Compare commits

...

5 Commits

Author SHA1 Message Date
myron 2a92b958c1 Remove VM107 Claude-DHCP — Claude runs on Windows desktop
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DJT825DchsKy6ABPC4MvJp
2026-06-28 19:10:08 -05:00
myron b71e58bbae Remove ProxMailcow — VMs no longer exist, project retired 2026-06-26 09:11:56 -05:00
myron 3080273e0a Emergency HA config export 2026-06-26
HA disk lost after Proxmox config reset. Exported while VM still running from
page cache: areas (24), all entity states (2058), areas list.
Note: Google Drive Backup addon was installed — check Google Drive for .tar backups.
2026-06-26 13:37:28 +00:00
myron f8c406dbad Remove stale completed-task memory files
Deleted: jarvis_improvements_list (all 13 done), novacpx_todo (all done),
jarvis_migration (complete — JARVIS on VM 211). Updated MEMORY.md index.
2026-06-26 03:07:03 +00:00
myron 52f6073593 Add Claude Code AI memory files
AI context/memory from Claude Code sessions covering all
infrastructure: JARVIS, NovaCPX, DO sites, Proxmox, FusionPBX,
MediaStack, and project feedback/preferences.
2026-06-26 03:06:26 +00:00
36 changed files with 1595 additions and 0 deletions
+29
View File
@@ -0,0 +1,29 @@
# Memory Index
- [FusionPBX Setup](project_fusionpbx.md) — DO 134.209.72.226; SignalWire SIP trunk (transport=udp required); ext 1000/1001/1002; IVR 900; signalwire-inbound catch-all dialplan; providers ACL includes FortiGate 97.154.109.245
- [Yealink API](feedback_yealink_api.md) — PKCS1v15+AES-CBC login; token required for writes; account-register page; correct field names (server1, AccountRegisterName, etc.)
- [Yealink Phone Status](project_yealink_phones.md) — Ext 1000 (Myron/.2) + ext 1001 (Tommy/.43) registered; provisioning URL set; BLF buttons in progress
- [JARVIS System](project_jarvis.md) — Iron Man AI on DO 165.22.1.228; /admin portal; PVE1 nmap auto-scan; agents on all nodes; Proxmox cluster API via FortiGate DDNS:8006
- [JARVIS HA Integration](project_jarvis_ha_integration.md) — Two-way HA↔JARVIS via custom component; 212 entities live; webhook fix; HA SSH via web terminal only
- [Web Server](project_webserver.md) — CyberPanel/OpenLiteSpeed DO at 165.22.1.228 (root/Gonewalk1974!@#); tomsjavajive.com + 5 other sites; IP changed from 206.189.229.53
- [GitHub Workflow](feedback_github_workflow.md) — All sites have private GitHub repos (myronblair/*); commit+push to GitHub THEN deploy to server for every change; repo map + gitignored creds inside
- [Tom's Java Jive](project_tomsjavajive.md) — DB creds, admin portal map, schema quirks (no slug col, enum values, collation), bugs fixed 2026-05-22
- [TJJ Email](project_tomsjavajive_email.md) — CyberMail (CyberPersons); API key in config.php as CYBERMAIL_API_KEY; mgmt at platform.cyberpersons.com
- [TomTomGames Email](project_tomtomgames_email.md) — CyberMail API key sk_live_7f9b...; mailer.php uses cybermailSend(); sendgridSend() aliased; verified 2026-06-06
- [SMTP Credentials (all sites)](project_smtp_credentials.md) — All 5 sites on CyberMail, same API key, all verified 2026-06-06; TJJ reads from settings DB table; TJJ email_cybermail bad key fixed
- [PHP ob_start Export Fix](feedback_php_ob_export.md) — ob_end_clean() required before CSV/JSON responses when ob_start()+header.php pattern is used
- [MySQL Collation](feedback_mysql_collation.md) — Always utf8mb4_unicode_ci; mixing with general_ci breaks JOINs (error 1267)
- [Parker Slingshot Rentals](project_parkerslingshotrentals.md) — parkerslingshotrentals.com booking site; HMAC cookie admin auth (not sessions); Square creds stored; 6-step booking flow
- [SSH Passwords](feedback_ssh_passwords.md) — Try Joker1974!@# → Joker1974!!! → Joker1974!; root direct on PVE; myron/Joker1974!!! + sudo on VMs
- [Yealink Provisioning](feedback_yealink_provisioning.md) — overwrite_mode=1 required; BLF type=16 in FusionPBX; auto_linekeys=0; factory reset clears URL; git safe.directory for www-data
- [Cloudflare Rocket Loader](feedback_cloudflare_rocket_loader.md) — breaks inline onclick= handlers and defers scripts; fix with Cache-Control: no-transform in PHP
- [MediaStack VM](project_mediastack.md) — VM 113 on PVE1; all services admin/Joker1974!!!; NordVPN (not CT110); IPTorrents uid=2237410 cookie; download dirs must be qbittorrent-owned; NFS to Jellyfin
- [NovaCPX Panel](project_novacpx.md) — VM 120 @ 10.48.200.110 (direct SSH works); v1.0.27; admin/Admin2026!; stable/beta channels; JARVIS agent online; 140-app Docker catalog
- [NovaCPX Dev Tools](project_novacpx_tools.md) — Direct SSH/SCP to 10.48.200.110 (PVE1 hop broken); API session-cookie auth pattern; key VM paths
- [Proxmox Config Backup](project_proxmox_backup.md) — myronblair/proxmox-config; weekly cron on PVE1+PVE2; restore.sh wizard; VM configs + network + scripts + systemd; PBS covers VM disks
- [DO Server Backup](project_do_backup.md) — myronblair/do-server-config; weekly cron Sunday 4am; scripts/systemd/WG/OLS vhosts/mysql; restore.sh 8-phase wizard; DBs covered by jarvis-backup.sh daily
- [FusionPBX Backup](project_fusionpbx_backup.md) — myronblair/fusionpbx-config; weekly cron Sunday 5am; PostgreSQL dump (gzip, 29MB) IS the config; restore.sh 10-phase wizard; SSH via DO relay only
- [Context Management](feedback_context_management.md) — Warn before context limit; finish/commit current task cleanly; don't start large features if context is already long
- [JARVIS TODO](project_jarvis_todo.md) — Master TODO: Workers page, Phase 2/3 modularization, agent fixes, install-agent.sh, Arc Reactor systemd, Jellyfin, Claude credits
- [Cryptex Safe](user_cryptex.md) — Physical 3D-printed Cryptex key: NEBYMJ (Creality K2 Pro)
- [Infrastructure TODO](project_infra_todo.md) — Open items: CT110 read-only fs, wg-clients auto-start, MediaStack guest agent, Tailscale PVE1 re-auth, stale ARP watch
@@ -0,0 +1,27 @@
---
name: feedback-cloudflare-rocket-loader
description: Cloudflare Rocket Loader breaks inline JS event handlers and defers scripts — how to avoid and fix
metadata:
node_type: memory
type: feedback
originSessionId: dfc59a24-a903-4f91-8c76-331af763d3e6
---
Cloudflare Rocket Loader is enabled on all orbishosting.com sites and causes two distinct problems:
1. **Script deferral** — changes `<script>` tag type to a fake value, preventing execution until Rocket Loader finishes loading. Breaks any JS that must run on page load.
2. **Inline handler blocking** — injects `if (!window.__cfRLUnblockHandlers) return false;` into every `onclick=`, `onkeydown=`, etc. HTML attribute. Even if the function is defined, the click is blocked.
**Why:** These are Cloudflare "performance optimizations" that can't be disabled without Cloudflare dashboard access (no API keys stored).
**How to apply:** For any page with JavaScript that must work:
- Add `Cache-Control: no-transform, no-store` response header — this tells Cloudflare not to modify the response. Use `ini_set('session.cache_limiter', '')` before session_start() or the session headers will override it.
- Never use inline event handler attributes (`onclick=`, `onkeydown=`). Always use `addEventListener()`.
- The main JARVIS app (jarvis.orbishosting.com) is now served via `index.php` which adds this header automatically.
**Current solution (2026-06-01):**
- Login: `login.php` (pure PHP form POST, no JS) with `Cache-Control: no-transform`
- Entry point: `index.php` checks PHP session, redirects to `login.php` if not auth'd
- App served with token injected as `var __jarvisToken` global + CSS forcing loginScreen hidden
- See [[project-jarvis]] for full architecture
+14
View File
@@ -0,0 +1,14 @@
---
name: feedback-context-management
description: User wants to be warned before context limit and have tasks cleanly finished before running out
metadata:
node_type: memory
type: feedback
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
---
Warn the user proactively when the conversation is getting long and approaching the context limit — before a task is left in a broken/hanging state. Finish or save the current task cleanly, then let the user know the session needs to continue fresh.
**Why:** User wants nothing left hanging when a session ends.
**How to apply:** When making edits mid-feature, always commit and deploy what's done so far. Before starting something large when context is already long, warn the user and offer to continue in a new session rather than starting something that won't finish.
+43
View File
@@ -0,0 +1,43 @@
---
name: feedback-github-workflow
description: Standing rule — all website and Jarvis changes must be committed to GitHub then deployed to the server
metadata:
type: feedback
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
---
For every code change to any website or Jarvis: commit to GitHub first, then deploy to the live server. Never make changes directly without a git commit.
**Why:** User explicitly requested this as a standing workflow on 2026-05-22.
**How to apply:** After editing any file:
1. `git add -A && git commit -m "description"` in the site root
2. `git push origin main`
3. Then SCP/SSH the changed files to the live server (or git pull if pull-based deploy is set up)
## Repo Map
| Site / Project | Server | Path | GitHub Repo |
|---|---|---|---|
| tomsjavajive.com | 165.22.1.228 | /home/tomsjavajive.com/public_html | myronblair/tomsjavajive |
| epictravelexpeditions.com | 165.22.1.228 | /home/epictravelexpeditions.com/public_html | myronblair/epictravelexpeditions |
| orbishosting.com | 165.22.1.228 | /home/orbishosting.com/public_html | myronblair/orbishosting |
| orbis.orbishosting.com | 165.22.1.228 | /home/orbis.orbishosting.com/public_html | myronblair/orbis-hosting-portal |
| parkerslingshotrentals.com | 165.22.1.228 | /home/parkerslingshotrentals.com/public_html | myronblair/parkerslingshotrentals |
| tomtomgames.com | 165.22.1.228 | /home/tomtomgames.com/public_html | myronblair/tomtomgames |
| JARVIS | 10.48.200.84 | /var/www/jarvis.orbishosting.com | myronblair/jarvis |
## Gitignored Credentials (never in GitHub)
- tomsjavajive: `config/database.php`
- epictravelexpeditions: `api/config.php`
- jarvis: `api/config.php`
## Git on Servers
- DO server (165.22.1.228): SSH as root, git runs as root, safe.directory set for all /home/*/public_html paths
- Jarvis (10.48.200.84): SSH as myron, git requires `sudo` + explicit GIT_DIR/GIT_WORK_TREE env vars
## PAT
- **Token:** `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`
- Embedded in all remote URLs on both servers (DO + Jarvis)
- Expires ~90 days from 2026-05-22 (around 2026-08-20)
- Rotate via: `git remote set-url origin https://myronblair:NEW_TOKEN@github.com/myronblair/REPO.git`
+17
View File
@@ -0,0 +1,17 @@
---
name: feedback-mysql-collation
description: Always use utf8mb4_unicode_ci for new tables — mixing collations breaks JOINs with MySQL error 1267
metadata:
type: feedback
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
---
All new tables in these MySQL databases must use `utf8mb4_unicode_ci` collation. Never use `utf8mb4_general_ci` or leave it at the server default without checking.
**Why:** Mixing `utf8mb4_general_ci` and `utf8mb4_unicode_ci` in a JOIN causes MySQL error 1267: "Illegal mix of collations." This silently broke wishlist.php and reviews.php on tomsjavajive.com — pages returned 500 with no visible error until a diagnostic script revealed the PDO exception. Fixed by running `ALTER TABLE x CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci` on the mismatched tables.
**How to apply:**
- When writing `CREATE TABLE`, always include `COLLATE utf8mb4_unicode_ci`
- When checking an existing table: `SHOW CREATE TABLE tablename\G` — look at the COLLATE line
- Fix a bad table: `ALTER TABLE tablename CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci`
- Affected tables on tomsjavajive.com that were wrong (now fixed): wishlist, loyalty_transactions, loyalty_tiers, product_types, loyalty_settings
+34
View File
@@ -0,0 +1,34 @@
---
name: feedback-php-ob-export
description: PHP file export/AJAX handlers that run after ob_start()+header.php must call ob_end_clean() before sending headers
metadata:
type: feedback
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
---
When a PHP admin page uses the pattern `ob_start()` + `require_once header.php` at the top, any handler that sends a non-HTML response (CSV download, JSON AJAX, redirect) must call `ob_end_clean()` before setting Content-Type headers and outputting content.
**Why:** `ob_start()` buffers everything. `require_once header.php` fills the buffer with a full HTML page before any request-type checks run. Without `ob_end_clean()`, the browser receives the full HTML page *followed by* the CSV/JSON body — the export appears to download the entire rendered page instead of the file.
**How to apply:** Any time I add a file export or AJAX handler to an admin page that uses this pattern:
```php
// ✅ correct
if (isset($_GET['export'])) {
ob_end_clean(); // discard buffered HTML from header.php
header('Content-Type: text/csv; charset=UTF-8');
header('Content-Disposition: attachment; filename="export.csv"');
// ... output CSV ...
exit;
}
// ✅ correct for AJAX
if ($action === 'inline_edit') {
ob_end_clean();
header('Content-Type: application/json');
echo json_encode(['ok' => true]);
exit;
}
```
First discovered and fixed in `admin/import-export.php` on tomsjavajive.com (2026-05-22).
+21
View File
@@ -0,0 +1,21 @@
---
name: feedback-ssh-passwords
description: SSH password rotation order for home lab servers; escalation path from myron to root
metadata:
node_type: memory
type: feedback
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
---
Try passwords in this order when SSH password auth is needed for home lab hosts:
1. `Joker1974!@#`
2. `Joker1974!!!`
3. `Joker1974!`
Root login is allowed on Proxmox hosts (PVE1 10.48.200.90, PVE2 10.48.200.91) directly.
On some VMs, login as `myron / Joker1974!!!` then `sudo su` or `sudo -i` to escalate to root.
**Why:** User confirmed these are the rotating passwords used across the home lab.
**How to apply:** Before trying key auth failures or giving up on SSH, cycle through these three variants. [[project-jarvis]]
+62
View File
@@ -0,0 +1,62 @@
---
name: feedback-yealink-api
description: "Yealink T48S web API quirks — RSA/AES login, token-gated writes, correct page/field names for SIP account config"
metadata:
node_type: memory
type: feedback
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
---
Yealink T48S web API (firmware 66.86.0.15) — complete working flow:
## Login (PKCS1v15 + AES-CBC hybrid)
1. GET `/servlet?m=mod_listener&p=login&q=loginForm` — fetch RSA public key (`g_rsa_n`, `g_rsa_e`) and initial `JSESSIONID` cookie
2. Generate random 16-byte AES key + IV; encrypt plaintext `{rand};{JSESSIONID};{password}` with AES-128-CBC zero-padding (NOT PKCS7), base64 result → `pwd`
3. RSA-encrypt AES key hex string and IV hex string separately with PKCS1v15 → `rsakey`, `rsaiv`
- **Critical**: encrypt the ASCII hex string (e.g. `"a1b2c3..."`) not raw bytes — Yealink's `pkcs1pad2` uses `charCodeAt` per character
- **Critical**: AES key/IV hex must be **lowercase**
4. POST `username=admin&pwd=<b64>&rsakey=<hex>&rsaiv=<hex>` to `/servlet?m=mod_listener&p=login&q=login` with `JSESSIONID` cookie
5. Returns `{"authstatus":"done"}` on success; cookie jar updates with new JSESSIONID
**Lockout**: 3 failed attempts → ~10 min lockout (polling the login page also resets the timer — stop ALL requests to the phone during lockout)
## SIP Account Config (account-register page)
- **Page**: `account-register` (NOT `account-basic` — that page only has anonymous-call advanced fields)
- **Load**: GET `/servlet?m=mod_data&p=account-register&q=load`
- **Write**: POST `/servlet?m=mod_data&p=account-register&q=write&token=<g_strToken>`
- Token is **required** — without it returns 403; with it returns 200 + empty `_RES_INFO_` div (that empty response IS success)
- Token comes from `g_strToken` variable in the loaded page HTML
**Correct field names** for SIP account 1:
| Field | Value |
|-------|-------|
| `var_accountID` | `0` (0-indexed) |
| `AccountEnable` | `1` |
| `AccountLabel` | display label |
| `AccountDisplayName` | caller ID name |
| `AccountRegisterName` | SIP auth username (e.g. `1000`) |
| `AccountUserName` | SIP username (e.g. `1000`) |
| `server1` | SIP server IP (e.g. `134.209.72.226`) |
| `port1` | SIP port (e.g. `5080`) |
| `Transport1` | `0` = UDP |
| `Expires1` | registration expiry seconds |
| `AccountPassword` | AES-encrypted password (same AES key/IV as login) |
**Password encryption for writes**: Same AES-CBC approach as login — encrypt plaintext password bytes with zero-padding, base64 result → `AccountPassword`. Send same `rsakey` + `rsaiv` alongside.
## Autoprovision Trigger
GET `/servlet?m=mod_data&p=settings-autop&q=autopnow&token=<g_strToken>` → returns `{"ret":"ok","data":"3"}` on success
## Reboot
POST `/servlet?m=mod_data&p=settings-upgrade&q=write&type=reboot`
## SIP Registration Status
Load page contains JS: `ccStatus = g_json.ParseJSON(...)` with JSON like `{"Account1":"1000@134.209.72.226:2"}` — status codes: `0`=disabled, `1`=registered, `2`=registering, `3`=failed
**Why:** All this was reverse-engineered from Yealink's `commonjs.js` (`pkcs1pad2` function) across multiple sessions after many failed approaches (textbook RSA, wrong plaintext format, wrong field names, missing token).
**How to apply:** Use this as the reference any time we script Yealink T48S configuration via its web API. Scripts are saved at `/tmp/yfix_server.py` and `/tmp/ydiag_write.py` (on PVE1) as working examples.
@@ -0,0 +1,59 @@
---
name: feedback-yealink-provisioning
description: Yealink T48S + FusionPBX provisioning — complete root causes and fixes for BLF buttons not showing
metadata:
node_type: memory
type: feedback
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
---
**THE ROOT CAUSE OF BLF BUTTONS NOT SHOWING (confirmed fix 2026-05-29):**
Yealink phones ignore DSS key settings in `.boot` files — they only apply them from `.cfg` files. FusionPBX's nginx rewrite for `{mac}.boot` stripped the `file=` param, so the phone received the full 122KB config as a `.boot` file and silently ignored all linekey settings.
**Fix:** Two-part:
1. Create `{$mac}.boot` template in `/var/www/fusionpbx/resources/templates/provision/yealink/t48s/` containing:
```
#!version:1.0.0.1
include:config "y000000000065.cfg"
include:config "{$mac}.cfg"
overwrite_mode = 1
```
2. Change nginx rewrite in `/etc/nginx/sites-enabled/fusionpbx`:
- OLD: `rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.boot)$" /app/provision/index.php?mac=$1;`
- NEW: `rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.boot)$" /app/provision/index.php?mac=$1&file=%7b%24mac%7d.boot;`
This makes `{mac}.boot` return a 164-byte boot file with includes. Phone then fetches `{mac}.cfg` as a `.cfg` file, applies ALL settings including DSS/BLF keys.
**After provisioning on firmware 66.86.0.15:** Phone requires a physical power cycle to register and show BLF buttons. `Update Now` downloads the config but doesn't auto-reboot on this firmware.
---
**Other critical lessons:**
**1. overwrite_mode = 1 is required** — default is 0, phone ignores all config changes after first provision.
- Set in `{$mac}.boot` template (and all `y000000000000.boot` templates)
**2. Factory reset clears the provisioning URL** — must re-enter manually:
- Menu > Settings > Advanced (password: admin) > Auto Provision
- Server URL: `https://fusion.orbishosting.com/app/provision/`
- Username: `provision-master`, Password: `Joker1974!!!`
- Then: Update Now → power cycle
**3. BLF type = 16 in FusionPBX** (confirmed). NOT type=2 (Speed Dial), NOT type=3.
- FusionPBX template uses type=16 for BLF (requires `pickup_value` field)
- `{if type == "1" || type == "16"}` → pickup_value in `{$mac}.cfg` template confirms this
**4. features.auto_linekeys.enable = 0** in `y000000000065.cfg` template — prevents phone firmware from auto-assigning SIP account over BLF keys.
**5. External sofia profile: manage-presence = passive** (not true).
- Internal profile: manage-presence = true (already correct in FusionPBX default)
- External profile must be passive so BLF SUBSCRIBEs from phones on port 5080 delegate to internal
- Fix: UPDATE v_sip_profile_settings SET value='passive' WHERE profile=external AND name='manage-presence'
- Then delete `/var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` and reload sofia
**6. git safe.directory for www-data** — Fix: `git config --system --add safe.directory /var/www/fusionpbx`
**7. After manual provision (Update Now):** phone may not register until power cycled, especially firmware 66.86.0.15.
**How to apply:** When BLF buttons don't appear despite config downloading correctly, check: (1) is {mac}.boot returning 164 bytes or 122KB? (2) is external sofia profile passive? (3) did the phone power cycle after provisioning?
+18
View File
@@ -0,0 +1,18 @@
---
name: project-claude-vm
description: Claude Code runs on PVE1 VM 107 (Claude-DHCP) at 10.48.200.29 — the local environment for all Claude Code sessions
metadata:
node_type: memory
type: project
originSessionId: 16664adb-5228-4a2a-bffb-7e783ad13af1
---
Claude Code sessions run inside **PVE1 VM 107** named "Claude-DHCP".
- **IP**: 10.48.200.29 (DHCP — may change on reboot)
- **Hostname**: claude
- **Hypervisor**: PVE1 (10.48.200.90 / orbisne.fortiddns.com)
- **No JARVIS agent installed** on this VM
**Why:** This explains why SSH to local IPs works directly, and why the working directory is /home/myron on a Linux VM rather than a remote machine.
**How to apply:** When commands run "locally," they run inside this VM on the 10.48.200.0/24 LAN. Direct SSH to other LAN machines works without relaying through DO.
+47
View File
@@ -0,0 +1,47 @@
---
name: do-server-backup
description: "DO server (165.22.1.228) config backup to GitHub — weekly cron, restore wizard, full rebuild guide"
metadata:
node_type: memory
type: project
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
---
GitHub repo `myronblair/do-server-config` (private) — all scripts, systemd units, WireGuard, OLS vhosts, cron, MySQL creds.
**Why:** So the DO server (orbis) can be fully rebuilt after a droplet failure in ~90 minutes.
## What's Backed Up
- `scripts/` — jarvis-deploy.sh, jarvis-watchdog.sh, jarvis-backup.sh, jarvis-agent.py, ttg-backup.sh
- `systemd/` — jarvis-agent.service, fastapi_ssh_server.service
- `wireguard/` — wg0.conf (includes private keys — private repo)
- `network/` — netplan 50-cloud-init.yaml, hosts, hostname
- `cron/` — root_custom (JARVIS lines), root_full (everything)
- `ols-vhosts/` — all 8 site OLS vhost configs
- `mysql/` — /root/.my.cnf, database list
- `infra/` — snapshot of /opt/infra/
- `smtp-docs/` — /opt/smtp-for-websites/ docs
## Schedule
Weekly Sunday 4am: `0 4 * * 0 /usr/local/bin/do-server-backup >> /var/log/do-server-backup.log 2>&1`
## Manual trigger
`/usr/local/bin/do-server-backup` on DO server
## What's NOT backed up
- Website files (all in GitHub repos)
- Databases (jarvis-backup.sh daily → /var/backups/jarvis/, 7-day retention)
- SSL certs (re-issue via CyberPanel)
- Gitignored configs (api/config.php files — recreate manually from examples)
- CyberPanel itself (reinstall script: sh <(curl https://cyberpanel.net/install.sh))
## Restore flow
1. New Ubuntu 24.04 droplet
2. `apt install git && git clone https://<PAT>@github.com/myronblair/do-server-config.git /opt/do-server-config`
3. `bash /opt/do-server-config/restore.sh` (8-phase interactive wizard)
4. Install CyberPanel, create sites, pull GitHub repos
5. Restore DBs from jarvis-backup.sh archive
6. Recreate gitignored config files
## MySQL root password
Z9Of4NVs6ji74x (also in mysql/my.cnf in repo)
+103
View File
@@ -0,0 +1,103 @@
---
name: fusionpbx-freeswitch-setup
description: FusionPBX on DO 134.209.72.226; Yealink T48S ext 1000/1001/1002; SignalWire SIP trunk; inbound routing; provisioning
metadata:
node_type: memory
type: project
originSessionId: 84bfb029-16a6-4be4-aca0-308e896c1219
---
FusionPBX (FreeSWITCH) PBX on DigitalOcean 134.209.72.226.
**SSH:** root / Joker1974!@# (must proxy via 165.22.1.228 — direct SSH blocked)
**FusionPBX web:** https://fusion.orbishosting.com (admin / fY7XP5swgtpbzrYLhkeVYkA4744)
**DB:** fusionpbx user / pSJaF9mUJqPr4Sj5mwJyRqvCCpc, host 127.0.0.1
**Domain:** `134.209.72.226` (uuid: de6d867b-54d2-43f4-b1ed-8fd66803acac) — all devices under this domain
## SIP Profile
Only `external` profile running (port 5080, UDP+TCP). No internal profile.
Phones register on external profile — non-standard but working.
Key settings (2026-06-02):
- `auth-calls = true`
- `apply-inbound-acl = providers`
- `proxy-media = true` (fixes NAT audio issues)
- `aggressive-nat-detection = true`, `NDLB-force-rport = true`
- `minimum-session-expires = 300`
**Warning:** Every `sofia profile external restart` drops all phone registrations. Prefer `reloadxml` + `reloadacl` where possible.
## Extensions
- 1000: Myron Blair — Yealink T48S at 10.48.200.2, MAC 80:5e:c0:35:04:77, password `Xk9mPw3nQv7rLs2t`
- 1001: Tommy Ivy — Yealink T48S at 10.48.200.43, password `Tv8xNm4pWq6rZs3k`
- 1002: Home — Yealink AX86R at 10.48.200.65, password `yXHaJTwa8rj?$GkrVFQB`
**1001 short registration:** Registers with ~120s expiry. Causes brief unavailability during re-reg. Fix properly by setting registration expiry to 3600s on the phone itself.
## Phones NAT
All phones come from FortiGate NAT IP **97.247.128.120** (updated 2026-06-17, was 97.154.109.245). This IP is in the `providers` ACL — required for both inbound call routing AND outbound calls from phones.
## providers ACL (v_access_controls uuid: 47da18a2-6085-4740-a316-6d1bce8240b5)
Contains: all SignalWire IP ranges (172.110.216.0/21 + individual IPs) + 97.247.128.120 (FortiGate/phones).
## SignalWire Gateway
- FusionPBX gateway name: `signalwire`, profile: `external`
- Username: `fusion@orbis-hosting-0364f5f67488.sip.signalwire.com`
- `register = false` (IP-based auth), state NOREG / status UP = correct
**CRITICAL — transport=udp required:**
SignalWire SIP Gateway External URI MUST be:
`sip:18177645007@134.209.72.226:5080;transport=udp`
Without `;transport=udp`, SignalWire uses TCP from 152.42.144.114 / 159.65.244.171 which FreeSWITCH silently drops (no log entry, no response). Only UDP from 172.110.223.179 works. 20/22 calls failed before this fix.
## Inbound Call Routing (DID: +18177645007)
SignalWire sends caller's number as Request-URI destination (not the DID) even with SIP Gateway configured. Single-mode Lua handler can't match this to v_destinations → falls to not-found.
**Fix:** Global catch-all dialplan:
- Name: `signalwire-inbound`, context: `public`, order: 100, domain_uuid: NULL
- Expression: `^.*$``transfer 900 XML 134.209.72.226`
- If deleted, calls fall through to not-found (404)
Public dialplan order:
1. caller-details (10, global, continue=true)
2. signalwire-inbound (100, global) → IVR 900
3. 18177645007 (100, domain-specific, expression ^(.*)$) → linked via v_destinations
4. not-found (999, global)
## IVR
- Extension 900: active IVR, greeting: `ivr_menu_16k.wav`
- Extension 800: old FIFO queue (disabled)
- IVR dialplan in domain context 134.209.72.226, name "IVR", matches `^900$`
## Yealink Provisioning
URL: `https://fusion.orbishosting.com/app/provision/`
Boot file: `{mac}.boot`, model cfg: `y000000000065.cfg`, device cfg: `{mac}.cfg`
Yealink web login uses textbook RSA (no padding): encrypt password with g_rsa_n/g_rsa_e from login page using `pow(m,e,n)`.
**Web lockout:** Multiple failed logins lock the web UI for several minutes.
Provision trigger: `GET /servlet?p=autoprovision-cfg&q=autoprovision`
Reboot API: `POST /servlet?p=reboot&q=reboot` (empty body)
**2026-06-02 issue:** `yealink_firmware_t48s = t48s-66.81.0.110.rom` in v_default_settings caused phone to get stuck downloading non-existent firmware. Fixed by disabling that setting (enabled=false). Phone 1000 (10.48.200.2) had its config reset during this process.
**Ext 1000 recovery:** If 1000 not registering — go to phone screen: Menu → Settings → Advanced → admin → Accounts → Account 1:
server `134.209.72.226`, port `5080`, auth/user `1000`, password `Xk9mPw3nQv7rLs2t`
## Key Commands
```bash
# Reload ACL without restart
fs_cli -x "reloadacl"
# Reload dialplan/XML config
fs_cli -x "reloadxml"
# Restart external profile (drops registrations — avoid)
fs_cli -x "sofia profile external restart"
# Check registrations
fs_cli -x "sofia status profile external reg"
# Check gateway
fs_cli -x "sofia xmlstatus gateway"
# Clear dialplan cache
rm -f /var/cache/fusionpbx/dialplan.public.*
# Clear sofia profile cache
rm -f /var/cache/fusionpbx/fusion.configuration.sofia.conf
```
## fail2ban Whitelist
- 107.178.2.130 (office), 97.247.128.120 (home WAN — updated 2026-06-17, was 97.154.109.245)
- sip-auth-ip iptables chain — can get the FortiGate IP blocked; check with `iptables -L sip-auth-ip -n`
+98
View File
@@ -0,0 +1,98 @@
---
name: fusionpbx-backup
description: "FusionPBX (134.209.72.226) config backup to GitHub — weekly cron, restore wizard, PostgreSQL dump, full rebuild guide"
metadata:
node_type: memory
type: project
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
---
GitHub repo `myronblair/fusionpbx-config` (private) — PostgreSQL DB dump + FreeSWITCH configs + full rebuild guide.
**Why:** FusionPBX stores ALL config in PostgreSQL — extensions, dialplans, SIP gateways, IVR, ring groups, devices, voicemail, users. The DB dump IS the backup.
**How to apply:** Reference when discussing FusionPBX DR, the backup cron, or if the server needs to be rebuilt. See [[fusionpbx-freeswitch-setup]] for full FusionPBX operational config.
## SSH Access (critical — port 22 firewalled from internet)
Only accessible from: 107.178.2.130 (FortiGate home) and 97.154.109.245 (FortiGate secondary).
**From anywhere else, relay through DO:**
```bash
sshpass -p 'Gonewalk1974!@#' ssh -o StrictHostKeyChecking=no root@165.22.1.228 \
'sshpass -p "Joker1974!@#" ssh -o StrictHostKeyChecking=no root@134.209.72.226 "command"'
```
## Repo Structure
- `database/fusionpbx.sql.gz` — Full PostgreSQL dump (gzip compressed; 306MB raw → ~29MB)
- `database/postgres_globals.sql` — PostgreSQL roles/passwords
- `freeswitch/` — vars.xml, freeswitch.xml, extensions.conf, sip_profiles/, autoload_configs/
- `fusionpbx-app/config.php` — DB credentials for FusionPBX web app
- `nginx/fusionpbx.conf` — nginx config (includes provisioning URL rewrites)
- `fail2ban/` — jail.local (trusted IPs: 107.178.2.130, 97.154.109.245)
- `network/` — netplan 50-cloud-init.yaml, hosts, hostname
- `systemd/` — 9 FusionPBX service units (active_calls, email_queue, event_guard, etc.)
- `ssh/authorized_keys`
- `recordings/` — call recordings (~4KB currently)
## Schedule
Weekly Sunday 5am: `0 5 * * 0 /usr/local/bin/fusionpbx-backup >> /var/log/fusionpbx-backup.log 2>&1`
## Manual trigger
`/usr/local/bin/fusionpbx-backup` on the fusion server (or via DO relay)
## What's NOT backed up
- SSL certs — re-issue: `certbot --nginx -d fusion.orbishosting.com`
- FusionPBX web app `/var/www/fusionpbx/` — reinstalled by official installer
- FreeSWITCH binary — installed by FusionPBX installer
- Voicemail audio files — small, not critical
## Full Rebuild Flow (3045 min)
### 1. New Debian 12 droplet
Create fresh DO droplet, same region. SSH in (relay via DO if needed).
### 2. Clone repo and run restore
```bash
apt update && apt install -y git
git clone https://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@github.com/myronblair/fusionpbx-config.git /opt/fusionpbx-config
bash /opt/fusionpbx-config/restore.sh
```
### 3. Restore script phases (interactive)
1. SSH authorized_keys + hostname
2. Run FusionPBX official installer (separate terminal, ~10-15 min):
`wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/install.sh | bash`
→ When asked for domain: `fusion.orbishosting.com`
3. **Critical: PostgreSQL restore** — stops all services, drops+recreates DB, restores from `.sql.gz`
4. FreeSWITCH config files
5. FusionPBX app config.php (DB credentials)
6. nginx config
7. fail2ban
8. Recordings
9. Backup script + cron
10. SSL (manual: `certbot --nginx -d fusion.orbishosting.com`)
### 4. Post-restore checks
- Update fail2ban trusted IPs if FortiGate IP changed
- Update Yealink provisioning URL if server IP changed (was 134.209.72.226)
- Verify SignalWire trunk: FusionPBX → Accounts → Gateways
- Delete Sofia XML cache: `rm /var/cache/fusionpbx/FusionPBX.configuration.sofia.conf`
- Test ext 1000 (Myron Yealink T48S at 10.48.200.43)
- Test ext 1001 (Tommy)
- Test IVR 900
## Key Credentials
| Item | Value |
|------|-------|
| FusionPBX web | https://fusion.orbishosting.com (admin / fY7XP5swgtpbzrYLhkeVYkA4744) |
| Root SSH | root / Joker1974!@# |
| PostgreSQL | fusionpbx database, user fusionpbx |
| Relay DO server | root@165.22.1.228 / Gonewalk1974!@# |
## Architecture Notes
- FusionPBX uses Lua XML handler — FreeSWITCH queries PostgreSQL via PHP/Lua for all routing. Static XML config in `/etc/freeswitch/` is mostly skeleton.
- SignalWire SIP trunk uses `transport=udp` — TCP caused re-INVITE issues (gateway External URI must end in `;transport=udp`)
- Ext 1000 (Yealink T48S) registers from behind FortiGate on port 5080 with `aggressive-nat-detection=true`
- FusionPBX cache at `/var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` — delete to force full Sofia reload
## PostgreSQL Dump Size Note
306MB uncompressed, 29MB gzipped. Exceeds GitHub's 100MB limit uncompressed. Must use gzip (`pg_dump | gzip > fusionpbx.sql.gz`). Restore.sh handles both `.sql.gz` (zcat) and plain `.sql` formats.
+45
View File
@@ -0,0 +1,45 @@
---
name: project-infra-todo
description: Infrastructure TODO list — outstanding issues and fixes needed across homelab
metadata:
node_type: memory
type: project
originSessionId: b1e93a6a-f101-4ea4-aafb-9cb7e2958821
---
# Infrastructure TODO
Last updated: 2026-06-24
---
## 🔴 OPEN
- [x] **CT110 WireGuard filesystem read-only** — fsck run, filesystem clean and rw. wg-clients.conf updated with new MediaStack pubkey. 2026-06-24.
- [x] **CT110 wg-clients auto-start** — added `/etc/local.d/wg-clients.start` (OpenRC local service). wg-clients comes up on boot. 2026-06-24.
- [x] **MediaStack QEMU guest agent** — installed and running, `qm guest exec 103` verified working 2026-06-24.
- [x] **Tailscale re-auth on PVE1** — completed 2026-06-24.
- [x] **NovaCPX stale ARP fix permanence** — static ARP for 10.48.200.201 (bc:24:11:67:1d:47) set as PERMANENT via systemd `static-arp.service` on NovaCPX, enabled on boot 2026-06-24.
- [x] **web.orbishosting.com — Ollama link** — verified working 2026-06-24.
- [x] **MediaStack backup to new storage** — VM 103 disk now on GoFlex storage. Backup job runs nightly at 21:00 to SynologyProx and backs up VM regardless of disk location. Verified 2026-06-24.
---
## ✅ COMPLETED (2026-06-24 session)
- [x] MediaStack VM 103 restored from 2026-06-23 backup (I/O errors on Synology disk)
- [x] MediaStack disk moved off Synology to new storage
- [x] WireGuard kill-switch rebuilt on MediaStack — new keypair, CT110 peer updated, hardcoded fwmark, LAN exception correct
- [x] WireGuard tunnel verified — exits via DO (165.22.1.228), handshake active
- [x] Ollama listening on 0.0.0.0:11434 (was 127.0.0.1 only) — added systemd override
- [x] CT110 LAN IP corrected to 10.48.200.67 (was wrongly documented as 10.48.200.19)
- [x] NovaCPX 502s fixed — flushed stale ARP on NovaCPX for NPM's IP
- [x] web.orbishosting.com WireGuard CT link updated to 10.48.200.67
- [x] JARVIS admin URL updated to https://jarvis.orbishosting.com/admin/ everywhere
- [x] web.orbishosting.com — Downloads card added (INFRASTRUCTURE-REFERENCE.md, syncs daily from JARVIS)
+167
View File
@@ -0,0 +1,167 @@
---
name: project-jarvis
description: "JARVIS AI Iron Man HUD — DigitalOcean 165.22.1.228; full admin portal at /admin; network auto-scan via PVE1; GitHub: myronblair/jarvis"
metadata:
node_type: memory
type: project
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
---
JARVIS is hosted on **PVE1 VM 211** (10.48.200.211), migrated from DO 2026-06-18. URL: https://jarvis.orbishosting.com (via NPM → VM 211). Admin: https://jarvis.orbishosting.com/admin/
**How to apply:** Files at `/var/www/jarvis/` on VM 211. SSH: `sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.211`
## Credentials
- Login: myron / Joker1974!!!
- DB: jarvis_db / jarvis_user / J4rv1s_Pr0t0c0l_2026!
- MySQL root: b71e5c1a8c7457541b9c1db822de37adfa271926a38b6c20
- phpMyAdmin: /phpmyadmin (myron / Joker1974!!!)
- HA token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjZmQyMTYxNzdkZGY0MGQ5YjlkNjFhMTFiZmViZTNhNCIsImlhdCI6MTc3OTI0MTI2MywiZXhwIjoyMDk0NjAxMjYzfQ.wD3yYiCHh6iEuH1mZckg4dgr3zOJHLmlMj_N0OyzdR4
- Agent registration key: f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518
- Proxmox API token: root@pam!jarvis=c45b5feb-f9a9-445d-a626-14fbb959f78b
## Network Map (verified 2026-06-17)
### PVE1 VMs (10.48.200.90, orbisne.fortiddns.com)
| VMID | Name | IP | Agent ID | Status |
|------|------|----|----------|--------|
| 100 | SynchroNet-50 | 10.48.200.50 | none | running |
| 101 | HomeAssistant-97 | 10.48.200.97 | homeassistant_ha | online |
| 102 | UmbrelOS | DHCP | none | running |
| 104 | Windows10-DHCP | DHCP | none | running |
| 105 | Frigate | DHCP | none | running — **not in use, no integration planned** |
| 112 | Jellyfin-33 | 10.48.200.33 | jellyfin_7e386833 | online (fixed 2026-06-17) |
| 103 | MediaStack-35 | 10.48.200.35 | MediaStack_2c00b1b8 | online (was VM113 pre-2026-06-22 restore) |
| 118 | HomeBridge-26 | 10.48.200.18 | homebridge_b57cbaea | online (fixed 2026-06-17) |
| 120 | NovaCPX-110 | 10.48.200.110 | novacpx_e3b07264 | online |
### PVE2 VMs (10.48.200.91)
| VMID | Name | IP | Agent ID | Status |
|------|------|----|----------|--------|
| 302 | NetworkBackup-99 | 10.48.200.99 | networkbackup_NetworkB | online |
### Other Agents
- **JARVIS DO**: 165.22.1.228 (agent: jarvis-do_orbis) — online
- **PVE1**: 10.48.200.90 (agent: claude_pve) — online
- **PVE2**: 10.48.200.91 (agent: pve2_pve2) — online
- **FortiGate**: 10.48.200.1 (agent: fortigate_gw) — online
- **WireGuard CT**: (agent: wireguard_360460f7, no LAN IP) — online
- **Yealink T48S**: 10.48.200.43 (agent: yealink_t48s) — online
- **mini_it12**: 10.48.200.87 (agent: mini_it12_windows, Windows) — offline since 2026-06-12
### Gone / No Longer Exist
- Ollama VM 210 — was listed as deleted but IS running at 10.48.200.210 as VM 106 (was VM210 pre-restore). OLLAMA_HOST=0.0.0.0:11434 fixed 2026-06-24.
- alien-pc_windows — not registered (Dell devices at .66/.67 exist on network but no agent)
### Agent Config Note
Agents with old `server_url` config key crash on startup — must use `jarvis_url`. Fixed on homebridge and jellyfin 2026-06-17. If any other agent starts failing, copy config to /etc/jarvis-agent/config.json with `jarvis_url` key.
## Agent System
- Push-based: heartbeat 10s, metrics 30s
- agent.php uses CF-Connecting-IP header for real client IP (Cloudflare-aware)
- Platform detection: windows/mac/linux/tablet — tablet shows view-only message
- Subnet fallback match: if exact IP miss, matches same /24
- Shell commands supported with `{"allowed": true}` in command_data
- Installer: `curl -sk https://jarvis.orbishosting.com/install-agent.sh | bash -s <hostname> <linux|proxmox>`
- For VMs needing sudo: `echo "Joker1974!" | sudo -S bash /tmp/install.sh <hostname> linux`
### Agent Versions (as of 2026-06-12)
- **Linux v3.1**: adds version to registration payload, fixes self_update cfg scope bug in execute_command
- **Windows v3.0**: real self-update (was stub), screenshot (PIL+PS fallback), sysinfo, re-registers on startup
- **macOS v3.0**: new agent — CPU via `top -l 2`, mem via `sysctl`+`vm_stat`, screenshot via `screencapture -x`
- Config location (mac): `~/.jarvis-agent/config.json` | agent_type: "macos" | agent_id: "{HOSTNAME}_mac"
- **Old agents with `cfg` scope bug**: shell and update commands fail with `name 'cfg' is not defined` — auto-updates within 24h via periodic check in main() where cfg IS in scope
- registered_agents table has `version VARCHAR(20)` column and 'macos' in agent_type ENUM
### Workers Admin Tab (added 2026-06-12)
- VERSION column shows current vs latest version with color coding (green=current, red=outdated, yellow=unknown)
- Update button: cyan "⬆ UPDATE" if outdated, dim "↻ UPDATE" if current
- `agentUpdateFlow()`: popup modal, polls workers_list every 4s up to 90s, updates version cell in-place on completion
## Network Scanning
- PVE1 cron: `*/3 * * * * /usr/local/bin/jarvis-netscan.sh` — nmap 10.48.200.0/24, pushes to `/api/netscan`
- netscan.php authenticated via X-Registration-Key header
- network.php includes netscan-discovered devices (online, last 15 min) in network panel
- RUN NETWORK SCAN button: queues shell command to PVE1 agent, auto-refreshes panel after 45s
- DO cannot SSH to PVE1 local IP — must use orbisne.fortiddns.com or agent commands
- Site monitoring updated 2026-06-09: parkerslingshot key now points to parkerslingshotrentals.com (was parkerslingshot.epictravelexpeditions.com) in facts_collector.php, alerts.php, do_server.php
## Admin Portal (/admin)
- URL: https://jarvis.orbishosting.com/admin — same login as JARVIS
- Tabs: Dashboard, Agents, Network, Alerts, KB Facts, KB Intents, Home Assistant, News, Proxmox VMs, Sites, Users, **Tasks, Appointments**
- Network tab: shows ALL discovered devices (not just named), filter online/offline/named, Scan Now queues PVE1 command
- HA tab: reads from ha_entities table (real-time); toggle calls DO→HA directly (HA_URL = orbisne.fortiddns.com:8123)
- News tab: custom pinned news stored in kb_facts (category='custom_news'), merged into main news feed
- Proxmox VMs tab: uses cluster API (both PVE1+PVE2), shows CPU/RAM/disk/uptime/network per VM
- Tasks tab: full CRUD (add/edit/mark done/delete), filter by status/category
- Appointments tab: full CRUD, upcoming 90 days view
## Proxmox API
- Accessible via orbisne.fortiddns.com:8006 (FortiGate forwards port 8006)
- stats_cache.php uses cluster/resources API to get ALL VMs from both nodes
- PVE2 VMs only accessible via cluster API (no direct external port forward for PVE2)
## Key Files (on DO at /home/jarvis.orbishosting.com/)
- public_html/index.html — Iron Man HUD UI
- public_html/admin/index.php — Admin portal (single-file PHP+JS)
- public_html/api.php — API router
- api/config.php — all config constants
- api/endpoints/agent.php — agent registration/heartbeat/metrics/commands
- api/endpoints/chat.php — 4-tier chat: KB intent → action intents → Ollama → Groq → Claude
- api/endpoints/network.php — network device list (agents + named + netscan)
- api/endpoints/netscan.php — push endpoint for PVE1 nmap results
- api/endpoints/stats_cache.php — every 5min: Proxmox (cluster API), HA, weather, news
- api/endpoints/facts_collector.php — every 3min: system stats, site health, HA facts
- api/endpoints/do_server.php — reads /proc directly (no SSH loopback)
## DB Schema Notes
- `agent_metrics` columns: id, agent_id, metric_type, metric_data (JSON longtext), recorded_at
- metric_type='system'; CPU/RAM/disk live inside metric_data JSON
- Extract with: JSON_EXTRACT(metric_data,'$.cpu_percent'), JSON_EXTRACT(metric_data,'$.memory.percent')
- NO cpu_pct/mem_pct/disk_pct columns — always use JSON_EXTRACT
## Chat Architecture
- Tier 1b: Action intents (network_scan → returns real DB data + queues PVE1 netscan)
- network_scan intent: action type, returns real device count, never fabricates
- Groq model: compound-beta-mini (NOT groq/compound-beta-mini)
## Planner System (added 2026-05-31)
- Tables: `tasks` (title, notes, category ENUM personal/work/todo, priority ENUM low/normal/high/urgent, status ENUM pending/in_progress/done/cancelled, due_date, due_time, completed_at) and `appointments` (title, description, category, start_at, end_at, location, all_day, reminder_min, alerted)
- API endpoint: `/api/planner/{tasks|appointments|today|done}` (GET=list, POST=save, DELETE=delete)
- Voice intents in chat.php Tier 0.7: "add task X", "my tasks", "mark X done", "schedule X on date", "my calendar", "daily briefing"
- Home page: small top-bar badge shows "N TASKS · N APPTS" when items due today; no new panels
## Voice System (updated 2026-05-31)
- Continuous SpeechRecognition — mic always open, button is mute toggle (🎤 sleep / 🟢 listen / 🔇 mute)
- Wake phrase (phase 1): "wake up JARVIS" or "daddy's home" → activates; JARVIS responds once
- Command trigger (phase 2): "JARVIS [command]" executes; opens 17-second free-listen window for follow-ups
- After 30 min no commands → voice sleeps; after 5 min idle → page reloads silently (no greeting)
- Mic paused during ElevenLabs TTS via recognition.abort() + isSpeaking flag; resumes 300ms after audio ends
- ElevenLabs: voice ID JBFqnCBsd6RMkjVDRZzb (George), model eleven_turbo_v2_5, key in config.php
## Arc Reactor AI Routing (updated 2026-06-17)
- **Arc Reactor daemon**: `/opt/jarvis-arc/reactor.py` (Python, port 7474); service: `jarvis-arc`
- **Deploy source**: `/home/jarvis.orbishosting.com/deploy/reactor.py` → copy to `/opt/jarvis-arc/reactor.py` + `systemctl restart jarvis-arc`
- **llm_call() providers**: "claude" → Claude API, "groq" → Groq, "ollama" → local Ollama; cascades groq→ollama on failure
- **Guardian anomaly alerts** (line ~1025): Groq `llama-3.3-70b-versatile` — 2-3 sentence Iron Man alert when CPU/RAM/disk/service thresholds trip
- **SITREP** (line ~1068): Groq by default — comprehensive text briefing across all agents
- **Vision: text-only sysinfo** (line ~691): Groq — when agent returns JSON snapshot (no image)
- **Vision: actual screenshot** (line ~664): Claude `claude-opus-4-8-20251101` — stays on Claude, Groq has no vision models
- **Email drafting, research, tool_loop**: still Claude — complex reasoning tasks
## kb_facts Fix (2026-06-17)
- `storeFact()` ON DUPLICATE KEY UPDATE now explicitly sets `updated_at=NOW()` — previously MySQL wouldn't bump the timestamp if fact_value hadn't changed, causing do_server.php's 15-min freshness check to return empty sites
- `$fresh()` in facts_collector.php was querying `WHERE fact_category=?` (wrong column); fixed to `WHERE category=?`
- Site health checks now hit `http://127.0.0.1` with `Host:` header instead of public HTTPS URL (avoids Cloudflare 524 timeouts on self-check)
## Known Quirks
- LSAPI deadlock: session_write_close() in api.php after auth
- lsphp segfaults on -l flag; use php8.3 -l for syntax checking
- DO cannot reach 10.48.200.x directly — use DDNS or agent commands
- Proxmox local IP in config.php (PROXMOX_HOST=10.48.200.90) but API calls use orbisne.fortiddns.com
- stats_cache.php uses orbisne.fortiddns.com:8006 (not PROXMOX_HOST) for Proxmox API
- HA_URL = http://orbisne.fortiddns.com:8123 (FortiGate forwards 8123→HA); service calls work from DO
- ha.php entity list reads from ha_entities table (NOT api_cache) — real-time data from HA agent
- When editing index.html with Python patches: always use file-based scripts (not heredocs or inline), avoid double-brace `}}` near function closings
- Arc Reactor bugs fixed 2026-06-12: capabilities panel uses `s?.capabilities || s?.handlers`; Guardian ts() variable shadowing fixed (renamed evTs); Vision always fetches fresh agents_list
- Arc reactor DB bugs fixed 2026-06-12: column is `metric_data` not `metrics_json`; system data is flat JSON not nested under "system" key; conversations column is `content` not `message`; disk uses `mount` key not `mountpoint`
@@ -0,0 +1,45 @@
---
name: jarvis-ha-integration
description: "JARVIS ↔ Home Assistant two-way integration — status, what's installed, how it works"
metadata:
node_type: memory
type: project
originSessionId: d9685e6b-8f79-4948-82e5-fbae607f7aa0
---
HA is accessible at https://hoa.orbishosting.com (via NPM) or http://10.48.200.97:8123 (LAN direct).
HA login: myronblair@outlook.com / Joker1974!!!
After 2026-06-22 Proxmox restore: HA is now VM 109 (was VM 101). QEMU guest agent not installed.
HA token (Jarvis2): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzNmI0N2I1Njk5ZGQ0MTQ2ODMwZWFmYjZiYTQ1MjJkMSIsImlhdCI6MTc4MDIwMzU5NCwiZXhwIjoyMDk1NTYzNTk0fQ.sYRok-jRDlA4lFgWxLQELcEjkJNGQdprk6ZziLwLtXE
## Custom Component (installed 2026-05-31)
Repo: myronblair/jarvis → ha_integration/custom_components/jarvis_agent/
Installed at: /config/custom_components/jarvis_agent/ on HA VM (10.48.200.97)
Config added to /config/configuration.yaml (jarvis_agent: block at end)
**Why:** Replaces PHP→DDNS→HA REST API with HA-initiated outbound polling — more reliable.
## How it works
- HA pushes all entity state changes to JARVIS /api/agent/ha_state (debounced 2s)
- HA polls /api/agent/heartbeat every 10s for queued commands
- JARVIS admin panel toggle → queues command in agent_commands table → HA executes natively
- 212 entities live in ha_entities DB table, updated in real-time
- Agent registered as ID 15, hostname "homeassistant", IP 172.30.32.1 (Docker network)
## JARVIS Admin Panel HOME tab
- 4-column table: domain icon | device name | state | toggle/run button
- Unavailable entities filtered out automatically (reappear on next cache refresh)
- Scenes get ▶ RUN button; switches/lights get toggle slider
- Cache refreshed every 5 min by stats_cache.php cron
## Webhook fix (2026-05-31)
webhook.php had wrong require path (../../ instead of /../) causing 500 since May 25.
Fixed and committed. Auto-deploy pipeline working again.
## HA VM SSH
- Port 22 on orbisne.fortiddns.com forwards to HA Ubuntu VM (not PVE1)
- Password auth failing — likely key-only or fail2ban
- Use HA web terminal (Settings → Add-ons → Advanced SSH & Web Terminal) for shell access
- QEMU guest agent NOT installed in VM 101 (qm guest exec doesn't work)
**How to apply:** When working on HA component or HA VM files, use HA web terminal or HA File Editor addon. Cannot SSH directly.
+71
View File
@@ -0,0 +1,71 @@
---
name: project-jarvis-todo
description: "Master TODO list for JARVIS system — current open items and completed work"
metadata:
node_type: memory
type: project
originSessionId: 4420b39a-7b7f-439f-9321-ff0daf1d663d
---
# JARVIS Master TODO
Last updated: 2026-06-18
---
## 🔴 OPEN
- [ ] **HA HOME tab — show all lights, plugs, switches** — currently 17 lights show but only 3 useful switches (Sirens, CEC Scanner, ESPHome) pass the filter. Need to audit what real smart plug/switch entities exist in HA (Tuya, TP-Link Tapo, Z-Wave, etc.) and ensure they appear in the JARVIS HOME tab. The `$skipKeywords` filter in `api/endpoints/ha.php` strips camera/HACS junk — verify real device switches aren't accidentally filtered. Also check if HA custom component is syncing all entity domains.
- [ ] **Claude API credits** — image-based Vision Protocol (`handle_screenshot` with actual PNG) uses `claude-opus-4-8`. Top up at console.anthropic.com if vision fails. Guardian/SITREP now on Groq so those no longer drain credits.
- [x] **HA agent persistence** — SOLVED. The HA custom component (`jarvis_agent`) runs inside HA's Docker container (IP 172.30.32.1) and auto-starts with HA. Online and healthy. The old standalone Python script at 10.48.200.97 is obsolete.
---
## ✅ COMPLETED (2026-06-18 session)
- [x] JARVIS fully migrated DO → PVE1 VM 211 (8c/16GB, nginx/PHP8.3/MariaDB/Redis/Arc Reactor)
- [x] All 3 new VMs on PVE1: JARVIS-211, NPM-200, Ollama-210 (IP changed from .95 → .210, Reolink owns .95)
- [x] Tailscale on all key hosts — full mesh, all 13+ nodes documented
- [x] FortiGate VIPs updated to 97.247.237.97; JARVIS on port 1972, HOA on 8123
- [x] NPM running at http://10.48.200.200:81 (Docker, proxy hosts for hoa/novacpx)
- [x] JARVIS backups — /var/backups/jarvis/, daily cron 7am UTC (2am CDT), 7-day retention
- [x] Jellyfin agent — v3.1 online at 10.200.0.3 via PVE1 password SSH
- [x] HA agent — v3.1 running on HA VM at 10.48.200.97 via HA web terminal
- [x] PVE1 ImageMagick — installed
- [x] Vision screenshots tab — already existed in admin under Arc Reactor → Vision Protocol
- [x] MediaStack SSH key — DO key generated and copied to MediaStack via PVE1 hop
- [x] Workers terminology — already "JARVIS AGENT WORKERS" in admin
- [x] install-agent.sh — default URL updated to http://10.48.200.211
- [x] Website webhooks — all 7 repos → tomtomgames.com/webhook.php (DO); JARVIS repo → port 1972
- [x] webhook.php fixed (broken define from bad sed), synced to DO
- [x] Service monitor updated — nginx/php-fpm/mariadb/redis/arc/agent (not OLS-era services)
- [x] DO server WEB HOST block on front page — shows DO CPU/RAM/DISK via Tailscale agent
- [x] Network devices cleaned up — 23 named devices, all infrastructure labeled
- [x] Agent configs fixed — all 8+ agents pointing to new JARVIS VM, correct watch_services per host
- [x] Facts collector fixed — external site checks, correct column names, proper timeouts
- [x] CLAUDE.md + INFRASTRUCTURE-REFERENCE.md fully updated and pushed
---
## ✅ COMPLETED (2026-06-17 session)
- [x] Phase 3 JS modularization — jarvis-protocols.js split into 3 panel files
- [x] Guardian/SITREP/Vision text → Groq (image analysis stays Claude)
- [x] kb_facts freshness fix (storeFact updated_at, $fresh() column name)
- [x] Site health local loopback fix
- [x] Cloudflare Rocket Loader fix (face-api.js data-cfasync)
- [x] Session fix (api.php skip logic too broad)
- [x] JS syntax fix (apostrophe in face-api label)
- [x] All 8 online Linux/Proxmox agents → v3.1 with version in heartbeat
---
## ✅ COMPLETED (2026-06-12 session)
- [x] Agent v3.1 Linux, v3.0 Windows, v3.0 macOS
- [x] Workers tab VERSION column + agentUpdateFlow
- [x] Arc Reactor systemd active, tracked in git
- [x] All 13 "make it stand out" improvements
- [x] MediaStack NAS migration
+69
View File
@@ -0,0 +1,69 @@
---
name: project-mediastack
description: MediaStack VM on PVE1 — Sonarr/Radarr/Prowlarr/qBittorrent behind WireGuard VPN through CT110→DO
metadata:
node_type: memory
type: project
originSessionId: b1e93a6a-f101-4ea4-aafb-9cb7e2958821
---
## VM Details (updated 2026-06-24)
- **VM ID:** 103 | **Name:** MediaStack-35 | **IP:** 10.48.200.35
- **Hypervisor:** PVE1 (10.48.200.90)
- **Disk:** 50GB on **GoFlex** storage (moved off SynologyProx 2026-06-24 due to I/O errors)
- **OS:** Ubuntu 24.04 (noble cloud image)
- **QEMU guest agent:** installed and running (installed 2026-06-24)
- **SSH:** PVE1 key → `ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa root@10.48.200.35`
- **GitHub:** `myronblair/mediastack` cloned at `/opt/mediastack`
## Services, Ports & Credentials
| Service | Port | Login | API Key |
|---------|------|-------|---------|
| qBittorrent | :8080 | admin / Joker1974!!! | — |
| Sonarr | :8989 | — | `b43e04350a594846b4ee95261c29e9e0` |
| Radarr | :7878 | — | `53c4268360444feeae5f98c0cc24e0e3` |
| Prowlarr | :9696 | — | `9d0ce6c5660743b5bf1c7951efc62252` |
All services run as root (NFS ACL requires root for writes).
## VPN Architecture (updated 2026-06-24)
### wg0 — Internet kill-switch (primary VPN)
- **Interface:** `wg0` | **VPN IP:** `10.200.0.4/24`
- **Endpoint:** CT110 at `10.48.200.67:51821` → DO server (165.22.1.228) → internet
- **Exit IP:** `165.22.1.228` (DO server, verified 2026-06-24)
- **Kill-switch:** iptables rules — REJECT all non-wg0 non-fwmark traffic; LAN 10.48.200.0/24 always allowed
- **Config:** `/etc/wireguard/wg0.conf` — fwmark hardcoded as `51820` (not dynamic, avoids PostDown race)
- **Auto-start:** `systemctl enable wg-quick@wg0` (enabled 2026-06-24)
- **DNS:** `10.48.200.90` (PVE1 dnsmasq)
- **MediaStack pubkey:** `CaG79S1fJeJDlYCMhHz8BrDfizBq+OiGnO5VzFIk3gE=`
- **CT110 pubkey:** `RXxDgIAaie4n0BxBA48rlmt9BJyp2GEktENeQDlc4hA=`
### wg1 — Jellyfin media access (NOT internet VPN)
- MediaStack is WireGuard server on `wg1` (port 51820, 10.200.0.1/24)
- Jellyfin (10.48.200.33) connects as peer (10.200.0.3)
- Used for NFS media file access only
## Media Storage
- Downloads: `/mnt/nas/video/downloads` (Synology NAS NFS)
- Movies: `/mnt/nas/video/movies` | TV: `/mnt/nas/video/tv`
- Old paths `/media/movies` and `/media/tv` are NFS mounts from NAS (Jellyfin backward compat)
- Jellyfin fstab: `10.48.200.35:/media/movies /mnt/mediastack/movies nfs defaults,_netdev 0 0`
## Indexer — IPTorrents
- Cookie auth in Prowlarr: `uid=2237410; pass=JzLP2niTWxBJAZIU3yvtLbJzD55kdLeB`
- Cookies expire — if indexer fails, log into iptorrents.com in browser, copy uid+pass cookies
## JARVIS Agent
- Agent ID: `MediaStack_2c00b1b8` | Config: `/opt/jarvis-agent/config.json`
- Registration key: `f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518` | `ssl_verify: false`
## PBS Backup
- Nightly at 21:00 → SynologyProx storage
- Backs up VM regardless of which storage the disk lives on
## Known Issues
- **wg-quick down/up over SSH kills the connection** — PostDown briefly removes LAN ACCEPT before REJECT; SSH reply is dropped. Always use VM console for wg0 cycling, or use `nohup` background.
- **NFS write failures** = services not running as root
- **Radarr "0 active indexers"** = blocked in DB; fix: `sqlite3 /var/lib/radarr/radarr.db "DELETE FROM IndexerStatus WHERE ProviderId=1;"`
- **Stale NFS file handle on Jellyfin** = lazy unmount + remount on Jellyfin VM
+99
View File
@@ -0,0 +1,99 @@
---
name: project-novacpx
description: NovaCPX — custom Linux web hosting control panel (cPanel alternative) built from scratch
metadata:
node_type: memory
type: project
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
---
NovaCPX is a full web hosting control panel built from scratch with 4 dedicated ports: Admin :8882, Reseller :8881, User :8880, Webmail (Roundcube) :8883.
**Why:** User wants a cPanel/Plesk alternative they own outright, with distinctive UI, auto-installer, and extensible feature system.
**How to apply:** Direct SSH to VM works (no PVE hop needed). All code in /tmp/novacpx locally + pushed to GitHub myronblair/novacpx.
## VM Details
- Host: PVE1 VM 120, name HostPanel-110
- IP: 10.48.200.110 (static)
- OS: Ubuntu 24.04 LTS
- **SSH (direct — works from Claude Code):** `sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.110`
- **SCP (direct):** `sshpass -p 'Joker1974!!!' scp -o StrictHostKeyChecking=no FILE root@10.48.200.110:/path`
- PVE1 hop NOT needed and currently broken (permission denied on orbisne.fortiddns.com SSH)
- Panel web root: /srv/novacpx/public
- Repo on VM: /opt/novacpx-src
- Source of truth for deploy scripts: /opt/novacpx-src/deploy/
## GitHub
- Repo: myronblair/novacpx (private)
- Branches: `main` (stable releases, PATCH auto-bump) and `beta` (beta releases, -beta.N auto-bump)
- Auto-deploy: push to main or beta → GitHub webhook → VM pulls (deploy-runner.sh cron every min)
- PAT: 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
## Ports
- 8880 — User panel
- 8881 — Reseller panel
- 8882 — Admin/datacenter panel
- 8883 — Roundcube webmail
## Architecture
- Backend: PHP 8.3 REST API (/api/{endpoint}/{action})
- Auth: session cookie `ncpx_session` (login returns token, set as cookie) + Bearer tokens for API. Both use SHA256 hash lookup in sessions/api_tokens tables.
- DB: **SQLite** at /var/lib/novacpx/panel.db (migrated from MySQL 2026-06-09)
- DB.php has translate() layer: ON DUPLICATE KEY→ON CONFLICT, DATE_ADD/DATE_SUB→datetime(), NOW()→datetime('now')
- **novacpx_version table**: tracks install history; columns: id, version, installed_at, notes, git_commit
- **settings table**: panel_version key tracks current version; update_channel (stable/beta) controls which GitHub branch to check/pull
- Feature registry: 70+ pluggable features in 20 categories
- Update channels: stable=origin/main (major/minor), beta=origin/beta (patch/pre-release)
## VM Credentials
- Admin panel: `admin / Admin2026!`
- Root SSH: `root / Joker1974!!!`
- MySQL (customer sites): novacpx_user / 6fyWj6vYnJDKEQvNANzj
- WP provisioning MySQL user: novacpx_wp / tCXAU1K2WX31xUAMY9EM
- Config: /etc/novacpx/config.ini (root:www-data 640)
## JARVIS Agent
- Installed 2026-06-09; agent_id: novacpx_e3b07264
- Status: online, reporting heartbeats to JARVIS every 10s
- Config: /opt/jarvis-agent/config.json
- Key config fields: server_url, host_header, api_key, agent_type: linux, heartbeat_interval: 10
## Versioning (as of 2026-06-10)
- Current git version: 1.0.27 (GitHub main)
- Active deploy channel: beta (VM settings)
- GitHub Actions auto-bumps VERSION on push to main (PATCH) or beta (-beta.N)
- deploy-runner.sh writes new version to novacpx_version + settings.panel_version after every webhook deploy
- deploy-runner.sh also copies VERSION to web root (/srv/novacpx/public/VERSION) — fixed 2026-06-10
- apply-novacpx-update endpoint does the same for manual updates
- Updates page shows installed version, latest remote version, and active channel badge
## Settings Page
- Loads current values from DB via server-options API (panel_name, default_php, nameservers, update_channel)
- Saves each field via save-option API individually
- Update channel dropdown shows stable vs beta with explanatory labels
## Docker App Catalog (as of 2026-06-10)
- **140 apps** across 15 categories in DockerManager.php
- Categories: Web/CMS, Productivity, Dev, Analytics, Wiki/Docs, Messaging/Chat, Security/Auth, Business, Design/Collab, AI/LLM, Developer Tools, Databases, Monitoring, Networking/Security, CMS/E-commerce, Project Mgmt, Communication, File/Storage, ERP/Business, Media, Smart Home, Dashboards/Admin
- Security fixes applied (code review 2026-06-09): shell injection fixes in WordPressManager, PHPManager, install.sh sudoers hardening (removed `ufw *` wildcard, removed `curl *` and `env *` NOPASSWD), SQLite syntax fix, WP-CLI download size validation
- Per-account uninstall (uninstall-account API action), per-stack Reinstall button
- Admin Docker page has App Catalog tab to launch apps on behalf of accounts
## nginx / phpMyAdmin (fixed 2026-06-12)
- Apache2 was holding port 80 — stopped and disabled: `systemctl stop apache2 && systemctl disable apache2`
- nginx now running and enabled on boot
- phpMyAdmin accessible at `http://10.48.200.110/phpmyadmin` (returns 200)
- nginx config: `/etc/nginx/sites-enabled/default` with /phpmyadmin location block
- phpmyadmin.conf in /etc/nginx/conf.d/ is empty (just a comment) — all config in sites-enabled/default
## Known Quirks
- PVE1 SSH (orbisne.fortiddns.com) currently permission-denied — use direct IP 10.48.200.110 instead
- api/.htaccess needed for URL routing
- NOVACPX_ROOT in api/index.php is dirname(__DIR__) = /srv/novacpx/public (NOT 2 levels up)
- SQLite only — never use MySQL syntax (ON DUPLICATE KEY, NOW(), etc.)
- sudo tee pattern needed for writing /etc/postfix/* files as www-data
- Docker stacks backed by docker_compose_stacks table (separate from docker_containers)
- Panel reachable at https://10.48.200.110:8882 (self-signed cert with SAN for IP)
- PHP-FPM pools are root-owned; www-data cannot file_exists()/unlink() them — must use `sudo rm -f`
- git cherry-pick to beta required after each main push (GitHub Actions version bumps create divergence)
+72
View File
@@ -0,0 +1,72 @@
---
name: project-novacpx-tools
description: NovaCPX development tools and session-start checklist — load at start of every NovaCPX session
metadata:
node_type: memory
type: project
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
---
## Session-start checklist (run at start of every NovaCPX session)
1. **Verify working directory**: `ls /tmp/novacpx/` — if missing, repo needs re-cloning
2. **Test VM reachability** (direct — PVE1 hop NOT needed):
```bash
sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no -o ConnectTimeout=8 root@10.48.200.110 'echo vm-ok'
```
> PVE1 (orbisne.fortiddns.com) SSH is currently broken (permission denied). Direct to 10.48.200.110 works fine.
3. **Load TODO**: read `/root/.claude/projects/-home-myron/memory/project_novacpx_todo.md`
4. **Check panel live**: `curl -sk -o /dev/null -w "%{http_code}" https://10.48.200.110:8882/`
## Direct SSH / SCP (preferred method)
```bash
# Run command on VM
sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.110 'command here'
# Copy file to VM
sshpass -p 'Joker1974!!!' scp -o StrictHostKeyChecking=no /tmp/novacpx/panel/api/endpoints/foo.php \
root@10.48.200.110:/srv/novacpx/public/api/endpoints/foo.php
```
## API auth pattern (session cookie)
```bash
# Login and get token
TOKEN=$(curl -sk -X POST "https://10.48.200.110:8882/api/auth/login" \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"Admin2026!"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['token'])")
# Use token as ncpx_session cookie
curl -sk "https://10.48.200.110:8882/api/system/version" -H "Cookie: ncpx_session=$TOKEN"
```
## Tools in /tmp/novacpx/tools/
| Script | Purpose | Usage |
|--------|---------|-------|
| `nova-ssh.sh` | SSH into VM (double-hop via PVE1 — currently broken) | Use direct SSH instead |
| `nova-push.sh` | Push single file via base64/double-hop (broken) | Use direct scp instead |
| `nova-deploy.sh` | Full panel rsync (PVE1 hop — broken) | Use direct scp or git push |
| `nova-status.sh` | Check SSH + port health | `bash tools/nova-status.sh [--full]` |
| `nova-logs.sh` | Stream VM logs | `bash tools/nova-logs.sh [apache\|access\|install\|fail2ban\|all]` |
| `nova-db.sh` | Run queries on VM DB | `bash tools/nova-db.sh [--tables\|--users\|--reset-admin pw\|"SQL"]` |
## Key VM paths
- Panel web root: `/srv/novacpx/public/`
- Git repo (source): `/opt/novacpx-src/` (what gets pulled by webhook/deploy-runner.sh)
- Config: `/etc/novacpx/config.ini` (root:www-data 640)
- DB: `/var/lib/novacpx/panel.db` (SQLite)
- Deploy runner: `/opt/novacpx-src/deploy/deploy-runner.sh` (cron runs every min)
- Webhook: `/opt/novacpx-src/deploy/webhook.php` (linked at /srv/novacpx/public/deploy/webhook.php)
- Logs: `/var/log/apache2/error.log`, `/var/log/novacpx/access.log`, `/var/log/novacpx/deploy.log`
- JARVIS agent: `/opt/jarvis-agent/`
- Cron scripts: `/srv/novacpx/public/bin/` (cache-update-check.php, collect-stats.php, notify-checks.php)
## VM credentials
- VM IP: 10.48.200.110 (PVE1 VM 120)
- Root: `root / Joker1974!!!`
- Admin panel: `admin / Admin2026!`
- MySQL (customer sites): `novacpx_user / 6fyWj6vYnJDKEQvNANzj`
- Ports: 8880 (user), 8881 (reseller), 8882 (admin), 8883 (webmail)
**Why:** [[project-novacpx-todo]]
**How to apply:** Start every NovaCPX session by running the session-start checklist so you know immediately if the VM is reachable before writing code.
@@ -0,0 +1,44 @@
---
name: project-parkerslingshotrentals
description: "parkerslingshotrentals.com — Polaris Slingshot rental site on DO 165.22.1.228; booking system, waiver, admin portal, Square payment pending"
metadata:
node_type: memory
type: project
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
---
Parker County Slingshot Rentals — LIVE at https://www.parkerslingshotrentals.com (DO 165.22.1.228, CyberPanel).
Deploy path: `/home/parkerslingshotrentals.com/public_html/`
**Why:** Single-vehicle slingshot rental business in Weatherford, TX. Needs online booking, waiver, payments, and admin management.
## Credentials
- Admin portal: /admin/index.php — user: admin / pass: Parker2026! (URL-token auth, no cookies)
- DB: park_slingshot / park_slingshotuser / 4@rxg*8kovxCr7w6 on localhost
- Deploy path: /home/parkerslingshotrentals.com/public_html/
- SendGrid API key: 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
- Square production access token: EAAAl3FsAu_2ri8kZE_ENEyi2T_C8HXXm5XQFY6Lbnd8SX6FqYp8J_upUeXNYh7v
- Square application ID: sq0idp-YSM7BU9IVyOWSzpeP-0nzQ
- GitHub repo: myronblair/parkerslingshotrentals
## Admin login fix
PHP sessions were unreliable (LiteSpeed page caching + session dir permissions).
Replaced with HMAC-signed cookie auth — no session files needed.
Admin .htaccess has CacheEnable off.
## Packages
- half-day: $99 / 4 hrs
- full-day: $169 / 8 hrs
- weekend: $299 / 48 hrs
## Booking flow (6 steps tracked in admin)
1. Booking submitted (auto)
2. Booking confirmed (status dropdown)
3. Waiver signed (waiver.php?ref=PSR-XXXXXX — canvas e-signature)
4. Insurance verified (admin toggle)
5. Deposit received (admin toggle)
6. License verified (admin toggle at pickup)
## Pending tasks
- Task #3: Square deposit payment integration (credentials above)
- Task #6: Vehicle photos (waiting on user)
+42
View File
@@ -0,0 +1,42 @@
---
name: proxmox-backup
description: "Proxmox PVE1/PVE2 config backup to GitHub — weekly cron, restore script, repo structure"
metadata:
node_type: memory
type: project
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
---
GitHub repo `myronblair/proxmox-config` (private) — full config backup + disaster recovery.
**Why:** So both Proxmox nodes can be rebuilt quickly from scratch after hardware failure without losing VM configs, network, custom scripts, or services.
**How to apply:** Reference this when discussing Proxmox maintenance, DR planning, or if a node goes down.
## Repo Structure
- `shared/` — cluster-wide: all VM/LXC .conf files, storage.cfg, datacenter.cfg, user.cfg, corosync.conf, jobs.cfg, firewall, ha, sdn
- `pve/` — PVE1 (10.48.200.90): network, cron, scripts, systemd (filebrowser, jarvis-agent, ollama), ssh/authorized_keys
- `pve2/` — PVE2 (10.48.200.91): network, cron, scripts (just pve-remove-nag.sh), systemd (jarvis-agent)
- `backup.sh` — runs on each node, pulls repo, collects files, commits+pushes
- `restore.sh pve1|pve2` — interactive disaster recovery wizard
## Schedule
Weekly cron on both nodes: `0 3 * * 0 /usr/local/bin/proxmox-backup >> /var/log/proxmox-backup.log 2>&1`
## Manual trigger
`/usr/local/bin/proxmox-backup` on either node
## What's NOT backed up (intentional)
- `/etc/pve/priv/` — CA private key, cluster auth keys (Proxmox regenerates these)
- SSH private keys
- Large binaries: ollama, filebrowser, blockalign, urbackupclientctl
- VM disk images → covered by PBS at 10.48.200.85
## Restore flow
1. Fresh Proxmox install → set hostname + IP
2. `apt install git && git clone https://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@github.com/myronblair/proxmox-config.git /opt/proxmox-config`
3. `bash /opt/proxmox-config/restore.sh pve1` (interactive, confirms each step)
4. Reboot for network, then restore VMs from PBS
## PVE2 disk space issue (2026-06-09)
PVE2 was at 100% disk — removed old kernels to free ~9GB. Now at 96% (4.4GB free). Worth monitoring.
+49
View File
@@ -0,0 +1,49 @@
---
name: project-smtp-credentials
description: SMTP and email credentials for all websites — CyberMail API, verified 2026-06-06
metadata:
node_type: memory
type: reference
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
---
## CyberMail Account (all sites)
- **Dashboard:** https://platform.cyberpersons.com
- **API Key (all sites):** `sk_live_7f9b0f9a29f6de31a0d229d4af75d56b094ad724fc58a57d`
- **Send Endpoint:** `POST https://platform.cyberpersons.com/email/v1/send`
- **Auth:** `Authorization: Bearer {api_key}`
- **DO blocks SMTP port 587** — use API over HTTPS (port 443) for all DO-hosted sites
- **Last verified:** 2026-06-06 — live test send confirmed, all 5 sites checked
---
## tomsjavajive.com — CyberMail ✅ LIVE (verified 2026-06-06)
- **From:** noreply@tomsjavajive.com
- **Key stored in:** `settings` DB table, key `cybermail_api_key`
- **getSetting()** reads from `settings` table (setting_key / setting_value columns) — NOT site_settings
- **Mailer:** `includes/functions.php``sendEmail()` calls CyberMail API
- **Fixed 2026-06-06:** `email_cybermail` setting had `"api_key":"Joker1974!!!"` (wrong) — corrected to real API key
- **Note:** TJJ admin UI (admin/emails.php, admin/integrations.php) still shows SendGrid help links — cosmetic only
## tomtomgames.com — CyberMail ✅ LIVE (verified 2026-06-06)
- **From:** noreply@tomtomgames.com
- **Key stored in:** `includes/config.php` as `CYBERMAIL_API_KEY` constant
- **Mailer:** `includes/mailer.php``cybermailSend()` | alias: `sendgridSend()`
- **SMTP constants also defined** (SMTP_HOST, SMTP_USER, SMTP_PASS) for fallback reference
## epictravelexpeditions.com — CyberMail ✅ LIVE (verified 2026-06-06)
- **From:** noreply@orbishosting.com (sends via orbishosting.com domain)
- **Key stored in:** `/home/epictravelexpeditions.com/public_html/api/config.php` (gitignored)
- **Mailer:** `api/includes/mailer.php``sendgridSend()` (name kept for compat, calls CyberMail)
## parkerslingshotrentals.com — CyberMail ✅ LIVE (verified 2026-06-06)
- **From:** noreply@orbishosting.com
- **Key stored in:** `/home/parkerslingshotrentals.com/public_html/db.php` (in git)
- **sendEmail()** in db.php calls CyberMail API directly
## orbishosting.com / jarvis / orbis — No transactional email
---
## GitHub Repo
**myronblair/smtp-for-websites** (private, master branch) — credentials reference archive
+104
View File
@@ -0,0 +1,104 @@
---
name: project-tomsjavajive
description: Tom's Java Jive coffee shop e-commerce — DB creds, admin portal map, known schema quirks, and fixed bugs
metadata:
type: project
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
---
PHP e-commerce site for a Fort Worth coffee shop. On DO server 165.22.1.228.
## Credentials & Access
- **SSH:** root / Gonewalk1974!@# @ 165.22.1.228
- **DB:** toms_tjj_db / toms_tjj_user / +60wlPc+55e@gFq4 (localhost)
- **Admin login:** `admin@tomsjavajive.com / Joker1974!!!` OR `myronblair@outlook.com / Joker1974!!!` (both work, reset 2026-06-14)
- **Stripe:** placeholder keys in config (test mode — real keys must be added manually)
- **GitHub:** myronblair/tomsjavajive (private)
## File Structure
```
/home/tomsjavajive.com/public_html/
admin/ — admin portal
includes/header.php — nav (Content group: Splash Box, About Us Text; Catalog group: Import/Export at bottom)
customers.php — customer CRUD + wallet adjust
reviews.php — review list + inline edit modal with star picker
splashes.php — Homepage splash blocks CRUD (drag-drop image upload, icon picker, drag-to-reorder)
about-us.php — About Us text CRUD (live preview, paragraph-aware)
import-export.php — Inventory export CSV + import CSV (smart/replace) + inline table editing
api/upload-splash.php — handles splash image uploads → /uploads/splashes/
api/ — backend API endpoints
account/ — customer-facing portal
wishlist.php
rewards.php
reviews.php
config/
config.php — site config (Stripe, SendGrid, etc.) — in git
database.php — DB credentials — GITIGNORED
includes/ — shared PHP includes
uploads/splashes/ — splash block images (owned nobody:nobody, 755)
```
## Database Schema Notes
- **products table:** no `slug` column — product URLs use `?id=product_id` (not `?slug=`)
- **wallet_transactions.type enum:** deposit, withdrawal, purchase, refund, reward, loyalty_redemption, credit, debit
- **loyalty_transactions.type enum:** earn, redeem, adjustment, birthday_bonus, referral_bonus, referral_welcome, tier_upgrade
- **customers table:** has `lifetime_points` (INT) and `loyalty_tier` (VARCHAR 20) columns added 2026-05-22
- **Collation:** ALL tables must be utf8mb4_unicode_ci — mixed collation (general_ci vs unicode_ci) causes JOIN errors (MySQL 1267)
## Admin Nav Groups
- **Dashboard** — dashboard.php
- **Catalog** — products, categories, inventory, import-export
- **Orders** — orders, fulfillment
- **Customers** — customers, reviews
- **Content** — splashes (Splash Box), about-us (About Us Text)
- **Analytics, Settings, etc.**
## Homepage DB-Driven Sections
- **Splash blocks:** `homepage_splashes` table → feature cards above products (scrollable if >4)
- **About Us text:** `about_us_sections` table → paragraphs under "Our Story" heading
## Google Merchant Feed — Fixed 2026-06-17
- Feed URL: `https://tomsjavajive.com/merchant-feed.php`
- Title was being built as `$p['name'] . ' ' . $categoryLabel . ' Coffee'` — doubled the suffix for products whose names already include "Whole Bean Coffee" / "Ground Coffee"
- Fix: title now uses `$p['name']` as-is, matching exactly what's shown on the site
- Products are approved in Google Merchant Center
## Known Bugs Fixed (2026-05-22)
- `p.slug` in wishlist/reviews queries → replaced with `p.product_id`, URLs use `?id=`
- `wallet_transactions` adjust_wallet used wrong enum values (credit/debit) → fixed to deposit/withdrawal
- `reviews` table uses `comment` (not `content`) and `is_approved` (not `status`)
- `rewards.php` crashed because `lifetime_points`/`loyalty_tier` didn't exist → added via ALTER TABLE
- Collation mismatch on wishlist, loyalty_transactions, loyalty_tiers, product_types, loyalty_settings → all converted to unicode_ci
## Pages Added (2026-06-04)
- `faq.php` — accordion FAQ: Orders & Payment, Coffee & Products, Coffee Freshness & Storage, Account & Loyalty
- `shipping.php` — rates table (35 days standard after processing), "every order made fresh to ship" messaging
- `returns.php` — three-tier policy: Your Responsibility / Our Responsibility / Shared Responsibility (covers coffee cost up to $25 on shared issues)
- `returns.php` — adapted from DripShipper policy language
- `track-order.php` — lookup by order_number + email; shows progress stepper, tracking number/link, items, shipping address; logged-in users see recent orders
- `privacy.php` — full privacy policy adapted from DripShipper; GDPR section, children's info, log files, third-party cookies
- `includes/footer.php` — Privacy Policy link added to Support section
## Email (CyberMail) — Fixed 2026-06-14
- API key: `sk_live_7f9b0f9a29f6de31a0d229d4af75d56b094ad724fc58a57d` (stored in DB as `cybermail_api_key`)
- From email: `noreply@tomsjavajive.com` (stored as `cybermail_from_email`)
- From name: `Toms Java Jive` (stored as `cybermail_from_name`)
- **CyberMail API requires separate `from` and `from_name` fields** — NOT the combined `Name <email>` format. Using `Name <email>` in the `from` field returns "Invalid 'from' email address" error.
- Fixed in: `includes/email.php` (Email class send method) and `includes/functions.php` (sendEmail function)
## Product Image Upload — Fixed 2026-06-14
- Upload endpoint: `/admin/upload-image.php`
- Saved to: `/uploads/products/` (must be owned by `tomsj4710:nogroup`, chmod 755)
- **Do NOT include `header.php` in upload-image.php** — it outputs full HTML which breaks JSON response
- Upload-image.php uses `require_once '../includes/auth.php'` + `AdminAuth::getUser()` check directly
- JS in product-edit.php uses `fetch('/admin/upload-image.php', {credentials: 'same-origin', ...})`
- Textarea for image URLs must be `name="image_urls"` (form handler reads `$_POST['image_urls']`)
## CSV Import — Fixed 2026-06-14
- `tags`, `images`, `dimensions` columns have MySQL `CHECK (json_valid())` constraints
- CSV cells with plain text (e.g. `coffee,dark roast`) or plain URLs must be converted to JSON arrays before insert
- `toJsonField()` helper in import-export.php handles: already-valid JSON (pass-through), comma-separated → JSON array, empty → NULL
- Always wrap `$r['tags']` and `$r['images']` with `toJsonField()` in any import code
**Why:** Reference when debugging or extending Tom's Java Jive.
**How to apply:** Always check these schema quirks before writing new queries against this DB.
+65
View File
@@ -0,0 +1,65 @@
---
name: project-tomsjavajive-email
description: "Tom's Java Jive email service — CyberMail (CyberPersons), API key stored in config.php"
metadata:
node_type: memory
type: project
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
---
## Email Service: CyberMail by CyberPersons
**API Key:** `sk_live_d52bf062797105aeaafac9954c21ff988e9b41b77315807d`
**API Key Management:** https://platform.cyberpersons.com/email/api-keys/
**Webmail / Hosting Management:** https://platform.cyberpersons.com/email/webmail/hosting/
**Stored in:** `/home/tomsjavajive.com/public_html/config/config.php`
- Constant: `CYBERMAIL_API_KEY`
- Replaced the old `SENDGRID_API_KEY` placeholder
## Email Handler
- File: `/home/tomsjavajive.com/public_html/includes/email.php`
- Class: `SendGridEmail` (still named SendGrid — rename when integrating CyberMail API)
- Sends: order confirmation, shipping notification, password reset, welcome, abandoned cart
- Currently references `CYBERMAIL_API_KEY` constant (was SENDGRID_API_KEY)
## CyberMail API Reference
- **Send:** `POST https://platform.cyberpersons.com/email/v1/send`
- **Status:** `GET https://platform.cyberpersons.com/email/v1/messages/{message_id}`
- **Account Stats:** `GET https://platform.cyberpersons.com/email/v1/account/stats`
- **Auth:** `Authorization: Bearer {api_key}`
## Error Codes
| HTTP | error.type | Description |
|------|-----------|-------------|
| 400 | invalid_request | Missing required fields or invalid email format |
| 403 | domain_not_verified | Sending domain not verified |
| 403 | domain_not_found | Domain not registered to account |
| 403 | account_inactive | Account suspended or inactive |
| 403 | forbidden | API key domain/IP restriction |
| 404 | not_found | Message ID not found |
| 429 | rate_limit_exceeded | Rate limit reached (includes retry_after field) |
| 500 | send_failed | Sending failed after failover |
| 503 | service_unavailable | No healthy mail nodes |
## PHP Integration
- `email.php` uses `Authorization: Bearer` header, curl over HTTPS (port 443 — no DO block)
- Success returns `['success'=>true, 'message_id'=>'...']`
- Failure returns `['success'=>false, 'error'=>'friendly message', 'error_type'=>'code', 'code'=>httpCode]`
- 429 errors include retry_after seconds in the error message
- **Required fields:** `from`, `to`, `subject`, `html` (or `text`)
- **Optional:** `text`, `cc`, `bcc`, `reply_to`, `tags`, `metadata`, `headers`
- **Success response:** 202 with `data.message_id`, `data.status`
- **Domain must be verified** at platform.cyberpersons.com before sending
## SMTP Credentials (blocked by DigitalOcean — use API instead)
- Host: mail.cyberpersons.com | Port: 587 | Security: STARTTLS
- Username: `smtp_49a1fa9c0f15d2d7`
- Password: `T3mOFSMK1SG1l4D1d7N8NefRd8xypwMy`
- DO blocks outbound port 587 — API over HTTPS is the working approach
## Current Status
- email.php rewritten to use CyberMail API (curl over HTTPS port 443)
- `SendGridEmail` class renamed to `Email`, `sendEmail()` helper unchanged
- Blocked by: `tomsjavajive.com` domain not verified in CyberMail dashboard
- Fix: verify domain at platform.cyberpersons.com (add DNS TXT/CNAME records)
+30
View File
@@ -0,0 +1,30 @@
---
name: project-tomtomgames-email
description: "TomTomGames email service — CyberMail API + SMTP, same API key as tomsjavajive"
metadata:
node_type: memory
type: project
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
---
## Email Service: CyberMail (same account as tomsjavajive.com)
**API Key:** `sk_live_7f9b0f9a29f6de31a0d229d4af75d56b094ad724fc58a57d` (verified working 2026-06-06)
**SMTP Host:** mail.cyberpersons.com | Port: 587 | Security: STARTTLS
**SMTP Username:** `smtp_ad34c4d915da7bfc`
**SMTP Password:** `m47o2-UqPgM-IBeYNRz-uHSJAHnPGe9w`
**From:** noreply@tomtomgames.com
## Files Updated
- `/home/tomtomgames.com/includes/config.php` — CYBERMAIL_API_KEY + SMTP constants
- `/home/tomtomgames.com/includes/mailer.php` — rewritten to use CyberMail API via cybermailSend()
- `/home/tomtomgames.com/public_html/api/admin.php` — mail() replaced with cybermailSend()
## Email Functions
- `cybermailSend($to, $name, $subject, $text, $html, $tags)` — primary send function
- `sendgridSend()` — kept as alias (calls cybermailSend) for backward compatibility
- `sendVerificationEmail($email, $alias, $token)` — registration/resend verification
## Emails Sent
- Account verification (registration + resend)
- Password reset (admin.php)
+33
View File
@@ -0,0 +1,33 @@
---
name: project-webserver
description: CyberPanel/OpenLiteSpeed DO server at 165.22.1.228 hosting tomsjavajive.com and 5 other sites
metadata:
node_type: memory
type: project
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
---
CyberPanel server running OpenLiteSpeed + MariaDB + PHP (lsphp).
**SSH:** root / Gonewalk1974!@# @ 165.22.1.228
**Sites hosted** (all under /home/<domain>/public_html/):
- tomsjavajive.com — coffee shop e-commerce (PHP, custom built, Stripe, loyalty/rewards)
- epictravelexpeditions.com
- orbishosting.com — email only via CyberPanel; no local site (forwarded/maintained elsewhere — do NOT treat as a stub needing a site built)
- orbis.orbishosting.com
- parkerslingshotrentals.com
- tomtomgames.com
**Stack:** OpenLiteSpeed, MariaDB 10.11, PHP (lsphp), Redis, Memcached, PowerDNS, Postfix/Dovecot, CyberPanel
**tomsjavajive.com structure:**
- /home/tomsjavajive.com/public_html/
- admin/ — admin portal (dashboard, products, orders, customers, analytics, etc.)
- api/ — backend API endpoints
- account/ — customer account pages
- config/ — config.php, database.php
- includes/ — shared PHP includes
**Why:** IP changed from 206.189.229.53 to 165.22.1.228 as of 2026-05-22.
**How to apply:** Use 165.22.1.228 for all SSH access to these sites.
+69
View File
@@ -0,0 +1,69 @@
---
name: project-yealink-phones
description: Complete Yealink phone inventory — 5 physical phones (T48S/T57W/AX86R) + 3 voicemail-only virtual extensions on FusionPBX
metadata:
node_type: memory
type: project
originSessionId: 5419c63f-5e28-41c3-9055-3d9a33550b52
---
## Physical Phones
| IP | MAC | Model | Label | Ext | Status |
|----|-----|-------|-------|-----|--------|
| 10.48.200.2 | `80:5e:c0:35:04:77` | T48S | Myron Blair Desk Phone | 1000 | Online |
| 10.48.200.43 | `80:5e:0c:15:0c:4f` | T48S | Tommy Ivy Desk Phone | 1001 | Online |
| 10.48.200.65 | `c4:fc:22:13:e1:89` | AX86R | Myron Blair AX86 WiFi Work Phone | 1002 | Online |
| 10.48.200.83 | `80:5e:0c:e9:44:f8` | T57W | Kitchen Phone | 1003 | Online |
| 10.48.200.85 | `80:5e:0c:30:75:96` | T57W | Master Bedroom Phone | 1004 | Online |
| 10.48.200.3 | `c4:fc:22:28:63:71` | T57W | United Mirror & Glass | External SIP | Online |
## Virtual Extensions (Voicemail Only — No Physical Phone)
| Ext | Name |
|-----|------|
| 1010 | Parker County Slingshot |
| 1011 | Epic Travel Expeditions |
| 1012 | Tom's Java Jive |
## IVR
| Ext | Purpose |
|-----|---------|
| 900 | Auto-attendant (IVR) |
## SIP Credentials
| Ext | SIP Password |
|-----|-------------|
| 1000 | `Xk9mPw3nQv7rLs2t` |
| 1001 | `Tv8xNm4pWq6rZs3k` |
| 1002 | `yXHaJTwa8rj?$GkrVFQB` |
## FusionPBX Connection
- Server: `134.209.72.226`, Port: `5080`, Transport: UDP
- SSH: relay through DO (`165.22.1.228`) → FusionPBX (`134.209.72.226`)
- Web: `https://fusion.orbishosting.com` (admin / fY7XP5swgtpbzrYLhkeVYkA4744)
- Provisioning URL: `https://fusion.orbishosting.com/app/provision/` (provision-master / Joker1974!!!)
## Yealink Web UI Login
T48S phones use RSA-encrypted password login (PKCS#1 v1.5). T57W uses HTTPS on port 8080.
- After factory reset, provisioning URL is cleared — must re-enter manually on phone
- Path: Menu → Settings → Advanced → Auto Provision
- To re-provision without reboot: Menu → Settings → Advanced → Auto Provision → Update Now
## BLF Buttons (confirmed working 2026-05-29)
- Device profile "yealink" (UUID 2c68fe07-b29a-4429-a3c2-7ce9010c69ff)
- 10 BLF keys, type=16 in FusionPBX
- Buttons: Myron 1000, Tommy 1001, Myron-WkPh 1002, Kitchen 1003, Bedroom 1004, PC Slingshot 1010, Park 5901/5902/5903, Page All
## Key Notes
- `manage-presence = true` set in FreeSWITCH external sofia profile (DB-managed)
- BLF type=16 required in FusionPBX (pickup_value required)
- `overwrite_mode=1` required in provisioning
- AVOID: `sofia profile external restart` — drops all registrations
+12
View File
@@ -0,0 +1,12 @@
---
name: user-cryptex
description: Physical Cryptex safe combination key — 3D printed on Creality K2 Pro
metadata:
node_type: memory
type: user
originSessionId: b1e93a6a-f101-4ea4-aafb-9cb7e2958821
---
**Cryptex safe key:** `NEBYMJ`
Printed on Creality K2 Pro. Physical combination lock safe.
File diff suppressed because one or more lines are too long
+1
View File
@@ -0,0 +1 @@
['back_bathroom', 'back_bedroom', 'back_door', 'back_yard', 'camper', 'car', 'car_port', 'dining_room', 'down_hill', 'front_bedroom', 'front_door', 'front_yard', 'garage', 'hallway', 'hdmibroadcast', 'kitchen', 'konnected_alarm', 'living_room', 'master_bedroom', 'office', 'outdoors', 'side_yard', 'storage', 'utility_room']
+1
View File
@@ -0,0 +1 @@
404: Not Found
+1
View File
@@ -0,0 +1 @@
404: Not Found
+1
View File
@@ -0,0 +1 @@
404: Not Found
+1
View File
@@ -0,0 +1 @@
404: Not Found
+1
View File
@@ -0,0 +1 @@
404: Not Found