Command Center

Single source of truth. Everything tracked, nothing lost.

URGENT - All Domains

URGENT - All Domains

Professional

Carryover Backlog (CRITICAL)

Task Details Origin Days Status

MSCHAPv2 Migration Report

Report due. 6-sheet Standard Report (exec summary, trend, waves, device detail, stale, policy match). Sheet 6 added 05-14: policy match by protocol for removal planning + anonymous identity validation. Migration window 2026-05-04 to 2026-05-30. ~6,227 devices, 5 waves.

2026-04-17

49

P0 - DUE — run report this week

Abnormal Security — ✅ COMPLETE

CR-2026-05-07-abnormal-read-write. CAB approved 2026-05-12. Implemented successfully 2026-05-13. Read/write enabled for pilot group. Post-deployment validation pending.

2026-05-07

29

✅ IMPLEMENTED — post-validation pending

SIEM QRadar → Sentinel Migration

Lead role. Monad console error RESOLVED 2026-05-12 — secrets configured in CHLA production tenant. ISE secure syslog integration in progress — cert imported, remote logging target configured, streaming errors under investigation. Blocking: DCR not created (Rule ID + Stream Name). Azure private network policy unresolved. Victor + Mauricio action.

2026-04-10

56

P0 - ACTIVE — ISE syslog + DCR blocking

Monad Pipeline Evaluation

Sentinel output connector. Console error resolved. 3 of 6 values configured. Remaining: Endpoint URL (have it), Rule ID + Stream Name (need DCR). ISE Remote Logging Target configured 2026-05-18 — TLS cert imported, secure syslog target created. Streaming errors in Monad console under investigation.

2026-03-11

86

P0 - ACTIVE — ISE integration in progress

Guest Redirect ACL

Guest redirect ACL work needed. Related to Mandiant remediation findings.

2026-05-12

24

P0 - TODO

ISE Patch 10 (CVE-2026-20147 CVSS 9.9)

ISE 3.2 Patch 10. Supersedes Patch 9. 61 days on a CVSS 9.9 — schedule maintenance window. Write CR if needed.

2026-03-12

85

P0 - OVERDUE — schedule immediately

k3s NAT verification

NAT rule 170 for 10.42.0.0/16 pod network - test internet connectivity. 64 days — test this week or defer to Q3.

2026-03-09

88

P0 - BLOCKING — TRIAGE: schedule or defer

Wazuh indexer recovery

Restart pod after NAT confirmed working - SIEM visibility blocked. Blocked by k3s NAT — cannot proceed until above resolved.

2026-03-09

88

P0 - Blocked by k3s

Strongline Gateway VLAN fix

8 devices in wrong identity group (David Rukiza assigned)

2026-03-16

81

P0 - TODO

TCP Clocks deployment

ISE identity group validation, query outputs, comms with team. Active d001 data Apr 22-23.

2026-04-22

44

P0 - ACTIVE

IoT Dr. Kim — recurring

Sleep study devices (Apr 15-16), watches recurrence (Apr 22). 5 incident versions in d001. Validate iPSK enrollment.

2026-04-15

51

P0 - RECURRING

Murus Portae (WAF) — Phase 0

FMC cert expired, ACP returns zero rules. d001: zone map, architecture D2, FMC API reference, ops script.

2026-04-16

50

P0 - INVESTIGATING

Vocera EAP-TLS Supplicant Fix

~10 phones failing 802.1X, missing supplicant config. 61 days — schedule with clinical engineering team.

2026-03-12

85

P1 - TODO — schedule

ISE MnT Messaging Service

Enable "Use ISE Messaging Service for UDP syslogs delivery". 61 days — low risk, schedule with ISE Patch 10 maintenance window.

2026-03-12

85

P2 - BUNDLE with Patch 10

Personal - Blockers

BLOCKERS — Fix Immediately

Task Details Origin Days Impact

Z Fold 7 Termux

gopass and SSH not working

2026-03-10

58

BLOCKER — Cannot access passwords on mobile

gopass v3 organization

Inconsistent structure, poor key-value usage

2026-03-20

48

Inefficient password management, no aggregation

Git history scrub — sensitive personal terms

Plaintext references to personal legal matters in committed worklogs (WRKLOG-2026-03-14, WRKLOG-2026-04-18). Forward-fixed but old commits still contain strings. Requires git filter-repo + force-push. See runbook below.

2026-04-22

15

SECURITY — sensitive terms in public git history

Runbook: Git History Scrub (d000 Personal Terms)

Problem: Two committed worklogs contained plaintext references to personal legal matters. The files have been edited (forward-fix), but git history retains the original text in prior commits.

Affected commits: Any commit touching these files:

# Identify affected commits
git log --oneline -- \
  docs/modules/ROOT/pages/2026/03/WRKLOG-2026-03-14.adoc \
  docs/modules/ROOT/pages/2026/04/WRKLOG-2026-04-18.adoc

Scrub procedure:

# 1. BEFORE: Full backup of the repo
cp -a ~/atelier/_bibliotheca/domus-captures ~/atelier/_bibliotheca/domus-captures.bak

# 2. Install git-filter-repo (if not present)
# Arch: pacman -S git-filter-repo
# pip: pip install git-filter-repo

# 3. Create expressions file for replacement
cat > /tmp/scrub-expressions.txt << 'EXPR'
regex:(?i)divorce==[REDACTED]
regex:(?i)dissolutio(?!n\.adoc\.age)==[REDACTED-LEGAL]
regex:(?i)iliana==[REDACTED-NAME]
regex:(?i)angulo-arreola==[REDACTED-NAME]
regex:legal-divorce-notes\.age==legal-notes.age
regex:1099-NEC-iliana==1099-NEC
EXPR

# 4. Verify before (dry run — count matches in history)
git log -p --all -S 'divorce' -- '*.adoc' | grep -c 'divorce' || echo "0 matches"
git log -p --all -S 'iliana' -- '*.adoc' | grep -c 'iliana' || echo "0 matches"

# 5. Run filter-repo (DESTRUCTIVE — rewrites all commit hashes)
git filter-repo --replace-text /tmp/scrub-expressions.txt --force

# 6. Verify after
git log -p --all -S 'divorce' -- '*.adoc' | grep -c 'divorce' || echo "0 matches — CLEAN"
git log -p --all -S 'iliana' -- '*.adoc' | grep -c 'iliana' || echo "0 matches — CLEAN"

# 7. Re-add remotes (filter-repo removes them)
git remote add origin git@github.com:<user>/domus-captures.git
# Add any other remotes (Gitea, etc.)

# 8. Force-push to all remotes (DESTRUCTIVE — overwrites remote history)
git remote | xargs -I{} git push {} main --force

# 9. Clean up
rm /tmp/scrub-expressions.txt
rm -rf ~/atelier/_bibliotheca/domus-captures.bak  # only after verifying

Post-scrub checklist:

  • Backup created before running

  • git filter-repo installed

  • Expressions file reviewed — no false positives (e.g., Don Quijote "Angulo el Malo" is in segunda-parte/texto/texto-011.adoc — the regex targets angulo-arreola specifically to avoid this)

  • Dry-run counts match expectations

  • Filter-repo executed

  • Post-scrub verification shows 0 matches

  • Remotes re-added

  • Force-pushed to all remotes

  • Cloudflare Pages rebuild verified

  • Local clones on other machines re-cloned or git fetch --all && git reset --hard origin/main

  • Backup removed

Personal - Life Admin

URGENT - Requires Immediate Action

Item Details Deadline Status Impact

Housing Search

Granada Hills area - apartments/rooms

TBD

In Progress

Quality of life, commute

2025 Tax — IRS Transcript Review

MFJ filed 2026-04-22. Pull IRS Return Transcript to verify contents. Consult attorney re: Form 8857 (Innocent Spouse Relief). Details in encrypted case file.

Before attorney meeting

In Progress

Financial — liability exposure. See data/d000/personal/dissolutio/

Rack Relocation

Physical move of server rack. CR written: CR-2026-04-18 (pending in infra-ops). Borg backup completed. VM XML dumps, switch save, shutdown/startup procedure documented.

TBD

Pending

Infrastructure downtime — all services offline during move

D000 Legal Planning

Encrypted case file: data/d000/personal/dissolutio/. Open: dissolutio-open. Close: dissolutio-close. 19 partials + assembler. PDF build for attorney handoff. Critical deadline: Jan 2029.

Before Jan 2029

Active — escalating

Life transition — see case file for details

Credit Report Review

Pull reports from all 3 bureaus via annualcreditreport.com. Verify no unknown joint accounts or debts. Credentials in gopass: v3/personal/finance/credit/annual_credit_report

TBD

In Progress

Financial discovery — FL-142 preparation

Gopass Security Audit

Rotate passwords on shared/known accounts. Add 2FA backup codes to v3/personal/recovery/. Create missing government entries (IRS, SSA, VA, DMV). Add last_login field to active entries.

TBD

Pending

Digital security — pre-filing preparation

Subscription Audit

Download 3 months bank/CC statements (Chase, NFCU, USAA). Identify all recurring charges. Cancel unnecessary. Document active subscriptions for FL-150.

TBD

Pending

Financial — expense documentation

401(k) Enrollment

Enroll in CHLA 401(k) immediately. Post-separation contributions are 100% separate property. Reduces gross income for support calculations. Max 2026: $23,500/yr.

In progress (started 5/4)

In Progress

Financial — support calculation + retirement

Education - Certification Deadlines

URGENT — Performance Review Certifications

Certification Provider Deadline Status Impact

CISSP

ISC² — Certified Information Systems Security Professional

July 12, 2026

ACTIVE — Week 2 of 10 (Project)

Required for performance review. 10-week accelerated plan.

RHCSA 9

Red Hat Certified System Administrator

Q3 2026

ACTIVE — 21-phase curriculum (Project)

After CISSP. Required for performance review.
CISSP: 41 days remaining (exam July 12). Domain 1 study in progress. Schedule exam today (06-01).

Work Projects (CHLA)

Priority 0 - Mission Critical

Critical (P0)

Project Description Owner Status Due Blocker

Linux Research (Xianming Ding)

EAP-TLS for Linux workstations, dACL, UFW

Evan

BEHIND (72 days overdue)

02-24

Certificate "password required" - nmcli fix documented

iPSK Manager

Pre-shared key automation

Ben Castillo

BEHIND

 — 

DB replication issues

MSCHAPv2 Migration

Legacy auth deprecation — 6,227 devices, 5 waves. 6 batch SQL queries + 3-API endpoint profile script added (05-11). Report due.

Evan

25% — Report due, batch queries ready

05-30

Report to turn in

Research Segmentation

All endpoints to Untrusted VLAN

Evan

BLOCKED

 — 

CISO decision pending

Disaster Recovery

ISE DR scoping — dot1x closed mode = total blackout

Evan

Scoping

 — 

 — 

Mandiant Remediation

Copy 4/16 findings, Guest ACL lab, Q2 assessment

Evan

Active

 — 

 — 

SIEM QRadar → Sentinel

Full SIEM platform transition. Monad console error resolved 05-12. Secrets configured. Blocked on DCR creation (Rule ID + Stream Name). Azure private network policy unresolved.

Evan

Active — blocked on DCR

Q2 2026

Victor/Mauricio: create DCR, resolve Azure network policy

Abnormal Security

AI email platform — ESA cutover. CR assigned, CAB May 12 15:00. Implementation May 14 10:00.

Evan

Active — CAB today 15:00

05-14

Pre-CAB checklist: confirm Tyler, Jason, Sarah

Priority 1 - High Impact

High Priority (P1)

Project Description Owner Status Target

ISE 3.4 Migration

Upgrade from 3.2p9

Evan

Blocked — maintenance window needed

Q2 2026

Switch Upgrades

IOS-XE fleet update (C9300, 3560CX)

Evan

Pending

Q2 2026

Spikewell BYOD VPN

dACL SQL, AD group integration

Evan

Active

 — 

Strongline Gateway

MAC capture, Identity Group setup — 37 days aging

Evan

Active — David Rukiza assigned

 — 

Abnormal Security

AI email security platform research, ESA cutover timeline

Evan

Newly assigned

 — 

DMZ Migration

External services audit behind NetScaler

Evan

Audit phase

 — 

Firewall Audit (murus-portae)

EtherChannel query, prefilter, policy assignments

Evan

Scoping — ASA API creds needed

 — 

iPSK Manager HA

Server 2 config, TLS, SQL security audit

Evan

In progress

 — 

Sentinel KQL

Build proficiency, distinguish from team

Evan

Onboarding

 — 

VNC Blocking

Block and eliminate VNC protocol enterprise-wide

Evan

Active — Phase 0 (Discovery)

Mid-June 2026

Priority 2 - Important

Strategic (P2)

Project Description Owner Status

HHS Regulatory Compliance

New HHS security policies implementation

TBD

NOT STARTED

InfoSec Reporting Dashboard

PowerBI metrics for executives

TBD

NOT STARTED

EDR Migration (AMP → Defender)

Endpoint protection consolidation

TBD

NOT STARTED

Azure Legacy Migration

Modern landing zone

Team

In Progress

ChromeOS EAP-TLS

SCEP + Victor, Paul testing

Victor

In Progress

Carryover Backlog

Carryover Backlog (CRITICAL)

Task Details Origin Days Status

MSCHAPv2 Migration Report

Report due. 6-sheet Standard Report (exec summary, trend, waves, device detail, stale, policy match). Sheet 6 added 05-14: policy match by protocol for removal planning + anonymous identity validation. Migration window 2026-05-04 to 2026-05-30. ~6,227 devices, 5 waves.

2026-04-17

49

P0 - DUE — run report this week

Abnormal Security — ✅ COMPLETE

CR-2026-05-07-abnormal-read-write. CAB approved 2026-05-12. Implemented successfully 2026-05-13. Read/write enabled for pilot group. Post-deployment validation pending.

2026-05-07

29

✅ IMPLEMENTED — post-validation pending

SIEM QRadar → Sentinel Migration

Lead role. Monad console error RESOLVED 2026-05-12 — secrets configured in CHLA production tenant. ISE secure syslog integration in progress — cert imported, remote logging target configured, streaming errors under investigation. Blocking: DCR not created (Rule ID + Stream Name). Azure private network policy unresolved. Victor + Mauricio action.

2026-04-10

56

P0 - ACTIVE — ISE syslog + DCR blocking

Monad Pipeline Evaluation

Sentinel output connector. Console error resolved. 3 of 6 values configured. Remaining: Endpoint URL (have it), Rule ID + Stream Name (need DCR). ISE Remote Logging Target configured 2026-05-18 — TLS cert imported, secure syslog target created. Streaming errors in Monad console under investigation.

2026-03-11

86

P0 - ACTIVE — ISE integration in progress

Guest Redirect ACL

Guest redirect ACL work needed. Related to Mandiant remediation findings.

2026-05-12

24

P0 - TODO

ISE Patch 10 (CVE-2026-20147 CVSS 9.9)

ISE 3.2 Patch 10. Supersedes Patch 9. 61 days on a CVSS 9.9 — schedule maintenance window. Write CR if needed.

2026-03-12

85

P0 - OVERDUE — schedule immediately

k3s NAT verification

NAT rule 170 for 10.42.0.0/16 pod network - test internet connectivity. 64 days — test this week or defer to Q3.

2026-03-09

88

P0 - BLOCKING — TRIAGE: schedule or defer

Wazuh indexer recovery

Restart pod after NAT confirmed working - SIEM visibility blocked. Blocked by k3s NAT — cannot proceed until above resolved.

2026-03-09

88

P0 - Blocked by k3s

Strongline Gateway VLAN fix

8 devices in wrong identity group (David Rukiza assigned)

2026-03-16

81

P0 - TODO

TCP Clocks deployment

ISE identity group validation, query outputs, comms with team. Active d001 data Apr 22-23.

2026-04-22

44

P0 - ACTIVE

IoT Dr. Kim — recurring

Sleep study devices (Apr 15-16), watches recurrence (Apr 22). 5 incident versions in d001. Validate iPSK enrollment.

2026-04-15

51

P0 - RECURRING

Murus Portae (WAF) — Phase 0

FMC cert expired, ACP returns zero rules. d001: zone map, architecture D2, FMC API reference, ops script.

2026-04-16

50

P0 - INVESTIGATING

Vocera EAP-TLS Supplicant Fix

~10 phones failing 802.1X, missing supplicant config. 61 days — schedule with clinical engineering team.

2026-03-12

85

P1 - TODO — schedule

ISE MnT Messaging Service

Enable "Use ISE Messaging Service for UDP syslogs delivery". 61 days — low risk, schedule with ISE Patch 10 maintenance window.

2026-03-12

85

P2 - BUNDLE with Patch 10

TAC Cases

TAC Cases

ID Issue Opened Status Notes

TAC-2026-03

ISE 802.1X auth failures (MnT messaging, RabbitMQ)

2026-03-10

Resolved

Full Case

Personal Tasks

Active Tasks

Active — Infrastructure

Task Details Priority Status Due

Wazuh agent deployment

Deploy agents to all infrastructure hosts

P2

Pending

After archives fix

k3s Platform

Production k3s cluster on kvm-01

P1

In Progress

 — 

Wazuh Archives

Enable archives indexing in Filebeat, PVC fix

P1

In Progress

 — 

kvm-02 Hardware

Supermicro B deployment, RAM upgrade done

P1

In Progress

 — 

Active — Security & Encryption

Task Details Priority Status Due

Configure 4th YubiKey

SSH FIDO2 keys

P1

TODO

 — 

Cold storage M-DISC backup

age-encrypted archives

P1

TODO

After YubiKey setup

Active — Development & Tools

Task Details Priority Status Due

netapi Commercialization

Go CLI rewrite with Cobra-style argument discovery, package for distribution

P0

Active

 — 

Ollama API Service

FastAPI (17 endpoints), productize — config audit, doc tools, runbook gen

P0

Active

 — 

Shell functions (fe, fec, fef)

File hunting helpers

P3

TODO

 — 

Active — Documentation

Task Details Priority Status Due

D2 Catppuccin Mocha styling

domus-* spoke repos (177 files total)

P3

In Progress

 — 

Active — Financial

Task Details Priority Status Due

Amazon order history import

Download CSV from Privacy Central → parse with awk → populate subscriptions tracker

P1

Waiting

Pending Amazon data export (requested 2026-04-04)

Active — Education

Task Details Priority Status Due

No active education tasks — see education trackers

Active — Personal & Life Admin

Task Details Priority Status Due

ThinkPad T16g Setup

Arch install, stow dotfiles, Ollama stack, netapi dev env

P0

Pending

 — 

P50 Arch to Ubuntu migration

CR-2026-03-12

P2

In Progress

 — 

X1 Carbon Ubuntu installs

2 laptops, LUKS encryption

P2

In Progress

 — 

P50 Steam Test

Test Flatpak Steam + apt cleanup of broken i386 packages

P3

Pending

 — 

Deferred

Deferred

Task Details Reason Revisit

ISE HA

PAN HA (ise-01 reconfigure)

Wait until ise-02 stable

After ISE 3.4 migration

ISE 3.5 Migration

Upgrade path: 3.2p9 → 3.4 → 3.5

After 3.4 completes

Q3 2026

Keycloak Rebuild

keycloak-01 corrupted, rebuild from scratch

Priority P3 — SSO broken but not blocking

When bandwidth allows

FreeIPA HA

ipa-02 replica

SPOF but stable

After Vault HA

AD DC HA

home-dc02 replication

SPOF but stable

After FreeIPA HA

iPSK Manager HA

ipsk-mgr-02 with MySQL replication

Low urgency

After AD HA

Dotfiles Windows sync

winfiles-optimus parity with dotfiles-optimus

Low priority

 — 

Recurring

Recurring — Operations

Task Context Frequency Notes

Borg backup verification

Workstation backups

Weekly

SSH cert renewal

vault-ssh-sign

Every 8h

Automated

Vault unseal check

After reboots

As needed

ISE eval backup restore

Cisco ISE 3.4 eval license

Every 90 days

Restore from backup to reset timer

Tracker days update

work/adhoc.adoc, personal/adhoc.adoc

Each worklog

Recurring — Maintenance & Hygiene

Task Context Frequency Notes

Subscriptions tracker review

Audit for cost creep, unused services

Monthly

Subscriptions & Bills

Cancelled services audit

Verify no zombie charges after cancellation

Quarterly

FOSS inventory sync

pacman -Qe reconciliation

Quarterly

Catch drift between system and tracker

Infrastructure

Single Points of Failure (CRITICAL)

Single Points of Failure (CRITICAL)

These systems have NO redundancy - outage impacts production.
System Impact if Down Mitigation

ISE (ise-02)

All 802.1X stops - wired and wireless auth fails

ise-01 reconfiguration deferred until ise-02 stable

Keycloak (keycloak-01)

SAML/OIDC SSO broken (ISE admin, Grafana, etc.)

NEXT PRIORITY - Rebuild runbook

FreeIPA (ipa-01)

Linux auth, sudo rules, HBAC fails

ipa-02 replica planned

AD DC (home-dc01)

Windows auth, Kerberos, GPO fails

home-dc02 replica planned

iPSK Manager

Self-service PSK portal unavailable

ipsk-mgr-02 with MySQL replication planned

HA Deployment Status

HA Deployment Status

System Description Status Notes

VyOS HA

vyos-01 (kvm-01) + vyos-02 (kvm-02) with VRRP VIP

✅ COMPLETE

2026-03-07 - pfSense decommissioned

BIND DNS HA

bind-01 (kvm-01) + bind-02 (kvm-02) with AXFR

✅ COMPLETE

Zone transfer operational

Vault HA

Raft cluster (vault-01/02/03)

✅ COMPLETE

Integrated with PKI

Keycloak Rebuild

keycloak-01 corrupted, rebuild from scratch

🔄 NEXT

Priority P3 - SSO broken

FreeIPA HA

ipa-02 replica planned

📋 PLANNED

Linux auth redundancy

AD DC HA

home-dc02 replication

📋 PLANNED

Windows auth redundancy

iPSK Manager HA

ipsk-mgr-02 with MySQL replication

📋 PLANNED

PSK portal redundancy

ISE HA

PAN HA (ise-01 reconfigure)

⏳ DEFERRED

Wait until ise-02 stable

ISE 3.5 Migration

Upgrade path: 3.2p9 → 3.4 (P1) → 3.5 (target)

📋 PLANNED

After 3.4 Migration completes (Q2 2026)

Home Lab Systems

Home Lab Infrastructure

System Role Status

VyOS HA (vyos-01, vyos-02)

Primary router, VRRP

Operational

k3s Cluster

Container orchestration

NAT issue pending

Vault PKI

Certificate authority

Operational

FreeIPA (ipa-01)

Linux identity

Operational

BIND DNS (bind-01, bind-02)

Authoritative DNS

Operational

KVM Hypervisors (kvm-01, kvm-02)

Virtualization

Operational

Validation Tasks

Validation Tasks

Task Details Status

docs.domusdigitalis.dev validation

Test all cross-references, search, rendering

TODO

docs.domusdigitalis.dev hardening

HTTPS, CSP headers, security review

TODO

docs.architectus.dev validation

Public site content review

TODO

Hub-spoke sync verification

All components building correctly

Ongoing

Projects Portfolio

Tier 1 - Flagship

Tier 1 Projects (Flagship)

Project Description Status

netapi

Multi-vendor network CLI (ISE, Cloudflare, Keycloak, GitHub, GitLab, Monad)

Polish phase

domus-docs

19-repo Antora aggregator with Cloudflare Pages

Production

architectus.dev

Public learning platform (Linux, Windows, Networking, Security, Cloud)

Production

dotfiles-optimus

GNU Stow modular developer environment

Personal use

dsec

Secrets management CLI (~/.secrets/dsec system)

Production

Principia PKMS

Obsidian-based personal knowledge management

Active

Tier 2 - Infrastructure

Tier 2 Projects (Infrastructure)

Project Description Status

802.1X EAP-TLS

Linux wired/wireless auth with Vault PKI certs

Production

Vault PKI

HashiCorp Vault as enterprise CA

Production

Vault SSH CA

8-hour SSH certificates, Vault-signed

Production

gopass v3

Hierarchical password taxonomy

Migration complete

FreeIPA

Linux identity management

Deployed

Keycloak

OIDC federation

Corrupted - rebuild NEXT

k3s Cluster

Lightweight Kubernetes with Cilium CNI

NAT issue pending

KVM Virtualization

libvirt/QEMU on Supermicro servers

Production

Tier 3 - Developer Tools

Tier 3 Projects (Developer Tools)

Project Description Status

domus-nvim

Personal Neovim config (82 plugins, Rose Pine)

Public

quijote-reader

Spanish learning tool (Don Quijote analysis)

Learning project

vim-odyssey

Vim training game in Rust

Learning project

Documentation Sites

Documentation Sites

Site URL Status Actions Needed

Domus Digitalis

docs.domusdigitalis.dev

Active

Validate, harden, improve

Architectus

docs.architectus.dev

Active

Public portfolio site - maintain

Hub-Spoke Architecture

Hub-Spoke Architecture

Hub: domus-docs (aggregator)

Spokes:

Component Purpose Status

domus-captures

Worklogs, chronicles, learning

Active

domus-infra-ops

Infrastructure runbooks

Active

domus-ise-linux

802.1X EAP-TLS Linux

Active

domus-ise-windows

802.1X EAP-TLS Windows

Active

domus-ise-ops

ISE operations

Active

domus-netapi-docs

netapi CLI documentation

Active

domus-secrets-ops

Vault, dsec, secrets management

Active

domus-linux-ops

Linux administration

Active

domus-identity-ops

FreeIPA, AD, identity

Active

domus-automation-ops

Ansible, automation

Active

domus-siem-ops

SIEM, logging, monitoring

Active

domus-o11y-ops

Observability

Active

domus-windows-ops

Windows administration

Active

domus-python

Python development

Active

Education - All Tracks

Education Tracks Overview

Literature

Track Description Status Progress

Don Quijote

Cervantes' masterwork in original Spanish

ACTIVE

Primera Parte Ch 33/52

García Márquez

Colombian magical realism

In Progress

Cien años de soledad

La Reina Valera

Biblical literature in classical Spanish

In Progress

Pentateuco + Evangelios

Languages

Track Description Status Progress

DELE C1/C2

Instituto Cervantes Spanish certification

ACTIVE

Conectores phase

SIELE

Computer-based proficiency (modular)

Planning

0%

Redacción Español

Formal writing skills

In Progress

Essays + conectores

Latin

Classical Latin for etymology, scientific/legal terminology

Planning

0%

Mathematics

Track Description Status Progress

College Algebra

Foundation for calculus (LaTeX textbook)

ACTIVE

Ch 1/8

Certifications

Track Description Status Progress

RHCSA 9

Red Hat Certified System Administrator

ACTIVE

Ch 1-2 / 20

CISSP

ISC² Security Professional

Planning

0/8 domains

DevNet Associate

Cisco Developer Network

Planning

netapi = portfolio

LPIC-1

Linux Professional (101/102)

Planning

After RHCSA

LPIC-2

Linux Professional (201/202)

Planning

After LPIC-1

Programming

Track Description Status Progress

Python

Automation, CLI, API development

In Progress

netapi development

Ruby

Metaprogramming and DSLs

PARKED

0%

C++

Systems programming foundation

Planning

Future

Systems & Tools

Track Description Status Progress

Terminal Mastery

CLI patterns, shell efficiency

DONE

100%

Vim Mastery

Neovim expertise

In Progress

Codex + daily use

Regex Mastery

Pattern matching across contexts

In Progress

BRE/ERE done, PCRE learning

CLI Mastery

Advanced patterns: awk, sed, jq, find, xargs

ACTIVE

Daily deliberate practice

Kubernetes

Container orchestration (k3s)

In Progress

Cluster deployed

Music

Track Description Status Progress

Violin

Classical violin, Heifetz-inspired

In Progress

Scales + études

Cello

Secondary instrument

Planning

Future

Sciences

Track Description Status Progress

Applied Cryptography

PKI, TLS, secrets management

In Progress

Vault PKI production

Humanities

Track Description Status Progress

Philosophy

Biblical and classical traditions

In Progress

Wisdom literature

History

Context for technology and culture

Planning

Via literature

Linguistics

Language science for Spanish mastery

In Progress

Syntax + morphology

Track Status Legend

Status Meaning

ACTIVE

Currently working on (limit to 3-4 max)

In Progress

Started, working intermittently

Planning

Study plan created, not started

PARKED

Deliberately paused (priority shift)

DONE

Completed, may revisit for mastery

Quick Stats

Active In Progress Planning Parked Done

5

9

9

1

1

Total tracks: 25

Category Quick Reference

Category Tracks

Literature

don-quijote, garcia-marquez, la-reina-valera

Languages

dele-spanish, siele, spanish-writing, latin

Mathematics

college-algebra

Certifications

rhcsa, cissp, devnet, lpic-1, lpic-2

Programming

python-fundamentals, ruby-metaprogramming, cpp-fundamentals

Systems/Tools

terminal-mastery, vim-mastery, regex-mastery, cli-mastery, k8s-fundamentals

Music

violin, cello

Sciences

cryptography

Humanities

philosophy, history, linguistics

Life Administration

URGENT - Requires Immediate Action

Item Details Deadline Status Impact

Housing Search

Granada Hills area - apartments/rooms

TBD

In Progress

Quality of life, commute

2025 Tax — IRS Transcript Review

MFJ filed 2026-04-22. Pull IRS Return Transcript to verify contents. Consult attorney re: Form 8857 (Innocent Spouse Relief). Details in encrypted case file.

Before attorney meeting

In Progress

Financial — liability exposure. See data/d000/personal/dissolutio/

Rack Relocation

Physical move of server rack. CR written: CR-2026-04-18 (pending in infra-ops). Borg backup completed. VM XML dumps, switch save, shutdown/startup procedure documented.

TBD

Pending

Infrastructure downtime — all services offline during move

D000 Legal Planning

Encrypted case file: data/d000/personal/dissolutio/. Open: dissolutio-open. Close: dissolutio-close. 19 partials + assembler. PDF build for attorney handoff. Critical deadline: Jan 2029.

Before Jan 2029

Active — escalating

Life transition — see case file for details

Credit Report Review

Pull reports from all 3 bureaus via annualcreditreport.com. Verify no unknown joint accounts or debts. Credentials in gopass: v3/personal/finance/credit/annual_credit_report

TBD

In Progress

Financial discovery — FL-142 preparation

Gopass Security Audit

Rotate passwords on shared/known accounts. Add 2FA backup codes to v3/personal/recovery/. Create missing government entries (IRS, SSA, VA, DMV). Add last_login field to active entries.

TBD

Pending

Digital security — pre-filing preparation

Subscription Audit

Download 3 months bank/CC statements (Chase, NFCU, USAA). Identify all recurring charges. Cancel unnecessary. Document active subscriptions for FL-150.

TBD

Pending

Financial — expense documentation

401(k) Enrollment

Enroll in CHLA 401(k) immediately. Post-separation contributions are 100% separate property. Reduces gross income for support calculations. Max 2026: $23,500/yr.

In progress (started 5/4)

In Progress

Financial — support calculation + retirement

Housing

Type Details Monthly Status

Current

Add current housing

Storage

Extra Space - 8x11

See Subscriptions

Active
Payment details tracked in Subscriptions & Bills Tracker under Essential.
Subscriptions and services tracked in Subscriptions & Bills Tracker.

Medical

Item Provider Due Status

Annual physical

Schedule

Dental cleaning

Schedule

Eye exam

Schedule

Financial Tasks

Item Details Due Status

IRS Return Transcript

Pull from irs.gov → Get Transcript → Return Transcript (2025). Verify filed contents.

Before attorney meeting

Not started

401(k) Enrollment

Enroll in CHLA plan. Max contribution $23,500/yr. Separate property post-separation.

Monday 2026-05-04

Not started

Bank statement download

Chase, NFCU, USAA — last 12 months. CSV for subscription audit + PDF for attorney.

This week

Not started

Subscription audit

Parse bank CSVs for recurring charges. Cancel unnecessary. Document for FL-150.

This week

Not started

Credit report review

annualcreditreport.com — all 3 bureaus. Verify no unknown joint accounts/debts.

This week

In Progress
Subscriptions and recurring bills tracked in Subscriptions & Bills Tracker. Personal financial worksheet in encrypted case file: data/d000/personal/dissolutio/partials/personal-financial-worksheet.adoc.

Ideas & Backlog

Weekly review - promote to active/projects or archive.

Ideas — Infrastructure

Inbox

Idea Context Category Captured

BIND secondary DNS

bind-02 for HA (currently SPOF)

infra

2026-03-22

ipa-02 replica

FreeIPA HA (currently SPOF)

infra

2026-03-22

Borg backup dashboard

Visualize backup status across hosts

infra

2026-03-22

Vault HA Cluster

Current Vault is single-node (vault-01). Need 3-node Raft HA cluster for production reliability. Blocked by kvm-02 deployment.

  • vault-01 (10.50.1.60) — existing, leader

  • vault-02 — new, on kvm-02

  • vault-03 — new, on kvm-02

  • Raft storage backend — replicated, no external dependency

  • Auto-unseal via transit or recovery keys

This unblocks: k3s Vault Agent Injector, ArgoCD secrets, certificate auto-renewal at scale. The SPOF risk is real — if vault-01 goes down, SSH certificates stop issuing, PKI breaks, and secrets become inaccessible.

k3s HA Cluster

Current k3s is single control plane. Need 3-node for production:

  • Embedded etcd (3-node quorum)

  • Cilium CNI already deployed — HA-ready

  • MetalLB L2 mode — no changes needed

  • Blocked by: kvm-02 hardware + Vault HA (secrets injection depends on Vault)

Vault Backup to S3

Automated Vault Raft snapshots to MinIO (self-hosted S3). Currently manual snapshots to Synology NAS. Need:

  • MinIO deployed on k3s (depends on k3s HA)

  • Vault cron job for vault operator raft snapshot save

  • Retention policy (7 daily, 4 weekly, 12 monthly)

  • Restore tested and documented

Ideas — Development & Tools

Inbox

Idea Context Category Captured

adoc improvements

Add --watch flag, live reload to domus-asciidoc-build

tooling

2026-03-22

tmux sessionizer

Project-based tmux sessions (like ThePrimeagen)

tooling

2026-03-22

fzf git integrations

Interactive branch switching, log searching

tooling

2026-03-22

gopass v3 → ADMINISTRATIO migration

Script to move remaining entries from old structure

tooling

2026-03-22

netapi Expansion

netapi currently covers ISE (ERS, MnT, DataConnect), pfSense, WLC, Synology, Cloudflare. Three API surfaces are missing and needed:

  • VyOS — replaced pfSense 2026-03-07. Need API integration for config management, firewall rules, VRRP status. VyOS has a REST API on HTTPS.

  • BIND — nsupdate for dynamic DNS, rndc for server control. Critical for infrastructure automation — currently manual.

  • k3s — kubectl wrapper with common patterns (pod status, log tailing, rollout restart). Not a full k8s client — just the operational commands used daily.

Also: batch operations — cross-vendor commands like "backup all configs" or "check all endpoints." This is the glue that makes netapi more than a collection of wrappers.

netapi-tui — Network Operations TUI

Interactive terminal UI for ISE and network infrastructure management. Repo exists (netapi-tui). This is the visual layer on top of netapi — browse endpoints, view sessions, trigger CoA, all from a TUI instead of raw curl.

Could become a differentiator for ISE health check consulting — run it live during an engagement.

domus-cli — Infrastructure Orchestration

SSH-based infrastructure orchestration CLI. Repo exists. The glue between all infrastructure components — run commands across hosts, coordinate deployments, manage the homelab as a fleet.

domus-api — FastAPI Backend

REST API for the domus ecosystem. Repo exists. Could serve: association engine queries, codex search, ISE data proxy, worklog/tracker API for mobile access.

domus-asciidoc-build Enhancements

Standalone build toolchain — validated 2026-04-24. Ideas:

  • --attributes-file flag to auto-load data/shared/attributes.adoc

  • New HTML variants: Dracula, Nord, Solarized, Gruvbox, Tokyo Night

  • Fix Rouge syntax highlighting in royal/dark/light variants (only catppuccin fixed)

  • Interactive features: collapsible sections, search, keyboard navigation

  • --watch mode with live reload

domus-infra-ops Enhancements

296 pages, 529-line antora.yml. The most comprehensive repo. Ideas:

  • Validated Designs need review — 50+ configs, some may be stale post-VyOS migration

  • Runbooks need the partials architecture applied (like we did for data/d001/)

  • ISE runbooks could use the shared prereqs from data/shared/partials/

  • Disaster recovery runbooks — ISE, Vault, k3s, BIND — cross-reference with d001 DR project

  • Ansible playbooks integration — link automation-ops content to infra-ops runbooks

association-engine Expansion

Bidirectional knowledge graph — 379 keys, 602+ edges. Currently YAML-based. Ideas:

  • Web UI for graph visualization (D3.js or Cytoscape)

  • CLI query improvements — traverse depth, path finding

  • Integration with codex entries — auto-link commands to projects

  • Export to D2 diagrams

vim-odyssey

Educational vim game built in Rust. Repo exists. Could become a training product — gamified vim learning. Ties into the training content income stream.

obsidian-asciidoc-viewer

Secure AsciiDoc viewer for Obsidian with native .adoc support, edit mode, diagram rendering. Potential for Obsidian community — plugin marketplace distribution.

instrumentum-nvim

Streamlined Neovim config — the distributable version (separate from domus-nvim personal config). Could be a community project or part of training content.

crypta

Repo exists — purpose unclear. Document or archive.

gopass v3 Restructure

Current gopass structure is inconsistent — some entries use old v2 paths, some use v3 hierarchy. Need to:

  • Audit all entries: gopass ls --flat v3/ | wc -l

  • Apply gopass-personal-docs templates (bills, storage, subscriptions)

  • Add missing queries: gopass-query vehicles, gopass-query insurance, monthly totals

  • Document the structure in domus-secrets-ops

Ideas — Education & Training

Inbox

Idea Context Category Captured

Anki deck from Don Quijote

Extract vocabulary to spaced repetition

language

2026-03-22

DELE C1 mock exams

Practice test structure — timed writing + oral

language

2026-03-22

Ruby metaprogramming deep dive

Tracker exists but unexplored — ties to Puppet/Chef understanding

programming

2026-04-25

TypeScript fundamentals

Tracker exists — needed for Obsidian plugin dev and domus-api frontend

programming

2026-04-25

C/C++ fundamentals

Trackers exist — systems programming foundation for Rust trajectory

programming

2026-04-25

Kernel IPC study

Pages exist under education/kernel/ipc — deepen systems understanding

systems

2026-04-25

CLI Mastery — Curriculum Track

The foundation for everything. Multiple tracks in progress, need consolidation:

  • AWK — tracker exists (awk.adoc). Like regex curriculum — 10 modules, drills. Current level: Intermediate. Need: state machines, multi-file processing, BEGIN/END patterns.

  • sed — tracker exists (sed.adoc). Pattern-based editing mastery. Hold buffer, multiline, in-place with verify-before/after.

  • find — tracker exists (find.adoc). Advanced: -exec sh -c, -print0 | xargs -0, predicate logic, prune.

  • grep — tracker exists (grep.adoc). PCRE lookaheads/lookbehinds, -P patterns.

  • jq — tracker exists (jq.adoc). Path expressions, select, group_by, @csv, reduce.

  • Regex — tracker exists (regex-mastery.adoc, regex-carryover.adoc). Morning carryover item. Foundation for everything.

These should be studied together — each tool reinforces the others. Daily practice: pick one tool, solve one real problem, capture to codex.

Ultimate Linux Shell Scripting Guide

Cloned to ~/atelier/_bibliotheca/community-repos/The-Ultimate-Linux-Shell-Scripting-Guide/. Chapters 6-23. Missing chapters 1-5.

Pairs with the local Bash Reference Manual at /usr/share/doc/bash/bashref.html. Both should be worked through systematically — the guide for practical patterns, the reference for deep understanding.

High priority because CLI mastery compounds into everything: automation, netapi, ISE API work, daily workflow. Two months in, writing interactive loops from memory — next level is state machines, getopts, signal handling, subshell control.

Bash Reference Manual (Local)

/usr/share/doc/bash/bashref.html — already on this machine. The authoritative source. Read section by section, extract patterns to codex. Key sections:

  • Shell Expansions (parameter, command, arithmetic, process substitution)

  • Compound Commands ([[ ]], , for, while, case, select)

  • Shell Builtin Commands (every builtin, what it does, when to use it)

  • Job Control (background, foreground, wait, trap)

  • Bash Variables ($?, $!, $$, $@, $#, BASH_REMATCH)

CISSP Study Activation

Tracker exists at trackers/education/cissp.adoc — 8 domains, all "Not Started." Q3 2026 target is ~2 months away.

Domains 4 (Network), 5 (IAM), 6 (Assessment), 7 (Operations) map directly to CHLA work. Start there.

  • Acquire official study guide + Boson practice exams

  • Create 12-week schedule (1 domain/week + 4 weeks review)

  • Map CHLA experience to each domain for endorsement

  • Daily practice questions (10/day minimum)

RHCSA Certification

Tracker exists (rhcsa.adoc). In progress. Linux administration is daily work — this cert validates it. Complements LPIC-1 (already held) and feeds into LPIC-2.

LPIC-2 Advancement

Tracker exists (lpic-2.adoc). LPIC-1 already held. LPIC-2 covers: capacity planning, kernel, network config, storage, DNS, web servers, file sharing, LDAP, email, security. Directly applicable to homelab infrastructure.

DevNet Associate

Tracker exists (devnet.adoc). Cisco developer certification — Python, APIs, automation. Aligns with netapi development and the automation trajectory at CHLA. The Python + ISE API work you’re doing daily is the study material.

Terraform / IaC

Tracker exists (terraform.adoc). Infrastructure as Code for KVM VMs, Vault config, Cloudflare DNS. Partially implemented in domus-terraform repo. Need to formalize the study track.

Vault / HashiCorp

Tracker exists (vault-hashicorp.adoc). Running Vault HA in production. Deep knowledge exists — need to formalize for potential HashiCorp certification and the PKI consulting income stream.

Python Deepening

Tracker exists (python-fundamentals.adoc). Repo exists (domus-python). Two months into scripting. Current: API integration, DataConnect queries, report generation. Next level: OOP patterns, packaging, testing, type hints. The report.py and qradar-charts.py scripts are the foundation — need to level up from scripts to maintainable tools.

Go CLI Development

Tracker exists (go.adoc). Learn Go via CLI tool development — netapi rewrite target. Cobra-style argument parsing, cross-compilation, single binary distribution. This is the commercialization path for netapi.

Lua / Neovim Plugin Development

Tracker exists (lua.adoc). Plugin development, lazy.nvim patterns. You use nvim daily — understanding Lua unlocks custom tooling. Ties to instrumentum-nvim (distributable config) and domus-nvim (personal config).

Rust

Tracker exists (rust.adoc). Current level: Beginner. vim-odyssey repo exists (Rust game). Long-term investment — systems programming, CLI tools, WASM. Not urgent but compounds over years.

Mathematics

Repo exists (domus-math). Tracker exists (college-algebra.adoc). Mathematics for infrastructure, security, and research computing. Cryptography tracker also exists — PKI work demands understanding of the math underneath.

Languages & Literature

Extensive content exists:

  • Spanish — DELE C1 track (dele-spanish.adoc), SIELE (siele.adoc), writing (spanish-writing.adoc), immersion pages. domus-literature repo.

  • Don Quijote — tracker exists (don-quijote.adoc), full chapter pages in education/literature/quijote/.

  • García Márquez — tracker exists (garcia-marquez.adoc).

  • Scripture — domus-scripture repo. RV1909, KJV, Tanakh. Trackers: la-reina-valera.adoc, tanakh.adoc.

  • Linguistics — tracker exists, pages exist.

  • Latin — current level A2 per skill levels.

Music

  • Violin — tracker exists (violin.adoc). domus-musica repo.

  • Cello — tracker exists (cello.adoc).

Container & Kubernetes Deepening

Tracker exists (containers.adoc, k8s-fundamentals.adoc). Running k3s + Cilium + ArgoCD in homelab. Need to formalize: CKA preparation, Helm chart development, operator patterns. Ties to the k3s HA infrastructure idea.

DNS / BIND Mastery

Tracker exists (dns-bind.adoc). Running BIND in production — split-horizon, DNSSEC, RPZ content filtering. Formalize the knowledge for the infrastructure consulting offering.

Ideas — Documentation

Inbox

Idea Context Category Captured

Antora search fix

Lunr index too large — explore alternatives

docs

2026-03-22

domus-* cross-reference audit

Find and fix broken xrefs across all repos

docs

2026-03-22

Runbook template standardization

Consistent format across all runbooks

docs

2026-03-22

Ideas — Personal & Creative

Inbox

Idea Context Category Captured

LilyPond → PDF pipeline

Automate music notation compilation

music

2026-03-22

age encryption workflow doc

Document full workflow for cold storage

security

2026-03-22

Income Diversification

Full assessment in .drafts/income-streams-assessment-2026-04-24.adoc. 19-repo skill surface analyzed. Four tiers identified:

  • Tier 1 (now): ISE health checks, compliance documentation, pentest remediation consulting

  • Tier 2 (build once): Runbook templates, training content (operational ISE), PKI/secrets consulting

  • Tier 3 (recurring): SIEM migration services, threat hunting playbooks, observability buildouts

  • Tier 4 (longer): Full security architecture consulting, NAC-to-microsegmentation bridge, vCISO

The reframe: security infrastructure architect, not ISE engineer. The 5-10 year NAC transition period is where the consulting money is.

Next step: pick 1 Tier 1 offering and define scope, deliverable, price. ISE health checks are the fastest — remote, half-day, repeatable.

Strategic Alignment

Life Goals

Life Goals (North Stars)

These are the unchanging destinations. Everything else serves these.

Goal Definition Measurement

Financial Independence

Passive income exceeds expenses; work becomes optional

Net worth, passive income streams, runway months

Technical Excellence

Recognized expert in security, automation, infrastructure

Certifications, project portfolio, reputation, compensation

Bilingual Mastery

C2-level Spanish; think, dream, write in both languages

DELE C2, literary comprehension, native speaker feedback

Creative Expression

Music, writing, and building things that outlast me

Compositions completed, published works, open source impact

Physical Sovereignty

Health that enables everything else for 50+ more years

Vitals, mobility, energy, sleep quality, bloodwork

Wisdom Accumulation

Deep understanding of life, ethics, history, human nature

Books read, essays written, quality of decisions

Goal-Track Matrix

Goal → Track Alignment Matrix

Every track should serve at least one life goal. Orphan tracks are candidates for elimination.

Track Financial Technical Bilingual Creative Physical Wisdom

RHCSA

✓✓

CISSP

✓✓

DevNet

✓✓

Python

✓✓

Regex

✓✓

k8s

✓✓

DELE/SIELE

✓✓

Don Quijote

✓✓

✓✓

García Márquez

Spanish Writing

✓✓

Violin

✓✓

Philosophy

✓✓

History

✓✓

Linguistics

College Algebra

Cryptography

✓✓

Vault

✓✓

Bash/AWK/sed

✓✓

Vim

✓✓

netapi

✓✓

Legend: ✓ = contributes | ✓✓ = primary driver

Quarterly Priorities

Q2 2026 Strategic Priorities

Based on goal alignment, these are the highest-leverage activities:

Priority Action Why

P0

SIELE C1 exam (Q2)

Validates bilingual asset; enables consulting in Spanish-speaking markets

P0

k3s NAT fix + Wazuh deployment

Completes home lab → portfolio piece → technical excellence proof

P1

netapi polish + public release

Portfolio piece + DevNet alignment + creative expression

P1

RHCSA study resume

Most direct path to salary increase (certification premium)

P2

Don Quijote Primera Parte complete

C1 vocabulary + wisdom accumulation + bilingual mastery

P2

Keycloak rebuild

Removes SPOF + completes identity stack → technical excellence

Q2 2026 Roadmap

Q2 2026 Roadmap (April — June)

Certifications

CISSP is the priority. 10-week plan active.
Domain Item Target Date Status Dependencies

Certification

CISSP — ISC2 Certified Information Systems Security Professional

July 12, 2026

ACTIVE — Week 1/10 (Domain 1: Risk)

Sybex book, Boson exams, Pocket Prep app

Certification

RHCSA 9 — Red Hat Certified System Administrator

Q3 2026

Ch 1-2 / 20 (10%)

After CISSP. Lab environment (KVM)

Certification

Claude Code Certification — Anthropic (Nick Saraev course)

Q2 2026

IN PROGRESS (26:49/4hr)

Course completion, practice projects

Certification

LPIC-1 Renewal — Linux Professional Institute

Q2 2026

RENEW — check expiry

Check expiry date, register for exam

Language

SIELE C1 — Instituto Cervantes (computer-based)

Q2 2026

ACTIVE

Comprension auditiva practice, subjuntivo mastery

Work Projects (CHLA)

Domain Item Target Date Status Dependencies

Work P0

SIEM QRadar → Sentinel Migration — LEAD. 4 collection iterations, Python chart pipeline, migration XLSX, verification pending.

Q2 2026

ACTIVE — collection done, verification pending

Monad pipeline, Sentinel KQL

Work P0

Linux Research (Xianming Ding) — EAP-TLS completion

Overdue (02-24)

BEHIND (59 days)

nmcli certificate fix

Work P0

iPSK Manager — Pre-shared key automation

 — 

BEHIND

DB replication (Ben Castillo)

Work P0

MSCHAPv2 Migration — 6,084 devices, 29 types, 5-wave deployment

Q2 2026

ACTIVE — weekly cadence Wed, ownership matrix defined

netapi DataConnect queries, pandas analytics

Work P0

TCP Clocks deployment — ISE identity group validation

April 2026

ACTIVE — queries run, comms in progress

Identity group verification, team coordination

Work P0

Murus Portae (WAF) — Phase 0 discovery, FMC cert expired

Q2 2026

INVESTIGATING — d001 has zone map, architecture D2, FMC API ref

FMC cert fix, ACP investigation

Work P0

Mandiant Remediation — findings status, guest ACL, SIEM posture report

Q2 2026

ACTIVE — d001 comms Apr 23, findings from Apr 16

Lab validation, joint CR with NE

Work P0

Research Segmentation — Untrusted VLAN migration

 — 

BLOCKED

CISO decision

Work P0

Abnormal Security — AI email security, ESA cutover

Q2 2026

ACTIVE — read-only integration live

Cutover timeline confirmation

Work P1

Sentinel KQL Proficiency — queries, Copilot-assisted, differentiate from team

April 2026

ACTIVE — Azure access acquired

Azure portal access

Work P1

Monad Pipeline Evaluation — LEAD. Test pipeline creation, input sources

April 2026

TODO (44 days carried)

Lab environment setup

Work P1

Firewall audit — FMC device & policy inventory done (d001)

Q2 2026

ACTIVE — FMC discovery complete

EtherChannel, prefilter, policy queries

Work P1

QRadar to Sentinel Migration — SIEM platform transition

Q2 2026

Active — see SIEM P0 entry above

Monad pipeline evaluation

Work P1

Vocera/Wyse iTrack RCA — RabbitMQ CPU spike

April 2026

OPEN

Cisco TAC case, endpoint log analysis

Work P1

Strongline Gateway — MAC capture, Identity Group setup

Q2 2026

Active (39 days)

8 devices reassignment (David Rukiza)

Work P1

Downtime Computers enforcement — ISE AuthZ rule draft

Q2 2026

PENDING — audit delivered, enforcement CR needed

Separate CR after audit acceptance

Work P1

NebulaONE AI Platform — Azure/Cloudforce

Q2 2026

Active

C-level direction

Work P1

DMZ Migration — external services audit behind NetScaler

Q2 2026

Active — linked to Murus Portae

NetScaler reverse proxy audit

Personal Milestones

Domain Item Target Date Status Dependencies

Personal

Z Fold 7 Termux — gopass and SSH restoration

ASAP

BLOCKER (45 days)

Termux SSH + gopass configuration

Personal

gopass v3 organization — Restructure password store

April 2026

Active (35 days)

gopass-personal-docs templates

Personal

Tax filing 2025 (MFJ) — deadline Apr 23

PAST DUE

CONFIRM STATUS

Alexandra W-2, 1099-NEC, 1098-E, child info

Personal

Housing search — Granada Hills area

Q2 2026

In Progress

Budget, location research

Revenue

netapi Commercialization — Go CLI rewrite, Cobra-style arg discovery

Q2-Q3 2026

P0 ACTIVE

Go evaluation, CLI framework selection

Revenue

Ollama API Service — 17 endpoints, productize config audit + doc tools

Q2 2026

P0 ACTIVE

Web UI, fine-tuning pipeline

Personal

Crypta — educational roguelike in Rust (5,490 lines). Learning Rust via game dev.

Q2 2026

ACTIVE — v0.2, 10-lesson curriculum planned

Rust lesson progression

Personal

ThinkPad P16g Setup — Arch install complete, Phase 12 security pending

Q2 2026

OPERATIONAL — AppArmor SEC-001 remaining

AppArmor baseline, enforce profiles

Personal

System State Arena — competition prep Aug 22-24

Aug 2026

Phase 0 this week (Apr 21-27)

Daily practice, man-page-only methodology

Infrastructure

Domain Item Target Date Status Dependencies

Infra

k3s NAT verification — NAT rule 170 for pod network

ASAP (46 days carried)

P0 BLOCKING

VyOS NAT rule testing

Infra

Wazuh indexer recovery — Restart pod after NAT fix

After k3s NAT

P0 Blocked

k3s NAT verification

Infra

ISE Patch 10 upgrade — ISE 3.2 Patch 10 (CVE-2026-20147 CVSS 9.9)

Q2 2026

P0 TODO

Patch availability, change window

Infra

ISE MnT Messaging Service — Enable UDP syslog delivery

Q2 2026

P2 TODO

ISE maintenance window

Infra

Monad Pipeline Evaluation — Test pipeline creation

April 2026

P1 TODO (44 days)

Lab environment, test data

Infra

Borg backup validation — ALL systems

Q2 2026

TODO

Script path updates, initial archives

Cross-Domain Blockers

CRITICAL Blockers

Domain Blocker Impact Days Blocked By Action Required

Work

k3s NAT verification

SIEM visibility blocked — Wazuh cannot start without pod networking

46

VyOS NAT rule 170 untested

Test NAT for 10.42.0.0/16 pod network, verify internet connectivity

Work

Wazuh indexer recovery

No SIEM log ingestion — security blind spot

46

k3s NAT verification

Restart Wazuh pod after NAT confirmed working

Work

SIEM QRadar → Sentinel Migration

Organization-wide SIEM transition. Monad console error resolved 05-12. Secrets configured. Blocked on DCR creation.

32

DCR not created (Rule ID + Stream Name) + Azure private network policy

Victor/Mauricio: create DCR. Victor: resolve Azure network policy.

Work

MSCHAPv2 Migration Reporting

Report due. 6,227 devices, 5 waves. 6 batch SQL queries + 3-API profile script built (05-11). Migration window 05-04 to 05-30.

25

Report needs to be turned in

Turn in report. Batch MAC triage ready for incoming Teams disconnect request.

Work

Monad ETL Pipeline

Console error resolved 05-12. 3/6 values configured. Blocked on DCR creation.

62

DCR not created (Rule ID + Stream Name)

10am call today. Victor/Mauricio: create DCR.

Work

Murus Portae (WAF)

FMC management cert expired, ACP returns zero rules via API. Phase 0 discovery stalled.

8

FMC cert fix, ACP investigation

Fix FMC cert, resolve zero-rule API response, complete Q1-Q8 discovery queries

Work

Research Segmentation

Research endpoints remain on trusted network

 — 

CISO decision pending

Escalate for CISO decision on Untrusted VLAN migration

Work

IoT Dr. Kim — recurring incident

Sleep study devices + watches. 3 incidents across Apr 15, 16, 22.

9

iPSK enrollment validation

Validate iPSK, check identity group stability, document IoT validation queries

Personal

Z Fold 7 Termux

Cannot access passwords on mobile — no gopass, no SSH

45

Termux SSH and gopass broken

Debug Termux SSH config, reinstall gopass, test key access

Personal

Tax filing 2025 (MFJ)

Deadline was Apr 23. Status unknown — confirm with user.

1

Need Alexandra W-2, 1099-NEC, 1098-E, child info

Confirm filed or escalate immediately

Work Blockers

Domain Blocker Impact Days Blocked By Action Required

Work P0

k3s NAT verification

Blocks Wazuh recovery, SIEM visibility

46

VyOS NAT rule 170

Test NAT rule, verify pod internet access

Work P0

Wazuh indexer recovery

Security monitoring offline

46

k3s NAT fix

Restart pod after NAT confirmed

Work P0

SIEM QRadar → Sentinel

Monad console error resolved 05-12. Blocked on DCR creation.

32

DCR not created + Azure private network policy

Victor/Mauricio: create DCR, resolve network policy

Work P0

Strongline Gateway VLAN fix

8 devices in wrong identity group

39

David Rukiza assignment

Follow up with David, verify identity group reassignment

Work P0

TCP Clocks deployment

ISE identity group validation active

2

Query validation, team comms

Complete deployment, verify identity groups

Work P0

Murus Portae (WAF)

Phase 0 discovery blocked by FMC cert + API issue

8

FMC cert expired, ACP zero rules

Fix cert, investigate API, complete discovery

Work P0

Research Segmentation

Research endpoints on trusted VLAN

 — 

CISO decision

Escalate to CISO

Work P0

Linux Research (overdue)

EAP-TLS project behind schedule

59

Certificate password issue

Apply nmcli fix, test with Xianming Ding

Work P0

iPSK Manager

Pre-shared key automation stalled

 — 

DB replication

Follow up with Ben Castillo on replication fix

Work P0

MSCHAPv2 Migration

Report due. 6,227 devices, 5 waves. Batch queries + 3-API profile script ready.

25

Report to turn in

Turn in report, batch MAC triage ready for Teams request

Work P0

IoT Dr. Kim — recurring

3 incidents (Apr 15, 16, 22)

9

iPSK enrollment

Validate enrollment, check stability

Work P1

Monad Pipeline Evaluation

Console error resolved 05-12. Promoted to P0. 3/6 values configured.

62

DCR creation (Rule ID + Stream Name)

10am call today. Victor/Mauricio create DCR.

Work P1

Vocera EAP-TLS Supplicant Fix

~10 phones failing 802.1X

43

Missing supplicant config

Configure supplicant on affected Vocera phones

Work P1

ISE 3.4 Migration

Running outdated ISE 3.2

 — 

ISE Patch 10 prerequisite

Complete Patch 10 first, then plan 3.4 migration

Personal Blockers

Domain Blocker Impact Days Blocked By Action Required

Personal

Z Fold 7 Termux

No mobile password or SSH access

45

gopass + SSH broken in Termux

Reinstall gopass, configure SSH keys, test connectivity

Personal

gopass v3 organization

Inconsistent password store, no aggregation queries

35

Needs restructure plan

Use gopass-personal-docs templates, migrate remaining entries

Personal

Tax filing 2025 (MFJ)

Deadline was Apr 23. Rejected, refiling as MFJ. ~$1K-4K owed.

1

Need Alexandra W-2, 1099-NEC, 1098-E, child info

Confirm filed or complete immediately

Personal

Housing search

Quality of life, commute impact

 — 

Budget and location research

Research Granada Hills apartments, set budget

Personal

Git history scrub — d000 personal terms

Sensitive personal legal terms in committed worklog history (WRKLOG-2026-03-14, WRKLOG-2026-04-18)

2

Forward-fixed, history not yet scrubbed

Run git filter-repo per runbook in blockers.adoc, force-push to all remotes

Recently Resolved

Recently Resolved

Task Details Resolved Notes

domus-captures accuracy sweep

Verify all statistics, indices

2026-03-16

Completed

nvim-domus public release

GitHub repo creation

2026-03-16

CR

Repository structure audit

Projects vs operations organization

2026-03-16

Fixed

Kinesis 360 BT disconnect

Keyboard pairing

2026-02-27

Troubleshooting guide

Attributes split

attributes.adoc → home/work/styles

2026-03-22

327 → 94+239+33 lines

Wazuh SIEM 4.14.3 deploy

k3s deployment, all pods running

2026-02-23

Completed

Vault SSH CA

8h certs, 9 hosts configured

2026-02-21

Production

Prometheus + Grafana

Monitoring stack on k3s

2026-02-23

Production

Recently Resolved (March 2026)

Task Details Resolved Resolution

ISE RabbitMQ CPU 109%

MnT node message queue saturation

2026-03-11

TAC-guided ise-02 restart

Xianming Ding Linux EAP-TLS

Certificate chain validation

2026-03-14

CA chain fix documented

Quick Reference

Meta Partials Guide

META - Transcendent Value System

These partials provide cross-domain strategic insight. They answer WHY, not just WHAT.

Meta Partials

Partial Purpose Key Tags

Strategic Alignment

Connect tracks to life goals - no activity without purpose

life-goals, goal-track-matrix, career-vector, time-alignment, quarterly-priorities, anti-patterns, decision-framework

Skill Synergies

Map how skills compound each other - see the learning chains

compound-chains, synergy-matrix, cross-domain, investment-priority, unlocks, current-bottlenecks

Compound Multipliers

Force multiplier skills that accelerate everything

definition, tier-1, tier-2, tier-3, investment-tracker, neglected, multiplier-audit, compound-math

Weekly Retrospective

Structured reflection framework - capture insights

weekly-prompts, energy-audit, time-truth, next-week, monthly-additions, quarterly-deep-dive, capture-template

Velocity Metrics

Track learning velocity and momentum patterns

velocity-definition, track-velocity, momentum-indicators, velocity-killers, acceleration-levers, weekly-velocity-check, quarterly-velocity-analysis, current-assessment
Use these for Sunday reviews, monthly calibration, and quarterly strategic planning.

Include Patterns

Quick Include Reference

Show all urgent items:

include::partial$trackers/master-index.adoc[tag=urgent-all]

Professional carryover only:

include::partial$trackers/work/adhoc.adoc[tag=carryover]

Personal blockers only:

include::partial$trackers/personal/adhoc.adoc[tag=blockers]

Ideas backlog:

include::partial$trackers/personal/adhoc.adoc[tag=ideas]

Certification deadlines only:

include::partial$trackers/education/certifications-deadlines.adoc[tag=urgent]

Life admin urgent only:

include::partial$trackers/personal/life-admin.adoc[tag=urgent]

Skills mastery critical:

include::partial$trackers/education/skills-mastery.adoc[tag=critical]

Infrastructure sites:

include::partial$trackers/personal/infrastructure.adoc[tag=sites]

HA deployment status:

include::partial$trackers/personal/infrastructure.adoc[tag=ha-status]

Single points of failure:

include::partial$trackers/personal/infrastructure.adoc[tag=spof]

Project portfolio (Tier 1):

include::partial$trackers/personal/infrastructure.adoc[tag=projects-tier1]

META Partials (Transcendent Value)

Life goals and alignment:

include::partial$trackers/meta/strategic-alignment.adoc[tag=life-goals]
include::partial$trackers/meta/strategic-alignment.adoc[tag=goal-track-matrix]
include::partial$trackers/meta/strategic-alignment.adoc[tag=quarterly-priorities]

Skill compound chains:

include::partial$trackers/meta/skill-synergies.adoc[tag=compound-chains]
include::partial$trackers/meta/skill-synergies.adoc[tag=synergy-matrix]
include::partial$trackers/meta/skill-synergies.adoc[tag=current-bottlenecks]

Force multipliers:

include::partial$trackers/meta/compound-multipliers.adoc[tag=tier-1]
include::partial$trackers/meta/compound-multipliers.adoc[tag=investment-tracker]
include::partial$trackers/meta/compound-multipliers.adoc[tag=compound-math]

Weekly reflection:

include::partial$trackers/meta/weekly-retrospective.adoc[tag=weekly-prompts]
include::partial$trackers/meta/weekly-retrospective.adoc[tag=capture-template]

Velocity tracking:

include::partial$trackers/meta/velocity-metrics.adoc[tag=track-velocity]
include::partial$trackers/meta/velocity-metrics.adoc[tag=current-assessment]
include::partial$trackers/meta/velocity-metrics.adoc[tag=weekly-velocity-check]

Last built: 2026-06-06 | Single source of truth: Edit partials, not this page.