📄 2026-04-15.md 2,442 bytes Apr 19, 2026 📋 Raw

2026-04-15 — Day One

Onboarding & Security Hardening

OpenClaw updated from 2026.4.11 → 2026.4.14
UFW firewall configured: default deny inbound, allow outgoing. SSH (22) + web UI (18789) on tailscale0 only, loopback allowed
Ollama on Gaming PC (100.104.147.116): bound to Tailscale IP only, not 0.0.0.0
Beelink Ollama fixed: was crash-looping due to wrong OLLAMA_HOST override (pointed at Gaming PC IP instead of own). Fixed to 0.0.0.0:11434
Two-tier model routing established:
ollama/glm-5.1:cloud — daily driver (Ollama Pro cloud via local proxy)
ollama-remote/gemma4 — lightweight tasks on Gaming PC 3080 Ti via Tailscale
Telegram group security (CRITICAL) fixed: added allowFrom: ["8386527252"] to group wildcard, per-group extensible for future
Security audit: 0 critical, 3 warn (all acceptable/by design)
Plugin integrity: openclaw-web-search now has pinned version + integrity hash

Sandbox/workspaceOnly settings before adding other users
Pinning plugin spec to exact version
Web UI access over Tailscale (port 18789 allowed but not tested)
node-llama-cpp local embeddings (deferred, using nomic-embed-text via Gaming PC)

Family Gmail: hoffmann.family.manager@gmail.com (IMAP App Password)
Google Calendar API: service account family-calendar-sync@hoffmann-family-manager.iam.gserviceaccount.com
Calendar: "Hoffmann Family Calendar" shared to service account with edit access
Script: scripts/family_calendar.py — full pipeline: email→parse→calendar
Heartbeat: email + calendar checks integrated into 30-min heartbeat
End-to-end tested: Sully well child visit email → parsed correctly → calendar event created ✅
Filters out non-appointment emails (Google alerts, noreply, etc.)

heartbeat:check — every 30 min, system/weather/disk checks
heartbeat:daily — 7:00 AM CST, security audit + memory/wiki maintenance + update check
Both running on main session (will consider gemma4 model routing for isolated cron later)