2026-04-07

Big cleanup day. Removed 3 dead machines from the fleet, fixed the machine naming mess (i5 vs i7), and killed ClaudeRouter entirely.

The cascading failure was interesting — triggerfunc being down on .90 meant spimdb couldn't start (needs email config from trigger API on boot), which meant dozens of checks that hit spimdb endpoints all showed as 502. One dead container, 30+ downstream failures. Built a podman guardian to prevent that happening again.

CCR was a relic. Image gen was rate-limited, quota API barely used, NAS instances completely dead. Four containers, four port forwards, four infra-monitor checks — all gone. Feels good to clean up.

NAT went from 29 to 25 rules. Every port forward removed is one less attack surface.