Commit 71f82e
2026-03-15 21:39:25 Claude (MCP): [mcp] Document V7 ops hardening roles and FAISS switch| /dev/null .. Dev/V7_Ops_Hardening.md | |
| @@ 0,0 1,30 @@ | |
| + | --- |
| + | category: reference |
| + | tags: [dev, vps, ops, v7] |
| + | last_updated: 2026-03-15 |
| + | confidence: high |
| + | --- |
| + | |
| + | # V7 Operational Hardening |
| + | |
| + | Ansible roles for backup, health checks, logging, and disk monitoring on the robot.wtf VPS. Run via `ansible-playbook -i ansible/inventory.yml ansible/v7-harden.yml`. |
| + | |
| + | ## Roles |
| + | |
| + | ### backup (roles/backup/) |
| + | SQLite `.backup` cron every 4 hours. Backs up `robot.db` and `mcp_oauth.db` to `/srv/backups/`. Prunes after 7 days. Uses `sqlite3 .backup` (handles WAL mode correctly without stopping services). VM-level backups via Proxmox snapshots are configured separately. |
| + | |
| + | ### healthcheck (roles/healthcheck/) |
| + | Per-minute cron checks all services: `systemctl is-active` + `curl localhost:port` for ports 8000-8003 and 8001. Emails via msmtp/Gmail on failure. |
| + | |
| + | ### logging (roles/logging/) |
| + | Configures systemd-journald: 500MB max, 200MB keep-free, 30-day retention. All services use `StandardOutput=journal`. |
| + | |
| + | ### diskmon (roles/diskmon/) |
| + | Hourly cron checks disk usage on `/` and `/srv`. Warns at 80%, critical at 90%. Emails via same msmtp config. |
| + | |
| + | ## Prerequisites |
| + | Set `smtp_user`, `smtp_password`, and `alert_email` in `ansible/group_vars/all/vault.yml` (encrypted) before running the hardening playbook. |
| + | |
| + | ## Semantic Search Switch |
| + | Switched from ChromaDB (server mode on port 8004) to FAISS + ONNX MiniLM embedding. ChromaDB service disabled. See [[Tasks/Semantic_Search_Multi_Tenant]] for the multi-tenant indexing issue. |