bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity
253 Commits 56 Branches 0 Tags
7833143c1c5ad2fbbcdfefc393975e9f45bac3f4
Commit Graph

249 Commits

Author SHA1 Message Date
Claude Code
e6fbe2d22b Mount extensions+theme directly in main container (symlinks lost by initialize.sh) 2026-04-08 18:12:07 +00:00
Claude Code
dbd6769537 Reference split tools ConfigMaps (tools-a/b/c) in init container 2026-04-08 18:09:55 +00:00
Claude Code
0af47f893a Split bluejay-tools into 3 ConfigMaps (K8s 262K annotation limit) 2026-04-08 18:09:49 +00:00
Claude Code
d16f72f089 Enable Blue Jay profile: init container, ConfigMap volumes, tools, extensions, theme 2026-04-08 18:07:13 +00:00
Claude Code
36e7369609 Add Blue Jay profile ConfigMaps (21 tools, prompts, extensions, theme) 2026-04-08 18:07:06 +00:00
Claude Code
67e41febf5 Add agent-zero egress to monitoring NetworkPolicy for blackbox probes 2026-04-08 17:34:16 +00:00
Claude Code
c9f07108bd Fix edge1 Ollama IP (.15->.17), add monitoring ingress, add init container 2026-04-08 17:30:22 +00:00
Claude Code
f3919cf728 Add cert-manager Certificate for intranet ACME TLS auto-renewal 2026-04-05 08:47:42 -05:00
Claude Code
56442ecfbc Replace nginx+ConfigMap intranet with Blazor Server app 
Replaces the 188KB ConfigMap-embedded HTML with a proper Blazor Server
deployment (fc-intranet-web:latest on port 5300). The old nginx deployment,
ConfigMaps (intranet-html, intranet-nginx-conf), and all embedded HTML are
removed. The intranet is now a .NET 10 Blazor app with live health monitoring,
REST API, 49 pages, and the unified Blue Jay theme.

Source: github.com/astoltz/FlowerCore.Intranet.Web
 2026-04-04 19:29:28 -05:00
Andrew Stoltz
a07b6311b9 Add Blue Jay branding, kubectl-proxy, RBAC, and properties to Guacamole 
- guacamole-branding ConfigMap with Blue Jay dark theme CSS
- guacamole-properties ConfigMap with ban/TOTP/session config
- kubectl-proxy sidecar on guacd for K8s pod exec connections
- guacd-exec ServiceAccount + ClusterRole/Binding for pod exec RBAC
- Volume mounts for branding JAR and properties on guacamole webapp

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-04 14:22:51 -05:00
Claude Code
331ae14d3f Update intranet: fcadmin links, Guacamole connections, 1Password deep-links 2026-04-03 13:40:09 -05:00
Claude Code
b291d0360b Update intranet HTML — deep cleanup 2026-03-28 
- OpenVPN 9 servers, WiFi portal, Signage+RemoteDesktop on K8s
- Print.Web HTTPS via noc-proxy, 530 tests, 21 pages, 15 MCP
- Monitoring: 36 scrape jobs, 25 alert rules, 12 Grafana dashboards
- Remove BlueJay-Employee SSID (factory reset), fix WiFi to 4 SSIDs
- Fix Guacamole URL (guac -> guacamole), noc1 SSH typo, pfSense WAN igc3
- Add Signage, RemoteDesktop, WiFi Portal to DNS/service tables
- Update ArgoCD 22 apps, 41 namespaces, 49 IngressRoutes, Traefik v3.6.10
- IRC Anope marked CrashLoopBackOff, monitoring moved to K8s
- Total: 21,437+ tests across 13 services
 2026-03-28 14:34:25 -05:00
Andrew M. Stoltz
090b29933f telephony-web v20260325d: global search, error pages, quick-create wizard 2026-03-25 17:58:56 -05:00
Andrew M. Stoltz
987b73c537 telephony-web v20260325c: workflow config validation, enhanced health checks, response compression, Serilog request logging 2026-03-25 17:47:27 -05:00
Andrew M. Stoltz
bf12474de9 telephony-web v20260325b: add SMS UnreadCount/LastMessagePreview columns to schema drift 2026-03-25 08:19:58 -05:00
Andrew M. Stoltz
f366dd5c90 telephony-web v20260325a: fix billing/RBAC 500s — replace IDbContextFactory with direct TelephonyDbContext injection 2026-03-25 08:11:59 -05:00
Andrew M. Stoltz
50146f8355 telephony-web v20260324n: rebuild-schema admin endpoint for production DB migration 2026-03-24 19:45:06 -05:00
Andrew M. Stoltz
ace06c5fb9 telephony-web v20260324m: model-driven schema drift — auto-creates ALL missing tables 2026-03-24 19:28:08 -05:00
Andrew M. Stoltz
7ed834f056 telephony-web v20260324l: schema drift fix for CustomRoles table 2026-03-24 19:03:26 -05:00
Andrew M. Stoltz
2b04c9e292 telephony-web v20260324k: RBAC policy editor, billing dashboard, 11081 tests ALL PASS 2026-03-24 18:55:03 -05:00
Andrew M. Stoltz
fafc2e510b telephony-web v20260324j: recording playback, SMS enhancements, notifications polish, dashboard shortcuts, all 11049 tests pass 2026-03-24 18:22:46 -05:00
Andrew M. Stoltz
fb1c622e62 telephony-web v20260324i: break-glass UI, 5 MCP tools, survey editor config, step palette 2026-03-24 17:37:19 -05:00
Andrew M. Stoltz
40cb7faef5 telephony-web v20260324h: setup wizard, REST smoke tests, survey route fix 2026-03-24 17:16:09 -05:00
Andrew M. Stoltz
bd79279b28 telephony-web v20260324g: schema drift fix (BridgeEvents, SurveyResponses tables), survey route fix 2026-03-24 16:53:21 -05:00
Andrew M. Stoltz
35b6b4f8e5 telephony-web v20260324f: remove Scalar/OpenApi packages (Swashbuckle conflict) 2026-03-24 16:06:11 -05:00
Andrew M. Stoltz
8d8b76c82b Fix telephony-web: revert Scalar (Swashbuckle conflict), use v20260324e 2026-03-24 16:02:32 -05:00
Andrew M. Stoltz
f3fde15002 Update telephony-web image to v20260324d, resolve merge conflicts 2026-03-24 15:55:52 -05:00
Andrew M. Stoltz
42d2894ed1 Update telephony-web image tag to v20260324d (Scalar API docs, webhook config, surveys, templates, member portal) 2026-03-24 15:55:40 -05:00
Claude Code
848288af7a Fix Traefik dashboard link — point to :8080/dashboard/ not catchall 404 2026-03-22 01:29:18 -05:00
bluejay
780e3fb681 feat: add K8s exec RBAC + guacd ServiceAccount 
Adds guacd-exec ServiceAccount, ClusterRole (pods/exec),
and ClusterRoleBinding for Kubernetes protocol support.
 2026-03-22 06:25:11 +00:00
bluejay
6040614016 feat: Blue Jay branding + 1Password vault extension 
Custom image fc-guacamole:bluejay with:
- Blue Jay dark theme (CSS, login, header)
- 1Password Connect vault provider
- guacamole.properties ConfigMap
- Structured Logback logging
 2026-03-22 06:15:01 +00:00
Claude Code
3872707bfb Update intranet: DNS-first URLs, 1Password deep-links, Pi fleet, monitoring 
Replace all device IPs with iamworkin.lan DNS names. 46 1Password
deep-links. 22 ArgoCD apps, PVC inventory, Pi fleet services,
Print.Web, Selenium Grid, Guacamole connections. Zero hardcoded
passwords.
 2026-03-22 01:04:39 -05:00
Andrew M. Stoltz
2aad3a698f Try inband DTMF detection for AX83H 
Phone negotiates RFC4733 but may not actually send telephone-event
RTP packets. Inband detects DTMF from audio stream directly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 12:45:28 -05:00
Andrew M. Stoltz
b37b5f6d0d Add digit map + DTMF + disable local star codes in Yealink provisioning 
Root cause: Yealink AX83H intercepts *0 locally as voicemail access,
never sending it to the SIP server. Fix:
- dialplan.digitmap sends all * codes to server
- DTMF set to RFC2833 for Asterisk ARI compatibility
- Local pickup/voicemail features disabled
- key_as_send enabled for immediate dial

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 12:39:16 -05:00
Andrew M. Stoltz
e94d06b563 Change DTMF mode to auto for AX83H Android phone compatibility 
AX83H may send DTMF as SIP INFO instead of RFC4733. Auto mode
accepts both, fixing button press detection in star code menus.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 12:12:33 -05:00
Andrew M. Stoltz
92792cdc50 Route inbound PSTN calls through FlowerCore IVR, add missing star codes 
from-twilio: Changed from Dial(PJSIP/100) to Stasis(flowercore-pbx,inbound-pstn)
so inbound calls go through the FlowerCore IVR workflow engine instead
of directly ringing extensions.

Added missing star codes: *43 (echo test), *80 (intercom), *88 (conference),
*41/*411 (directory). Added catch-all _*X. pattern for future star codes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 10:51:28 -05:00
bluejay
8611fe521a Add init container for Asterisk sound file downloads 2026-03-15 20:14:42 +00:00
bluejay
f07c79fc4c telephony-web: hostNetwork + node affinity with asterisk for ARI localhost access 2026-03-15 18:55:36 +00:00
bluejay
995ca8af48 Add intra-namespace ARI egress (port 8088) for WebSocket connection 2026-03-15 18:44:07 +00:00
bluejay
f918091f3f Fix ARI config: clean JSON with both Ari + Telephony.Asterisk sections 2026-03-15 18:34:23 +00:00
bluejay
d66db38638 Add both Ari + Telephony:Asterisk config sections for daemon + HTTP client 2026-03-15 18:27:32 +00:00
bluejay
c7e59df880 Fix ARI config path: Ari -> Telephony.Asterisk to match AsteriskOptions.SectionName 2026-03-15 18:26:04 +00:00
bluejay
adf8f40fe2 Switch to Asterisk provider + add ARI config for star code handling 2026-03-15 18:24:03 +00:00
bluejay
b717368a2e Add star code routes (*0,*30,*69-*79,*86,*87,*97) to Stasis app in from-internal dialplan 2026-03-15 18:20:09 +00:00
bluejay
84a590dfba Allow selenium namespace ingress to telephony for UI testing 2026-03-15 16:38:19 +00:00
Claude Code
efc3dc5b4e Increase Zabbix web probe timeouts to 5s (prevents 502 during heavy dashboard queries) 2026-03-12 20:40:09 -05:00
Claude Code
518340b373 Tune Zabbix stack: PostgreSQL, web PHP-FPM, server caches 
PostgreSQL 16:
- shared_buffers 128MB→256MB, work_mem 4MB→16MB
- random_page_cost 4→1.1 (SSD/Longhorn), effective_io_concurrency→200
- maintenance_work_mem→128MB, wal_buffers→8MB
- max_connections 100→50, memory limit 512Mi→1Gi

Zabbix Web:
- PHP_FPM_PM_MAX_CHILDREN 50→10 (fixes 68x OOMKill)
- ZBX_MEMORYLIMIT 128M→256M, PM_MAX_REQUESTS→500
- Memory limit 512Mi→768Mi, request 128Mi→256Mi

Zabbix Server:
- ZBX_CACHESIZE→64M, ZBX_VALUECACHESIZE→64M
- ZBX_HISTORYCACHESIZE→32M, ZBX_TRENDCACHESIZE→8M
- ZBX_STARTPOLLERS→10, ZBX_STARTPOLLERSUNREACHABLE→3
 2026-03-12 19:21:15 -05:00
Andrew M. Stoltz
5cc7f787cc Add basicAuth middleware to NOC proxy IngressRoutes 
Add bcrypt-based basicAuth (admin/zenith-turret-falcon-umber) to grafana,
prometheus, and cockpit IngressRoutes in noc-proxy namespace. Uses shared
Secret and Middleware, matching the traefik-dashboard-auth pattern.
 2026-03-11 14:44:03 -05:00
Blue Jay
1d8e2e9a1c Add internal DNS IngressRoutes: telephony, grafana, prometheus, cockpit 
- telephony.iamworkin.lan: cert-manager TLS + IngressRoute to telephony-web:5100
- grafana.iamworkin.lan: proxy to noc1:3000 via headless Service + Endpoints
- prometheus.iamworkin.lan: proxy to noc1:9091 via headless Service + Endpoints
- cockpit.iamworkin.lan: proxy to noc1:9090 with insecureSkipVerify (self-signed)
- All certs issued by step-ca-acme ClusterIssuer
- NetworkPolicy restricts noc-proxy to Traefik ingress + noc1 egress only
 2026-03-11 14:21:26 -05:00
bluejay
b96abb341f PJSIP transport: local_net + external_media_address for NAT traversal 2026-03-11 18:15:24 +00:00