Andrew M. Stoltz
92792cdc50
Route inbound PSTN calls through FlowerCore IVR, add missing star codes
...
from-twilio: Changed from Dial(PJSIP/100) to Stasis(flowercore-pbx,inbound-pstn)
so inbound calls go through the FlowerCore IVR workflow engine instead
of directly ringing extensions.
Added missing star codes: *43 (echo test), *80 (intercom), *88 (conference),
*41/*411 (directory). Added catch-all _*X. pattern for future star codes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-20 10:51:28 -05:00
8611fe521a
Add init container for Asterisk sound file downloads
2026-03-15 20:14:42 +00:00
f07c79fc4c
telephony-web: hostNetwork + node affinity with asterisk for ARI localhost access
2026-03-15 18:55:36 +00:00
995ca8af48
Add intra-namespace ARI egress (port 8088) for WebSocket connection
2026-03-15 18:44:07 +00:00
f918091f3f
Fix ARI config: clean JSON with both Ari + Telephony.Asterisk sections
2026-03-15 18:34:23 +00:00
d66db38638
Add both Ari + Telephony:Asterisk config sections for daemon + HTTP client
2026-03-15 18:27:32 +00:00
c7e59df880
Fix ARI config path: Ari -> Telephony.Asterisk to match AsteriskOptions.SectionName
2026-03-15 18:26:04 +00:00
adf8f40fe2
Switch to Asterisk provider + add ARI config for star code handling
2026-03-15 18:24:03 +00:00
b717368a2e
Add star code routes (*0,*30,*69-*79,*86,*87,*97) to Stasis app in from-internal dialplan
2026-03-15 18:20:09 +00:00
84a590dfba
Allow selenium namespace ingress to telephony for UI testing
2026-03-15 16:38:19 +00:00
Claude Code
efc3dc5b4e
Increase Zabbix web probe timeouts to 5s (prevents 502 during heavy dashboard queries)
2026-03-12 20:40:09 -05:00
Claude Code
518340b373
Tune Zabbix stack: PostgreSQL, web PHP-FPM, server caches
...
PostgreSQL 16:
- shared_buffers 128MB→256MB, work_mem 4MB→16MB
- random_page_cost 4→1.1 (SSD/Longhorn), effective_io_concurrency→200
- maintenance_work_mem→128MB, wal_buffers→8MB
- max_connections 100→50, memory limit 512Mi→1Gi
Zabbix Web:
- PHP_FPM_PM_MAX_CHILDREN 50→10 (fixes 68x OOMKill)
- ZBX_MEMORYLIMIT 128M→256M, PM_MAX_REQUESTS→500
- Memory limit 512Mi→768Mi, request 128Mi→256Mi
Zabbix Server:
- ZBX_CACHESIZE→64M, ZBX_VALUECACHESIZE→64M
- ZBX_HISTORYCACHESIZE→32M, ZBX_TRENDCACHESIZE→8M
- ZBX_STARTPOLLERS→10, ZBX_STARTPOLLERSUNREACHABLE→3
2026-03-12 19:21:15 -05:00
Andrew M. Stoltz
5cc7f787cc
Add basicAuth middleware to NOC proxy IngressRoutes
...
Add bcrypt-based basicAuth (admin/zenith-turret-falcon-umber) to grafana,
prometheus, and cockpit IngressRoutes in noc-proxy namespace. Uses shared
Secret and Middleware, matching the traefik-dashboard-auth pattern.
2026-03-11 14:44:03 -05:00
Blue Jay
1d8e2e9a1c
Add internal DNS IngressRoutes: telephony, grafana, prometheus, cockpit
...
- telephony.iamworkin.lan: cert-manager TLS + IngressRoute to telephony-web:5100
- grafana.iamworkin.lan: proxy to noc1:3000 via headless Service + Endpoints
- prometheus.iamworkin.lan: proxy to noc1:9091 via headless Service + Endpoints
- cockpit.iamworkin.lan: proxy to noc1:9090 with insecureSkipVerify (self-signed)
- All certs issued by step-ca-acme ClusterIssuer
- NetworkPolicy restricts noc-proxy to Traefik ingress + noc1 egress only
2026-03-11 14:21:26 -05:00
b96abb341f
PJSIP transport: local_net + external_media_address for NAT traversal
2026-03-11 18:15:24 +00:00
f152d833a2
Enable hostNetwork for Asterisk - fixes RTP media path for VoIP
2026-03-11 18:14:32 +00:00
fb14e18bd0
Update from-twilio dialplan: ring ext 100 directly instead of Stasis (no ARI client yet)
2026-03-11 18:07:49 +00:00
7258b973e8
Revert to externalTrafficPolicy: Local - SIP needs real client IP, MetalLB L2 handles node selection
2026-03-11 08:25:04 +00:00
8bb1279800
Add SIP/RTP NetworkPolicy rules for Asterisk PBX ingress and egress
2026-03-11 08:19:12 +00:00
e50f556aa1
Fix asterisk SIP service: externalTrafficPolicy Cluster for multi-node routing
2026-03-11 08:15:25 +00:00
bb94698464
Update Asterisk CallerID to SIP trunk number +13202332529
2026-03-11 07:06:12 +00:00
4e9b5c7759
Add Yealink phone auto-provisioning server
2026-03-11 07:05:10 +00:00
33f48f92db
Add Asterisk PBX Deployment
2026-03-11 05:36:45 +00:00
cb57761206
Add Asterisk PBX Services (SIP LoadBalancer + ARI ClusterIP)
2026-03-11 05:36:45 +00:00
01d422a693
Add Asterisk PBX ConfigMap (PJSIP, extensions, ARI)
2026-03-11 05:36:44 +00:00
dba2b6c215
Add Asterisk PBX PVC manifest
2026-03-11 05:36:36 +00:00
aadb110bc9
fix: add fsGroup + init container for SQLite write permissions
2026-03-11 04:08:22 +00:00
8cabee134f
Migrate telephony to telephony.flowercore.io, dual-host IngressRoute, CF origin cert
2026-03-11 03:43:48 +00:00
0811bc078b
Add cert-manager TLS certificate to agent-zero manifest
2026-03-11 02:45:15 +00:00
bc1f56ae10
Add Agent Zero NUC deployment manifest
2026-03-11 02:29:24 +00:00
38cc306637
Add gitea-public IngressRoute for gitea.flowercore.io
2026-03-11 00:50:54 +00:00
263d31fa1d
Add public IngressRoute for webmail.flowercore.io
2026-03-11 00:50:48 +00:00
bd5684f984
Add public IngressRoutes for element.flowercore.io and matrix.flowercore.io
2026-03-11 00:50:44 +00:00
5f30f85569
Update fc-landing: public-safe page, no LAN refs, bare-metal RKE2 footer
2026-03-11 00:38:50 +00:00
Andrew M. Stoltz
848eb83f83
Deploy FlowerCore.Telephony: Blazor+REST+Twilio IVR
...
- Local container image (fc-telephony-web:latest) on all 3 RKE2 nodes
- 1Password OnePasswordItem for Twilio credentials (optional: true)
- Cloudflare origin cert for telephony.iamwork.in
- Piper TTS egress to edge1:8500
- SQLite with 5Gi Longhorn PVC
- NetworkPolicy: Traefik ingress, DNS, TTS, Twilio API egress
2026-03-10 12:02:08 -05:00
Andrew M. Stoltz
d89389bf27
Add voice bridge ingress: Traefik routes to edge1 replacing cloudflared tunnel
...
- voice.bluejay.dev → edge1:8766 (TwiML webhook)
- voice-ws.bluejay.dev → edge1:8765 (WebSocket media stream)
- Cloudflare origin cert for *.bluejay.dev
- Manual Endpoints + Service for external edge1 (10.0.57.15)
- NetworkPolicy: Traefik ingress only, egress to edge1 only
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 11:18:37 -05:00
Andrew M. Stoltz
37d6ff2337
Fix Anope db_flatfile path: use relative path (data/ prefix auto-prepended)
2026-03-10 11:06:12 -05:00
Andrew M. Stoltz
4069f51848
Fix Anope 2.0.19 config format: service blocks + module blocks
...
Anope 2.0.19 requires:
- Separate service {} blocks for each IRC pseudo-client (nick, user, host, gecos)
- Module config inside module {} blocks with name field (not bare nickserv/chanserv blocks)
- db_flatfile also moved to module {} block syntax
- fork=no to prevent backup crash in containerized environment
2026-03-10 11:04:59 -05:00
Andrew M. Stoltz
b2d7286179
Fix stale passwords, Anope crash loop, and intranet accuracy
...
Intranet:
- Replace all 1qaz@WSX3edc default passwords with current rotated values
- Update service credentials: Grafana, Gitea, Zabbix, ArgoCD, Guacamole, IRC
- Fix noc1 password to harbor-badge-kitten-valley-falcon
- Rotate edge1/edge2 passwords (lemon-torch-ruby-raven / nebula-cipher-indigo-tango)
- Update Harvester references to bare-metal RKE2
- Fix RKE2 node IPs (.118-.120 → .11-.13)
- Update status badge to REBUILD COMPLETE
- Fix ISP /28 from BROKEN to LIVE
- Add Traefik dashboard credentials (basicAuth)
- Update all phase progress to 100% Done
IRC:
- Fix Anope db_flatfile crash: fork=no (forked backup fails in container)
- Add client fields to all service blocks (NickServ, ChanServ, etc.)
- Fix log target path (was getting logs/ prefix mangled)
- Improve fix-perms init container (chmod 666, verbose output)
2026-03-10 11:01:35 -05:00
Andrew M. Stoltz
4319281bf8
Fix Anope: touch anope.db in init container to prevent backup crash
2026-03-10 01:28:12 -05:00
Andrew M. Stoltz
4921c2d9fd
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
Andrew M. Stoltz
7ed9a2e099
Add Traefik dashboard with basicAuth protection
2026-03-10 01:08:29 -05:00
Andrew M. Stoltz
a131839bdd
Update intranet: WiFi section with 1Password QR code references, remove plaintext passwords
2026-03-10 00:43:57 -05:00
Andrew M. Stoltz
9f935802d5
Fix TeamSpeak license base64 encoding (single char diff)
2026-03-10 00:34:41 -05:00
Andrew M. Stoltz
b084bfc2a1
Fix TeamSpeak license: use init container to copy into data volume (chown-safe)
2026-03-10 00:29:24 -05:00
Andrew M. Stoltz
76d194bafb
Add TeamSpeak 3 activation license and volume mount
2026-03-10 00:24:22 -05:00
Andrew Stoltz
39e1c69e28
Wire Guacamole fully to 1Password: remove guac-db-secret, all DB creds from guacamole-credentials
...
- MySQL StatefulSet, initdb Job, Guacamole web all reference guacamole-credentials
- DB-User, DB-Password, DB-Root-Password, DB-Name fields added to 1Password item
- Zero inline secrets remain in manifest
2026-03-09 21:14:26 -05:00
Andrew Stoltz
14519d47f5
Fix TeamSpeak secretKeyRef key: spaces to hyphens
2026-03-09 20:57:27 -05:00
Andrew Stoltz
2be7bf1279
Wire IRC, mail, teamspeak to 1Password secrets
...
- IRC: OnePasswordItem CRD, ConfigMap templates with inject-credentials initContainers
- Mail: OnePasswordItem CRD, inject-accounts initContainer builds postfix-accounts.cf
- TeamSpeak: OnePasswordItem CRD, TS3SERVER_SERVERADMIN_PASSWORD from secret
- Zero hardcoded passwords remain in these manifests
2026-03-09 20:55:45 -05:00
Andrew Stoltz
3199c509c0
Wire Zabbix/Matrix credentials to 1Password-synced secrets, add OnePasswordItem CRDs
...
- Zabbix: Remove hardcoded zabbix-db-secret and zabbix-admin-secret, reference
zabbix-credentials (1Password) for DB-User, DB-Password, and admin password
- Matrix: Remove hardcoded matrix-db-secret, reference matrix-credentials for
Postgres user/password. Convert ConfigMap homeserver.yaml to template with
__DB_PASSWORD__/__DB_USER__ placeholders, inject via busybox init container
- Guacamole: Add OnePasswordItem CRD for future use. MySQL DB creds remain in
guac-db-secret (1Password item lacks DB-specific fields — gap documented)
- All three services now include OnePasswordItem CRD manifests for ArgoCD mgmt
2026-03-09 18:28:38 -05:00
