bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity
335 Commits 56 Branches 0 Tags
33a765b0bcbcaae6a5d2dbe5bafb40bdd43aafcb
Commit Graph

326 Commits

Author SHA1 Message Date
Andrew M. Stoltz
bd79279b28 telephony-web v20260324g: schema drift fix (BridgeEvents, SurveyResponses tables), survey route fix 2026-03-24 16:53:21 -05:00
Andrew M. Stoltz
35b6b4f8e5 telephony-web v20260324f: remove Scalar/OpenApi packages (Swashbuckle conflict) 2026-03-24 16:06:11 -05:00
Andrew M. Stoltz
8d8b76c82b Fix telephony-web: revert Scalar (Swashbuckle conflict), use v20260324e 2026-03-24 16:02:32 -05:00
Andrew M. Stoltz
f3fde15002 Update telephony-web image to v20260324d, resolve merge conflicts 2026-03-24 15:55:52 -05:00
Andrew M. Stoltz
42d2894ed1 Update telephony-web image tag to v20260324d (Scalar API docs, webhook config, surveys, templates, member portal) 2026-03-24 15:55:40 -05:00
Claude Code
848288af7a Fix Traefik dashboard link — point to :8080/dashboard/ not catchall 404 2026-03-22 01:29:18 -05:00
bluejay
780e3fb681 feat: add K8s exec RBAC + guacd ServiceAccount 
Adds guacd-exec ServiceAccount, ClusterRole (pods/exec),
and ClusterRoleBinding for Kubernetes protocol support.
 2026-03-22 06:25:11 +00:00
bluejay
6040614016 feat: Blue Jay branding + 1Password vault extension 
Custom image fc-guacamole:bluejay with:
- Blue Jay dark theme (CSS, login, header)
- 1Password Connect vault provider
- guacamole.properties ConfigMap
- Structured Logback logging
 2026-03-22 06:15:01 +00:00
Claude Code
3872707bfb Update intranet: DNS-first URLs, 1Password deep-links, Pi fleet, monitoring 
Replace all device IPs with iamworkin.lan DNS names. 46 1Password
deep-links. 22 ArgoCD apps, PVC inventory, Pi fleet services,
Print.Web, Selenium Grid, Guacamole connections. Zero hardcoded
passwords.
 2026-03-22 01:04:39 -05:00
Andrew M. Stoltz
2aad3a698f Try inband DTMF detection for AX83H 
Phone negotiates RFC4733 but may not actually send telephone-event
RTP packets. Inband detects DTMF from audio stream directly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 12:45:28 -05:00
Andrew M. Stoltz
b37b5f6d0d Add digit map + DTMF + disable local star codes in Yealink provisioning 
Root cause: Yealink AX83H intercepts *0 locally as voicemail access,
never sending it to the SIP server. Fix:
- dialplan.digitmap sends all * codes to server
- DTMF set to RFC2833 for Asterisk ARI compatibility
- Local pickup/voicemail features disabled
- key_as_send enabled for immediate dial

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 12:39:16 -05:00
Andrew M. Stoltz
e94d06b563 Change DTMF mode to auto for AX83H Android phone compatibility 
AX83H may send DTMF as SIP INFO instead of RFC4733. Auto mode
accepts both, fixing button press detection in star code menus.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 12:12:33 -05:00
Andrew M. Stoltz
92792cdc50 Route inbound PSTN calls through FlowerCore IVR, add missing star codes 
from-twilio: Changed from Dial(PJSIP/100) to Stasis(flowercore-pbx,inbound-pstn)
so inbound calls go through the FlowerCore IVR workflow engine instead
of directly ringing extensions.

Added missing star codes: *43 (echo test), *80 (intercom), *88 (conference),
*41/*411 (directory). Added catch-all _*X. pattern for future star codes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 10:51:28 -05:00
bluejay
8611fe521a Add init container for Asterisk sound file downloads 2026-03-15 20:14:42 +00:00
bluejay
f07c79fc4c telephony-web: hostNetwork + node affinity with asterisk for ARI localhost access 2026-03-15 18:55:36 +00:00
bluejay
995ca8af48 Add intra-namespace ARI egress (port 8088) for WebSocket connection 2026-03-15 18:44:07 +00:00
bluejay
f918091f3f Fix ARI config: clean JSON with both Ari + Telephony.Asterisk sections 2026-03-15 18:34:23 +00:00
bluejay
d66db38638 Add both Ari + Telephony:Asterisk config sections for daemon + HTTP client 2026-03-15 18:27:32 +00:00
bluejay
c7e59df880 Fix ARI config path: Ari -> Telephony.Asterisk to match AsteriskOptions.SectionName 2026-03-15 18:26:04 +00:00
bluejay
adf8f40fe2 Switch to Asterisk provider + add ARI config for star code handling 2026-03-15 18:24:03 +00:00
bluejay
b717368a2e Add star code routes (*0,*30,*69-*79,*86,*87,*97) to Stasis app in from-internal dialplan 2026-03-15 18:20:09 +00:00
bluejay
84a590dfba Allow selenium namespace ingress to telephony for UI testing 2026-03-15 16:38:19 +00:00
Claude Code
efc3dc5b4e Increase Zabbix web probe timeouts to 5s (prevents 502 during heavy dashboard queries) 2026-03-12 20:40:09 -05:00
Claude Code
518340b373 Tune Zabbix stack: PostgreSQL, web PHP-FPM, server caches 
PostgreSQL 16:
- shared_buffers 128MB→256MB, work_mem 4MB→16MB
- random_page_cost 4→1.1 (SSD/Longhorn), effective_io_concurrency→200
- maintenance_work_mem→128MB, wal_buffers→8MB
- max_connections 100→50, memory limit 512Mi→1Gi

Zabbix Web:
- PHP_FPM_PM_MAX_CHILDREN 50→10 (fixes 68x OOMKill)
- ZBX_MEMORYLIMIT 128M→256M, PM_MAX_REQUESTS→500
- Memory limit 512Mi→768Mi, request 128Mi→256Mi

Zabbix Server:
- ZBX_CACHESIZE→64M, ZBX_VALUECACHESIZE→64M
- ZBX_HISTORYCACHESIZE→32M, ZBX_TRENDCACHESIZE→8M
- ZBX_STARTPOLLERS→10, ZBX_STARTPOLLERSUNREACHABLE→3
 2026-03-12 19:21:15 -05:00
Andrew M. Stoltz
5cc7f787cc Add basicAuth middleware to NOC proxy IngressRoutes 
Add bcrypt-based basicAuth (admin/zenith-turret-falcon-umber) to grafana,
prometheus, and cockpit IngressRoutes in noc-proxy namespace. Uses shared
Secret and Middleware, matching the traefik-dashboard-auth pattern.
 2026-03-11 14:44:03 -05:00
Blue Jay
1d8e2e9a1c Add internal DNS IngressRoutes: telephony, grafana, prometheus, cockpit 
- telephony.iamworkin.lan: cert-manager TLS + IngressRoute to telephony-web:5100
- grafana.iamworkin.lan: proxy to noc1:3000 via headless Service + Endpoints
- prometheus.iamworkin.lan: proxy to noc1:9091 via headless Service + Endpoints
- cockpit.iamworkin.lan: proxy to noc1:9090 with insecureSkipVerify (self-signed)
- All certs issued by step-ca-acme ClusterIssuer
- NetworkPolicy restricts noc-proxy to Traefik ingress + noc1 egress only
 2026-03-11 14:21:26 -05:00
bluejay
b96abb341f PJSIP transport: local_net + external_media_address for NAT traversal 2026-03-11 18:15:24 +00:00
bluejay
f152d833a2 Enable hostNetwork for Asterisk - fixes RTP media path for VoIP 2026-03-11 18:14:32 +00:00
bluejay
fb14e18bd0 Update from-twilio dialplan: ring ext 100 directly instead of Stasis (no ARI client yet) 2026-03-11 18:07:49 +00:00
bluejay
7258b973e8 Revert to externalTrafficPolicy: Local - SIP needs real client IP, MetalLB L2 handles node selection 2026-03-11 08:25:04 +00:00
bluejay
8bb1279800 Add SIP/RTP NetworkPolicy rules for Asterisk PBX ingress and egress 2026-03-11 08:19:12 +00:00
bluejay
e50f556aa1 Fix asterisk SIP service: externalTrafficPolicy Cluster for multi-node routing 2026-03-11 08:15:25 +00:00
bluejay
bb94698464 Update Asterisk CallerID to SIP trunk number +13202332529 2026-03-11 07:06:12 +00:00
bluejay
4e9b5c7759 Add Yealink phone auto-provisioning server 2026-03-11 07:05:10 +00:00
bluejay
33f48f92db Add Asterisk PBX Deployment 2026-03-11 05:36:45 +00:00
bluejay
cb57761206 Add Asterisk PBX Services (SIP LoadBalancer + ARI ClusterIP) 2026-03-11 05:36:45 +00:00
bluejay
01d422a693 Add Asterisk PBX ConfigMap (PJSIP, extensions, ARI) 2026-03-11 05:36:44 +00:00
bluejay
dba2b6c215 Add Asterisk PBX PVC manifest 2026-03-11 05:36:36 +00:00
bluejay
aadb110bc9 fix: add fsGroup + init container for SQLite write permissions 2026-03-11 04:08:22 +00:00
bluejay
8cabee134f Migrate telephony to telephony.flowercore.io, dual-host IngressRoute, CF origin cert 2026-03-11 03:43:48 +00:00
bluejay
0811bc078b Add cert-manager TLS certificate to agent-zero manifest 2026-03-11 02:45:15 +00:00
bluejay
bc1f56ae10 Add Agent Zero NUC deployment manifest 2026-03-11 02:29:24 +00:00
bluejay
38cc306637 Add gitea-public IngressRoute for gitea.flowercore.io 2026-03-11 00:50:54 +00:00
bluejay
263d31fa1d Add public IngressRoute for webmail.flowercore.io 2026-03-11 00:50:48 +00:00
bluejay
bd5684f984 Add public IngressRoutes for element.flowercore.io and matrix.flowercore.io 2026-03-11 00:50:44 +00:00
bluejay
5f30f85569 Update fc-landing: public-safe page, no LAN refs, bare-metal RKE2 footer 2026-03-11 00:38:50 +00:00
Andrew M. Stoltz
848eb83f83 Deploy FlowerCore.Telephony: Blazor+REST+Twilio IVR 
- Local container image (fc-telephony-web:latest) on all 3 RKE2 nodes
- 1Password OnePasswordItem for Twilio credentials (optional: true)
- Cloudflare origin cert for telephony.iamwork.in
- Piper TTS egress to edge1:8500
- SQLite with 5Gi Longhorn PVC
- NetworkPolicy: Traefik ingress, DNS, TTS, Twilio API egress
 2026-03-10 12:02:08 -05:00
Andrew M. Stoltz
d89389bf27 Add voice bridge ingress: Traefik routes to edge1 replacing cloudflared tunnel 
- voice.bluejay.dev → edge1:8766 (TwiML webhook)
- voice-ws.bluejay.dev → edge1:8765 (WebSocket media stream)
- Cloudflare origin cert for *.bluejay.dev
- Manual Endpoints + Service for external edge1 (10.0.57.15)
- NetworkPolicy: Traefik ingress only, egress to edge1 only

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-10 11:18:37 -05:00
Andrew M. Stoltz
37d6ff2337 Fix Anope db_flatfile path: use relative path (data/ prefix auto-prepended) 2026-03-10 11:06:12 -05:00
Andrew M. Stoltz
4069f51848 Fix Anope 2.0.19 config format: service blocks + module blocks 
Anope 2.0.19 requires:
- Separate service {} blocks for each IRC pseudo-client (nick, user, host, gecos)
- Module config inside module {} blocks with name field (not bare nickserv/chanserv blocks)
- db_flatfile also moved to module {} block syntax
- fork=no to prevent backup crash in containerized environment
 2026-03-10 11:04:59 -05:00