@@ 23,7 23,7 @@ Originally, I was tagging versions with 
 Created Centos Droplet, added:
 
 * backups
-* firewall
+* firewall (limit ssh to my ip to reduce log spam)
 * ipv6
 * reserved ipv4
 

          
@@ 122,6 122,8 @@ WSGIDaemonProcess qwertywar.com \
 </VirtualHost>
 ```
 
+I later plan to add CloudFlare, which will issue an SSL cert. So maybe LetEncrypt isn't so useful after that. But maybe still not a bad idea.
+
 Certbot Centos install instructions require Snap, which requires epel-release for install, and installing epel-release causes dnf to abend every operation with "killed", perhaps because it needs a gigabyte of memory. https://github.com/AlmaLinux/almalinux-deploy/issues/155. Certbot is available on pip though, so:
 
   dnf install -y augeas-libs mod_ssl

          
@@ 163,6 165,21 @@ So trying a "connector" https://admin.ex
 Digital Ocean wants you to use SendGrid. SendGrid has a free plan "forever" https://sendgrid.com/pricing/ so guess I'll try it. I sign up, but they force me to 2-factor-auth and inauspiciously the text messages don't arrive after several tries, so I can't log in. It eventually arrives, but in the meantime, the O365 setup seems to start working after disabling security defaults.
 
 
+Let journald store persistent logs
+
+  mkdir /var/log/journald
+
+Added crontab to monitor log warnings
+
+  5 0 * * * journalctl -n 500 --since yesterday --until today -p warning
+
+And a weekly disk space check/heartbeat
+
+  0 0 * * 0 df -h
+
+Started moving dns to CloudFlare 10/25 - disabled dnssec on Gandi, need to wait a day or two before changing nameservers.
+
+
 todo: retry certbot from scratch, may not need --cert-only
 todo: consider virtualenv for certbot - but this centos global Python 3 already has a mess of package pollution so whatever