Andrew M. Stoltz
2aad3a698f
Try inband DTMF detection for AX83H
...
Phone negotiates RFC4733 but may not actually send telephone-event
RTP packets. Inband detects DTMF from audio stream directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-20 12:45:28 -05:00
Andrew M. Stoltz
b37b5f6d0d
Add digit map + DTMF + disable local star codes in Yealink provisioning
...
Root cause: Yealink AX83H intercepts *0 locally as voicemail access,
never sending it to the SIP server. Fix:
- dialplan.digitmap sends all * codes to server
- DTMF set to RFC2833 for Asterisk ARI compatibility
- Local pickup/voicemail features disabled
- key_as_send enabled for immediate dial
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-20 12:39:16 -05:00
Andrew M. Stoltz
e94d06b563
Change DTMF mode to auto for AX83H Android phone compatibility
...
AX83H may send DTMF as SIP INFO instead of RFC4733. Auto mode
accepts both, fixing button press detection in star code menus.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-20 12:12:33 -05:00
Andrew M. Stoltz
92792cdc50
Route inbound PSTN calls through FlowerCore IVR, add missing star codes
...
from-twilio: Changed from Dial(PJSIP/100) to Stasis(flowercore-pbx,inbound-pstn)
so inbound calls go through the FlowerCore IVR workflow engine instead
of directly ringing extensions.
Added missing star codes: *43 (echo test), *80 (intercom), *88 (conference),
*41/*411 (directory). Added catch-all _*X. pattern for future star codes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-20 10:51:28 -05:00
8611fe521a
Add init container for Asterisk sound file downloads
2026-03-15 20:14:42 +00:00
f07c79fc4c
telephony-web: hostNetwork + node affinity with asterisk for ARI localhost access
2026-03-15 18:55:36 +00:00
995ca8af48
Add intra-namespace ARI egress (port 8088) for WebSocket connection
2026-03-15 18:44:07 +00:00
f918091f3f
Fix ARI config: clean JSON with both Ari + Telephony.Asterisk sections
2026-03-15 18:34:23 +00:00
d66db38638
Add both Ari + Telephony:Asterisk config sections for daemon + HTTP client
2026-03-15 18:27:32 +00:00
c7e59df880
Fix ARI config path: Ari -> Telephony.Asterisk to match AsteriskOptions.SectionName
2026-03-15 18:26:04 +00:00
adf8f40fe2
Switch to Asterisk provider + add ARI config for star code handling
2026-03-15 18:24:03 +00:00
b717368a2e
Add star code routes (*0,*30,*69-*79,*86,*87,*97) to Stasis app in from-internal dialplan
2026-03-15 18:20:09 +00:00
84a590dfba
Allow selenium namespace ingress to telephony for UI testing
2026-03-15 16:38:19 +00:00
Claude Code
efc3dc5b4e
Increase Zabbix web probe timeouts to 5s (prevents 502 during heavy dashboard queries)
2026-03-12 20:40:09 -05:00
Claude Code
518340b373
Tune Zabbix stack: PostgreSQL, web PHP-FPM, server caches
...
PostgreSQL 16:
- shared_buffers 128MB→256MB, work_mem 4MB→16MB
- random_page_cost 4→1.1 (SSD/Longhorn), effective_io_concurrency→200
- maintenance_work_mem→128MB, wal_buffers→8MB
- max_connections 100→50, memory limit 512Mi→1Gi
Zabbix Web:
- PHP_FPM_PM_MAX_CHILDREN 50→10 (fixes 68x OOMKill)
- ZBX_MEMORYLIMIT 128M→256M, PM_MAX_REQUESTS→500
- Memory limit 512Mi→768Mi, request 128Mi→256Mi
Zabbix Server:
- ZBX_CACHESIZE→64M, ZBX_VALUECACHESIZE→64M
- ZBX_HISTORYCACHESIZE→32M, ZBX_TRENDCACHESIZE→8M
- ZBX_STARTPOLLERS→10, ZBX_STARTPOLLERSUNREACHABLE→3
2026-03-12 19:21:15 -05:00
Andrew M. Stoltz
5cc7f787cc
Add basicAuth middleware to NOC proxy IngressRoutes
...
Add bcrypt-based basicAuth (admin/zenith-turret-falcon-umber) to grafana,
prometheus, and cockpit IngressRoutes in noc-proxy namespace. Uses shared
Secret and Middleware, matching the traefik-dashboard-auth pattern.
2026-03-11 14:44:03 -05:00
Blue Jay
1d8e2e9a1c
Add internal DNS IngressRoutes: telephony, grafana, prometheus, cockpit
...
- telephony.iamworkin.lan: cert-manager TLS + IngressRoute to telephony-web:5100
- grafana.iamworkin.lan: proxy to noc1:3000 via headless Service + Endpoints
- prometheus.iamworkin.lan: proxy to noc1:9091 via headless Service + Endpoints
- cockpit.iamworkin.lan: proxy to noc1:9090 with insecureSkipVerify (self-signed)
- All certs issued by step-ca-acme ClusterIssuer
- NetworkPolicy restricts noc-proxy to Traefik ingress + noc1 egress only
2026-03-11 14:21:26 -05:00
b96abb341f
PJSIP transport: local_net + external_media_address for NAT traversal
2026-03-11 18:15:24 +00:00
f152d833a2
Enable hostNetwork for Asterisk - fixes RTP media path for VoIP
2026-03-11 18:14:32 +00:00
fb14e18bd0
Update from-twilio dialplan: ring ext 100 directly instead of Stasis (no ARI client yet)
2026-03-11 18:07:49 +00:00
7258b973e8
Revert to externalTrafficPolicy: Local - SIP needs real client IP, MetalLB L2 handles node selection
2026-03-11 08:25:04 +00:00
8bb1279800
Add SIP/RTP NetworkPolicy rules for Asterisk PBX ingress and egress
2026-03-11 08:19:12 +00:00
e50f556aa1
Fix asterisk SIP service: externalTrafficPolicy Cluster for multi-node routing
2026-03-11 08:15:25 +00:00
bb94698464
Update Asterisk CallerID to SIP trunk number +13202332529
2026-03-11 07:06:12 +00:00
4e9b5c7759
Add Yealink phone auto-provisioning server
2026-03-11 07:05:10 +00:00
33f48f92db
Add Asterisk PBX Deployment
2026-03-11 05:36:45 +00:00
cb57761206
Add Asterisk PBX Services (SIP LoadBalancer + ARI ClusterIP)
2026-03-11 05:36:45 +00:00
01d422a693
Add Asterisk PBX ConfigMap (PJSIP, extensions, ARI)
2026-03-11 05:36:44 +00:00
dba2b6c215
Add Asterisk PBX PVC manifest
2026-03-11 05:36:36 +00:00
aadb110bc9
fix: add fsGroup + init container for SQLite write permissions
2026-03-11 04:08:22 +00:00
8cabee134f
Migrate telephony to telephony.flowercore.io, dual-host IngressRoute, CF origin cert
2026-03-11 03:43:48 +00:00
0811bc078b
Add cert-manager TLS certificate to agent-zero manifest
2026-03-11 02:45:15 +00:00
bc1f56ae10
Add Agent Zero NUC deployment manifest
2026-03-11 02:29:24 +00:00
38cc306637
Add gitea-public IngressRoute for gitea.flowercore.io
2026-03-11 00:50:54 +00:00
263d31fa1d
Add public IngressRoute for webmail.flowercore.io
2026-03-11 00:50:48 +00:00
bd5684f984
Add public IngressRoutes for element.flowercore.io and matrix.flowercore.io
2026-03-11 00:50:44 +00:00
5f30f85569
Update fc-landing: public-safe page, no LAN refs, bare-metal RKE2 footer
2026-03-11 00:38:50 +00:00
Andrew M. Stoltz
848eb83f83
Deploy FlowerCore.Telephony: Blazor+REST+Twilio IVR
...
- Local container image (fc-telephony-web:latest) on all 3 RKE2 nodes
- 1Password OnePasswordItem for Twilio credentials (optional: true)
- Cloudflare origin cert for telephony.iamwork.in
- Piper TTS egress to edge1:8500
- SQLite with 5Gi Longhorn PVC
- NetworkPolicy: Traefik ingress, DNS, TTS, Twilio API egress
2026-03-10 12:02:08 -05:00
Andrew M. Stoltz
d89389bf27
Add voice bridge ingress: Traefik routes to edge1 replacing cloudflared tunnel
...
- voice.bluejay.dev → edge1:8766 (TwiML webhook)
- voice-ws.bluejay.dev → edge1:8765 (WebSocket media stream)
- Cloudflare origin cert for *.bluejay.dev
- Manual Endpoints + Service for external edge1 (10.0.57.15)
- NetworkPolicy: Traefik ingress only, egress to edge1 only
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 11:18:37 -05:00
Andrew M. Stoltz
37d6ff2337
Fix Anope db_flatfile path: use relative path (data/ prefix auto-prepended)
2026-03-10 11:06:12 -05:00
Andrew M. Stoltz
4069f51848
Fix Anope 2.0.19 config format: service blocks + module blocks
...
Anope 2.0.19 requires:
- Separate service {} blocks for each IRC pseudo-client (nick, user, host, gecos)
- Module config inside module {} blocks with name field (not bare nickserv/chanserv blocks)
- db_flatfile also moved to module {} block syntax
- fork=no to prevent backup crash in containerized environment
2026-03-10 11:04:59 -05:00
Andrew M. Stoltz
b2d7286179
Fix stale passwords, Anope crash loop, and intranet accuracy
...
Intranet:
- Replace all 1qaz@WSX3edc default passwords with current rotated values
- Update service credentials: Grafana, Gitea, Zabbix, ArgoCD, Guacamole, IRC
- Fix noc1 password to harbor-badge-kitten-valley-falcon
- Rotate edge1/edge2 passwords (lemon-torch-ruby-raven / nebula-cipher-indigo-tango)
- Update Harvester references to bare-metal RKE2
- Fix RKE2 node IPs (.118-.120 → .11-.13)
- Update status badge to REBUILD COMPLETE
- Fix ISP /28 from BROKEN to LIVE
- Add Traefik dashboard credentials (basicAuth)
- Update all phase progress to 100% Done
IRC:
- Fix Anope db_flatfile crash: fork=no (forked backup fails in container)
- Add client fields to all service blocks (NickServ, ChanServ, etc.)
- Fix log target path (was getting logs/ prefix mangled)
- Improve fix-perms init container (chmod 666, verbose output)
2026-03-10 11:01:35 -05:00
Andrew M. Stoltz
4319281bf8
Fix Anope: touch anope.db in init container to prevent backup crash
2026-03-10 01:28:12 -05:00
Andrew M. Stoltz
4921c2d9fd
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
Andrew M. Stoltz
7ed9a2e099
Add Traefik dashboard with basicAuth protection
2026-03-10 01:08:29 -05:00
Andrew M. Stoltz
a131839bdd
Update intranet: WiFi section with 1Password QR code references, remove plaintext passwords
2026-03-10 00:43:57 -05:00
Andrew M. Stoltz
9f935802d5
Fix TeamSpeak license base64 encoding (single char diff)
2026-03-10 00:34:41 -05:00
Andrew M. Stoltz
b084bfc2a1
Fix TeamSpeak license: use init container to copy into data volume (chown-safe)
2026-03-10 00:29:24 -05:00
Andrew M. Stoltz
76d194bafb
Add TeamSpeak 3 activation license and volume mount
2026-03-10 00:24:22 -05:00
Andrew Stoltz
39e1c69e28
Wire Guacamole fully to 1Password: remove guac-db-secret, all DB creds from guacamole-credentials
...
- MySQL StatefulSet, initdb Job, Guacamole web all reference guacamole-credentials
- DB-User, DB-Password, DB-Root-Password, DB-Name fields added to 1Password item
- Zero inline secrets remain in manifest
2026-03-09 21:14:26 -05:00
