majorlinux/majorwiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wiki: publish 3 unpushed articles and catch nav up

Browse source 
Articles from prior sessions that were written locally but never shipped:
- 02-selfhosting/cloud/aws-s3-cost-management.md — lifecycle rules, storage class selection, bucket inventory, unexpected-growth investigation
- 02-selfhosting/dns-networking/wake-on-lan-router-ssh.md — WOL magic packets via Asus router SSH + ether-wake, Ansible vault integration
- 02-selfhosting/services/claude-code-remote-control.md — mobile access to a persistent host Claude Code session

Nav updated (index.md + SUMMARY.md):
- Added Cloud subsection under Self-Hosting for aws-s3
- Added wake-on-lan and aws-s3 entries to SUMMARY
- Added claude-code-remote-control to index's Services section
- Added ansible-ssh-host-alias-bypass nav entry (article shipped in 2dbeb22)
- Article count 87 → 89, self-hosting 30 → 32, troubleshooting 33 → 34
This commit is contained in:
Marcus Summers 2026-04-21 09:17:31 -04:00
parent 668891082e
commit f9c61fbac3
5 changed files with 286 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

106
02-selfhosting/cloud/aws-s3-cost-management.md Normal file
View file

@ -0,0 +1,106 @@
---
title: "AWS S3 Cost Management"
domain: selfhosting
category: cloud
tags: [aws, s3, cost, billing, mastodon, glacier]
status: published
created: 2026-04-19
updated: 2026-04-19
---
# AWS S3 Cost Management
The majorlinux AWS account is used exclusively for S3 object storage. This covers how to monitor costs, what's driving the bill, and how to reduce it.
## Account Overview
- **Account ID:** `408469496267`
- **Account name:** majorlinux
- **Services in use:** S3 (Standard + Glacier Deep Archive), AWS Config, Cost Explorer
- **Monthly spend:** ~$32/mo (March 2026); expected ~$16/mo post-media-prune
## Buckets and Cost Drivers
| Bucket | Size | Storage Class | Cost/mo | Purpose |
|--------|------|---------------|---------|--------|
| `majortoot` | 648 GB (mostly remote cache) | S3 Standard | ~$15/mo | Mastodon media |
| `majorhomebackup` | 16 TiB | Glacier Deep Archive | ~$16/mo | MLS stream archives (sole copy) |
| `config-bucket-*` | ~185 KB | S3 Standard | ~$0.00 | AWS Config snapshots |
## CLI Setup
AWS CLI installed on MajorMac via Homebrew. Credentials configured at `~/.aws/credentials`.
```bash
brew install awscli
# Credentials pulled from Ansible vault:
# AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY in group_vars/all/vault.yml
```
### Useful commands
```bash
# Check current month spend by service
aws ce get-cost-and-usage \
--time-period Start=2026-04-01,End=2026-04-30 \
--granularity MONTHLY \
--metrics "UnblendedCost" \
--group-by Type=DIMENSION,Key=SERVICE
# View anomaly alerts
aws ce get-anomalies \
--date-interval StartDate=2026-04-01,EndDate=2026-04-30
# Check conformance pack compliance
aws configservice get-conformance-pack-compliance-details \
--conformance-pack-name MajorConformance
# List budgets
aws budgets describe-budgets --account-id 408469496267
```
## Budget Alert
`MajorS3MonthlyAlert` configured 2026-04-19:
- 80% threshold → email at $20 actual spend
- 100% threshold → email at $25 actual spend
- Recipient: maj.linux@gmail.com
## Cost Reduction Options
### majortoot — S3 Standard-IA
Switching `S3_STORAGE_CLASS=STANDARD_IA` in Mastodon's `.env.production` reduces storage cost from $0.023/GB to $0.0125/GB for new uploads. Expected saving: ~$45/mo after cache is pruned down to local-only content.
See [[mastodon-instance-tuning]] for full instructions.
### majortoot — Weekly media prune
Weekly cron deployed (`0 3 * * 0`) via `configure_mastodon_media_prune.yml`. Removes remote federated cache older than 7 days. Expected to reduce bucket from 648 GB to ~7 GB over time.
### majorhomebackup — Self-host consideration
Deep Archive at $0.00099/GB is the cheapest cloud tier — no cloud alternative is cheaper. If the MLS archives are no longer needed, deletion would save ~$16/mo. A 20TB HDD (~$300400) would break even in ~2 years vs. continued cloud storage. **These are the sole copy — do not delete without a separate backup.**
## Conformance Pack
`MajorConformance` (created 2024-12-20) monitors S3 buckets for:
- Public read/write access (majortoot is intentionally public — Mastodon media)
- Account-level public access blocks (off by design, same reason)
- S3 default object lock (not enabled — expected)
- S3 event notifications (not enabled — expected)
Evaluations cost $0.001 each and run on a periodic schedule. Safe to ignore; at current scale costs pennies per month.
## IAM Users
| User | Scope | Credentials location |
|------|-------|---------------------|
| `MajorToot` | S3 only — no billing/Cost Explorer | `~/.aws/credentials` on majortoot |
| Root | Full access | `~/.aws/credentials` on MajorMac (configured 2026-04-19) |
## Related
- [[Services/AWS]] — infrastructure record
- [[mastodon-instance-tuning]] — media cache management
- [[majortoot]] — Mastodon host

72
02-selfhosting/dns-networking/wake-on-lan-router-ssh.md Normal file
View file

@ -0,0 +1,72 @@
---
title: Wake-on-LAN via Router SSH
description: Send WOL magic packets through an Asus router over SSH
tags: [networking, wol, asus, ssh]
created: 2026-04-19
---
# Wake-on-LAN via Router SSH
Most Asus routers running AsusWRT (or Merlin) include `ether-wake` in their BusyBox environment. Combined with SSH access, this lets you wake machines remotely from anywhere — even over a VPN like Tailscale — without needing a dedicated WOL tool on the LAN.
## Prerequisites
- **SSH enabled on the router** — Administration → System → Enable SSH → LAN only
- **Target machine** has WOL enabled in BIOS/firmware
- **MAC address** of the target machine
- `sshpass` installed on the client (for scripted/non-interactive use)
## Router SSH Setup
Asus routers use a non-standard SSH port by default. Check your router's SSH settings for the port number.
```bash
# ~/.ssh/config entry
Host router
HostName 192.168.50.1
Port 1025
User <your-username>
```
## Sending a WOL Packet
```bash
# Interactive (will prompt for password)
ssh router 'ether-wake -i br0 AA:BB:CC:DD:EE:FF'
# Non-interactive (password from variable or file)
sshpass -p "$ROUTER_PASS" ssh router 'ether-wake -i br0 AA:BB:CC:DD:EE:FF'
```
- **`-i br0`** — the bridge interface for the LAN. This is `br0` on most Asus routers.
- Replace `AA:BB:CC:DD:EE:FF` with the target machine's MAC address.
## Scripting with Ansible Vault
If your router password is stored in an Ansible vault, you can pull it at runtime:
```bash
#!/usr/bin/env bash
set -euo pipefail
VAULT_FILE="$HOME/MajorAnsible/group_vars/all/vault.yml"
VAULT_PASS_FILE="$HOME/.ansible/vault_pass"
password=$(ansible-vault view "$VAULT_FILE" --vault-password-file "$VAULT_PASS_FILE" 2>/dev/null \
| grep '^router_password:' | sed 's/^router_password: *"\{0,1\}\([^"]*\)"\{0,1\}/\1/')
sshpass -p "$password" ssh router "ether-wake -i br0 AA:BB:CC:DD:EE:FF"
```
## Troubleshooting
| Issue | Fix |
|-------|-----|
| `Connection refused` | SSH not enabled on router, or wrong port |
| `Permission denied` | Wrong username/password |
| Machine doesn't wake | Check WOL is enabled in BIOS; verify MAC address; ensure machine is plugged in (not on battery) |
| `ether-wake: not found` | Router firmware may not include it — check with `which ether-wake` |
## Why Not Use a Dedicated WOL Tool?
Tools like `wakeonlan` or `etherwake` on a Linux host work great — but only if that host is on the same LAN subnet. If your management machine connects via VPN (e.g., Tailscale), the magic packet won't traverse the VPN tunnel since WOL relies on Layer 2 broadcast. Sending it from the router sidesteps this entirely.

93
02-selfhosting/services/claude-code-remote-control.md Normal file
View file

@ -0,0 +1,93 @@
---
title: "Claude Code Remote Control — Mobile Access to a Persistent Host Session"
domain: selfhosting
category: services
tags: [claude-code, anthropic, remote-control, tmux, tailscale, mobile, workflow]
status: published
created: 2026-04-20
updated: 2026-04-20
---
# Claude Code Remote Control
Anthropic released **Remote Control** for Claude Code in February 2026. It bridges a locally-running Claude Code CLI process with Claude Mobile (iOS/Android) and `claude.ai/code` in any browser. The local session stays running on the host with full filesystem, environment, and MCP access; the phone or browser is just a thin front-end that attaches to it.
This article covers the setup pattern used at MajorsHouse — running Remote Control on an always-on host inside a `tmux` session over Tailscale SSH so the mobile connection survives client disconnects.
## How Remote Control Works
- All traffic flows through Anthropic's API over outbound HTTPS. No inbound ports on the host, no port forwarding, no reverse proxy.
- The mobile/web client **attaches to the existing session** — same transcript, same context, same MCP servers, same working directory.
- Terminal and mobile can be active at the same time; input is interchangeable and both views stay in sync.
- Only one remote client per session is supported.
- The session ends when the local `claude` process stops.
- Must be started with `claude remote-control` from the beginning — a plain `claude` session already in flight cannot be retrofitted.
- Requires Claude Pro or Max.
## Why MajorRig Hosts the Session
The vault is Obsidian-synced across MajorAir, MajorMac, and MajorRig. Native Linux servers like `majorlab` or `majorhome` would be architecturally cleaner (true always-on, no Windows Update reboots) but have no vault sync — adding them would require another Obsidian Sync device slot, or an SMB/NFS mount, or git-only access to the MajorWiki subset. Until that's solved, MajorRig is the de facto primary.
WSL2's `/mnt/c` I/O is slow for heavy workloads (node_modules, fsync-heavy DBs) but not a practical issue for markdown reads/writes and FTS5 search across the vault.
## Setup on MajorRig
### 1. Enable Remote Control by default
Inside any Claude Code session:
```
/config
```
Toggle **"Enable Remote Control for all sessions"**. This means future `claude` invocations automatically expose a Remote Control endpoint — no need to remember the subcommand.
### 2. Install the mobile app
Inside Claude Code:
```
/mobile
```
A QR code appears for iOS and Android download links.
### 3. Start a persistent session via Tailscale SSH + tmux
From any fleet machine:
```bash
ssh majorrig
tmux new -s claude
claude remote-control
```
Detach with `Ctrl+b d`. The `claude` process survives SSH disconnect because it's owned by the tmux server, not the SSH session.
To reattach from the host later:
```bash
ssh majorrig
tmux attach -t claude
```
### 4. Connect from the phone
Open Claude Mobile → select the session from the list, or scan the QR code the host prints on start. The app connects over outbound HTTPS through Anthropic; no Tailscale required on the phone.
## Alternatives
- **SSH + tmux directly from a mobile terminal app** (Blink Shell, Termius) — works without Pro/Max, survives client drops, full shell access. UX on a phone screen is rough; no native paste/share affordances.
- **`JessyTsui/Claude-Code-Remote`** (community) — routes Claude Code task output via email/Discord/Telegram. Not interactive; useful for notifications.
## Constraints and Gotchas
- **Process death kills the session.** If the `claude` process exits (crash, `tmux kill-session`, host reboot), the mobile connection drops and the transcript is lost. For true resilience, pair with a systemd user service that auto-restarts.
- **One remote per session.** Phone and laptop browser cannot both attach at the same time.
- **Windows Update reboots on WSL2.** MajorRig's uptime is gated by the Windows host. A scheduled-restart-free maintenance window is worth configuring if this pattern becomes primary.
- **Session must start with Remote Control.** Restart `claude` if you realize mid-session you want phone access (unless `/config` toggle is already set).
## See Also
- [Tailscale for Homelab Remote Access](../dns-networking/tailscale-homelab-remote-access.md)
- Anthropic docs: `https://code.claude.com/docs/en/remote-control`

4
SUMMARY.md
View file

@ -25,6 +25,8 @@ updated: 2026-04-18T18:48
* [Setting Up Caddy as a Reverse Proxy](02-selfhosting/reverse-proxy/setting-up-caddy-reverse-proxy.md)
* [Tailscale for Homelab Remote Access](02-selfhosting/dns-networking/tailscale-homelab-remote-access.md)
* [Network Overview](02-selfhosting/dns-networking/network-overview.md)
* [Wake-on-LAN via Router SSH](02-selfhosting/dns-networking/wake-on-lan-router-ssh.md)
* [AWS S3 Cost Management](02-selfhosting/cloud/aws-s3-cost-management.md)
* [rsync Backup Patterns](02-selfhosting/storage-backup/rsync-backup-patterns.md)
* [Tuning Netdata Web Log Alerts](02-selfhosting/monitoring/tuning-netdata-web-log-alerts.md)
* [Tuning Netdata Docker Health Alarms](02-selfhosting/monitoring/netdata-docker-health-alarm-tuning.md)
@ -34,6 +36,7 @@ updated: 2026-04-18T18:48
* [Updating n8n Running in Docker](02-selfhosting/services/updating-n8n-docker.md)
* [Mastodon Instance Tuning](02-selfhosting/services/mastodon-instance-tuning.md)
* [Ghost Email Configuration with Mailgun](02-selfhosting/services/ghost-smtp-mailgun-setup.md)
* [Claude Code Remote Control — Mobile Access to a Persistent Host Session](02-selfhosting/services/claude-code-remote-control.md)
* [Linux Server Hardening Checklist](02-selfhosting/security/linux-server-hardening-checklist.md)
* [Standardizing unattended-upgrades with Ansible](02-selfhosting/security/ansible-unattended-upgrades-fleet.md)
* [Fail2ban Custom Jail: Apache 404 Scanner Detection](02-selfhosting/security/fail2ban-apache-404-scanner-jail.md)
@ -92,5 +95,6 @@ updated: 2026-04-18T18:48
* [Systemd Session Scope Fails at Login](05-troubleshooting/systemd/session-scope-failure-at-login.md)
* [wget/curl: URLs with Special Characters Fail in Bash](05-troubleshooting/wget-url-special-characters.md)
* [Ansible: Check Mode False Positives in Verify/Assert Tasks](05-troubleshooting/ansible-check-mode-false-positives.md)
* [Ansible Fails with Permission Denied While `ssh <alias>` Works (Host Alias Bypass)](05-troubleshooting/ansible-ssh-host-alias-bypass.md)
* [Ghost EmailAnalytics Lag Warning — What It Means and When to Worry](05-troubleshooting/ghost-emailanalytics-lag-warning.md)
* [claude-mem: --setting-sources Empty Arg Bug (Claude Code 2.1.x)](05-troubleshooting/claude-mem-setting-sources-empty-arg.md)

15
index.md
View file

@ -1,23 +1,23 @@
---
created: 2026-04-06T09:52
updated: 2026-04-18T18:48
updated: 2026-04-19T21:46
---
# MajorLinux Tech Wiki — Index
> A growing reference of Linux, self-hosting, open source, streaming, and troubleshooting guides. Written by MajorLinux. Used by MajorTwin.
>
> **Last updated:** 2026-04-18
> **Article count:** 86
> **Article count:** 89
## Domains
| Domain | Folder | Articles |
|---|---|---|
| 🐧 Linux & Sysadmin | `01-linux/` | 12 |
| 🏠 Self-Hosting & Homelab | `02-selfhosting/` | 29 |
| 🏠 Self-Hosting & Homelab | `02-selfhosting/` | 32 |
| 🔓 Open Source Tools | `03-opensource/` | 10 |
| 🎙️ Streaming & Podcasting | `04-streaming/` | 2 |
| 🔧 General Troubleshooting | `05-troubleshooting/` | 33 |
| 🔧 General Troubleshooting | `05-troubleshooting/` | 34 |
---
@ -67,6 +67,10 @@ updated: 2026-04-18T18:48
### DNS & Networking
- [Tailscale for Homelab Remote Access](02-selfhosting/dns-networking/tailscale-homelab-remote-access.md) — installation, MagicDNS, making services accessible, subnet router, ACLs
- [Network Overview](02-selfhosting/dns-networking/network-overview.md) — MajorsHouse network topology, Tailscale IPs, and connectivity map
- [Wake-on-LAN via Router SSH](02-selfhosting/dns-networking/wake-on-lan-router-ssh.md) — send WOL magic packets through an Asus router over SSH, with Ansible vault integration
### Cloud
- [AWS S3 Cost Management](02-selfhosting/cloud/aws-s3-cost-management.md) — identify and control S3 costs: lifecycle rules, storage class selection, bucket inventory, unexpected-growth investigation
### Storage & Backup
- [rsync Backup Patterns](02-selfhosting/storage-backup/rsync-backup-patterns.md) — flags reference, remote backup, incremental with hard links, cron/systemd
@ -96,6 +100,7 @@ updated: 2026-04-18T18:48
- [Updating n8n Running in Docker](02-selfhosting/services/updating-n8n-docker.md) — pinned version updates, password reset, Arcane timing gaps
- [Mastodon Instance Tuning](02-selfhosting/services/mastodon-instance-tuning.md) — character limit increase, media cache management for self-hosted Mastodon
- [Ghost Email Configuration with Mailgun](02-selfhosting/services/ghost-smtp-mailgun-setup.md) — configuring Ghost's two independent mail systems (newsletter API + transactional SMTP) with Mailgun
- [Claude Code Remote Control — Mobile Access to a Persistent Host Session](02-selfhosting/services/claude-code-remote-control.md) — running `claude remote-control` on a host so `claude.ai` and the Claude mobile app can drive the CLI, with vault + MCPs intact
---
@ -166,6 +171,7 @@ updated: 2026-04-18T18:48
- [Systemd Session Scope Fails at Login](05-troubleshooting/systemd/session-scope-failure-at-login.md) — fixing session-cN.scope failures during login
- [wget/curl: URLs with Special Characters Fail in Bash](05-troubleshooting/wget-url-special-characters.md) — fixing broken downloads caused by unquoted URLs with &, ?, # characters
- [Ansible: Check Mode False Positives in Verify/Assert Tasks](05-troubleshooting/ansible-check-mode-false-positives.md) — guarding verify/assert tasks with `when: not ansible_check_mode` to prevent false failures in dry runs
- [Ansible Fails with Permission Denied While `ssh <alias>` Works (Host Alias Bypass)](05-troubleshooting/ansible-ssh-host-alias-bypass.md) — SSH Host blocks match on literal pattern; `ansible_host: <IP>` bypasses the alias and the IdentityFile never gets applied
- [Ghost EmailAnalytics Lag Warning — What It Means and When to Worry](05-troubleshooting/ghost-emailanalytics-lag-warning.md) — explaining the lag counter, `submitted` status, and `fetchMissing end == begin` skip
- [claude-mem: --setting-sources Empty Arg Bug (Claude Code 2.1.x)](05-troubleshooting/claude-mem-setting-sources-empty-arg.md) — fixing silent pipeline failure when claude-mem 12.1.x spawns Claude Code 2.1.112+
@ -176,6 +182,7 @@ updated: 2026-04-18T18:48
| Date | Article | Domain |
|---|---|---|
| 2026-04-19 | [Wake-on-LAN via Router SSH](02-selfhosting/dns-networking/wake-on-lan-router-ssh.md) | Self-Hosting |
| 2026-04-18 | [Ghost Email Configuration with Mailgun](02-selfhosting/services/ghost-smtp-mailgun-setup.md) | Self-Hosting |
| 2026-04-18 | [Firewall Hardening with firewalld on Fedora Fleet](02-selfhosting/security/firewalld-fleet-hardening.md) | Self-Hosting |
| 2026-04-18 | [ClamAV Fleet Deployment with Ansible](02-selfhosting/security/clamav-fleet-deployment.md) | Self-Hosting |