From c231bcce70785e52a170630da4ed6f387c64dabf Mon Sep 17 00:00:00 2001
From: kenpat <kenpat7177@gmail.com>
Date: Thu, 11 Jun 2026 20:56:03 +0000
Subject: [PATCH] Update RUNBOOK.md

---
 RUNBOOK.md | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/RUNBOOK.md b/RUNBOOK.md
index dd3b747..cf5fc11 100644
--- a/RUNBOOK.md
+++ b/RUNBOOK.md
@@ -14,30 +14,30 @@ Internet
    └── Cloudflare (DNS + Tunnel)
           │  Active-Active across 3 connectors
           ├── cloudflared on monk (primary home machine)
-          ├── cloudflared on kscloud1 (Hetzner VPS, 5.78.233.28)
+          ├── cloudflared on kscloud1 (Hetzner VPS, [IP REDACTED])
           └── cloudflared on assassin (T14, currently OFF)
 
 Tailscale overlay network (VPN mesh):
-  monk      100.85.209.116
-  kscloud1  100.123.254.52  ← hosts shared Authentik Postgres + Redis
-  assassin  100.90.13.55    (off)
-  pixel-6   100.74.0.109
-  samurai   100.91.238.73
+  monk      [IP REDACTED]
+  kscloud1  [IP REDACTED]  ← hosts shared Authentik Postgres + Redis
+  assassin  [IP REDACTED]    (off)
+  pixel-6   [IP REDACTED]
+  samurai   [IP REDACTED]
 ```
 
 **Nine public subdomains** route through the same Cloudflare Tunnel token. Both monk and kscloud1 are connectors so the site stays up when either goes offline.
 
 | Subdomain | Container | Port |
 |-----------|-----------|------|
-| www.kitestacks.com | homepage (nginx portal) | 3000 |
-| auth.kitestacks.com | authentik | 9000 |
-| gitforge.kitestacks.com | forgejo | 3000 |
-| tasks.kitestacks.com | openproject | 80 |
-| ai.kitestacks.com | kite-openwebui | 8080 |
-| links.kitestacks.com | karakeep | 80 |
-| kavita.kitestacks.com | kavita | 5000 |
-| grafana.kitestacks.com | grafana | 3000 |
-| status.kitestacks.com | uptime-kuma | 3001 |
+| www.kitestacks.com | homepage (nginx portal) | [IP REDACTED] |
+| auth.kitestacks.com | authentik | [IP REDACTED] |
+| gitforge.kitestacks.com | forgejo | [IP REDACTED] |
+| tasks.kitestacks.com | openproject | [IP REDACTED] |
+| ai.kitestacks.com | kite-openwebui | [IP REDACTED] |
+| links.kitestacks.com | karakeep | [IP REDACTED] |
+| kavita.kitestacks.com | kavita | [IP REDACTED] |
+| grafana.kitestacks.com | grafana | [IP REDACTED] |
+| status.kitestacks.com | uptime-kuma | [IP REDACTED] |
 
 **Important — active-active data model:** monk and kscloud1 each run their own copies of all stateful apps (Forgejo, Kavita, OpenProject, etc.) with independent databases. Data is intentionally NOT synced between them (except for Authentik, which shares a single Postgres+Redis on kscloud1 over Tailscale). If kscloud1 serves a request, the user sees kscloud1's database. This is the accepted tradeoff for guaranteed uptime.
 
@@ -122,7 +122,7 @@ sudo tailscale up
 ### 2.2 SSH access
 
 ```bash
-ssh -i ~/.ssh/id_ed25519_kscloud1 kenpat@5.78.233.28
+ssh -i ~/.ssh/id_ed25519_kscloud1 kenpat@[IP REDACTED]
 ```
 
 Password for sudo: `p12217177` (non-interactive sudo: `echo p12217177 | sudo -S <cmd>`)