From 3498da51b271f46c832ac6a88ed34c49763c8a16 Mon Sep 17 00:00:00 2001 From: DO Server Backup Date: Mon, 15 Jun 2026 20:00:15 +0000 Subject: [PATCH] =?UTF-8?q?[orbis]=20Weekly=20backup=202026-06-15=20?= =?UTF-8?q?=E2=80=94=20=202=20files=20changed,=20742=20insertions(+),=204?= =?UTF-8?q?=20deletions(-)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- infra/INFRASTRUCTURE-REFERENCE.md | 738 ++++++++++++++++++++++++++++++ ols-vhosts/site-list.txt | 8 +- 2 files changed, 742 insertions(+), 4 deletions(-) create mode 100644 infra/INFRASTRUCTURE-REFERENCE.md diff --git a/infra/INFRASTRUCTURE-REFERENCE.md b/infra/INFRASTRUCTURE-REFERENCE.md new file mode 100644 index 0000000..c2be5e5 --- /dev/null +++ b/infra/INFRASTRUCTURE-REFERENCE.md @@ -0,0 +1,738 @@ +# INFRASTRUCTURE REFERENCE — COMPLETE SYSTEM MAP +**Last Updated:** 2026-06-14 +**Owner:** Myron Blair — myronblair@outlook.com + +--- + +## TABLE OF CONTENTS +1. [Network Overview](#1-network-overview) +2. [Cloud Servers](#2-cloud-servers) +3. [On-Premise — Proxmox Hypervisors](#3-on-premise--proxmox-hypervisors) +4. [On-Premise — Virtual Machines](#4-on-premise--virtual-machines) +5. [NAS Storage](#5-nas-storage) +6. [Websites (all on DO)](#6-websites--all-on-do) +7. [JARVIS AI System](#7-jarvis-ai-system) +8. [Phone System (FusionPBX)](#8-phone-system-fusionpbx) +9. [Networking & VPN](#9-networking--vpn) +10. [Backup Systems](#10-backup-systems) +11. [SSH Quick Reference](#11-ssh-quick-reference) +12. [Critical Credentials Master List](#12-critical-credentials-master-list) + +--- + +## 1. NETWORK OVERVIEW + +``` +INTERNET + │ + ▼ +[Cloudflare CDN] ────────────────────────────────────────────────────────────── + │ (proxied DNS for public sites) + │ + ├─► [DigitalOcean 165.22.1.228] — CyberPanel/OLS — All websites + JARVIS + │ + └─► [FusionPBX 134.209.72.226] — FreeSWITCH PBX (SSH via DO relay) + +HOME NETWORK (FortiGate router at 10.48.200.1) + WAN: 97.154.109.245 (dynamic, DDNS: orbisne.fortiddns.com) + │ + ├─► PVE1 Proxmox 10.48.200.90 (primary hypervisor) + │ ├── VM 101 10.48.200.97 Home Assistant + │ ├── VM 112 10.48.200.33 Jellyfin + │ ├── VM 113 10.48.200.35 MediaStack (Sonarr/Radarr/qBT/Prowlarr) + │ ├── VM 118 10.48.200.18 Homebridge + │ ├── VM 120 10.48.200.110 NovaCPX hosting panel + │ ├── VM 210 10.48.200.95 Ollama (local LLM) + │ └── CT110 10.48.200.19 WireGuard exit container + │ + ├─► PVE2 Proxmox 10.48.200.91 (secondary hypervisor) + │ └── VM 302 10.48.200.99 NetworkBackup + │ + ├─► Synology NAS 10.48.200.249 — Media & backup storage + ├─► Yealink T48S 10.48.200.2 — Ext 1000 (Myron Blair, Desk) + ├─► Yealink T48S 10.48.200.43 — Ext 1001 (Tommy Ivy, Desk) + ├─► Yealink AX86R 10.48.200.65 — Ext 1002 (Myron Blair, WiFi Work) + ├─► Yealink T57W 10.48.200.3 — External SIP (United Mirror & Glass) + ├─► Yealink T57W 10.48.200.83 — Ext 1003 (Kitchen) + └─► Yealink T57W 10.48.200.85 — Ext 1004 (Master Bedroom) + +FortiGate Port Forwards: + orbisne.fortiddns.com:8006 → PVE1:8006 (Proxmox web UI) + orbisne.fortiddns.com:8123 → HA:8123 (Home Assistant) + orbisne.fortiddns.com:22 → HA VM:22 (SSH — key only, unreliable) +``` + +--- + +## 2. CLOUD SERVERS + +### 2A. DigitalOcean — Main Server +| Field | Value | +|-------|-------| +| **IP** | 165.22.1.228 | +| **OS** | Ubuntu 22.04 LTS | +| **Panel** | CyberPanel (OpenLiteSpeed) | +| **SSH** | `ssh root@165.22.1.228` — password: `Gonewalk1974!@#` | +| **Purpose** | All public websites + JARVIS AI + webhook deploy system | + +**Key Paths:** +- All sites: `/home//public_html/` +- JARVIS: `/home/jarvis.orbishosting.com/` +- Deploy log: `/home/jarvis.orbishosting.com/logs/deploy.log` +- Watchdog log: `/home/jarvis.orbishosting.com/logs/watchdog.log` +- Infra repo: `/opt/infra` + +**Services running:** +- OpenLiteSpeed web server (`lsws`) — serves all 7 sites +- MySQL 8 — all site databases on localhost +- Redis — session/cache +- PHP 8.5 (`lsphp85`) — runtime for all sites +- Cron jobs: JARVIS deploy runner (every 1 min), facts collector (every 3 min), stats cache (every 5 min), watchdog (every 5 min) + +**CyberPanel Web UI:** `https://165.22.1.228:8090` +Login: `myron / Joker1974!!!` + +**phpMyAdmin:** `https://165.22.1.228/phpmyadmin` +Login: `myron / Joker1974!!!` + +--- + +### 2B. FusionPBX / FreeSWITCH — PBX Server +| Field | Value | +|-------|-------| +| **IP** | 134.209.72.226 | +| **OS** | Debian (DigitalOcean droplet) | +| **SSH** | Must relay via DO: `ssh root@165.22.1.228` → `ssh root@134.209.72.226` — password: `Joker1974!@#` | +| **Direct SSH** | Only from: 107.178.2.130 / 97.154.109.245 | +| **Purpose** | VoIP phone system — handles all inbound/outbound calls | + +**Web UI:** `https://fusion.orbishosting.com` +Login: `admin / fY7XP5swgtpbzrYLhkeVYkA4744` + +**Database:** PostgreSQL +User: `fusionpbx` / Password: `pSJaF9mUJqPr4Sj5mwJyRqvCCpc` / Host: 127.0.0.1 + +**SIP Trunk:** SignalWire +DID: +1 (817) 764-5007 +Gateway: `signalwire` on external profile (port 5080, UDP) + +**How calls flow:** +``` +Caller → SignalWire SIP → FusionPBX:5080 → IVR (ext 900) → Ring extensions +Outbound: Phone → FusionPBX:5080 → SignalWire → PSTN +``` + +**SSH Relay Command:** +```bash +sshpass -p 'Gonewalk1974!@#' ssh -o StrictHostKeyChecking=no root@165.22.1.228 \ + 'sshpass -p "Joker1974!@#" ssh -o StrictHostKeyChecking=no root@134.209.72.226 "COMMAND"' +``` + +--- + +## 3. ON-PREMISE — PROXMOX HYPERVISORS + +### PVE1 — Primary Hypervisor +| Field | Value | +|-------|-------| +| **Local IP** | 10.48.200.90 | +| **External** | orbisne.fortiddns.com (FortiGate DDNS — auto-updates on WAN IP change) | +| **OS** | Proxmox VE 8.x | +| **SSH** | `ssh root@orbisne.fortiddns.com` OR `ssh root@10.48.200.90` — password: `Joker1974!!!` | +| **Web UI** | `https://orbisne.fortiddns.com:8006` — `root / Joker1974!!!` | +| **Purpose** | Runs VMs 101, 112, 113, 118, 120, 210, CT110 | + +**Useful commands:** +```bash +qm list # list all VMs +qm start/stop/restart # control VMs +qm guest exec -- bash -c "cmd" # run command inside VM (requires QEMU agent) +``` + +**JARVIS API Token:** `root@pam!jarvis=c45b5feb-f9a9-445d-a626-14fbb959f78b` + +--- + +### PVE2 — Secondary Hypervisor +| Field | Value | +|-------|-------| +| **Local IP** | 10.48.200.91 | +| **OS** | Proxmox VE 8.x | +| **SSH** | `ssh root@10.48.200.91` — password: `Joker1974!!!` | +| **Web UI** | `https://10.48.200.91:8006` — `root / Joker1974!!!` | +| **Purpose** | Runs VM 302 (NetworkBackup); part of shared Proxmox cluster with PVE1 | + +--- + +## 4. ON-PREMISE — VIRTUAL MACHINES + +### VM 101 — Home Assistant (PVE1) +| Field | Value | +|-------|-------| +| **IP** | 10.48.200.97 | +| **OS** | Ubuntu + Home Assistant OS/Supervised | +| **Web UI** | `http://orbisne.fortiddns.com:8123` — `myron / [HA password]` | +| **SSH** | Via HA web terminal only (Settings → Add-ons → Advanced SSH & Web Terminal) | +| **Purpose** | Smart home automation — 212 entities (lights, switches, scenes, sensors) | +| **JARVIS Agent** | ID: `homeassistant_ha` — pushes entity states to JARVIS every 10s | + +**JARVIS ↔ HA Integration:** +- HA custom component at `/config/custom_components/jarvis_agent/` +- Pushes all entity state changes to JARVIS `/api/agent/ha_state` (debounced 2s) +- JARVIS admin toggles → queued in `agent_commands` table → HA executes natively +- HA Long-lived Token (Jarvis2): `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzNmI0N2I1Njk5ZGQ0MTQ2ODMwZWFmYjZiYTQ1MjJkMSIsImlhdCI6MTc4MDIwMzU5NCwiZXhwIjoyMDk1NTYzNTk0fQ.sYRok-jRDlA4lFgWxLQELcEjkJNGQdprk6ZziLwLtXE` + +--- + +### VM 112 — Jellyfin Media Server (PVE1) +| Field | Value | +|-------|-------| +| **IP** | 10.48.200.33 | +| **OS** | Ubuntu 22.04 LTS | +| **SSH** | `ssh root@10.48.200.33` — password: `Joker1974!!!` (enabled 2026-06-14) | +| **Web UI** | `http://10.48.200.33:8096` | +| **Purpose** | Media streaming server — Movies and TV shows | +| **JARVIS Agent** | Not yet installed | + +**Media Libraries:** +- Movies: `/mnt/mediastack/movies` — NFS from MediaStack (10.48.200.35:/media/movies) +- TV: `/mnt/mediastack/tv` — NFS from MediaStack (10.48.200.35:/media/tv) + +**NFS chain:** Jellyfin → MediaStack → Synology NAS (`/volume1/video/movies` and `/volume1/video/tv`) + +**Admin token:** `7c0ccf78b91d4b5bafa607f585f24f2d` + +**If library scan needed:** +```bash +curl -X POST "http://10.48.200.33:8096/Library/Refresh" \ + -H "X-Emby-Token: 7c0ccf78b91d4b5bafa607f585f24f2d" +``` + +**If NFS stale after MediaStack changes:** +```bash +umount -l /mnt/mediastack/movies && umount -l /mnt/mediastack/tv +mount /mnt/mediastack/movies && mount /mnt/mediastack/tv +``` + +--- + +### VM 113 — MediaStack (PVE1) +| Field | Value | +|-------|-------| +| **IP** | 10.48.200.35 | +| **OS** | Ubuntu 24.04 LTS | +| **SSH** | Via PVE1: `ssh -i /root/.ssh/id_rsa root@10.48.200.35` (no direct access from DO) | +| **Purpose** | Automated media download pipeline + NFS server to Jellyfin | +| **JARVIS Agent** | ID: `MediaStack_2c00b1b8` | + +**Services:** +| Service | Port | Login | API Key | +|---------|------|-------|---------| +| qBittorrent | :8080 | `admin / Joker1974!!!` | — | +| Sonarr | :8989 | `admin / Joker1974!!!` | `b43e04350a594846b4ee95261c29e9e0` | +| Radarr | :7878 | `admin / Joker1974!!!` | `53c4268360444feeae5f98c0cc24e0e3` | +| Prowlarr | :9696 | `admin / Joker1974!!!` | `9d0ce6c5660743b5bf1c7951efc62252` | + +**All services run as root** — required by Synology NFS ACL (only root can write). + +**VPN:** NordVPN — `nordlynx` WireGuard interface — exit IP 181.214.226.188 (US Dallas) +All download traffic exits via NordVPN. If downloads stall, check: `ip rule show` for rules 32764/32765. + +**Media Flow:** +``` +IPTorrents (Prowlarr) → Sonarr/Radarr search → qBittorrent download +→ /mnt/nas/video/downloads (NAS) +→ Sonarr/Radarr import → /mnt/nas/video/tv or /mnt/nas/video/movies (NAS) +→ NFS → Jellyfin /mnt/mediastack/movies or /mnt/mediastack/tv +``` + +**Indexer:** IPTorrents via Prowlarr cookie auth +Cookie: `uid=2237410; pass=JzLP2niTWxBJAZIU3yvtLbJzD55kdLeB` +(Expires — if search fails, log into iptorrents.com, copy uid+pass cookies) + +**If Radarr/Sonarr shows "0 active indexers":** +```bash +systemctl stop radarr +sqlite3 /var/lib/radarr/radarr.db "DELETE FROM IndexerStatus WHERE ProviderId=1;" +systemctl start radarr +``` + +**SSH from DO:** +```bash +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.90 \ + 'ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa root@10.48.200.35 "COMMAND"' +``` + +--- + +### VM 118 — Homebridge (PVE1) +| Field | Value | +|-------|-------| +| **IP** | 10.48.200.18 | +| **OS** | Linux | +| **SSH** | `ssh myron@10.48.200.18` — password: `Joker1974!` | +| **Purpose** | Apple HomeKit bridge — exposes non-HomeKit devices to Apple Home app | +| **JARVIS Agent** | ID: `homebridge_b57cbaea` | + +--- + +### VM 120 — NovaCPX Hosting Panel (PVE1) +| Field | Value | +|-------|-------| +| **IP** | 10.48.200.110 | +| **OS** | Ubuntu 24.04 LTS | +| **SSH** | `ssh root@10.48.200.110` — password: `Joker1974!!!` (direct, no PVE hop) | +| **Purpose** | Custom web hosting control panel (cPanel alternative), v1.0.27 | +| **JARVIS Agent** | ID: `novacpx_e3b07264` | + +**Ports:** +| Port | Panel | +|------|-------| +| :8880 | User panel | +| :8881 | Reseller panel | +| :8882 | Admin panel | +| :8883 | Roundcube webmail | + +**Admin:** `https://10.48.200.110:8882` — `admin / Admin2026!` +**phpMyAdmin:** `http://10.48.200.110/phpmyadmin` + +**File Paths:** +- Web root: `/srv/novacpx/public/` +- DB (SQLite): `/var/lib/novacpx/panel.db` +- Config: `/etc/novacpx/config.ini` +- Git repo: `/opt/novacpx-src/` +- GitHub: `myronblair/novacpx` (auto-deploy on push to `main`) + +--- + +### VM 210 — Ollama Local LLM (PVE1) +| Field | Value | +|-------|-------| +| **IP** | 10.48.200.95 | +| **OS** | Ubuntu (cloud image) | +| **SSH** | `ssh myron@10.48.200.95` — password: `Joker1974!` (then `sudo`) | +| **Purpose** | Local AI inference — runs llama3.2 model for JARVIS Tier 1 chat | +| **API** | `http://10.48.200.95:11434` (Ollama REST API) | +| **JARVIS Agent** | ID: `ollama-ai_ubuntu` | + +**JARVIS uses this as Tier 1 AI** — if Ollama is down, falls back to Groq (cloud). + +--- + +### VM 302 — NetworkBackup (PVE2) +| Field | Value | +|-------|-------| +| **IP** | 10.48.200.99 | +| **OS** | Ubuntu/Linux | +| **SSH** | `ssh myron@10.48.200.99` — password: `Joker1974!` (then `sudo`) | +| **Purpose** | Network backup storage / backup operations | +| **JARVIS Agent** | ID: `networkbackup_NetworkB` | + +--- + +### CT110 — WireGuard Exit Container (PVE1) +| Field | Value | +|-------|-------| +| **IP** | 10.48.200.19 / 10.48.200.67 | +| **Purpose** | Legacy WireGuard exit tunnel to DO (10.200.0.4 via wg-exit) — currently NOT used by MediaStack/Jellyfin | +| **Note** | MediaStack uses NordVPN directly; Jellyfin uses wg1 peer on MediaStack for NFS only | + +--- + +## 5. NAS STORAGE + +### Synology NAS +| Field | Value | +|-------|-------| +| **IP** | 10.48.200.249 | +| **Login** | `nas / Joker1974!!!` | +| **DSM Web UI** | `http://10.48.200.249:5000` | +| **Purpose** | Primary media and download storage | + +**NFS Share:** `/volume1/video` (exported to MediaStack only) + +**Directory structure:** +``` +/volume1/video/ + movies/ ← Radarr imports here; NFS-exported to Jellyfin via MediaStack + tv/ ← Sonarr imports here; NFS-exported to Jellyfin via MediaStack + downloads/ ← qBittorrent downloads here (temp) + incomplete/ ← in-progress torrents +``` + +**Important:** Synology NFS ACL only allows root to write. All services on MediaStack run as root. + +--- + +## 6. WEBSITES (ALL ON DO) + +All sites are at `/home//public_html/` on DO (165.22.1.228). +**Auto-deploy:** Push to `main` on GitHub → webhook → server pulls in ~1 min. +**GitHub PAT:** `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` (expires ~2026-08-20) + +--- + +### jarvis.orbishosting.com — JARVIS AI Dashboard +| Field | Value | +|-------|-------| +| **URL** | https://jarvis.orbishosting.com | +| **Path** | `/home/jarvis.orbishosting.com/` | +| **GitHub** | `myronblair/jarvis` | +| **Login** | `myron / Joker1974!!!` | +| **Purpose** | Iron Man-style AI home dashboard with voice control, smart home, media, planner | + +See Section 7 for full JARVIS details. + +--- + +### tomsjavajive.com — Tom's Java Jive +| Field | Value | +|-------|-------| +| **URL** | https://tomsjavajive.com | +| **Path** | `/home/tomsjavajive.com/public_html/` | +| **GitHub** | `myronblair/tomsjavajive` | +| **Purpose** | Coffee shop e-commerce — products, orders, loyalty, wallet, reviews | +| **Admin URL** | `https://tomsjavajive.com/admin/` | +| **Admin Login** | `admin@tomsjavajive.com / Joker1974!!!` OR `myronblair@outlook.com / Joker1974!!!` | +| **DB** | `toms_tjj_db / toms_tjj_user / +60wlPc+55e@gFq4` | +| **Email** | CyberMail API key: `sk_live_7f9b0f9a29f6de31a0d229d4af75d56b094ad724fc58a57d` | +| **Email From** | `noreply@tomsjavajive.com` / `Toms Java Jive` (set in DB settings table) | + +--- + +### epictravelexpeditions.com — Epic Travel Expeditions +| Field | Value | +|-------|-------| +| **URL** | https://epictravelexpeditions.com | +| **Path** | `/home/epictravelexpeditions.com/public_html/` | +| **GitHub** | `myronblair/epictravelexpeditions` | +| **Purpose** | Travel booking / expeditions website | +| **DB** | `epic_travel_db` (see `api/config.php`) | + +--- + +### parkerslingshot.epictravelexpeditions.com — Parker Slingshot (OLD) +| Field | Value | +|-------|-------| +| **URL** | https://parkerslingshot.epictravelexpeditions.com | +| **Path** | `/home/epictravelexpeditions.com/parkerslingshot/` | +| **GitHub** | `myronblair/parkerslingshot` | +| **Purpose** | Old slingshot rental site (superseded by parkerslingshotrentals.com) | + +--- + +### parkerslingshotrentals.com — Parker Slingshot Rentals (LIVE) +| Field | Value | +|-------|-------| +| **URL** | https://www.parkerslingshotrentals.com | +| **Path** | `/home/parkerslingshotrentals.com/public_html/` | +| **GitHub** | `myronblair/parkerslingshotrentals` | +| **Purpose** | Polaris Slingshot rental — bookings, e-signature waiver, admin management | +| **Admin** | `/admin/index.php` — `admin / Parker2026!` | +| **DB** | `park_slingshot / park_slingshotuser / 4@rxg*8kovxCr7w6` | +| **Square** | Production token: `EAAAl3FsAu_2ri8kZE_ENEyi2T_C8HXXm5XQFY6Lbnd8SX6FqYp8J_upUeXNYh7v` | + +--- + +### orbishosting.com — Orbis Hosting (Landing Page) +| Field | Value | +|-------|-------| +| **URL** | https://orbishosting.com | +| **Path** | `/home/orbishosting.com/public_html/` | +| **GitHub** | `myronblair/orbishosting` | +| **Purpose** | Public landing page for Orbis Hosting brand | + +--- + +### orbis.orbishosting.com — Orbis Hosting Portal +| Field | Value | +|-------|-------| +| **URL** | https://orbis.orbishosting.com | +| **Path** | `/home/orbis.orbishosting.com/public_html/` | +| **GitHub** | `myronblair/orbis-hosting-portal` | +| **Purpose** | Customer-facing hosting portal | + +--- + +### tomtomgames.com — TomTom Games +| Field | Value | +|-------|-------| +| **URL** | https://tomtomgames.com | +| **Path** | `/home/tomtomgames.com/public_html/` | +| **GitHub** | `myronblair/tomtomgames` | +| **Purpose** | Gaming website | +| **DB** | `tomtom_games_db` (see config) | +| **Email** | CyberMail API key: `sk_live_7f9b...` | + +--- + +## 7. JARVIS AI SYSTEM + +**URL:** https://jarvis.orbishosting.com +**Files:** `/home/jarvis.orbishosting.com/` on DO +**DB:** `jarvis_db` — `jarvis_user / J4rv1s_Pr0t0c0l_2026!` +**Login:** `myron / Joker1974!!!` +**Admin portal:** https://jarvis.orbishosting.com/admin + +### Architecture (end-to-end) + +``` +Voice (browser mic) + → SpeechRecognition API + → Wake phrase: "wake up JARVIS" / "daddy's home" + → "JARVIS [command]" triggers action + → /api/chat.php (4-tier AI) + Tier 0.7: KB intents / planner (tasks, appointments) + Tier 1: Knowledge Base (MySQL) + Tier 1.5: Ollama (10.48.200.95:11434, llama3.2) — local LLM + Tier 2: Groq (cloud, model: compound-beta-mini) + Tier 3: Claude API (Anthropic, fallback) + → ElevenLabs TTS → browser speaker +``` + +### Deploy Pipeline +``` +Code edit → git push → GitHub webhook → /webhook.php (HMAC verified) +→ /tmp/jarvis-deploy-queue.txt → /usr/local/bin/jarvis-deploy.sh (cron 1min) +→ git pull + PHP syntax check → deploy or auto-revert +``` +Webhook secret: `4c8805f0285214ff0a0602b5880270b935f36a896946c7f1` + +### Agent System +Agents installed on all servers — phone home every 10s (heartbeat) / 30s (metrics). +Registration key: `f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518` +Install command: `curl -sk https://jarvis.orbishosting.com/install-agent.sh | bash -s ` + +### Self-Healing Watchdog +`/usr/local/bin/jarvis-watchdog.sh` — runs every 5 min (root cron on DO) +Restarts: lsws, mysql, redis if down +Restarts offline Proxmox VM agents via `qm guest exec` + +### Cron Jobs (DO server) +| Schedule | Script | Purpose | +|----------|--------|---------| +| Every 1 min | `jarvis-deploy.sh` | Process GitHub deploy queue | +| Every 3 min | `facts_collector.php` | Collect agent metrics, KB facts, site health | +| Every 5 min | `stats_cache.php` | Weather, news, Proxmox stats refresh | +| Every 5 min | `jarvis-watchdog.sh` | Self-healing: restart dead services | + +--- + +## 8. PHONE SYSTEM (FUSIONPBX) + +### Extensions +| Ext | Name | Phone | IP | SIP Password | +|-----|------|-------|----|-------------| +| 1000 | Myron Blair — Desk | Yealink T48S | 10.48.200.2 | `Xk9mPw3nQv7rLs2t` | +| 1001 | Tommy Ivy — Desk | Yealink T48S | 10.48.200.43 | `Tv8xNm4pWq6rZs3k` | +| 1002 | Myron Blair — WiFi Work | Yealink AX86R | 10.48.200.65 | `yXHaJTwa8rj?$GkrVFQB` | +| 1003 | Kitchen | Yealink T57W | 10.48.200.83 | — | +| 1004 | Master Bedroom | Yealink T57W | 10.48.200.85 | — | +| 1010 | Parker County Slingshot | Virtual (voicemail only) | — | — | +| 1011 | Epic Travel Expeditions | Virtual (voicemail only) | — | — | +| 1012 | Tom's Java Jive | Virtual (voicemail only) | — | — | +| 900 | IVR | — | — | (auto-attendant) | + +**Phone SIP Settings (all phones):** +- Server: `134.209.72.226` +- Port: `5080` +- Transport: UDP + +**Provisioning URL:** `https://fusion.orbishosting.com/app/provision/` +(Username: `provision-master`, Password: `Joker1974!!!`) + +### Call Flow +``` +Inbound (+18177645007) +→ SignalWire → FusionPBX:5080 (UDP) +→ signalwire-inbound dialplan (catch-all ^.*$) +→ IVR ext 900 (ivr_menu_16k.wav) +→ Routes to extensions 1000/1001/1002/1003/1004 + +Outbound +→ Phone → FusionPBX:5080 +→ signalwire gateway → SignalWire → PSTN +``` + +### FreeSWITCH CLI Commands +```bash +fs_cli -x "sofia status profile external reg" # check registrations +fs_cli -x "sofia xmlstatus gateway" # check SignalWire gateway +fs_cli -x "reloadxml" # reload config (safe) +fs_cli -x "reloadacl" # reload ACL (safe) +# AVOID: sofia profile external restart (drops all phone registrations) +``` + +--- + +## 9. NETWORKING & VPN + +### FortiGate Firewall +- WAN IP: 97.154.109.245 (dynamic) +- DDNS: `orbisne.fortiddns.com` (FortiGate auto-updates on IP change) +- Blocks: outbound port 53 (DNS) — MediaStack uses PVE1 dnsmasq (10.48.200.90) as resolver → 100.100.100.100 + +**Port Forwards:** +| External Port | Internal Destination | Purpose | +|--------------|---------------------|---------| +| :8006 | PVE1:8006 | Proxmox web UI | +| :8123 | HA VM:8123 | Home Assistant | +| :22 | HA VM:22 | HA SSH (unreliable) | + +### WireGuard — Jellyfin ↔ MediaStack +- MediaStack runs WireGuard server on `wg1` (port 51820, subnet 10.200.0.1/24) +- Jellyfin peer: 10.200.0.3 (active handshake) +- Used for NFS media file access ONLY — not internet VPN + +### NordVPN — MediaStack Internet Traffic +- Interface: `nordlynx` on MediaStack +- Exit IP: 181.214.226.188 (US Dallas) +- Policy routing: table 205 (all traffic via nordlynx), managed by `nordvpn-routing.service` +- Required for IPTorrents access (blocks non-VPN IPs) + +--- + +## 10. BACKUP SYSTEMS + +### DO Server Backup +- **Repo:** `myronblair/do-server-config` +- **Schedule:** Weekly, Sunday 4am +- **Launcher:** `/usr/local/bin/do-server-backup` on DO +- **Covers:** Scripts, systemd units, WireGuard, OLS vhosts, cron, MySQL credentials +- **Restore:** 8-phase wizard in `restore.sh` +- **DB backups:** `jarvis-backup.sh` runs daily (separate) + +### Proxmox Config Backup +- **Repo:** `myronblair/proxmox-config` +- **Schedule:** Weekly, Sunday 3am (both PVE1 and PVE2) +- **Launcher:** `/usr/local/bin/proxmox-backup` on each node +- **Covers:** VM .conf files, network, cron, systemd, scripts +- **VM disks:** Covered by Proxmox Backup Server (PBS) + +### FusionPBX Backup +- **Repo:** `myronblair/fusionpbx-config` +- **Schedule:** Weekly, Sunday 5am +- **Launcher:** `/usr/local/bin/fusionpbx-backup` +- **Covers:** PostgreSQL dump (gzip, ~29MB) + FreeSWITCH configs +- **Restore:** 10-phase wizard in `restore.sh` + +--- + +## 11. SSH QUICK REFERENCE + +```bash +# DO (main web server) +sshpass -p 'Gonewalk1974!@#' ssh -o StrictHostKeyChecking=no root@165.22.1.228 + +# FusionPBX (must relay via DO) +sshpass -p 'Gonewalk1974!@#' ssh root@165.22.1.228 \ + 'sshpass -p "Joker1974!@#" ssh root@134.209.72.226 "CMD"' + +# PVE1 (direct or via DDNS) +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@orbisne.fortiddns.com +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.90 + +# PVE2 +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.91 + +# MediaStack (via PVE1) +sshpass -p 'Joker1974!!!' ssh root@10.48.200.90 \ + 'ssh -i /root/.ssh/id_rsa root@10.48.200.35 "CMD"' + +# Jellyfin (direct, password enabled 2026-06-14) +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.33 + +# NovaCPX (direct) +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.110 + +# Ollama / Homebridge / NetworkBackup (myron user, then sudo) +sshpass -p 'Joker1974!' ssh myron@10.48.200.95 # Ollama +sshpass -p 'Joker1974!' ssh myron@10.48.200.18 # Homebridge +sshpass -p 'Joker1974!' ssh myron@10.48.200.99 # NetworkBackup + +# Run command inside VM via Proxmox (requires QEMU agent installed) +sshpass -p 'Joker1974!!!' ssh root@10.48.200.90 \ + 'qm guest exec 210 -- bash -c "CMD"' +``` + +**Password fallback order:** `Joker1974!@#` → `Joker1974!!!` → `Joker1974!` + +--- + +## 12. CRITICAL CREDENTIALS MASTER LIST + +### SSH / Root Access +| System | User | Password | Notes | +|--------|------|----------|-------| +| DO (165.22.1.228) | root | `Gonewalk1974!@#` | Main web server | +| FusionPBX (134.209.72.226) | root | `Joker1974!@#` | Via DO relay | +| PVE1 (10.48.200.90) | root | `Joker1974!!!` | Also via DDNS | +| PVE2 (10.48.200.91) | root | `Joker1974!!!` | | +| MediaStack (10.48.200.35) | root | key only | Via PVE1 (`/root/.ssh/id_rsa`) | +| Jellyfin (10.48.200.33) | root | `Joker1974!!!` | Enabled 2026-06-14 | +| NovaCPX (10.48.200.110) | root | `Joker1974!!!` | Direct SSH works | +| Ollama / Homebridge / Backup VMs | myron | `Joker1974!` | Then sudo | + +### Web Panels & Admin +| System | URL | User | Password | +|--------|-----|------|----------| +| CyberPanel | https://165.22.1.228:8090 | myron | `Joker1974!!!` | +| phpMyAdmin (DO) | https://165.22.1.228/phpmyadmin | myron | `Joker1974!!!` | +| Proxmox PVE1 | https://orbisne.fortiddns.com:8006 | root | `Joker1974!!!` | +| Proxmox PVE2 | https://10.48.200.91:8006 | root | `Joker1974!!!` | +| JARVIS | https://jarvis.orbishosting.com | myron | `Joker1974!!!` | +| JARVIS Admin | https://jarvis.orbishosting.com/admin | myron | `Joker1974!!!` | +| FusionPBX | https://fusion.orbishosting.com | admin | `fY7XP5swgtpbzrYLhkeVYkA4744` | +| Home Assistant | http://orbisne.fortiddns.com:8123 | myron | (HA password) | +| NovaCPX Admin | https://10.48.200.110:8882 | admin | `Admin2026!` | +| Jellyfin | http://10.48.200.33:8096 | — | token: `7c0ccf78b91d4b5bafa607f585f24f2d` | +| qBittorrent | http://10.48.200.35:8080 | admin | `Joker1974!!!` | +| Sonarr | http://10.48.200.35:8989 | admin | `Joker1974!!!` | +| Radarr | http://10.48.200.35:7878 | admin | `Joker1974!!!` | +| Prowlarr | http://10.48.200.35:9696 | admin | `Joker1974!!!` | +| Synology NAS | http://10.48.200.249:5000 | nas | `Joker1974!!!` | +| Parker Slingshot Admin | https://parkerslingshotrentals.com/admin | admin | `Parker2026!` | +| TJJ Admin | https://tomsjavajive.com/admin | `admin@tomsjavajive.com` OR `myronblair@outlook.com` | `Joker1974!!!` | + +### Databases +| Site | DB Name | DB User | DB Password | +|------|---------|---------|-------------| +| JARVIS | `jarvis_db` | `jarvis_user` | `J4rv1s_Pr0t0c0l_2026!` | +| Tom's Java Jive | `toms_tjj_db` | `toms_tjj_user` | `+60wlPc+55e@gFq4` | +| Parker Slingshot Rentals | `park_slingshot` | `park_slingshotuser` | `4@rxg*8kovxCr7w6` | +| Epic Travel | `epic_travel_db` | (see config.php) | (see config.php) | +| Epic/Parker Slingshot | `epic_parkersling` | `epic_parkersling` | `Joker1974!!!` | +| NovaCPX | SQLite: `/var/lib/novacpx/panel.db` | — | — | +| FusionPBX | PostgreSQL | `fusionpbx` | `pSJaF9mUJqPr4Sj5mwJyRqvCCpc` | +| MySQL root (DO) | — | root | `b71e5c1a8c7457541b9c1db822de37adfa271926a38b6c20` | + +### API Keys +| Service | Key | +|---------|-----| +| GitHub PAT | `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` (exp ~2026-08-20) | +| JARVIS Agent Registration | `f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518` | +| Proxmox API Token | `root@pam!jarvis=c45b5feb-f9a9-445d-a626-14fbb959f78b` | +| HA Long-lived Token | `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzNmI0N2I1Njk5ZGQ0MTQ2ODMwZWFmYjZiYTQ1MjJkMSIsImlhdCI6MTc4MDIwMzU5NCwiZXhwIjoyMDk1NTYzNTk0fQ.sYRok-jRDlA4lFgWxLQELcEjkJNGQdprk6ZziLwLtXE` | +| Sonarr API | `b43e04350a594846b4ee95261c29e9e0` | +| Radarr API | `53c4268360444feeae5f98c0cc24e0e3` | +| Prowlarr API | `9d0ce6c5660743b5bf1c7951efc62252` | +| Jellyfin Admin Token | `7c0ccf78b91d4b5bafa607f585f24f2d` | +| Square (Parker) Production | `EAAAl3FsAu_2ri8kZE_ENEyi2T_C8HXXm5XQFY6Lbnd8SX6FqYp8J_upUeXNYh7v` | +| Square App ID (Parker) | `sq0idp-YSM7BU9IVyOWSzpeP-0nzQ` | +| Webhook HMAC Secret | `4c8805f0285214ff0a0602b5880270b935f36a896946c7f1` | + +### SIP / Phone +| Extension | Name | SIP Password | +|-----------|------|-------------| +| 1000 | Myron Blair — Desk (10.48.200.2) | `Xk9mPw3nQv7rLs2t` | +| 1001 | Tommy Ivy — Desk (10.48.200.43) | `Tv8xNm4pWq6rZs3k` | +| 1002 | Myron Blair — WiFi Work (10.48.200.65) | `yXHaJTwa8rj?$GkrVFQB` | +| 1003 | Kitchen (10.48.200.83) | — | +| 1004 | Master Bedroom (10.48.200.85) | — | +| 1010 | Parker County Slingshot (voicemail only) | — | +| 1011 | Epic Travel Expeditions (voicemail only) | — | +| 1012 | Tom's Java Jive (voicemail only) | — | + +--- + +*This document contains sensitive credentials. Store securely and do not share.* diff --git a/ols-vhosts/site-list.txt b/ols-vhosts/site-list.txt index 5087df0..d9b3a33 100644 --- a/ols-vhosts/site-list.txt +++ b/ols-vhosts/site-list.txt @@ -1,9 +1,9 @@ -# Websites on DO server — 2026-06-14 +# Websites on DO server — 2026-06-15 - epictravelexpeditions.com (5.4M) -- jarvis.orbishosting.com (704K) -- orbishosting.com (113M) +- jarvis.orbishosting.com (764K) +- orbishosting.com (114M) - orbis.orbishosting.com (312K) - parkerslingshotrentals.com (1.6M) -- tomsjavajive.com (5.0M) +- tomsjavajive.com (7.6M) - tomtomgames.com (4.3M)