-connectivity | jq -r '.content' > /tmp/incident-report.txt

Security: Mandiant Vulnerability Assessment Discovery

Source: 2026-04-06 — Searching domus-captures + Principia for pentest findings, dACLs, and remediation content

\# Search for Mandiant references across domus-captures
grep -ri 'mandiant' docs/modules/ROOT/ | awk 'NR<=30'

\# Find dACL / downloadable ACL content
grep -ri 'dacl\|downloadable.acl' docs/modules/ROOT/ | awk 'NR<=30'

\# Search Principia vault (legacy PKM) for Mandiant data
grep -ri 'mandiant' ~/atelier/_bibliotheca/Principia/ 2>/dev/null | awk 'NR<=30'

\# Find files with security assessment terms in the name
find docs/ -name '*mandiant*' -o -name '*vuln*' -o -name '*dacl*'

\# Find dACL diagram source files
find docs/modules/ROOT/images/diagrams -name 'dacl*'

\# Posture redirect ACL references (the critical finding)
grep -ri 'posture.*redirect\|redirect.*acl\|pre.auth.*acl' docs/modules/ROOT/ | awk 'NR<=20'

\# Cross-repo vulnerability search
grep -ri 'vulnerability.assess\|pentest\|penetration.test' docs/modules/ROOT/pages/2026/ | awk 'NR<=20'

\# Principia asset directory discovery (OPS-* and PRJ-* directories)
find ~/atelier/_bibliotheca/Principia/02_Assets -maxdepth 1 -type d \( -name 'OPS-*' -o -name 'PRJ-*' \)

\# Raspberry Pi OUI detection (from pentest findings)
\# netapi ise mnt --format json sessions | jq -r '.[] | select(.calling_station_id | startswith("B8:27:EB") or startswith("DC:A6:32") or startswith("E4:5F:01")) | [.calling_station_id, .framed_ip_address, .nas_ip_address] | @tsv'

Audio: PipeWire Validation (Post-Reboot)

Source: 2026-04-06 — P16g audio testing after sof-firmware install

\# PipeWire status (replaces pulseaudio pavucontrol for status)
wpctl status

\# List all audio sinks (short format)
pactl list sinks short

\# Play audio through default sink (native PipeWire — no alsa-utils needed)
pw-play /usr/share/sounds/freedesktop/stereo/bell.oga

\# Play through specific sink by ID
pw-play --target 65 /usr/share/sounds/freedesktop/stereo/bell.oga

\# Kernel audio firmware messages (Intel SOF)
journalctl -b --grep='sof|cs35l56|cs42l43' --no-pager | tail -20

\# ALSA sound cards
cat /proc/asound/cards

Git: Cross-Repo Activity Audit

Source: 2026-04-06 — Reconstructing daily AI session history across all domus repos

\# All commits on a specific date across all domus repos
for repo in ~/atelier/_bibliotheca/domus-*/ ~/atelier/_projects/personal/domus-*/; do
  [ -d "$repo/.git" ] || continue
  name=$(basename "$repo")
  git -C "$repo" log --since="2026-04-06" --until="2026-04-07" --format="%h %aI %s" 2>/dev/null |
    awk -v r="$name" '{print r, $0}'
done

\# Structured commit log as JSON (pipe to jq)
git -C ~/atelier/_bibliotheca/domus-captures log --pretty=format:'{"hash":"%h","date":"%aI","subject":"%s"}' -20 |
  jq -s 'sort_by(.date) | reverse'

\# Commits per month (aggregation)
git -C ~/atelier/_bibliotheca/domus-captures log --pretty=format:'{"date":"%aI"}' -100 |
  jq -s 'map(.date | split("T")[0] | split("-")[0:2] | join("-")) | group_by(.) | map({month: .[0], count: length}) | sort_by(.month)'

\# Cross-repo search via GitHub API (quote URL for zsh)
gh search code "vault seal" --owner EvanusModestus --json repository,path,textMatches |
  jq '.[] | {repo: .repository.full_name, file: .path, match: .textMatches[].fragment}'

\# List .adoc files in a repo via GitHub API
gh api 'repos/EvanusModestus/domus-captures/git/trees/main?recursive=1' |
  jq '[.tree[] | select(.path | endswith(".adoc"))] | length'

\# Cross-repo activity dashboard (last 5 per repo)
for repo in domus-captures domus-infra-ops domus-ise-linux domus-netapi-docs domus-secrets-ops; do
  git -C ~/atelier/_bibliotheca/$repo log --pretty=format:"{\"repo\":\"$repo\",\"date\":\"%aI\",\"subject\":\"%s\"}" -5 2>/dev/null
done | jq -s 'sort_by(.date) | reverse | .[:15] | .[] | "\(.date | split("T")[0]) [\(.repo)] \(.subject)"' -r

\# Antora attribute comparison across repos
for f in ~/atelier/_bibliotheca/domus-*/docs/asciidoc/antora.yml; do
  repo=$(basename "$(dirname "$(dirname "$(dirname "$f")")")")
  count=$(yq '.asciidoc.attributes | length // 0' "$f")
  printf "%-30s %s attributes\n" "$repo" "$count"
done

Attribute Includes

// Home documents
// ========================================================================
// SHARED ATTRIBUTES -- Home & Personal
// ========================================================================
// Source of truth for personal identity, home infrastructure, and
// document defaults used across daily worklogs and captures.
//
// Usage:
//   include::partial$attributes.adoc[]
//
// For work-specific attributes (CHLA), also include:
//   include::partial$attributes-work.adoc[]
//
// For HTML status styling, also include:
//   include::partial$attributes-styles.adoc[]
//
// Per-document attributes (revdate, document-id, capture-date,
// focus-areas, etc.) remain in each file's header.
// ========================================================================

// ========================================================================
// DOCUMENT DEFAULTS
// ========================================================================
:id: UNSET
:document-id: {id}

// ========================================================================
// AUTHOR & IDENTITY
// ========================================================================
:author-name: Evan Rosado
:author-email-home: evan.rosado@domusdigitalis.dev
:author-email-work: erosado@chla.usc.edu
:author-email-personal: evan.rosado@outlook.com

// ========================================================================
// HOME ENTERPRISE DOMAINS
// ========================================================================
:home-domain: domusdigitalis.dev
:home-domain-internal: inside.domusdigitalis.dev
:home-domain-guest: guest.domusdigitalis.dev
:home-env-name: Home Enterprise ({home-domain})

// ========================================================================
// HOME ENTERPRISE INFRASTRUCTURE
// ========================================================================

// ISE Cluster (Home)
:home-ise-version: 3.3
:home-ise-pan-ip: 10.50.1.21
:home-ise-pan-host: ise-02.inside.domusdigitalis.dev
:home-ise-01-ip: 10.50.1.20
:home-ise-01-host: ise-01.inside.domusdigitalis.dev
:home-ise-02-ip: 10.50.1.21
:home-ise-02-host: ise-02.inside.domusdigitalis.dev

// DNS (BIND)
:home-dns-primary: 10.50.1.90
:home-dns-secondary: 10.50.1.1
:home-bind-ip: 10.50.1.90
:home-bind-host: bind-01.inside.domusdigitalis.dev

// Active Directory
:home-ad-server: HOME-DC01.inside.domusdigitalis.dev
:home-ad-ca: HOME-ROOT-CA

// Network (VyOS replaced pfSense 2026-03-07)
:home-vyos-ip: 10.50.1.2
:home-vyos-host: vyos-01.inside.domusdigitalis.dev
:home-switch-ip: 10.50.1.10
:home-wlc-ip: 10.50.1.40
:home-wlc-host: wlc.inside.domusdigitalis.dev

// Storage
:nas-ip: 10.50.1.70
:nas-name: nas-01
:nas-nfs-path: /volume1/ise_backups

// ========================================================================
// PERSONAL PROJECTS
// ========================================================================
:prj-ipsk-home: PRJ-ISE-IPSK-HOME-ANTORA
:prj-home-linux: PRJ-ISE-HOME-LINUX-ANTORA
:prj-home-lab: PRJ-ISE-HOME-LINUX-ANTORA
:prj-netapi: PRJ-NETAPI-ANTORA
:prj-secrets: PRJ-SECRETS
:prj-recovery: PRJ-RECOVERY
:prj-infra-ops: PRJ-INFRA-OPS-ANTORA

// ========================================================================
// PERSONAL TOOLS
// ========================================================================
:tool-netapi: netapi (Personal ISE automation CLI)
:tool-dsec: dsec (Secrets management)
:tool-ansible: Ansible
:tool-git: Git

// Work documents
// ========================================================================
// SHARED ATTRIBUTES -- Home & Personal
// ========================================================================
// Source of truth for personal identity, home infrastructure, and
// document defaults used across daily worklogs and captures.
//
// Usage:
//   include::partial$attributes.adoc[]
//
// For work-specific attributes (CHLA), also include:
//   include::partial$attributes-work.adoc[]
//
// For HTML status styling, also include:
//   include::partial$attributes-styles.adoc[]
//
// Per-document attributes (revdate, document-id, capture-date,
// focus-areas, etc.) remain in each file's header.
// ========================================================================

// ========================================================================
// DOCUMENT DEFAULTS
// ========================================================================
:id: UNSET
:document-id: {id}

// ========================================================================
// AUTHOR & IDENTITY
// ========================================================================
:author-name: Evan Rosado
:author-email-home: evan.rosado@domusdigitalis.dev
:author-email-work: erosado@chla.usc.edu
:author-email-personal: evan.rosado@outlook.com

// ========================================================================
// HOME ENTERPRISE DOMAINS
// ========================================================================
:home-domain: domusdigitalis.dev
:home-domain-internal: inside.domusdigitalis.dev
:home-domain-guest: guest.domusdigitalis.dev
:home-env-name: Home Enterprise ({home-domain})

// ========================================================================
// HOME ENTERPRISE INFRASTRUCTURE
// ========================================================================

// ISE Cluster (Home)
:home-ise-version: 3.3
:home-ise-pan-ip: 10.50.1.21
:home-ise-pan-host: ise-02.inside.domusdigitalis.dev
:home-ise-01-ip: 10.50.1.20
:home-ise-01-host: ise-01.inside.domusdigitalis.dev
:home-ise-02-ip: 10.50.1.21
:home-ise-02-host: ise-02.inside.domusdigitalis.dev

// DNS (BIND)
:home-dns-primary: 10.50.1.90
:home-dns-secondary: 10.50.1.1
:home-bind-ip: 10.50.1.90
:home-bind-host: bind-01.inside.domusdigitalis.dev

// Active Directory
:home-ad-server: HOME-DC01.inside.domusdigitalis.dev
:home-ad-ca: HOME-ROOT-CA

// Network (VyOS replaced pfSense 2026-03-07)
:home-vyos-ip: 10.50.1.2
:home-vyos-host: vyos-01.inside.domusdigitalis.dev
:home-switch-ip: 10.50.1.10
:home-wlc-ip: 10.50.1.40
:home-wlc-host: wlc.inside.domusdigitalis.dev

// Storage
:nas-ip: 10.50.1.70
:nas-name: nas-01
:nas-nfs-path: /volume1/ise_backups

// ========================================================================
// PERSONAL PROJECTS
// ========================================================================
:prj-ipsk-home: PRJ-ISE-IPSK-HOME-ANTORA
:prj-home-linux: PRJ-ISE-HOME-LINUX-ANTORA
:prj-home-lab: PRJ-ISE-HOME-LINUX-ANTORA
:prj-netapi: PRJ-NETAPI-ANTORA
:prj-secrets: PRJ-SECRETS
:prj-recovery: PRJ-RECOVERY
:prj-infra-ops: PRJ-INFRA-OPS-ANTORA

// ========================================================================
// PERSONAL TOOLS
// ========================================================================
:tool-netapi: netapi (Personal ISE automation CLI)
:tool-dsec: dsec (Secrets management)
:tool-ansible: Ansible
:tool-git: Git
// ========================================================================
// WORK ATTRIBUTES -- CHLA Environment
// ========================================================================
// Contains sensitive work-specific infrastructure, personnel, and project
// attributes. Include only in work-related documents.
//
// Usage:
//   include::partial$attributes-work.adoc[]
// ========================================================================

// ========================================================================
// DOMAINS (Work)
// ========================================================================
:domain: chla.usc.edu
:ad-domain: la.ad.chla.org
:krb5-realm: LA.AD.CHLA.ORG
:ise-domain: ise.chla.org
:work-env-name: Enterprise (CHLA)

// ========================================================================
// ISE CLUSTER (CHLA Production)
// ========================================================================

// Primary PAN
:ise-ppan-ip: 10.101.2.121
:ise-ppan-host: ppan.ise.chla.org

// Secondary PAN
:ise-span-ip: 10.101.2.122
:ise-span-host: span.ise.chla.org
:ise-span: {ise-span-host}

// Primary MnT
:ise-pmnt-ip: 10.101.2.123
:ise-pmnt-host: pmnt.ise.chla.org

// Secondary MnT
:ise-smnt-ip: 10.101.2.124
:ise-smnt-host: smnt.ise.chla.org

// Policy Service Nodes -- Building 1
:ise-psn-1-ip: 10.101.2.131
:ise-psn-2-ip: 10.101.2.132

// Policy Service Nodes -- Building 2
:ise-psn-3-ip: 10.248.11.134
:ise-psn-4-ip: 10.248.11.135

:ise-version: 3.2 Patch 6

// ========================================================================
// DNS SERVERS (CHLA)
// ========================================================================
:dns-primary: 10.112.142.41
:dns-secondary: 10.192.142.41
:dns-backup: 10.112.142.42

// ========================================================================
// ACTIVE DIRECTORY DOMAIN CONTROLLERS (CHLA)
// ========================================================================
// Building 1
:ad-dc-1: 10.112.118.141
:ad-dc-2: 10.112.118.143
// Building 2
:ad-pdc: 10.100.11.28
:ad-dc-3: 10.100.11.27

// ========================================================================
// NETWORK INFRASTRUCTURE (CHLA)
// ========================================================================
:nas-research: 10.134.144.109
:remediation-server: remediation.chla.org

// ========================================================================
// PERSONNEL
// ========================================================================
:user-ben: Ben Castillo (SysEng)
:user-shahab: Dr. Shahab Asgharzadeh
:user-shahab-dept: Spatial Biology and Genomics Core (TSRI SBG)
:user-shahab-mac: b4:e9:b8:f6:c8:17
:user-samuel: Samuel John (Database Architect, Digital Dev & Solutions Architecture)
:user-argam: Argam Darbinian (Endpoint Engineer I)
:user-levitt: Dr. Pat Levitt
:user-levitt-email: plevit@chla.usc.edu
:user-carlos: Carlos (InfoSec)
:user-victor: Victor (Cloud/AD)

// Person shorthand
:person-sarah: Sarah Clizer (CISO)
:person-shahab: {user-shahab}
:person-ben: {user-ben}
:person-victor: {user-victor}
:person-carlos: {user-carlos}

// Teams
:team-infosec: Information Security Team
:team-network: Network Engineering Team
:team-endpoint: Endpoint Engineering Team

// ========================================================================
// PROJECTS
// ========================================================================
:prj-ipsk-chla: PRJ-ISE-IPSK-CHLA-ANTORA
:prj-chla-linux: PRJ-ISE-CHLA-LINUX-ANTORA
:prj-sentinel-migration: PRJ-SENTINEL-MIGRATION
:prj-mschapv2-migration: PRJ-MSCHAPV2-TO-EAPTLS

// ========================================================================
// iPSK ATTRIBUTES
// ========================================================================
:ipsk-primary-hostname: ipsk-mgr-01
:ipsk-secondary-hostname: ipsk-mgr-02
:ssid-iot: CHLA_IoT
:policy-set-name: IoT WIFI iPSK
:odbc-source-name: iPSKManager
:mysql-port: 3306
:db-name: ipsk

// ========================================================================
// TOOLS & PLATFORMS (Security Stack)
// ========================================================================

// SIEM & Security Analytics
:tool-qradar: IBM QRadar SIEM (Legacy - migrating from)
:tool-sentinel: Microsoft Sentinel (Target SIEM)
:tool-defender: Microsoft Defender for Endpoint
:tool-xdr: Microsoft Defender XDR

// Threat Intelligence
:tool-abuseipdb: AbuseIPDB
:tool-virustotal: VirusTotal
:tool-urlscan: URLScan.io
:tool-talos: Cisco Talos Intelligence

// Infrastructure & Access
:tool-claroty: Claroty XDome (OT Security)
:tool-umbrella: Cisco Secure Umbrella (DNS Filtering)
:tool-posture: Cisco Secure Client Posture Module
:tool-ise: Cisco Identity Services Engine
:tool-adcs: Active Directory Certificate Services

// Collaboration & Ticketing
:tool-teams: Microsoft Teams
:tool-servicenow: ServiceNow
:tool-slack: Slack

// Development & Automation
:tool-azure-devops: Azure DevOps

// ========================================================================
// PEOPLESOFT TIME TRACKING
// ========================================================================

// Standard Admin Codes (CHLA InfoSec Engineering)
:ps-account: 605010
:ps-fund-code: 1010
:ps-department: 8492000
:ps-pc-unit: PC100

// ----------------------------------------------------------------------------
// Active Projects (Project # | Combo Code | Activity Code)
// Usage: {prj-<name>}, {combo-<name>}, {activity-<name>}
// ----------------------------------------------------------------------------

// EDR Migration (AMP to Defender)
:prj-edr-migration: 000017633
:combo-edr-migration: 000018546
:activity-edr-migration: 21

// Windows 11 Device Hardening
:prj-win11-hardening: 000017706
:combo-win11-hardening: 000018549
:activity-win11-hardening: 21

// iPad Refresh (Spectrum TV App & GetWell SSID)
:prj-ipad-refresh: 000016444
:combo-ipad-refresh: 000018551
:activity-ipad-refresh: 20

// Immunity Lab Move
:prj-immunity-lab: 000017481
:combo-immunity-lab:
:activity-immunity-lab: 21

// Mind DLP Proof of Value
:prj-mind-dlp: 000017956
:combo-mind-dlp: 000018452
:activity-mind-dlp: 21

// iSensix dACL + IoT VLAN Assignment
:prj-isensix-dacl:
:combo-isensix-dacl:
:activity-isensix-dacl: 21

// Cisco Catalyst Center (DNA Center Migration)
:prj-catalyst-center:
:combo-catalyst-center:
:activity-catalyst-center:

// ----------------------------------------------------------------------------
// Activity Hour Baselines (realistic end-to-end effort)
// ----------------------------------------------------------------------------

// Meetings & Collaboration
:hrs-meeting: 1.0
:hrs-stakeholder-meeting: 1.5
:hrs-workshop: 2.0
:hrs-vendor-call: 1.5
:hrs-cab-attendance: 1.0

// ISE / Network Policy
:hrs-ise-policy-mac: 3.0
:hrs-ise-policy-win: 4.5
:hrs-ise-policy-linux: 4.0
:hrs-dacl-design: 3.5
:hrs-authz-profile: 3.0
:hrs-policy-set: 4.0

// Change Management
:hrs-change-request: 3.5
:hrs-cab-prep: 2.0
:hrs-cutover: 4.0
:hrs-rollback-planning: 2.0

// Testing & Validation
:hrs-device-testing: 2.5
:hrs-pilot-validation: 4.0
:hrs-integration-testing: 3.5

// Support & Operations
:hrs-support: 2.0
:hrs-incident-response: 3.0
:hrs-troubleshooting: 2.5
:hrs-post-cutover-support: 2.5

// Discovery & Documentation
:hrs-discovery: 3.0
:hrs-documentation: 2.0
:hrs-architecture-design: 4.0
// ========================================================================
// STYLE ATTRIBUTES -- HTML Status Styling
// ========================================================================
// Contains CSS styling for status indicators and priority markers.
// Only applied when rendering to HTML (backend-html5).
//
// Usage:
//   include::partial$attributes-styles.adoc[]
//
// Styling classes:
//   .pass, .fail, .pending, .active
//   .status-complete, .status-inprogress, .status-blocked, .status-pending, .status-notstarted
//   .priority-critical, .priority-high, .priority-normal
// ========================================================================

++++
<style>
.pass { color: #22c55e; font-weight: bold; }
.fail { color: #ef4444; font-weight: bold; }
.pending { color: #f59e0b; font-weight: bold; }
.active { color: #3b82f6; font-weight: bold; }
.status-complete { color: #22c55e; font-weight: bold; }
.status-inprogress { color: #3b82f6; font-weight: bold; }
.status-blocked { color: #ef4444; font-weight: bold; }
.status-pending { color: #f59e0b; font-weight: bold; }
.status-notstarted { color: #94a3b8; font-weight: bold; font-style: italic; }
.priority-critical { background-color: #fef2f2; border-left: 4px solid #ef4444; padding: 0.5em; margin: 0.5em 0; }
.priority-high { background-color: #fef9c3; border-left: 4px solid #f59e0b; padding: 0.5em; margin: 0.5em 0; }
.priority-normal { background-color: #f0f9ff; border-left: 4px solid #3b82f6; padding: 0.5em; margin: 0.5em 0; }
</style>
++++

Related