mirror of
https://github.com/myronblair/infra
synced 2026-06-30 17:50:10 -05:00
Compare commits
5 Commits
master
...
2a92b958c1
| Author | SHA1 | Date | |
|---|---|---|---|
| 2a92b958c1 | |||
| b71e58bbae | |||
| 3080273e0a | |||
| f8c406dbad | |||
| 52f6073593 |
@@ -0,0 +1,29 @@
|
|||||||
|
# Memory Index
|
||||||
|
|
||||||
|
- [FusionPBX Setup](project_fusionpbx.md) — DO 134.209.72.226; SignalWire SIP trunk (transport=udp required); ext 1000/1001/1002; IVR 900; signalwire-inbound catch-all dialplan; providers ACL includes FortiGate 97.154.109.245
|
||||||
|
- [Yealink API](feedback_yealink_api.md) — PKCS1v15+AES-CBC login; token required for writes; account-register page; correct field names (server1, AccountRegisterName, etc.)
|
||||||
|
- [Yealink Phone Status](project_yealink_phones.md) — Ext 1000 (Myron/.2) + ext 1001 (Tommy/.43) registered; provisioning URL set; BLF buttons in progress
|
||||||
|
- [JARVIS System](project_jarvis.md) — Iron Man AI on DO 165.22.1.228; /admin portal; PVE1 nmap auto-scan; agents on all nodes; Proxmox cluster API via FortiGate DDNS:8006
|
||||||
|
- [JARVIS HA Integration](project_jarvis_ha_integration.md) — Two-way HA↔JARVIS via custom component; 212 entities live; webhook fix; HA SSH via web terminal only
|
||||||
|
- [Web Server](project_webserver.md) — CyberPanel/OpenLiteSpeed DO at 165.22.1.228 (root/Gonewalk1974!@#); tomsjavajive.com + 5 other sites; IP changed from 206.189.229.53
|
||||||
|
- [GitHub Workflow](feedback_github_workflow.md) — All sites have private GitHub repos (myronblair/*); commit+push to GitHub THEN deploy to server for every change; repo map + gitignored creds inside
|
||||||
|
- [Tom's Java Jive](project_tomsjavajive.md) — DB creds, admin portal map, schema quirks (no slug col, enum values, collation), bugs fixed 2026-05-22
|
||||||
|
- [TJJ Email](project_tomsjavajive_email.md) — CyberMail (CyberPersons); API key in config.php as CYBERMAIL_API_KEY; mgmt at platform.cyberpersons.com
|
||||||
|
- [TomTomGames Email](project_tomtomgames_email.md) — CyberMail API key sk_live_7f9b...; mailer.php uses cybermailSend(); sendgridSend() aliased; verified 2026-06-06
|
||||||
|
- [SMTP Credentials (all sites)](project_smtp_credentials.md) — All 5 sites on CyberMail, same API key, all verified 2026-06-06; TJJ reads from settings DB table; TJJ email_cybermail bad key fixed
|
||||||
|
- [PHP ob_start Export Fix](feedback_php_ob_export.md) — ob_end_clean() required before CSV/JSON responses when ob_start()+header.php pattern is used
|
||||||
|
- [MySQL Collation](feedback_mysql_collation.md) — Always utf8mb4_unicode_ci; mixing with general_ci breaks JOINs (error 1267)
|
||||||
|
- [Parker Slingshot Rentals](project_parkerslingshotrentals.md) — parkerslingshotrentals.com booking site; HMAC cookie admin auth (not sessions); Square creds stored; 6-step booking flow
|
||||||
|
- [SSH Passwords](feedback_ssh_passwords.md) — Try Joker1974!@# → Joker1974!!! → Joker1974!; root direct on PVE; myron/Joker1974!!! + sudo on VMs
|
||||||
|
- [Yealink Provisioning](feedback_yealink_provisioning.md) — overwrite_mode=1 required; BLF type=16 in FusionPBX; auto_linekeys=0; factory reset clears URL; git safe.directory for www-data
|
||||||
|
- [Cloudflare Rocket Loader](feedback_cloudflare_rocket_loader.md) — breaks inline onclick= handlers and defers scripts; fix with Cache-Control: no-transform in PHP
|
||||||
|
- [MediaStack VM](project_mediastack.md) — VM 113 on PVE1; all services admin/Joker1974!!!; NordVPN (not CT110); IPTorrents uid=2237410 cookie; download dirs must be qbittorrent-owned; NFS to Jellyfin
|
||||||
|
- [NovaCPX Panel](project_novacpx.md) — VM 120 @ 10.48.200.110 (direct SSH works); v1.0.27; admin/Admin2026!; stable/beta channels; JARVIS agent online; 140-app Docker catalog
|
||||||
|
- [NovaCPX Dev Tools](project_novacpx_tools.md) — Direct SSH/SCP to 10.48.200.110 (PVE1 hop broken); API session-cookie auth pattern; key VM paths
|
||||||
|
- [Proxmox Config Backup](project_proxmox_backup.md) — myronblair/proxmox-config; weekly cron on PVE1+PVE2; restore.sh wizard; VM configs + network + scripts + systemd; PBS covers VM disks
|
||||||
|
- [DO Server Backup](project_do_backup.md) — myronblair/do-server-config; weekly cron Sunday 4am; scripts/systemd/WG/OLS vhosts/mysql; restore.sh 8-phase wizard; DBs covered by jarvis-backup.sh daily
|
||||||
|
- [FusionPBX Backup](project_fusionpbx_backup.md) — myronblair/fusionpbx-config; weekly cron Sunday 5am; PostgreSQL dump (gzip, 29MB) IS the config; restore.sh 10-phase wizard; SSH via DO relay only
|
||||||
|
- [Context Management](feedback_context_management.md) — Warn before context limit; finish/commit current task cleanly; don't start large features if context is already long
|
||||||
|
- [JARVIS TODO](project_jarvis_todo.md) — Master TODO: Workers page, Phase 2/3 modularization, agent fixes, install-agent.sh, Arc Reactor systemd, Jellyfin, Claude credits
|
||||||
|
- [Cryptex Safe](user_cryptex.md) — Physical 3D-printed Cryptex key: NEBYMJ (Creality K2 Pro)
|
||||||
|
- [Infrastructure TODO](project_infra_todo.md) — Open items: CT110 read-only fs, wg-clients auto-start, MediaStack guest agent, Tailscale PVE1 re-auth, stale ARP watch
|
||||||
@@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
name: feedback-cloudflare-rocket-loader
|
||||||
|
description: Cloudflare Rocket Loader breaks inline JS event handlers and defers scripts — how to avoid and fix
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: feedback
|
||||||
|
originSessionId: dfc59a24-a903-4f91-8c76-331af763d3e6
|
||||||
|
---
|
||||||
|
|
||||||
|
Cloudflare Rocket Loader is enabled on all orbishosting.com sites and causes two distinct problems:
|
||||||
|
|
||||||
|
1. **Script deferral** — changes `<script>` tag type to a fake value, preventing execution until Rocket Loader finishes loading. Breaks any JS that must run on page load.
|
||||||
|
|
||||||
|
2. **Inline handler blocking** — injects `if (!window.__cfRLUnblockHandlers) return false;` into every `onclick=`, `onkeydown=`, etc. HTML attribute. Even if the function is defined, the click is blocked.
|
||||||
|
|
||||||
|
**Why:** These are Cloudflare "performance optimizations" that can't be disabled without Cloudflare dashboard access (no API keys stored).
|
||||||
|
|
||||||
|
**How to apply:** For any page with JavaScript that must work:
|
||||||
|
- Add `Cache-Control: no-transform, no-store` response header — this tells Cloudflare not to modify the response. Use `ini_set('session.cache_limiter', '')` before session_start() or the session headers will override it.
|
||||||
|
- Never use inline event handler attributes (`onclick=`, `onkeydown=`). Always use `addEventListener()`.
|
||||||
|
- The main JARVIS app (jarvis.orbishosting.com) is now served via `index.php` which adds this header automatically.
|
||||||
|
|
||||||
|
**Current solution (2026-06-01):**
|
||||||
|
- Login: `login.php` (pure PHP form POST, no JS) with `Cache-Control: no-transform`
|
||||||
|
- Entry point: `index.php` checks PHP session, redirects to `login.php` if not auth'd
|
||||||
|
- App served with token injected as `var __jarvisToken` global + CSS forcing loginScreen hidden
|
||||||
|
- See [[project-jarvis]] for full architecture
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
name: feedback-context-management
|
||||||
|
description: User wants to be warned before context limit and have tasks cleanly finished before running out
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: feedback
|
||||||
|
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
|
||||||
|
---
|
||||||
|
|
||||||
|
Warn the user proactively when the conversation is getting long and approaching the context limit — before a task is left in a broken/hanging state. Finish or save the current task cleanly, then let the user know the session needs to continue fresh.
|
||||||
|
|
||||||
|
**Why:** User wants nothing left hanging when a session ends.
|
||||||
|
|
||||||
|
**How to apply:** When making edits mid-feature, always commit and deploy what's done so far. Before starting something large when context is already long, warn the user and offer to continue in a new session rather than starting something that won't finish.
|
||||||
@@ -0,0 +1,43 @@
|
|||||||
|
---
|
||||||
|
name: feedback-github-workflow
|
||||||
|
description: Standing rule — all website and Jarvis changes must be committed to GitHub then deployed to the server
|
||||||
|
metadata:
|
||||||
|
type: feedback
|
||||||
|
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
|
||||||
|
---
|
||||||
|
|
||||||
|
For every code change to any website or Jarvis: commit to GitHub first, then deploy to the live server. Never make changes directly without a git commit.
|
||||||
|
|
||||||
|
**Why:** User explicitly requested this as a standing workflow on 2026-05-22.
|
||||||
|
|
||||||
|
**How to apply:** After editing any file:
|
||||||
|
1. `git add -A && git commit -m "description"` in the site root
|
||||||
|
2. `git push origin main`
|
||||||
|
3. Then SCP/SSH the changed files to the live server (or git pull if pull-based deploy is set up)
|
||||||
|
|
||||||
|
## Repo Map
|
||||||
|
|
||||||
|
| Site / Project | Server | Path | GitHub Repo |
|
||||||
|
|---|---|---|---|
|
||||||
|
| tomsjavajive.com | 165.22.1.228 | /home/tomsjavajive.com/public_html | myronblair/tomsjavajive |
|
||||||
|
| epictravelexpeditions.com | 165.22.1.228 | /home/epictravelexpeditions.com/public_html | myronblair/epictravelexpeditions |
|
||||||
|
| orbishosting.com | 165.22.1.228 | /home/orbishosting.com/public_html | myronblair/orbishosting |
|
||||||
|
| orbis.orbishosting.com | 165.22.1.228 | /home/orbis.orbishosting.com/public_html | myronblair/orbis-hosting-portal |
|
||||||
|
| parkerslingshotrentals.com | 165.22.1.228 | /home/parkerslingshotrentals.com/public_html | myronblair/parkerslingshotrentals |
|
||||||
|
| tomtomgames.com | 165.22.1.228 | /home/tomtomgames.com/public_html | myronblair/tomtomgames |
|
||||||
|
| JARVIS | 10.48.200.84 | /var/www/jarvis.orbishosting.com | myronblair/jarvis |
|
||||||
|
|
||||||
|
## Gitignored Credentials (never in GitHub)
|
||||||
|
- tomsjavajive: `config/database.php`
|
||||||
|
- epictravelexpeditions: `api/config.php`
|
||||||
|
- jarvis: `api/config.php`
|
||||||
|
|
||||||
|
## Git on Servers
|
||||||
|
- DO server (165.22.1.228): SSH as root, git runs as root, safe.directory set for all /home/*/public_html paths
|
||||||
|
- Jarvis (10.48.200.84): SSH as myron, git requires `sudo` + explicit GIT_DIR/GIT_WORK_TREE env vars
|
||||||
|
|
||||||
|
## PAT
|
||||||
|
- **Token:** `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`
|
||||||
|
- Embedded in all remote URLs on both servers (DO + Jarvis)
|
||||||
|
- Expires ~90 days from 2026-05-22 (around 2026-08-20)
|
||||||
|
- Rotate via: `git remote set-url origin https://myronblair:NEW_TOKEN@github.com/myronblair/REPO.git`
|
||||||
@@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
name: feedback-mysql-collation
|
||||||
|
description: Always use utf8mb4_unicode_ci for new tables — mixing collations breaks JOINs with MySQL error 1267
|
||||||
|
metadata:
|
||||||
|
type: feedback
|
||||||
|
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
|
||||||
|
---
|
||||||
|
|
||||||
|
All new tables in these MySQL databases must use `utf8mb4_unicode_ci` collation. Never use `utf8mb4_general_ci` or leave it at the server default without checking.
|
||||||
|
|
||||||
|
**Why:** Mixing `utf8mb4_general_ci` and `utf8mb4_unicode_ci` in a JOIN causes MySQL error 1267: "Illegal mix of collations." This silently broke wishlist.php and reviews.php on tomsjavajive.com — pages returned 500 with no visible error until a diagnostic script revealed the PDO exception. Fixed by running `ALTER TABLE x CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci` on the mismatched tables.
|
||||||
|
|
||||||
|
**How to apply:**
|
||||||
|
- When writing `CREATE TABLE`, always include `COLLATE utf8mb4_unicode_ci`
|
||||||
|
- When checking an existing table: `SHOW CREATE TABLE tablename\G` — look at the COLLATE line
|
||||||
|
- Fix a bad table: `ALTER TABLE tablename CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci`
|
||||||
|
- Affected tables on tomsjavajive.com that were wrong (now fixed): wishlist, loyalty_transactions, loyalty_tiers, product_types, loyalty_settings
|
||||||
@@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
name: feedback-php-ob-export
|
||||||
|
description: PHP file export/AJAX handlers that run after ob_start()+header.php must call ob_end_clean() before sending headers
|
||||||
|
metadata:
|
||||||
|
type: feedback
|
||||||
|
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
|
||||||
|
---
|
||||||
|
|
||||||
|
When a PHP admin page uses the pattern `ob_start()` + `require_once header.php` at the top, any handler that sends a non-HTML response (CSV download, JSON AJAX, redirect) must call `ob_end_clean()` before setting Content-Type headers and outputting content.
|
||||||
|
|
||||||
|
**Why:** `ob_start()` buffers everything. `require_once header.php` fills the buffer with a full HTML page before any request-type checks run. Without `ob_end_clean()`, the browser receives the full HTML page *followed by* the CSV/JSON body — the export appears to download the entire rendered page instead of the file.
|
||||||
|
|
||||||
|
**How to apply:** Any time I add a file export or AJAX handler to an admin page that uses this pattern:
|
||||||
|
|
||||||
|
```php
|
||||||
|
// ✅ correct
|
||||||
|
if (isset($_GET['export'])) {
|
||||||
|
ob_end_clean(); // discard buffered HTML from header.php
|
||||||
|
header('Content-Type: text/csv; charset=UTF-8');
|
||||||
|
header('Content-Disposition: attachment; filename="export.csv"');
|
||||||
|
// ... output CSV ...
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
// ✅ correct for AJAX
|
||||||
|
if ($action === 'inline_edit') {
|
||||||
|
ob_end_clean();
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
echo json_encode(['ok' => true]);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
First discovered and fixed in `admin/import-export.php` on tomsjavajive.com (2026-05-22).
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
name: feedback-ssh-passwords
|
||||||
|
description: SSH password rotation order for home lab servers; escalation path from myron to root
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: feedback
|
||||||
|
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
|
||||||
|
---
|
||||||
|
|
||||||
|
Try passwords in this order when SSH password auth is needed for home lab hosts:
|
||||||
|
|
||||||
|
1. `Joker1974!@#`
|
||||||
|
2. `Joker1974!!!`
|
||||||
|
3. `Joker1974!`
|
||||||
|
|
||||||
|
Root login is allowed on Proxmox hosts (PVE1 10.48.200.90, PVE2 10.48.200.91) directly.
|
||||||
|
On some VMs, login as `myron / Joker1974!!!` then `sudo su` or `sudo -i` to escalate to root.
|
||||||
|
|
||||||
|
**Why:** User confirmed these are the rotating passwords used across the home lab.
|
||||||
|
|
||||||
|
**How to apply:** Before trying key auth failures or giving up on SSH, cycle through these three variants. [[project-jarvis]]
|
||||||
@@ -0,0 +1,62 @@
|
|||||||
|
---
|
||||||
|
name: feedback-yealink-api
|
||||||
|
description: "Yealink T48S web API quirks — RSA/AES login, token-gated writes, correct page/field names for SIP account config"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: feedback
|
||||||
|
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
|
||||||
|
---
|
||||||
|
|
||||||
|
Yealink T48S web API (firmware 66.86.0.15) — complete working flow:
|
||||||
|
|
||||||
|
## Login (PKCS1v15 + AES-CBC hybrid)
|
||||||
|
|
||||||
|
1. GET `/servlet?m=mod_listener&p=login&q=loginForm` — fetch RSA public key (`g_rsa_n`, `g_rsa_e`) and initial `JSESSIONID` cookie
|
||||||
|
2. Generate random 16-byte AES key + IV; encrypt plaintext `{rand};{JSESSIONID};{password}` with AES-128-CBC zero-padding (NOT PKCS7), base64 result → `pwd`
|
||||||
|
3. RSA-encrypt AES key hex string and IV hex string separately with PKCS1v15 → `rsakey`, `rsaiv`
|
||||||
|
- **Critical**: encrypt the ASCII hex string (e.g. `"a1b2c3..."`) not raw bytes — Yealink's `pkcs1pad2` uses `charCodeAt` per character
|
||||||
|
- **Critical**: AES key/IV hex must be **lowercase**
|
||||||
|
4. POST `username=admin&pwd=<b64>&rsakey=<hex>&rsaiv=<hex>` to `/servlet?m=mod_listener&p=login&q=login` with `JSESSIONID` cookie
|
||||||
|
5. Returns `{"authstatus":"done"}` on success; cookie jar updates with new JSESSIONID
|
||||||
|
|
||||||
|
**Lockout**: 3 failed attempts → ~10 min lockout (polling the login page also resets the timer — stop ALL requests to the phone during lockout)
|
||||||
|
|
||||||
|
## SIP Account Config (account-register page)
|
||||||
|
|
||||||
|
- **Page**: `account-register` (NOT `account-basic` — that page only has anonymous-call advanced fields)
|
||||||
|
- **Load**: GET `/servlet?m=mod_data&p=account-register&q=load`
|
||||||
|
- **Write**: POST `/servlet?m=mod_data&p=account-register&q=write&token=<g_strToken>`
|
||||||
|
- Token is **required** — without it returns 403; with it returns 200 + empty `_RES_INFO_` div (that empty response IS success)
|
||||||
|
- Token comes from `g_strToken` variable in the loaded page HTML
|
||||||
|
|
||||||
|
**Correct field names** for SIP account 1:
|
||||||
|
| Field | Value |
|
||||||
|
|-------|-------|
|
||||||
|
| `var_accountID` | `0` (0-indexed) |
|
||||||
|
| `AccountEnable` | `1` |
|
||||||
|
| `AccountLabel` | display label |
|
||||||
|
| `AccountDisplayName` | caller ID name |
|
||||||
|
| `AccountRegisterName` | SIP auth username (e.g. `1000`) |
|
||||||
|
| `AccountUserName` | SIP username (e.g. `1000`) |
|
||||||
|
| `server1` | SIP server IP (e.g. `134.209.72.226`) |
|
||||||
|
| `port1` | SIP port (e.g. `5080`) |
|
||||||
|
| `Transport1` | `0` = UDP |
|
||||||
|
| `Expires1` | registration expiry seconds |
|
||||||
|
| `AccountPassword` | AES-encrypted password (same AES key/IV as login) |
|
||||||
|
|
||||||
|
**Password encryption for writes**: Same AES-CBC approach as login — encrypt plaintext password bytes with zero-padding, base64 result → `AccountPassword`. Send same `rsakey` + `rsaiv` alongside.
|
||||||
|
|
||||||
|
## Autoprovision Trigger
|
||||||
|
|
||||||
|
GET `/servlet?m=mod_data&p=settings-autop&q=autopnow&token=<g_strToken>` → returns `{"ret":"ok","data":"3"}` on success
|
||||||
|
|
||||||
|
## Reboot
|
||||||
|
|
||||||
|
POST `/servlet?m=mod_data&p=settings-upgrade&q=write&type=reboot`
|
||||||
|
|
||||||
|
## SIP Registration Status
|
||||||
|
|
||||||
|
Load page contains JS: `ccStatus = g_json.ParseJSON(...)` with JSON like `{"Account1":"1000@134.209.72.226:2"}` — status codes: `0`=disabled, `1`=registered, `2`=registering, `3`=failed
|
||||||
|
|
||||||
|
**Why:** All this was reverse-engineered from Yealink's `commonjs.js` (`pkcs1pad2` function) across multiple sessions after many failed approaches (textbook RSA, wrong plaintext format, wrong field names, missing token).
|
||||||
|
**How to apply:** Use this as the reference any time we script Yealink T48S configuration via its web API. Scripts are saved at `/tmp/yfix_server.py` and `/tmp/ydiag_write.py` (on PVE1) as working examples.
|
||||||
@@ -0,0 +1,59 @@
|
|||||||
|
---
|
||||||
|
name: feedback-yealink-provisioning
|
||||||
|
description: Yealink T48S + FusionPBX provisioning — complete root causes and fixes for BLF buttons not showing
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: feedback
|
||||||
|
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
|
||||||
|
---
|
||||||
|
|
||||||
|
**THE ROOT CAUSE OF BLF BUTTONS NOT SHOWING (confirmed fix 2026-05-29):**
|
||||||
|
|
||||||
|
Yealink phones ignore DSS key settings in `.boot` files — they only apply them from `.cfg` files. FusionPBX's nginx rewrite for `{mac}.boot` stripped the `file=` param, so the phone received the full 122KB config as a `.boot` file and silently ignored all linekey settings.
|
||||||
|
|
||||||
|
**Fix:** Two-part:
|
||||||
|
1. Create `{$mac}.boot` template in `/var/www/fusionpbx/resources/templates/provision/yealink/t48s/` containing:
|
||||||
|
```
|
||||||
|
#!version:1.0.0.1
|
||||||
|
include:config "y000000000065.cfg"
|
||||||
|
include:config "{$mac}.cfg"
|
||||||
|
overwrite_mode = 1
|
||||||
|
```
|
||||||
|
2. Change nginx rewrite in `/etc/nginx/sites-enabled/fusionpbx`:
|
||||||
|
- OLD: `rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.boot)$" /app/provision/index.php?mac=$1;`
|
||||||
|
- NEW: `rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.boot)$" /app/provision/index.php?mac=$1&file=%7b%24mac%7d.boot;`
|
||||||
|
|
||||||
|
This makes `{mac}.boot` return a 164-byte boot file with includes. Phone then fetches `{mac}.cfg` as a `.cfg` file, applies ALL settings including DSS/BLF keys.
|
||||||
|
|
||||||
|
**After provisioning on firmware 66.86.0.15:** Phone requires a physical power cycle to register and show BLF buttons. `Update Now` downloads the config but doesn't auto-reboot on this firmware.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
**Other critical lessons:**
|
||||||
|
|
||||||
|
**1. overwrite_mode = 1 is required** — default is 0, phone ignores all config changes after first provision.
|
||||||
|
- Set in `{$mac}.boot` template (and all `y000000000000.boot` templates)
|
||||||
|
|
||||||
|
**2. Factory reset clears the provisioning URL** — must re-enter manually:
|
||||||
|
- Menu > Settings > Advanced (password: admin) > Auto Provision
|
||||||
|
- Server URL: `https://fusion.orbishosting.com/app/provision/`
|
||||||
|
- Username: `provision-master`, Password: `Joker1974!!!`
|
||||||
|
- Then: Update Now → power cycle
|
||||||
|
|
||||||
|
**3. BLF type = 16 in FusionPBX** (confirmed). NOT type=2 (Speed Dial), NOT type=3.
|
||||||
|
- FusionPBX template uses type=16 for BLF (requires `pickup_value` field)
|
||||||
|
- `{if type == "1" || type == "16"}` → pickup_value in `{$mac}.cfg` template confirms this
|
||||||
|
|
||||||
|
**4. features.auto_linekeys.enable = 0** in `y000000000065.cfg` template — prevents phone firmware from auto-assigning SIP account over BLF keys.
|
||||||
|
|
||||||
|
**5. External sofia profile: manage-presence = passive** (not true).
|
||||||
|
- Internal profile: manage-presence = true (already correct in FusionPBX default)
|
||||||
|
- External profile must be passive so BLF SUBSCRIBEs from phones on port 5080 delegate to internal
|
||||||
|
- Fix: UPDATE v_sip_profile_settings SET value='passive' WHERE profile=external AND name='manage-presence'
|
||||||
|
- Then delete `/var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` and reload sofia
|
||||||
|
|
||||||
|
**6. git safe.directory for www-data** — Fix: `git config --system --add safe.directory /var/www/fusionpbx`
|
||||||
|
|
||||||
|
**7. After manual provision (Update Now):** phone may not register until power cycled, especially firmware 66.86.0.15.
|
||||||
|
|
||||||
|
**How to apply:** When BLF buttons don't appear despite config downloading correctly, check: (1) is {mac}.boot returning 164 bytes or 122KB? (2) is external sofia profile passive? (3) did the phone power cycle after provisioning?
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
name: project-claude-vm
|
||||||
|
description: Claude Code runs on PVE1 VM 107 (Claude-DHCP) at 10.48.200.29 — the local environment for all Claude Code sessions
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: 16664adb-5228-4a2a-bffb-7e783ad13af1
|
||||||
|
---
|
||||||
|
|
||||||
|
Claude Code sessions run inside **PVE1 VM 107** named "Claude-DHCP".
|
||||||
|
|
||||||
|
- **IP**: 10.48.200.29 (DHCP — may change on reboot)
|
||||||
|
- **Hostname**: claude
|
||||||
|
- **Hypervisor**: PVE1 (10.48.200.90 / orbisne.fortiddns.com)
|
||||||
|
- **No JARVIS agent installed** on this VM
|
||||||
|
|
||||||
|
**Why:** This explains why SSH to local IPs works directly, and why the working directory is /home/myron on a Linux VM rather than a remote machine.
|
||||||
|
**How to apply:** When commands run "locally," they run inside this VM on the 10.48.200.0/24 LAN. Direct SSH to other LAN machines works without relaying through DO.
|
||||||
@@ -0,0 +1,47 @@
|
|||||||
|
---
|
||||||
|
name: do-server-backup
|
||||||
|
description: "DO server (165.22.1.228) config backup to GitHub — weekly cron, restore wizard, full rebuild guide"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
|
||||||
|
---
|
||||||
|
|
||||||
|
GitHub repo `myronblair/do-server-config` (private) — all scripts, systemd units, WireGuard, OLS vhosts, cron, MySQL creds.
|
||||||
|
|
||||||
|
**Why:** So the DO server (orbis) can be fully rebuilt after a droplet failure in ~90 minutes.
|
||||||
|
|
||||||
|
## What's Backed Up
|
||||||
|
- `scripts/` — jarvis-deploy.sh, jarvis-watchdog.sh, jarvis-backup.sh, jarvis-agent.py, ttg-backup.sh
|
||||||
|
- `systemd/` — jarvis-agent.service, fastapi_ssh_server.service
|
||||||
|
- `wireguard/` — wg0.conf (includes private keys — private repo)
|
||||||
|
- `network/` — netplan 50-cloud-init.yaml, hosts, hostname
|
||||||
|
- `cron/` — root_custom (JARVIS lines), root_full (everything)
|
||||||
|
- `ols-vhosts/` — all 8 site OLS vhost configs
|
||||||
|
- `mysql/` — /root/.my.cnf, database list
|
||||||
|
- `infra/` — snapshot of /opt/infra/
|
||||||
|
- `smtp-docs/` — /opt/smtp-for-websites/ docs
|
||||||
|
|
||||||
|
## Schedule
|
||||||
|
Weekly Sunday 4am: `0 4 * * 0 /usr/local/bin/do-server-backup >> /var/log/do-server-backup.log 2>&1`
|
||||||
|
|
||||||
|
## Manual trigger
|
||||||
|
`/usr/local/bin/do-server-backup` on DO server
|
||||||
|
|
||||||
|
## What's NOT backed up
|
||||||
|
- Website files (all in GitHub repos)
|
||||||
|
- Databases (jarvis-backup.sh daily → /var/backups/jarvis/, 7-day retention)
|
||||||
|
- SSL certs (re-issue via CyberPanel)
|
||||||
|
- Gitignored configs (api/config.php files — recreate manually from examples)
|
||||||
|
- CyberPanel itself (reinstall script: sh <(curl https://cyberpanel.net/install.sh))
|
||||||
|
|
||||||
|
## Restore flow
|
||||||
|
1. New Ubuntu 24.04 droplet
|
||||||
|
2. `apt install git && git clone https://<PAT>@github.com/myronblair/do-server-config.git /opt/do-server-config`
|
||||||
|
3. `bash /opt/do-server-config/restore.sh` (8-phase interactive wizard)
|
||||||
|
4. Install CyberPanel, create sites, pull GitHub repos
|
||||||
|
5. Restore DBs from jarvis-backup.sh archive
|
||||||
|
6. Recreate gitignored config files
|
||||||
|
|
||||||
|
## MySQL root password
|
||||||
|
Z9Of4NVs6ji74x (also in mysql/my.cnf in repo)
|
||||||
@@ -0,0 +1,103 @@
|
|||||||
|
---
|
||||||
|
name: fusionpbx-freeswitch-setup
|
||||||
|
description: FusionPBX on DO 134.209.72.226; Yealink T48S ext 1000/1001/1002; SignalWire SIP trunk; inbound routing; provisioning
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: 84bfb029-16a6-4be4-aca0-308e896c1219
|
||||||
|
---
|
||||||
|
|
||||||
|
FusionPBX (FreeSWITCH) PBX on DigitalOcean 134.209.72.226.
|
||||||
|
**SSH:** root / Joker1974!@# (must proxy via 165.22.1.228 — direct SSH blocked)
|
||||||
|
**FusionPBX web:** https://fusion.orbishosting.com (admin / fY7XP5swgtpbzrYLhkeVYkA4744)
|
||||||
|
**DB:** fusionpbx user / pSJaF9mUJqPr4Sj5mwJyRqvCCpc, host 127.0.0.1
|
||||||
|
**Domain:** `134.209.72.226` (uuid: de6d867b-54d2-43f4-b1ed-8fd66803acac) — all devices under this domain
|
||||||
|
|
||||||
|
## SIP Profile
|
||||||
|
Only `external` profile running (port 5080, UDP+TCP). No internal profile.
|
||||||
|
Phones register on external profile — non-standard but working.
|
||||||
|
Key settings (2026-06-02):
|
||||||
|
- `auth-calls = true`
|
||||||
|
- `apply-inbound-acl = providers`
|
||||||
|
- `proxy-media = true` (fixes NAT audio issues)
|
||||||
|
- `aggressive-nat-detection = true`, `NDLB-force-rport = true`
|
||||||
|
- `minimum-session-expires = 300`
|
||||||
|
|
||||||
|
**Warning:** Every `sofia profile external restart` drops all phone registrations. Prefer `reloadxml` + `reloadacl` where possible.
|
||||||
|
|
||||||
|
## Extensions
|
||||||
|
- 1000: Myron Blair — Yealink T48S at 10.48.200.2, MAC 80:5e:c0:35:04:77, password `Xk9mPw3nQv7rLs2t`
|
||||||
|
- 1001: Tommy Ivy — Yealink T48S at 10.48.200.43, password `Tv8xNm4pWq6rZs3k`
|
||||||
|
- 1002: Home — Yealink AX86R at 10.48.200.65, password `yXHaJTwa8rj?$GkrVFQB`
|
||||||
|
|
||||||
|
**1001 short registration:** Registers with ~120s expiry. Causes brief unavailability during re-reg. Fix properly by setting registration expiry to 3600s on the phone itself.
|
||||||
|
|
||||||
|
## Phones NAT
|
||||||
|
All phones come from FortiGate NAT IP **97.247.128.120** (updated 2026-06-17, was 97.154.109.245). This IP is in the `providers` ACL — required for both inbound call routing AND outbound calls from phones.
|
||||||
|
|
||||||
|
## providers ACL (v_access_controls uuid: 47da18a2-6085-4740-a316-6d1bce8240b5)
|
||||||
|
Contains: all SignalWire IP ranges (172.110.216.0/21 + individual IPs) + 97.247.128.120 (FortiGate/phones).
|
||||||
|
|
||||||
|
## SignalWire Gateway
|
||||||
|
- FusionPBX gateway name: `signalwire`, profile: `external`
|
||||||
|
- Username: `fusion@orbis-hosting-0364f5f67488.sip.signalwire.com`
|
||||||
|
- `register = false` (IP-based auth), state NOREG / status UP = correct
|
||||||
|
|
||||||
|
**CRITICAL — transport=udp required:**
|
||||||
|
SignalWire SIP Gateway External URI MUST be:
|
||||||
|
`sip:18177645007@134.209.72.226:5080;transport=udp`
|
||||||
|
Without `;transport=udp`, SignalWire uses TCP from 152.42.144.114 / 159.65.244.171 which FreeSWITCH silently drops (no log entry, no response). Only UDP from 172.110.223.179 works. 20/22 calls failed before this fix.
|
||||||
|
|
||||||
|
## Inbound Call Routing (DID: +18177645007)
|
||||||
|
SignalWire sends caller's number as Request-URI destination (not the DID) even with SIP Gateway configured. Single-mode Lua handler can't match this to v_destinations → falls to not-found.
|
||||||
|
|
||||||
|
**Fix:** Global catch-all dialplan:
|
||||||
|
- Name: `signalwire-inbound`, context: `public`, order: 100, domain_uuid: NULL
|
||||||
|
- Expression: `^.*$` → `transfer 900 XML 134.209.72.226`
|
||||||
|
- If deleted, calls fall through to not-found (404)
|
||||||
|
|
||||||
|
Public dialplan order:
|
||||||
|
1. caller-details (10, global, continue=true)
|
||||||
|
2. signalwire-inbound (100, global) → IVR 900
|
||||||
|
3. 18177645007 (100, domain-specific, expression ^(.*)$) → linked via v_destinations
|
||||||
|
4. not-found (999, global)
|
||||||
|
|
||||||
|
## IVR
|
||||||
|
- Extension 900: active IVR, greeting: `ivr_menu_16k.wav`
|
||||||
|
- Extension 800: old FIFO queue (disabled)
|
||||||
|
- IVR dialplan in domain context 134.209.72.226, name "IVR", matches `^900$`
|
||||||
|
|
||||||
|
## Yealink Provisioning
|
||||||
|
URL: `https://fusion.orbishosting.com/app/provision/`
|
||||||
|
Boot file: `{mac}.boot`, model cfg: `y000000000065.cfg`, device cfg: `{mac}.cfg`
|
||||||
|
Yealink web login uses textbook RSA (no padding): encrypt password with g_rsa_n/g_rsa_e from login page using `pow(m,e,n)`.
|
||||||
|
**Web lockout:** Multiple failed logins lock the web UI for several minutes.
|
||||||
|
Provision trigger: `GET /servlet?p=autoprovision-cfg&q=autoprovision`
|
||||||
|
Reboot API: `POST /servlet?p=reboot&q=reboot` (empty body)
|
||||||
|
|
||||||
|
**2026-06-02 issue:** `yealink_firmware_t48s = t48s-66.81.0.110.rom` in v_default_settings caused phone to get stuck downloading non-existent firmware. Fixed by disabling that setting (enabled=false). Phone 1000 (10.48.200.2) had its config reset during this process.
|
||||||
|
|
||||||
|
**Ext 1000 recovery:** If 1000 not registering — go to phone screen: Menu → Settings → Advanced → admin → Accounts → Account 1:
|
||||||
|
server `134.209.72.226`, port `5080`, auth/user `1000`, password `Xk9mPw3nQv7rLs2t`
|
||||||
|
|
||||||
|
## Key Commands
|
||||||
|
```bash
|
||||||
|
# Reload ACL without restart
|
||||||
|
fs_cli -x "reloadacl"
|
||||||
|
# Reload dialplan/XML config
|
||||||
|
fs_cli -x "reloadxml"
|
||||||
|
# Restart external profile (drops registrations — avoid)
|
||||||
|
fs_cli -x "sofia profile external restart"
|
||||||
|
# Check registrations
|
||||||
|
fs_cli -x "sofia status profile external reg"
|
||||||
|
# Check gateway
|
||||||
|
fs_cli -x "sofia xmlstatus gateway"
|
||||||
|
# Clear dialplan cache
|
||||||
|
rm -f /var/cache/fusionpbx/dialplan.public.*
|
||||||
|
# Clear sofia profile cache
|
||||||
|
rm -f /var/cache/fusionpbx/fusion.configuration.sofia.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
## fail2ban Whitelist
|
||||||
|
- 107.178.2.130 (office), 97.247.128.120 (home WAN — updated 2026-06-17, was 97.154.109.245)
|
||||||
|
- sip-auth-ip iptables chain — can get the FortiGate IP blocked; check with `iptables -L sip-auth-ip -n`
|
||||||
@@ -0,0 +1,98 @@
|
|||||||
|
---
|
||||||
|
name: fusionpbx-backup
|
||||||
|
description: "FusionPBX (134.209.72.226) config backup to GitHub — weekly cron, restore wizard, PostgreSQL dump, full rebuild guide"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
|
||||||
|
---
|
||||||
|
|
||||||
|
GitHub repo `myronblair/fusionpbx-config` (private) — PostgreSQL DB dump + FreeSWITCH configs + full rebuild guide.
|
||||||
|
|
||||||
|
**Why:** FusionPBX stores ALL config in PostgreSQL — extensions, dialplans, SIP gateways, IVR, ring groups, devices, voicemail, users. The DB dump IS the backup.
|
||||||
|
|
||||||
|
**How to apply:** Reference when discussing FusionPBX DR, the backup cron, or if the server needs to be rebuilt. See [[fusionpbx-freeswitch-setup]] for full FusionPBX operational config.
|
||||||
|
|
||||||
|
## SSH Access (critical — port 22 firewalled from internet)
|
||||||
|
Only accessible from: 107.178.2.130 (FortiGate home) and 97.154.109.245 (FortiGate secondary).
|
||||||
|
**From anywhere else, relay through DO:**
|
||||||
|
```bash
|
||||||
|
sshpass -p 'Gonewalk1974!@#' ssh -o StrictHostKeyChecking=no root@165.22.1.228 \
|
||||||
|
'sshpass -p "Joker1974!@#" ssh -o StrictHostKeyChecking=no root@134.209.72.226 "command"'
|
||||||
|
```
|
||||||
|
|
||||||
|
## Repo Structure
|
||||||
|
- `database/fusionpbx.sql.gz` — Full PostgreSQL dump (gzip compressed; 306MB raw → ~29MB)
|
||||||
|
- `database/postgres_globals.sql` — PostgreSQL roles/passwords
|
||||||
|
- `freeswitch/` — vars.xml, freeswitch.xml, extensions.conf, sip_profiles/, autoload_configs/
|
||||||
|
- `fusionpbx-app/config.php` — DB credentials for FusionPBX web app
|
||||||
|
- `nginx/fusionpbx.conf` — nginx config (includes provisioning URL rewrites)
|
||||||
|
- `fail2ban/` — jail.local (trusted IPs: 107.178.2.130, 97.154.109.245)
|
||||||
|
- `network/` — netplan 50-cloud-init.yaml, hosts, hostname
|
||||||
|
- `systemd/` — 9 FusionPBX service units (active_calls, email_queue, event_guard, etc.)
|
||||||
|
- `ssh/authorized_keys`
|
||||||
|
- `recordings/` — call recordings (~4KB currently)
|
||||||
|
|
||||||
|
## Schedule
|
||||||
|
Weekly Sunday 5am: `0 5 * * 0 /usr/local/bin/fusionpbx-backup >> /var/log/fusionpbx-backup.log 2>&1`
|
||||||
|
|
||||||
|
## Manual trigger
|
||||||
|
`/usr/local/bin/fusionpbx-backup` on the fusion server (or via DO relay)
|
||||||
|
|
||||||
|
## What's NOT backed up
|
||||||
|
- SSL certs — re-issue: `certbot --nginx -d fusion.orbishosting.com`
|
||||||
|
- FusionPBX web app `/var/www/fusionpbx/` — reinstalled by official installer
|
||||||
|
- FreeSWITCH binary — installed by FusionPBX installer
|
||||||
|
- Voicemail audio files — small, not critical
|
||||||
|
|
||||||
|
## Full Rebuild Flow (30–45 min)
|
||||||
|
|
||||||
|
### 1. New Debian 12 droplet
|
||||||
|
Create fresh DO droplet, same region. SSH in (relay via DO if needed).
|
||||||
|
|
||||||
|
### 2. Clone repo and run restore
|
||||||
|
```bash
|
||||||
|
apt update && apt install -y git
|
||||||
|
git clone https://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@github.com/myronblair/fusionpbx-config.git /opt/fusionpbx-config
|
||||||
|
bash /opt/fusionpbx-config/restore.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
### 3. Restore script phases (interactive)
|
||||||
|
1. SSH authorized_keys + hostname
|
||||||
|
2. Run FusionPBX official installer (separate terminal, ~10-15 min):
|
||||||
|
`wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/install.sh | bash`
|
||||||
|
→ When asked for domain: `fusion.orbishosting.com`
|
||||||
|
3. **Critical: PostgreSQL restore** — stops all services, drops+recreates DB, restores from `.sql.gz`
|
||||||
|
4. FreeSWITCH config files
|
||||||
|
5. FusionPBX app config.php (DB credentials)
|
||||||
|
6. nginx config
|
||||||
|
7. fail2ban
|
||||||
|
8. Recordings
|
||||||
|
9. Backup script + cron
|
||||||
|
10. SSL (manual: `certbot --nginx -d fusion.orbishosting.com`)
|
||||||
|
|
||||||
|
### 4. Post-restore checks
|
||||||
|
- Update fail2ban trusted IPs if FortiGate IP changed
|
||||||
|
- Update Yealink provisioning URL if server IP changed (was 134.209.72.226)
|
||||||
|
- Verify SignalWire trunk: FusionPBX → Accounts → Gateways
|
||||||
|
- Delete Sofia XML cache: `rm /var/cache/fusionpbx/FusionPBX.configuration.sofia.conf`
|
||||||
|
- Test ext 1000 (Myron Yealink T48S at 10.48.200.43)
|
||||||
|
- Test ext 1001 (Tommy)
|
||||||
|
- Test IVR 900
|
||||||
|
|
||||||
|
## Key Credentials
|
||||||
|
| Item | Value |
|
||||||
|
|------|-------|
|
||||||
|
| FusionPBX web | https://fusion.orbishosting.com (admin / fY7XP5swgtpbzrYLhkeVYkA4744) |
|
||||||
|
| Root SSH | root / Joker1974!@# |
|
||||||
|
| PostgreSQL | fusionpbx database, user fusionpbx |
|
||||||
|
| Relay DO server | root@165.22.1.228 / Gonewalk1974!@# |
|
||||||
|
|
||||||
|
## Architecture Notes
|
||||||
|
- FusionPBX uses Lua XML handler — FreeSWITCH queries PostgreSQL via PHP/Lua for all routing. Static XML config in `/etc/freeswitch/` is mostly skeleton.
|
||||||
|
- SignalWire SIP trunk uses `transport=udp` — TCP caused re-INVITE issues (gateway External URI must end in `;transport=udp`)
|
||||||
|
- Ext 1000 (Yealink T48S) registers from behind FortiGate on port 5080 with `aggressive-nat-detection=true`
|
||||||
|
- FusionPBX cache at `/var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` — delete to force full Sofia reload
|
||||||
|
|
||||||
|
## PostgreSQL Dump Size Note
|
||||||
|
306MB uncompressed, 29MB gzipped. Exceeds GitHub's 100MB limit uncompressed. Must use gzip (`pg_dump | gzip > fusionpbx.sql.gz`). Restore.sh handles both `.sql.gz` (zcat) and plain `.sql` formats.
|
||||||
@@ -0,0 +1,45 @@
|
|||||||
|
---
|
||||||
|
name: project-infra-todo
|
||||||
|
description: Infrastructure TODO list — outstanding issues and fixes needed across homelab
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: b1e93a6a-f101-4ea4-aafb-9cb7e2958821
|
||||||
|
---
|
||||||
|
|
||||||
|
# Infrastructure TODO
|
||||||
|
|
||||||
|
Last updated: 2026-06-24
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🔴 OPEN
|
||||||
|
|
||||||
|
- [x] **CT110 WireGuard filesystem read-only** — fsck run, filesystem clean and rw. wg-clients.conf updated with new MediaStack pubkey. 2026-06-24.
|
||||||
|
|
||||||
|
- [x] **CT110 wg-clients auto-start** — added `/etc/local.d/wg-clients.start` (OpenRC local service). wg-clients comes up on boot. 2026-06-24.
|
||||||
|
|
||||||
|
- [x] **MediaStack QEMU guest agent** — installed and running, `qm guest exec 103` verified working 2026-06-24.
|
||||||
|
|
||||||
|
- [x] **Tailscale re-auth on PVE1** — completed 2026-06-24.
|
||||||
|
|
||||||
|
- [x] **NovaCPX stale ARP fix permanence** — static ARP for 10.48.200.201 (bc:24:11:67:1d:47) set as PERMANENT via systemd `static-arp.service` on NovaCPX, enabled on boot 2026-06-24.
|
||||||
|
|
||||||
|
- [x] **web.orbishosting.com — Ollama link** — verified working 2026-06-24.
|
||||||
|
|
||||||
|
- [x] **MediaStack backup to new storage** — VM 103 disk now on GoFlex storage. Backup job runs nightly at 21:00 to SynologyProx and backs up VM regardless of disk location. Verified 2026-06-24.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## ✅ COMPLETED (2026-06-24 session)
|
||||||
|
|
||||||
|
- [x] MediaStack VM 103 restored from 2026-06-23 backup (I/O errors on Synology disk)
|
||||||
|
- [x] MediaStack disk moved off Synology to new storage
|
||||||
|
- [x] WireGuard kill-switch rebuilt on MediaStack — new keypair, CT110 peer updated, hardcoded fwmark, LAN exception correct
|
||||||
|
- [x] WireGuard tunnel verified — exits via DO (165.22.1.228), handshake active
|
||||||
|
- [x] Ollama listening on 0.0.0.0:11434 (was 127.0.0.1 only) — added systemd override
|
||||||
|
- [x] CT110 LAN IP corrected to 10.48.200.67 (was wrongly documented as 10.48.200.19)
|
||||||
|
- [x] NovaCPX 502s fixed — flushed stale ARP on NovaCPX for NPM's IP
|
||||||
|
- [x] web.orbishosting.com WireGuard CT link updated to 10.48.200.67
|
||||||
|
- [x] JARVIS admin URL updated to https://jarvis.orbishosting.com/admin/ everywhere
|
||||||
|
- [x] web.orbishosting.com — Downloads card added (INFRASTRUCTURE-REFERENCE.md, syncs daily from JARVIS)
|
||||||
@@ -0,0 +1,167 @@
|
|||||||
|
---
|
||||||
|
name: project-jarvis
|
||||||
|
description: "JARVIS AI Iron Man HUD — DigitalOcean 165.22.1.228; full admin portal at /admin; network auto-scan via PVE1; GitHub: myronblair/jarvis"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
|
||||||
|
---
|
||||||
|
|
||||||
|
JARVIS is hosted on **PVE1 VM 211** (10.48.200.211), migrated from DO 2026-06-18. URL: https://jarvis.orbishosting.com (via NPM → VM 211). Admin: https://jarvis.orbishosting.com/admin/
|
||||||
|
|
||||||
|
**How to apply:** Files at `/var/www/jarvis/` on VM 211. SSH: `sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.211`
|
||||||
|
|
||||||
|
## Credentials
|
||||||
|
- Login: myron / Joker1974!!!
|
||||||
|
- DB: jarvis_db / jarvis_user / J4rv1s_Pr0t0c0l_2026!
|
||||||
|
- MySQL root: b71e5c1a8c7457541b9c1db822de37adfa271926a38b6c20
|
||||||
|
- phpMyAdmin: /phpmyadmin (myron / Joker1974!!!)
|
||||||
|
- HA token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjZmQyMTYxNzdkZGY0MGQ5YjlkNjFhMTFiZmViZTNhNCIsImlhdCI6MTc3OTI0MTI2MywiZXhwIjoyMDk0NjAxMjYzfQ.wD3yYiCHh6iEuH1mZckg4dgr3zOJHLmlMj_N0OyzdR4
|
||||||
|
- Agent registration key: f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518
|
||||||
|
- Proxmox API token: root@pam!jarvis=c45b5feb-f9a9-445d-a626-14fbb959f78b
|
||||||
|
|
||||||
|
## Network Map (verified 2026-06-17)
|
||||||
|
|
||||||
|
### PVE1 VMs (10.48.200.90, orbisne.fortiddns.com)
|
||||||
|
| VMID | Name | IP | Agent ID | Status |
|
||||||
|
|------|------|----|----------|--------|
|
||||||
|
| 100 | SynchroNet-50 | 10.48.200.50 | none | running |
|
||||||
|
| 101 | HomeAssistant-97 | 10.48.200.97 | homeassistant_ha | online |
|
||||||
|
| 102 | UmbrelOS | DHCP | none | running |
|
||||||
|
| 104 | Windows10-DHCP | DHCP | none | running |
|
||||||
|
| 105 | Frigate | DHCP | none | running — **not in use, no integration planned** |
|
||||||
|
| 112 | Jellyfin-33 | 10.48.200.33 | jellyfin_7e386833 | online (fixed 2026-06-17) |
|
||||||
|
| 103 | MediaStack-35 | 10.48.200.35 | MediaStack_2c00b1b8 | online (was VM113 pre-2026-06-22 restore) |
|
||||||
|
| 118 | HomeBridge-26 | 10.48.200.18 | homebridge_b57cbaea | online (fixed 2026-06-17) |
|
||||||
|
| 120 | NovaCPX-110 | 10.48.200.110 | novacpx_e3b07264 | online |
|
||||||
|
|
||||||
|
### PVE2 VMs (10.48.200.91)
|
||||||
|
| VMID | Name | IP | Agent ID | Status |
|
||||||
|
|------|------|----|----------|--------|
|
||||||
|
| 302 | NetworkBackup-99 | 10.48.200.99 | networkbackup_NetworkB | online |
|
||||||
|
|
||||||
|
### Other Agents
|
||||||
|
- **JARVIS DO**: 165.22.1.228 (agent: jarvis-do_orbis) — online
|
||||||
|
- **PVE1**: 10.48.200.90 (agent: claude_pve) — online
|
||||||
|
- **PVE2**: 10.48.200.91 (agent: pve2_pve2) — online
|
||||||
|
- **FortiGate**: 10.48.200.1 (agent: fortigate_gw) — online
|
||||||
|
- **WireGuard CT**: (agent: wireguard_360460f7, no LAN IP) — online
|
||||||
|
- **Yealink T48S**: 10.48.200.43 (agent: yealink_t48s) — online
|
||||||
|
- **mini_it12**: 10.48.200.87 (agent: mini_it12_windows, Windows) — offline since 2026-06-12
|
||||||
|
|
||||||
|
### Gone / No Longer Exist
|
||||||
|
- Ollama VM 210 — was listed as deleted but IS running at 10.48.200.210 as VM 106 (was VM210 pre-restore). OLLAMA_HOST=0.0.0.0:11434 fixed 2026-06-24.
|
||||||
|
- alien-pc_windows — not registered (Dell devices at .66/.67 exist on network but no agent)
|
||||||
|
|
||||||
|
### Agent Config Note
|
||||||
|
Agents with old `server_url` config key crash on startup — must use `jarvis_url`. Fixed on homebridge and jellyfin 2026-06-17. If any other agent starts failing, copy config to /etc/jarvis-agent/config.json with `jarvis_url` key.
|
||||||
|
|
||||||
|
## Agent System
|
||||||
|
- Push-based: heartbeat 10s, metrics 30s
|
||||||
|
- agent.php uses CF-Connecting-IP header for real client IP (Cloudflare-aware)
|
||||||
|
- Platform detection: windows/mac/linux/tablet — tablet shows view-only message
|
||||||
|
- Subnet fallback match: if exact IP miss, matches same /24
|
||||||
|
- Shell commands supported with `{"allowed": true}` in command_data
|
||||||
|
- Installer: `curl -sk https://jarvis.orbishosting.com/install-agent.sh | bash -s <hostname> <linux|proxmox>`
|
||||||
|
- For VMs needing sudo: `echo "Joker1974!" | sudo -S bash /tmp/install.sh <hostname> linux`
|
||||||
|
|
||||||
|
### Agent Versions (as of 2026-06-12)
|
||||||
|
- **Linux v3.1**: adds version to registration payload, fixes self_update cfg scope bug in execute_command
|
||||||
|
- **Windows v3.0**: real self-update (was stub), screenshot (PIL+PS fallback), sysinfo, re-registers on startup
|
||||||
|
- **macOS v3.0**: new agent — CPU via `top -l 2`, mem via `sysctl`+`vm_stat`, screenshot via `screencapture -x`
|
||||||
|
- Config location (mac): `~/.jarvis-agent/config.json` | agent_type: "macos" | agent_id: "{HOSTNAME}_mac"
|
||||||
|
- **Old agents with `cfg` scope bug**: shell and update commands fail with `name 'cfg' is not defined` — auto-updates within 24h via periodic check in main() where cfg IS in scope
|
||||||
|
- registered_agents table has `version VARCHAR(20)` column and 'macos' in agent_type ENUM
|
||||||
|
|
||||||
|
### Workers Admin Tab (added 2026-06-12)
|
||||||
|
- VERSION column shows current vs latest version with color coding (green=current, red=outdated, yellow=unknown)
|
||||||
|
- Update button: cyan "⬆ UPDATE" if outdated, dim "↻ UPDATE" if current
|
||||||
|
- `agentUpdateFlow()`: popup modal, polls workers_list every 4s up to 90s, updates version cell in-place on completion
|
||||||
|
|
||||||
|
## Network Scanning
|
||||||
|
- PVE1 cron: `*/3 * * * * /usr/local/bin/jarvis-netscan.sh` — nmap 10.48.200.0/24, pushes to `/api/netscan`
|
||||||
|
- netscan.php authenticated via X-Registration-Key header
|
||||||
|
- network.php includes netscan-discovered devices (online, last 15 min) in network panel
|
||||||
|
- RUN NETWORK SCAN button: queues shell command to PVE1 agent, auto-refreshes panel after 45s
|
||||||
|
- DO cannot SSH to PVE1 local IP — must use orbisne.fortiddns.com or agent commands
|
||||||
|
- Site monitoring updated 2026-06-09: parkerslingshot key now points to parkerslingshotrentals.com (was parkerslingshot.epictravelexpeditions.com) in facts_collector.php, alerts.php, do_server.php
|
||||||
|
|
||||||
|
## Admin Portal (/admin)
|
||||||
|
- URL: https://jarvis.orbishosting.com/admin — same login as JARVIS
|
||||||
|
- Tabs: Dashboard, Agents, Network, Alerts, KB Facts, KB Intents, Home Assistant, News, Proxmox VMs, Sites, Users, **Tasks, Appointments**
|
||||||
|
- Network tab: shows ALL discovered devices (not just named), filter online/offline/named, Scan Now queues PVE1 command
|
||||||
|
- HA tab: reads from ha_entities table (real-time); toggle calls DO→HA directly (HA_URL = orbisne.fortiddns.com:8123)
|
||||||
|
- News tab: custom pinned news stored in kb_facts (category='custom_news'), merged into main news feed
|
||||||
|
- Proxmox VMs tab: uses cluster API (both PVE1+PVE2), shows CPU/RAM/disk/uptime/network per VM
|
||||||
|
- Tasks tab: full CRUD (add/edit/mark done/delete), filter by status/category
|
||||||
|
- Appointments tab: full CRUD, upcoming 90 days view
|
||||||
|
|
||||||
|
## Proxmox API
|
||||||
|
- Accessible via orbisne.fortiddns.com:8006 (FortiGate forwards port 8006)
|
||||||
|
- stats_cache.php uses cluster/resources API to get ALL VMs from both nodes
|
||||||
|
- PVE2 VMs only accessible via cluster API (no direct external port forward for PVE2)
|
||||||
|
|
||||||
|
## Key Files (on DO at /home/jarvis.orbishosting.com/)
|
||||||
|
- public_html/index.html — Iron Man HUD UI
|
||||||
|
- public_html/admin/index.php — Admin portal (single-file PHP+JS)
|
||||||
|
- public_html/api.php — API router
|
||||||
|
- api/config.php — all config constants
|
||||||
|
- api/endpoints/agent.php — agent registration/heartbeat/metrics/commands
|
||||||
|
- api/endpoints/chat.php — 4-tier chat: KB intent → action intents → Ollama → Groq → Claude
|
||||||
|
- api/endpoints/network.php — network device list (agents + named + netscan)
|
||||||
|
- api/endpoints/netscan.php — push endpoint for PVE1 nmap results
|
||||||
|
- api/endpoints/stats_cache.php — every 5min: Proxmox (cluster API), HA, weather, news
|
||||||
|
- api/endpoints/facts_collector.php — every 3min: system stats, site health, HA facts
|
||||||
|
- api/endpoints/do_server.php — reads /proc directly (no SSH loopback)
|
||||||
|
|
||||||
|
## DB Schema Notes
|
||||||
|
- `agent_metrics` columns: id, agent_id, metric_type, metric_data (JSON longtext), recorded_at
|
||||||
|
- metric_type='system'; CPU/RAM/disk live inside metric_data JSON
|
||||||
|
- Extract with: JSON_EXTRACT(metric_data,'$.cpu_percent'), JSON_EXTRACT(metric_data,'$.memory.percent')
|
||||||
|
- NO cpu_pct/mem_pct/disk_pct columns — always use JSON_EXTRACT
|
||||||
|
|
||||||
|
## Chat Architecture
|
||||||
|
- Tier 1b: Action intents (network_scan → returns real DB data + queues PVE1 netscan)
|
||||||
|
- network_scan intent: action type, returns real device count, never fabricates
|
||||||
|
- Groq model: compound-beta-mini (NOT groq/compound-beta-mini)
|
||||||
|
|
||||||
|
## Planner System (added 2026-05-31)
|
||||||
|
- Tables: `tasks` (title, notes, category ENUM personal/work/todo, priority ENUM low/normal/high/urgent, status ENUM pending/in_progress/done/cancelled, due_date, due_time, completed_at) and `appointments` (title, description, category, start_at, end_at, location, all_day, reminder_min, alerted)
|
||||||
|
- API endpoint: `/api/planner/{tasks|appointments|today|done}` (GET=list, POST=save, DELETE=delete)
|
||||||
|
- Voice intents in chat.php Tier 0.7: "add task X", "my tasks", "mark X done", "schedule X on date", "my calendar", "daily briefing"
|
||||||
|
- Home page: small top-bar badge shows "N TASKS · N APPTS" when items due today; no new panels
|
||||||
|
|
||||||
|
## Voice System (updated 2026-05-31)
|
||||||
|
- Continuous SpeechRecognition — mic always open, button is mute toggle (🎤 sleep / 🟢 listen / 🔇 mute)
|
||||||
|
- Wake phrase (phase 1): "wake up JARVIS" or "daddy's home" → activates; JARVIS responds once
|
||||||
|
- Command trigger (phase 2): "JARVIS [command]" executes; opens 17-second free-listen window for follow-ups
|
||||||
|
- After 30 min no commands → voice sleeps; after 5 min idle → page reloads silently (no greeting)
|
||||||
|
- Mic paused during ElevenLabs TTS via recognition.abort() + isSpeaking flag; resumes 300ms after audio ends
|
||||||
|
- ElevenLabs: voice ID JBFqnCBsd6RMkjVDRZzb (George), model eleven_turbo_v2_5, key in config.php
|
||||||
|
|
||||||
|
## Arc Reactor AI Routing (updated 2026-06-17)
|
||||||
|
- **Arc Reactor daemon**: `/opt/jarvis-arc/reactor.py` (Python, port 7474); service: `jarvis-arc`
|
||||||
|
- **Deploy source**: `/home/jarvis.orbishosting.com/deploy/reactor.py` → copy to `/opt/jarvis-arc/reactor.py` + `systemctl restart jarvis-arc`
|
||||||
|
- **llm_call() providers**: "claude" → Claude API, "groq" → Groq, "ollama" → local Ollama; cascades groq→ollama on failure
|
||||||
|
- **Guardian anomaly alerts** (line ~1025): Groq `llama-3.3-70b-versatile` — 2-3 sentence Iron Man alert when CPU/RAM/disk/service thresholds trip
|
||||||
|
- **SITREP** (line ~1068): Groq by default — comprehensive text briefing across all agents
|
||||||
|
- **Vision: text-only sysinfo** (line ~691): Groq — when agent returns JSON snapshot (no image)
|
||||||
|
- **Vision: actual screenshot** (line ~664): Claude `claude-opus-4-8-20251101` — stays on Claude, Groq has no vision models
|
||||||
|
- **Email drafting, research, tool_loop**: still Claude — complex reasoning tasks
|
||||||
|
|
||||||
|
## kb_facts Fix (2026-06-17)
|
||||||
|
- `storeFact()` ON DUPLICATE KEY UPDATE now explicitly sets `updated_at=NOW()` — previously MySQL wouldn't bump the timestamp if fact_value hadn't changed, causing do_server.php's 15-min freshness check to return empty sites
|
||||||
|
- `$fresh()` in facts_collector.php was querying `WHERE fact_category=?` (wrong column); fixed to `WHERE category=?`
|
||||||
|
- Site health checks now hit `http://127.0.0.1` with `Host:` header instead of public HTTPS URL (avoids Cloudflare 524 timeouts on self-check)
|
||||||
|
|
||||||
|
## Known Quirks
|
||||||
|
- LSAPI deadlock: session_write_close() in api.php after auth
|
||||||
|
- lsphp segfaults on -l flag; use php8.3 -l for syntax checking
|
||||||
|
- DO cannot reach 10.48.200.x directly — use DDNS or agent commands
|
||||||
|
- Proxmox local IP in config.php (PROXMOX_HOST=10.48.200.90) but API calls use orbisne.fortiddns.com
|
||||||
|
- stats_cache.php uses orbisne.fortiddns.com:8006 (not PROXMOX_HOST) for Proxmox API
|
||||||
|
- HA_URL = http://orbisne.fortiddns.com:8123 (FortiGate forwards 8123→HA); service calls work from DO
|
||||||
|
- ha.php entity list reads from ha_entities table (NOT api_cache) — real-time data from HA agent
|
||||||
|
- When editing index.html with Python patches: always use file-based scripts (not heredocs or inline), avoid double-brace `}}` near function closings
|
||||||
|
- Arc Reactor bugs fixed 2026-06-12: capabilities panel uses `s?.capabilities || s?.handlers`; Guardian ts() variable shadowing fixed (renamed evTs); Vision always fetches fresh agents_list
|
||||||
|
- Arc reactor DB bugs fixed 2026-06-12: column is `metric_data` not `metrics_json`; system data is flat JSON not nested under "system" key; conversations column is `content` not `message`; disk uses `mount` key not `mountpoint`
|
||||||
@@ -0,0 +1,45 @@
|
|||||||
|
---
|
||||||
|
name: jarvis-ha-integration
|
||||||
|
description: "JARVIS ↔ Home Assistant two-way integration — status, what's installed, how it works"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: d9685e6b-8f79-4948-82e5-fbae607f7aa0
|
||||||
|
---
|
||||||
|
|
||||||
|
HA is accessible at https://hoa.orbishosting.com (via NPM) or http://10.48.200.97:8123 (LAN direct).
|
||||||
|
HA login: myronblair@outlook.com / Joker1974!!!
|
||||||
|
After 2026-06-22 Proxmox restore: HA is now VM 109 (was VM 101). QEMU guest agent not installed.
|
||||||
|
HA token (Jarvis2): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzNmI0N2I1Njk5ZGQ0MTQ2ODMwZWFmYjZiYTQ1MjJkMSIsImlhdCI6MTc4MDIwMzU5NCwiZXhwIjoyMDk1NTYzNTk0fQ.sYRok-jRDlA4lFgWxLQELcEjkJNGQdprk6ZziLwLtXE
|
||||||
|
|
||||||
|
## Custom Component (installed 2026-05-31)
|
||||||
|
Repo: myronblair/jarvis → ha_integration/custom_components/jarvis_agent/
|
||||||
|
Installed at: /config/custom_components/jarvis_agent/ on HA VM (10.48.200.97)
|
||||||
|
Config added to /config/configuration.yaml (jarvis_agent: block at end)
|
||||||
|
|
||||||
|
**Why:** Replaces PHP→DDNS→HA REST API with HA-initiated outbound polling — more reliable.
|
||||||
|
|
||||||
|
## How it works
|
||||||
|
- HA pushes all entity state changes to JARVIS /api/agent/ha_state (debounced 2s)
|
||||||
|
- HA polls /api/agent/heartbeat every 10s for queued commands
|
||||||
|
- JARVIS admin panel toggle → queues command in agent_commands table → HA executes natively
|
||||||
|
- 212 entities live in ha_entities DB table, updated in real-time
|
||||||
|
- Agent registered as ID 15, hostname "homeassistant", IP 172.30.32.1 (Docker network)
|
||||||
|
|
||||||
|
## JARVIS Admin Panel HOME tab
|
||||||
|
- 4-column table: domain icon | device name | state | toggle/run button
|
||||||
|
- Unavailable entities filtered out automatically (reappear on next cache refresh)
|
||||||
|
- Scenes get ▶ RUN button; switches/lights get toggle slider
|
||||||
|
- Cache refreshed every 5 min by stats_cache.php cron
|
||||||
|
|
||||||
|
## Webhook fix (2026-05-31)
|
||||||
|
webhook.php had wrong require path (../../ instead of /../) causing 500 since May 25.
|
||||||
|
Fixed and committed. Auto-deploy pipeline working again.
|
||||||
|
|
||||||
|
## HA VM SSH
|
||||||
|
- Port 22 on orbisne.fortiddns.com forwards to HA Ubuntu VM (not PVE1)
|
||||||
|
- Password auth failing — likely key-only or fail2ban
|
||||||
|
- Use HA web terminal (Settings → Add-ons → Advanced SSH & Web Terminal) for shell access
|
||||||
|
- QEMU guest agent NOT installed in VM 101 (qm guest exec doesn't work)
|
||||||
|
|
||||||
|
**How to apply:** When working on HA component or HA VM files, use HA web terminal or HA File Editor addon. Cannot SSH directly.
|
||||||
@@ -0,0 +1,71 @@
|
|||||||
|
---
|
||||||
|
name: project-jarvis-todo
|
||||||
|
description: "Master TODO list for JARVIS system — current open items and completed work"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: 4420b39a-7b7f-439f-9321-ff0daf1d663d
|
||||||
|
---
|
||||||
|
|
||||||
|
# JARVIS Master TODO
|
||||||
|
|
||||||
|
Last updated: 2026-06-18
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🔴 OPEN
|
||||||
|
|
||||||
|
- [ ] **HA HOME tab — show all lights, plugs, switches** — currently 17 lights show but only 3 useful switches (Sirens, CEC Scanner, ESPHome) pass the filter. Need to audit what real smart plug/switch entities exist in HA (Tuya, TP-Link Tapo, Z-Wave, etc.) and ensure they appear in the JARVIS HOME tab. The `$skipKeywords` filter in `api/endpoints/ha.php` strips camera/HACS junk — verify real device switches aren't accidentally filtered. Also check if HA custom component is syncing all entity domains.
|
||||||
|
|
||||||
|
- [ ] **Claude API credits** — image-based Vision Protocol (`handle_screenshot` with actual PNG) uses `claude-opus-4-8`. Top up at console.anthropic.com if vision fails. Guardian/SITREP now on Groq so those no longer drain credits.
|
||||||
|
|
||||||
|
- [x] **HA agent persistence** — SOLVED. The HA custom component (`jarvis_agent`) runs inside HA's Docker container (IP 172.30.32.1) and auto-starts with HA. Online and healthy. The old standalone Python script at 10.48.200.97 is obsolete.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## ✅ COMPLETED (2026-06-18 session)
|
||||||
|
|
||||||
|
- [x] JARVIS fully migrated DO → PVE1 VM 211 (8c/16GB, nginx/PHP8.3/MariaDB/Redis/Arc Reactor)
|
||||||
|
- [x] All 3 new VMs on PVE1: JARVIS-211, NPM-200, Ollama-210 (IP changed from .95 → .210, Reolink owns .95)
|
||||||
|
- [x] Tailscale on all key hosts — full mesh, all 13+ nodes documented
|
||||||
|
- [x] FortiGate VIPs updated to 97.247.237.97; JARVIS on port 1972, HOA on 8123
|
||||||
|
- [x] NPM running at http://10.48.200.200:81 (Docker, proxy hosts for hoa/novacpx)
|
||||||
|
- [x] JARVIS backups — /var/backups/jarvis/, daily cron 7am UTC (2am CDT), 7-day retention
|
||||||
|
- [x] Jellyfin agent — v3.1 online at 10.200.0.3 via PVE1 password SSH
|
||||||
|
- [x] HA agent — v3.1 running on HA VM at 10.48.200.97 via HA web terminal
|
||||||
|
- [x] PVE1 ImageMagick — installed
|
||||||
|
- [x] Vision screenshots tab — already existed in admin under Arc Reactor → Vision Protocol
|
||||||
|
- [x] MediaStack SSH key — DO key generated and copied to MediaStack via PVE1 hop
|
||||||
|
- [x] Workers terminology — already "JARVIS AGENT WORKERS" in admin
|
||||||
|
- [x] install-agent.sh — default URL updated to http://10.48.200.211
|
||||||
|
- [x] Website webhooks — all 7 repos → tomtomgames.com/webhook.php (DO); JARVIS repo → port 1972
|
||||||
|
- [x] webhook.php fixed (broken define from bad sed), synced to DO
|
||||||
|
- [x] Service monitor updated — nginx/php-fpm/mariadb/redis/arc/agent (not OLS-era services)
|
||||||
|
- [x] DO server WEB HOST block on front page — shows DO CPU/RAM/DISK via Tailscale agent
|
||||||
|
- [x] Network devices cleaned up — 23 named devices, all infrastructure labeled
|
||||||
|
- [x] Agent configs fixed — all 8+ agents pointing to new JARVIS VM, correct watch_services per host
|
||||||
|
- [x] Facts collector fixed — external site checks, correct column names, proper timeouts
|
||||||
|
- [x] CLAUDE.md + INFRASTRUCTURE-REFERENCE.md fully updated and pushed
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## ✅ COMPLETED (2026-06-17 session)
|
||||||
|
|
||||||
|
- [x] Phase 3 JS modularization — jarvis-protocols.js split into 3 panel files
|
||||||
|
- [x] Guardian/SITREP/Vision text → Groq (image analysis stays Claude)
|
||||||
|
- [x] kb_facts freshness fix (storeFact updated_at, $fresh() column name)
|
||||||
|
- [x] Site health local loopback fix
|
||||||
|
- [x] Cloudflare Rocket Loader fix (face-api.js data-cfasync)
|
||||||
|
- [x] Session fix (api.php skip logic too broad)
|
||||||
|
- [x] JS syntax fix (apostrophe in face-api label)
|
||||||
|
- [x] All 8 online Linux/Proxmox agents → v3.1 with version in heartbeat
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## ✅ COMPLETED (2026-06-12 session)
|
||||||
|
|
||||||
|
- [x] Agent v3.1 Linux, v3.0 Windows, v3.0 macOS
|
||||||
|
- [x] Workers tab VERSION column + agentUpdateFlow
|
||||||
|
- [x] Arc Reactor systemd active, tracked in git
|
||||||
|
- [x] All 13 "make it stand out" improvements
|
||||||
|
- [x] MediaStack NAS migration
|
||||||
@@ -0,0 +1,69 @@
|
|||||||
|
---
|
||||||
|
name: project-mediastack
|
||||||
|
description: MediaStack VM on PVE1 — Sonarr/Radarr/Prowlarr/qBittorrent behind WireGuard VPN through CT110→DO
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: b1e93a6a-f101-4ea4-aafb-9cb7e2958821
|
||||||
|
---
|
||||||
|
|
||||||
|
## VM Details (updated 2026-06-24)
|
||||||
|
- **VM ID:** 103 | **Name:** MediaStack-35 | **IP:** 10.48.200.35
|
||||||
|
- **Hypervisor:** PVE1 (10.48.200.90)
|
||||||
|
- **Disk:** 50GB on **GoFlex** storage (moved off SynologyProx 2026-06-24 due to I/O errors)
|
||||||
|
- **OS:** Ubuntu 24.04 (noble cloud image)
|
||||||
|
- **QEMU guest agent:** installed and running (installed 2026-06-24)
|
||||||
|
- **SSH:** PVE1 key → `ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa root@10.48.200.35`
|
||||||
|
- **GitHub:** `myronblair/mediastack` cloned at `/opt/mediastack`
|
||||||
|
|
||||||
|
## Services, Ports & Credentials
|
||||||
|
| Service | Port | Login | API Key |
|
||||||
|
|---------|------|-------|---------|
|
||||||
|
| qBittorrent | :8080 | admin / Joker1974!!! | — |
|
||||||
|
| Sonarr | :8989 | — | `b43e04350a594846b4ee95261c29e9e0` |
|
||||||
|
| Radarr | :7878 | — | `53c4268360444feeae5f98c0cc24e0e3` |
|
||||||
|
| Prowlarr | :9696 | — | `9d0ce6c5660743b5bf1c7951efc62252` |
|
||||||
|
|
||||||
|
All services run as root (NFS ACL requires root for writes).
|
||||||
|
|
||||||
|
## VPN Architecture (updated 2026-06-24)
|
||||||
|
|
||||||
|
### wg0 — Internet kill-switch (primary VPN)
|
||||||
|
- **Interface:** `wg0` | **VPN IP:** `10.200.0.4/24`
|
||||||
|
- **Endpoint:** CT110 at `10.48.200.67:51821` → DO server (165.22.1.228) → internet
|
||||||
|
- **Exit IP:** `165.22.1.228` (DO server, verified 2026-06-24)
|
||||||
|
- **Kill-switch:** iptables rules — REJECT all non-wg0 non-fwmark traffic; LAN 10.48.200.0/24 always allowed
|
||||||
|
- **Config:** `/etc/wireguard/wg0.conf` — fwmark hardcoded as `51820` (not dynamic, avoids PostDown race)
|
||||||
|
- **Auto-start:** `systemctl enable wg-quick@wg0` (enabled 2026-06-24)
|
||||||
|
- **DNS:** `10.48.200.90` (PVE1 dnsmasq)
|
||||||
|
- **MediaStack pubkey:** `CaG79S1fJeJDlYCMhHz8BrDfizBq+OiGnO5VzFIk3gE=`
|
||||||
|
- **CT110 pubkey:** `RXxDgIAaie4n0BxBA48rlmt9BJyp2GEktENeQDlc4hA=`
|
||||||
|
|
||||||
|
### wg1 — Jellyfin media access (NOT internet VPN)
|
||||||
|
- MediaStack is WireGuard server on `wg1` (port 51820, 10.200.0.1/24)
|
||||||
|
- Jellyfin (10.48.200.33) connects as peer (10.200.0.3)
|
||||||
|
- Used for NFS media file access only
|
||||||
|
|
||||||
|
## Media Storage
|
||||||
|
- Downloads: `/mnt/nas/video/downloads` (Synology NAS NFS)
|
||||||
|
- Movies: `/mnt/nas/video/movies` | TV: `/mnt/nas/video/tv`
|
||||||
|
- Old paths `/media/movies` and `/media/tv` are NFS mounts from NAS (Jellyfin backward compat)
|
||||||
|
- Jellyfin fstab: `10.48.200.35:/media/movies /mnt/mediastack/movies nfs defaults,_netdev 0 0`
|
||||||
|
|
||||||
|
## Indexer — IPTorrents
|
||||||
|
- Cookie auth in Prowlarr: `uid=2237410; pass=JzLP2niTWxBJAZIU3yvtLbJzD55kdLeB`
|
||||||
|
- Cookies expire — if indexer fails, log into iptorrents.com in browser, copy uid+pass cookies
|
||||||
|
|
||||||
|
## JARVIS Agent
|
||||||
|
- Agent ID: `MediaStack_2c00b1b8` | Config: `/opt/jarvis-agent/config.json`
|
||||||
|
- Registration key: `f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518` | `ssl_verify: false`
|
||||||
|
|
||||||
|
## PBS Backup
|
||||||
|
- Nightly at 21:00 → SynologyProx storage
|
||||||
|
- Backs up VM regardless of which storage the disk lives on
|
||||||
|
|
||||||
|
## Known Issues
|
||||||
|
- **wg-quick down/up over SSH kills the connection** — PostDown briefly removes LAN ACCEPT before REJECT; SSH reply is dropped. Always use VM console for wg0 cycling, or use `nohup` background.
|
||||||
|
- **NFS write failures** = services not running as root
|
||||||
|
- **Radarr "0 active indexers"** = blocked in DB; fix: `sqlite3 /var/lib/radarr/radarr.db "DELETE FROM IndexerStatus WHERE ProviderId=1;"`
|
||||||
|
- **Stale NFS file handle on Jellyfin** = lazy unmount + remount on Jellyfin VM
|
||||||
@@ -0,0 +1,99 @@
|
|||||||
|
---
|
||||||
|
name: project-novacpx
|
||||||
|
description: NovaCPX — custom Linux web hosting control panel (cPanel alternative) built from scratch
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
|
||||||
|
---
|
||||||
|
|
||||||
|
NovaCPX is a full web hosting control panel built from scratch with 4 dedicated ports: Admin :8882, Reseller :8881, User :8880, Webmail (Roundcube) :8883.
|
||||||
|
|
||||||
|
**Why:** User wants a cPanel/Plesk alternative they own outright, with distinctive UI, auto-installer, and extensible feature system.
|
||||||
|
|
||||||
|
**How to apply:** Direct SSH to VM works (no PVE hop needed). All code in /tmp/novacpx locally + pushed to GitHub myronblair/novacpx.
|
||||||
|
|
||||||
|
## VM Details
|
||||||
|
- Host: PVE1 VM 120, name HostPanel-110
|
||||||
|
- IP: 10.48.200.110 (static)
|
||||||
|
- OS: Ubuntu 24.04 LTS
|
||||||
|
- **SSH (direct — works from Claude Code):** `sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.110`
|
||||||
|
- **SCP (direct):** `sshpass -p 'Joker1974!!!' scp -o StrictHostKeyChecking=no FILE root@10.48.200.110:/path`
|
||||||
|
- PVE1 hop NOT needed and currently broken (permission denied on orbisne.fortiddns.com SSH)
|
||||||
|
- Panel web root: /srv/novacpx/public
|
||||||
|
- Repo on VM: /opt/novacpx-src
|
||||||
|
- Source of truth for deploy scripts: /opt/novacpx-src/deploy/
|
||||||
|
|
||||||
|
## GitHub
|
||||||
|
- Repo: myronblair/novacpx (private)
|
||||||
|
- Branches: `main` (stable releases, PATCH auto-bump) and `beta` (beta releases, -beta.N auto-bump)
|
||||||
|
- Auto-deploy: push to main or beta → GitHub webhook → VM pulls (deploy-runner.sh cron every min)
|
||||||
|
- PAT: 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
|
||||||
|
|
||||||
|
## Ports
|
||||||
|
- 8880 — User panel
|
||||||
|
- 8881 — Reseller panel
|
||||||
|
- 8882 — Admin/datacenter panel
|
||||||
|
- 8883 — Roundcube webmail
|
||||||
|
|
||||||
|
## Architecture
|
||||||
|
- Backend: PHP 8.3 REST API (/api/{endpoint}/{action})
|
||||||
|
- Auth: session cookie `ncpx_session` (login returns token, set as cookie) + Bearer tokens for API. Both use SHA256 hash lookup in sessions/api_tokens tables.
|
||||||
|
- DB: **SQLite** at /var/lib/novacpx/panel.db (migrated from MySQL 2026-06-09)
|
||||||
|
- DB.php has translate() layer: ON DUPLICATE KEY→ON CONFLICT, DATE_ADD/DATE_SUB→datetime(), NOW()→datetime('now')
|
||||||
|
- **novacpx_version table**: tracks install history; columns: id, version, installed_at, notes, git_commit
|
||||||
|
- **settings table**: panel_version key tracks current version; update_channel (stable/beta) controls which GitHub branch to check/pull
|
||||||
|
- Feature registry: 70+ pluggable features in 20 categories
|
||||||
|
- Update channels: stable=origin/main (major/minor), beta=origin/beta (patch/pre-release)
|
||||||
|
|
||||||
|
## VM Credentials
|
||||||
|
- Admin panel: `admin / Admin2026!`
|
||||||
|
- Root SSH: `root / Joker1974!!!`
|
||||||
|
- MySQL (customer sites): novacpx_user / 6fyWj6vYnJDKEQvNANzj
|
||||||
|
- WP provisioning MySQL user: novacpx_wp / tCXAU1K2WX31xUAMY9EM
|
||||||
|
- Config: /etc/novacpx/config.ini (root:www-data 640)
|
||||||
|
|
||||||
|
## JARVIS Agent
|
||||||
|
- Installed 2026-06-09; agent_id: novacpx_e3b07264
|
||||||
|
- Status: online, reporting heartbeats to JARVIS every 10s
|
||||||
|
- Config: /opt/jarvis-agent/config.json
|
||||||
|
- Key config fields: server_url, host_header, api_key, agent_type: linux, heartbeat_interval: 10
|
||||||
|
|
||||||
|
## Versioning (as of 2026-06-10)
|
||||||
|
- Current git version: 1.0.27 (GitHub main)
|
||||||
|
- Active deploy channel: beta (VM settings)
|
||||||
|
- GitHub Actions auto-bumps VERSION on push to main (PATCH) or beta (-beta.N)
|
||||||
|
- deploy-runner.sh writes new version to novacpx_version + settings.panel_version after every webhook deploy
|
||||||
|
- deploy-runner.sh also copies VERSION to web root (/srv/novacpx/public/VERSION) — fixed 2026-06-10
|
||||||
|
- apply-novacpx-update endpoint does the same for manual updates
|
||||||
|
- Updates page shows installed version, latest remote version, and active channel badge
|
||||||
|
|
||||||
|
## Settings Page
|
||||||
|
- Loads current values from DB via server-options API (panel_name, default_php, nameservers, update_channel)
|
||||||
|
- Saves each field via save-option API individually
|
||||||
|
- Update channel dropdown shows stable vs beta with explanatory labels
|
||||||
|
|
||||||
|
## Docker App Catalog (as of 2026-06-10)
|
||||||
|
- **140 apps** across 15 categories in DockerManager.php
|
||||||
|
- Categories: Web/CMS, Productivity, Dev, Analytics, Wiki/Docs, Messaging/Chat, Security/Auth, Business, Design/Collab, AI/LLM, Developer Tools, Databases, Monitoring, Networking/Security, CMS/E-commerce, Project Mgmt, Communication, File/Storage, ERP/Business, Media, Smart Home, Dashboards/Admin
|
||||||
|
- Security fixes applied (code review 2026-06-09): shell injection fixes in WordPressManager, PHPManager, install.sh sudoers hardening (removed `ufw *` wildcard, removed `curl *` and `env *` NOPASSWD), SQLite syntax fix, WP-CLI download size validation
|
||||||
|
- Per-account uninstall (uninstall-account API action), per-stack Reinstall button
|
||||||
|
- Admin Docker page has App Catalog tab to launch apps on behalf of accounts
|
||||||
|
|
||||||
|
## nginx / phpMyAdmin (fixed 2026-06-12)
|
||||||
|
- Apache2 was holding port 80 — stopped and disabled: `systemctl stop apache2 && systemctl disable apache2`
|
||||||
|
- nginx now running and enabled on boot
|
||||||
|
- phpMyAdmin accessible at `http://10.48.200.110/phpmyadmin` (returns 200)
|
||||||
|
- nginx config: `/etc/nginx/sites-enabled/default` with /phpmyadmin location block
|
||||||
|
- phpmyadmin.conf in /etc/nginx/conf.d/ is empty (just a comment) — all config in sites-enabled/default
|
||||||
|
|
||||||
|
## Known Quirks
|
||||||
|
- PVE1 SSH (orbisne.fortiddns.com) currently permission-denied — use direct IP 10.48.200.110 instead
|
||||||
|
- api/.htaccess needed for URL routing
|
||||||
|
- NOVACPX_ROOT in api/index.php is dirname(__DIR__) = /srv/novacpx/public (NOT 2 levels up)
|
||||||
|
- SQLite only — never use MySQL syntax (ON DUPLICATE KEY, NOW(), etc.)
|
||||||
|
- sudo tee pattern needed for writing /etc/postfix/* files as www-data
|
||||||
|
- Docker stacks backed by docker_compose_stacks table (separate from docker_containers)
|
||||||
|
- Panel reachable at https://10.48.200.110:8882 (self-signed cert with SAN for IP)
|
||||||
|
- PHP-FPM pools are root-owned; www-data cannot file_exists()/unlink() them — must use `sudo rm -f`
|
||||||
|
- git cherry-pick to beta required after each main push (GitHub Actions version bumps create divergence)
|
||||||
@@ -0,0 +1,72 @@
|
|||||||
|
---
|
||||||
|
name: project-novacpx-tools
|
||||||
|
description: NovaCPX development tools and session-start checklist — load at start of every NovaCPX session
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
|
||||||
|
---
|
||||||
|
|
||||||
|
## Session-start checklist (run at start of every NovaCPX session)
|
||||||
|
|
||||||
|
1. **Verify working directory**: `ls /tmp/novacpx/` — if missing, repo needs re-cloning
|
||||||
|
2. **Test VM reachability** (direct — PVE1 hop NOT needed):
|
||||||
|
```bash
|
||||||
|
sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no -o ConnectTimeout=8 root@10.48.200.110 'echo vm-ok'
|
||||||
|
```
|
||||||
|
> PVE1 (orbisne.fortiddns.com) SSH is currently broken (permission denied). Direct to 10.48.200.110 works fine.
|
||||||
|
3. **Load TODO**: read `/root/.claude/projects/-home-myron/memory/project_novacpx_todo.md`
|
||||||
|
4. **Check panel live**: `curl -sk -o /dev/null -w "%{http_code}" https://10.48.200.110:8882/`
|
||||||
|
|
||||||
|
## Direct SSH / SCP (preferred method)
|
||||||
|
```bash
|
||||||
|
# Run command on VM
|
||||||
|
sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.110 'command here'
|
||||||
|
|
||||||
|
# Copy file to VM
|
||||||
|
sshpass -p 'Joker1974!!!' scp -o StrictHostKeyChecking=no /tmp/novacpx/panel/api/endpoints/foo.php \
|
||||||
|
root@10.48.200.110:/srv/novacpx/public/api/endpoints/foo.php
|
||||||
|
```
|
||||||
|
|
||||||
|
## API auth pattern (session cookie)
|
||||||
|
```bash
|
||||||
|
# Login and get token
|
||||||
|
TOKEN=$(curl -sk -X POST "https://10.48.200.110:8882/api/auth/login" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
-d '{"username":"admin","password":"Admin2026!"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['token'])")
|
||||||
|
|
||||||
|
# Use token as ncpx_session cookie
|
||||||
|
curl -sk "https://10.48.200.110:8882/api/system/version" -H "Cookie: ncpx_session=$TOKEN"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Tools in /tmp/novacpx/tools/
|
||||||
|
|
||||||
|
| Script | Purpose | Usage |
|
||||||
|
|--------|---------|-------|
|
||||||
|
| `nova-ssh.sh` | SSH into VM (double-hop via PVE1 — currently broken) | Use direct SSH instead |
|
||||||
|
| `nova-push.sh` | Push single file via base64/double-hop (broken) | Use direct scp instead |
|
||||||
|
| `nova-deploy.sh` | Full panel rsync (PVE1 hop — broken) | Use direct scp or git push |
|
||||||
|
| `nova-status.sh` | Check SSH + port health | `bash tools/nova-status.sh [--full]` |
|
||||||
|
| `nova-logs.sh` | Stream VM logs | `bash tools/nova-logs.sh [apache\|access\|install\|fail2ban\|all]` |
|
||||||
|
| `nova-db.sh` | Run queries on VM DB | `bash tools/nova-db.sh [--tables\|--users\|--reset-admin pw\|"SQL"]` |
|
||||||
|
|
||||||
|
## Key VM paths
|
||||||
|
- Panel web root: `/srv/novacpx/public/`
|
||||||
|
- Git repo (source): `/opt/novacpx-src/` (what gets pulled by webhook/deploy-runner.sh)
|
||||||
|
- Config: `/etc/novacpx/config.ini` (root:www-data 640)
|
||||||
|
- DB: `/var/lib/novacpx/panel.db` (SQLite)
|
||||||
|
- Deploy runner: `/opt/novacpx-src/deploy/deploy-runner.sh` (cron runs every min)
|
||||||
|
- Webhook: `/opt/novacpx-src/deploy/webhook.php` (linked at /srv/novacpx/public/deploy/webhook.php)
|
||||||
|
- Logs: `/var/log/apache2/error.log`, `/var/log/novacpx/access.log`, `/var/log/novacpx/deploy.log`
|
||||||
|
- JARVIS agent: `/opt/jarvis-agent/`
|
||||||
|
- Cron scripts: `/srv/novacpx/public/bin/` (cache-update-check.php, collect-stats.php, notify-checks.php)
|
||||||
|
|
||||||
|
## VM credentials
|
||||||
|
- VM IP: 10.48.200.110 (PVE1 VM 120)
|
||||||
|
- Root: `root / Joker1974!!!`
|
||||||
|
- Admin panel: `admin / Admin2026!`
|
||||||
|
- MySQL (customer sites): `novacpx_user / 6fyWj6vYnJDKEQvNANzj`
|
||||||
|
- Ports: 8880 (user), 8881 (reseller), 8882 (admin), 8883 (webmail)
|
||||||
|
|
||||||
|
**Why:** [[project-novacpx-todo]]
|
||||||
|
**How to apply:** Start every NovaCPX session by running the session-start checklist so you know immediately if the VM is reachable before writing code.
|
||||||
@@ -0,0 +1,44 @@
|
|||||||
|
---
|
||||||
|
name: project-parkerslingshotrentals
|
||||||
|
description: "parkerslingshotrentals.com — Polaris Slingshot rental site on DO 165.22.1.228; booking system, waiver, admin portal, Square payment pending"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
|
||||||
|
---
|
||||||
|
|
||||||
|
Parker County Slingshot Rentals — LIVE at https://www.parkerslingshotrentals.com (DO 165.22.1.228, CyberPanel).
|
||||||
|
Deploy path: `/home/parkerslingshotrentals.com/public_html/`
|
||||||
|
|
||||||
|
**Why:** Single-vehicle slingshot rental business in Weatherford, TX. Needs online booking, waiver, payments, and admin management.
|
||||||
|
|
||||||
|
## Credentials
|
||||||
|
- Admin portal: /admin/index.php — user: admin / pass: Parker2026! (URL-token auth, no cookies)
|
||||||
|
- DB: park_slingshot / park_slingshotuser / 4@rxg*8kovxCr7w6 on localhost
|
||||||
|
- Deploy path: /home/parkerslingshotrentals.com/public_html/
|
||||||
|
- SendGrid API key: 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
|
||||||
|
- Square production access token: EAAAl3FsAu_2ri8kZE_ENEyi2T_C8HXXm5XQFY6Lbnd8SX6FqYp8J_upUeXNYh7v
|
||||||
|
- Square application ID: sq0idp-YSM7BU9IVyOWSzpeP-0nzQ
|
||||||
|
- GitHub repo: myronblair/parkerslingshotrentals
|
||||||
|
|
||||||
|
## Admin login fix
|
||||||
|
PHP sessions were unreliable (LiteSpeed page caching + session dir permissions).
|
||||||
|
Replaced with HMAC-signed cookie auth — no session files needed.
|
||||||
|
Admin .htaccess has CacheEnable off.
|
||||||
|
|
||||||
|
## Packages
|
||||||
|
- half-day: $99 / 4 hrs
|
||||||
|
- full-day: $169 / 8 hrs
|
||||||
|
- weekend: $299 / 48 hrs
|
||||||
|
|
||||||
|
## Booking flow (6 steps tracked in admin)
|
||||||
|
1. Booking submitted (auto)
|
||||||
|
2. Booking confirmed (status dropdown)
|
||||||
|
3. Waiver signed (waiver.php?ref=PSR-XXXXXX — canvas e-signature)
|
||||||
|
4. Insurance verified (admin toggle)
|
||||||
|
5. Deposit received (admin toggle)
|
||||||
|
6. License verified (admin toggle at pickup)
|
||||||
|
|
||||||
|
## Pending tasks
|
||||||
|
- Task #3: Square deposit payment integration (credentials above)
|
||||||
|
- Task #6: Vehicle photos (waiting on user)
|
||||||
@@ -0,0 +1,42 @@
|
|||||||
|
---
|
||||||
|
name: proxmox-backup
|
||||||
|
description: "Proxmox PVE1/PVE2 config backup to GitHub — weekly cron, restore script, repo structure"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
|
||||||
|
---
|
||||||
|
|
||||||
|
GitHub repo `myronblair/proxmox-config` (private) — full config backup + disaster recovery.
|
||||||
|
|
||||||
|
**Why:** So both Proxmox nodes can be rebuilt quickly from scratch after hardware failure without losing VM configs, network, custom scripts, or services.
|
||||||
|
|
||||||
|
**How to apply:** Reference this when discussing Proxmox maintenance, DR planning, or if a node goes down.
|
||||||
|
|
||||||
|
## Repo Structure
|
||||||
|
- `shared/` — cluster-wide: all VM/LXC .conf files, storage.cfg, datacenter.cfg, user.cfg, corosync.conf, jobs.cfg, firewall, ha, sdn
|
||||||
|
- `pve/` — PVE1 (10.48.200.90): network, cron, scripts, systemd (filebrowser, jarvis-agent, ollama), ssh/authorized_keys
|
||||||
|
- `pve2/` — PVE2 (10.48.200.91): network, cron, scripts (just pve-remove-nag.sh), systemd (jarvis-agent)
|
||||||
|
- `backup.sh` — runs on each node, pulls repo, collects files, commits+pushes
|
||||||
|
- `restore.sh pve1|pve2` — interactive disaster recovery wizard
|
||||||
|
|
||||||
|
## Schedule
|
||||||
|
Weekly cron on both nodes: `0 3 * * 0 /usr/local/bin/proxmox-backup >> /var/log/proxmox-backup.log 2>&1`
|
||||||
|
|
||||||
|
## Manual trigger
|
||||||
|
`/usr/local/bin/proxmox-backup` on either node
|
||||||
|
|
||||||
|
## What's NOT backed up (intentional)
|
||||||
|
- `/etc/pve/priv/` — CA private key, cluster auth keys (Proxmox regenerates these)
|
||||||
|
- SSH private keys
|
||||||
|
- Large binaries: ollama, filebrowser, blockalign, urbackupclientctl
|
||||||
|
- VM disk images → covered by PBS at 10.48.200.85
|
||||||
|
|
||||||
|
## Restore flow
|
||||||
|
1. Fresh Proxmox install → set hostname + IP
|
||||||
|
2. `apt install git && git clone https://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@github.com/myronblair/proxmox-config.git /opt/proxmox-config`
|
||||||
|
3. `bash /opt/proxmox-config/restore.sh pve1` (interactive, confirms each step)
|
||||||
|
4. Reboot for network, then restore VMs from PBS
|
||||||
|
|
||||||
|
## PVE2 disk space issue (2026-06-09)
|
||||||
|
PVE2 was at 100% disk — removed old kernels to free ~9GB. Now at 96% (4.4GB free). Worth monitoring.
|
||||||
@@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
name: project-smtp-credentials
|
||||||
|
description: SMTP and email credentials for all websites — CyberMail API, verified 2026-06-06
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: reference
|
||||||
|
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
|
||||||
|
---
|
||||||
|
|
||||||
|
## CyberMail Account (all sites)
|
||||||
|
- **Dashboard:** https://platform.cyberpersons.com
|
||||||
|
- **API Key (all sites):** `sk_live_7f9b0f9a29f6de31a0d229d4af75d56b094ad724fc58a57d`
|
||||||
|
- **Send Endpoint:** `POST https://platform.cyberpersons.com/email/v1/send`
|
||||||
|
- **Auth:** `Authorization: Bearer {api_key}`
|
||||||
|
- **DO blocks SMTP port 587** — use API over HTTPS (port 443) for all DO-hosted sites
|
||||||
|
- **Last verified:** 2026-06-06 — live test send confirmed, all 5 sites checked
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## tomsjavajive.com — CyberMail ✅ LIVE (verified 2026-06-06)
|
||||||
|
- **From:** noreply@tomsjavajive.com
|
||||||
|
- **Key stored in:** `settings` DB table, key `cybermail_api_key`
|
||||||
|
- **getSetting()** reads from `settings` table (setting_key / setting_value columns) — NOT site_settings
|
||||||
|
- **Mailer:** `includes/functions.php` → `sendEmail()` calls CyberMail API
|
||||||
|
- **Fixed 2026-06-06:** `email_cybermail` setting had `"api_key":"Joker1974!!!"` (wrong) — corrected to real API key
|
||||||
|
- **Note:** TJJ admin UI (admin/emails.php, admin/integrations.php) still shows SendGrid help links — cosmetic only
|
||||||
|
|
||||||
|
## tomtomgames.com — CyberMail ✅ LIVE (verified 2026-06-06)
|
||||||
|
- **From:** noreply@tomtomgames.com
|
||||||
|
- **Key stored in:** `includes/config.php` as `CYBERMAIL_API_KEY` constant
|
||||||
|
- **Mailer:** `includes/mailer.php` → `cybermailSend()` | alias: `sendgridSend()`
|
||||||
|
- **SMTP constants also defined** (SMTP_HOST, SMTP_USER, SMTP_PASS) for fallback reference
|
||||||
|
|
||||||
|
## epictravelexpeditions.com — CyberMail ✅ LIVE (verified 2026-06-06)
|
||||||
|
- **From:** noreply@orbishosting.com (sends via orbishosting.com domain)
|
||||||
|
- **Key stored in:** `/home/epictravelexpeditions.com/public_html/api/config.php` (gitignored)
|
||||||
|
- **Mailer:** `api/includes/mailer.php` → `sendgridSend()` (name kept for compat, calls CyberMail)
|
||||||
|
|
||||||
|
## parkerslingshotrentals.com — CyberMail ✅ LIVE (verified 2026-06-06)
|
||||||
|
- **From:** noreply@orbishosting.com
|
||||||
|
- **Key stored in:** `/home/parkerslingshotrentals.com/public_html/db.php` (in git)
|
||||||
|
- **sendEmail()** in db.php calls CyberMail API directly
|
||||||
|
|
||||||
|
## orbishosting.com / jarvis / orbis — No transactional email
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## GitHub Repo
|
||||||
|
**myronblair/smtp-for-websites** (private, master branch) — credentials reference archive
|
||||||
@@ -0,0 +1,104 @@
|
|||||||
|
---
|
||||||
|
name: project-tomsjavajive
|
||||||
|
description: Tom's Java Jive coffee shop e-commerce — DB creds, admin portal map, known schema quirks, and fixed bugs
|
||||||
|
metadata:
|
||||||
|
type: project
|
||||||
|
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
|
||||||
|
---
|
||||||
|
|
||||||
|
PHP e-commerce site for a Fort Worth coffee shop. On DO server 165.22.1.228.
|
||||||
|
|
||||||
|
## Credentials & Access
|
||||||
|
- **SSH:** root / Gonewalk1974!@# @ 165.22.1.228
|
||||||
|
- **DB:** toms_tjj_db / toms_tjj_user / +60wlPc+55e@gFq4 (localhost)
|
||||||
|
- **Admin login:** `admin@tomsjavajive.com / Joker1974!!!` OR `myronblair@outlook.com / Joker1974!!!` (both work, reset 2026-06-14)
|
||||||
|
- **Stripe:** placeholder keys in config (test mode — real keys must be added manually)
|
||||||
|
- **GitHub:** myronblair/tomsjavajive (private)
|
||||||
|
|
||||||
|
## File Structure
|
||||||
|
```
|
||||||
|
/home/tomsjavajive.com/public_html/
|
||||||
|
admin/ — admin portal
|
||||||
|
includes/header.php — nav (Content group: Splash Box, About Us Text; Catalog group: Import/Export at bottom)
|
||||||
|
customers.php — customer CRUD + wallet adjust
|
||||||
|
reviews.php — review list + inline edit modal with star picker
|
||||||
|
splashes.php — Homepage splash blocks CRUD (drag-drop image upload, icon picker, drag-to-reorder)
|
||||||
|
about-us.php — About Us text CRUD (live preview, paragraph-aware)
|
||||||
|
import-export.php — Inventory export CSV + import CSV (smart/replace) + inline table editing
|
||||||
|
api/upload-splash.php — handles splash image uploads → /uploads/splashes/
|
||||||
|
api/ — backend API endpoints
|
||||||
|
account/ — customer-facing portal
|
||||||
|
wishlist.php
|
||||||
|
rewards.php
|
||||||
|
reviews.php
|
||||||
|
config/
|
||||||
|
config.php — site config (Stripe, SendGrid, etc.) — in git
|
||||||
|
database.php — DB credentials — GITIGNORED
|
||||||
|
includes/ — shared PHP includes
|
||||||
|
uploads/splashes/ — splash block images (owned nobody:nobody, 755)
|
||||||
|
```
|
||||||
|
|
||||||
|
## Database Schema Notes
|
||||||
|
- **products table:** no `slug` column — product URLs use `?id=product_id` (not `?slug=`)
|
||||||
|
- **wallet_transactions.type enum:** deposit, withdrawal, purchase, refund, reward, loyalty_redemption, credit, debit
|
||||||
|
- **loyalty_transactions.type enum:** earn, redeem, adjustment, birthday_bonus, referral_bonus, referral_welcome, tier_upgrade
|
||||||
|
- **customers table:** has `lifetime_points` (INT) and `loyalty_tier` (VARCHAR 20) columns added 2026-05-22
|
||||||
|
- **Collation:** ALL tables must be utf8mb4_unicode_ci — mixed collation (general_ci vs unicode_ci) causes JOIN errors (MySQL 1267)
|
||||||
|
|
||||||
|
## Admin Nav Groups
|
||||||
|
- **Dashboard** — dashboard.php
|
||||||
|
- **Catalog** — products, categories, inventory, import-export
|
||||||
|
- **Orders** — orders, fulfillment
|
||||||
|
- **Customers** — customers, reviews
|
||||||
|
- **Content** — splashes (Splash Box), about-us (About Us Text)
|
||||||
|
- **Analytics, Settings, etc.**
|
||||||
|
|
||||||
|
## Homepage DB-Driven Sections
|
||||||
|
- **Splash blocks:** `homepage_splashes` table → feature cards above products (scrollable if >4)
|
||||||
|
- **About Us text:** `about_us_sections` table → paragraphs under "Our Story" heading
|
||||||
|
|
||||||
|
## Google Merchant Feed — Fixed 2026-06-17
|
||||||
|
- Feed URL: `https://tomsjavajive.com/merchant-feed.php`
|
||||||
|
- Title was being built as `$p['name'] . ' ' . $categoryLabel . ' Coffee'` — doubled the suffix for products whose names already include "Whole Bean Coffee" / "Ground Coffee"
|
||||||
|
- Fix: title now uses `$p['name']` as-is, matching exactly what's shown on the site
|
||||||
|
- Products are approved in Google Merchant Center
|
||||||
|
|
||||||
|
## Known Bugs Fixed (2026-05-22)
|
||||||
|
- `p.slug` in wishlist/reviews queries → replaced with `p.product_id`, URLs use `?id=`
|
||||||
|
- `wallet_transactions` adjust_wallet used wrong enum values (credit/debit) → fixed to deposit/withdrawal
|
||||||
|
- `reviews` table uses `comment` (not `content`) and `is_approved` (not `status`)
|
||||||
|
- `rewards.php` crashed because `lifetime_points`/`loyalty_tier` didn't exist → added via ALTER TABLE
|
||||||
|
- Collation mismatch on wishlist, loyalty_transactions, loyalty_tiers, product_types, loyalty_settings → all converted to unicode_ci
|
||||||
|
|
||||||
|
## Pages Added (2026-06-04)
|
||||||
|
- `faq.php` — accordion FAQ: Orders & Payment, Coffee & Products, Coffee Freshness & Storage, Account & Loyalty
|
||||||
|
- `shipping.php` — rates table (3–5 days standard after processing), "every order made fresh to ship" messaging
|
||||||
|
- `returns.php` — three-tier policy: Your Responsibility / Our Responsibility / Shared Responsibility (covers coffee cost up to $25 on shared issues)
|
||||||
|
- `returns.php` — adapted from DripShipper policy language
|
||||||
|
- `track-order.php` — lookup by order_number + email; shows progress stepper, tracking number/link, items, shipping address; logged-in users see recent orders
|
||||||
|
- `privacy.php` — full privacy policy adapted from DripShipper; GDPR section, children's info, log files, third-party cookies
|
||||||
|
- `includes/footer.php` — Privacy Policy link added to Support section
|
||||||
|
|
||||||
|
## Email (CyberMail) — Fixed 2026-06-14
|
||||||
|
- API key: `sk_live_7f9b0f9a29f6de31a0d229d4af75d56b094ad724fc58a57d` (stored in DB as `cybermail_api_key`)
|
||||||
|
- From email: `noreply@tomsjavajive.com` (stored as `cybermail_from_email`)
|
||||||
|
- From name: `Toms Java Jive` (stored as `cybermail_from_name`)
|
||||||
|
- **CyberMail API requires separate `from` and `from_name` fields** — NOT the combined `Name <email>` format. Using `Name <email>` in the `from` field returns "Invalid 'from' email address" error.
|
||||||
|
- Fixed in: `includes/email.php` (Email class send method) and `includes/functions.php` (sendEmail function)
|
||||||
|
|
||||||
|
## Product Image Upload — Fixed 2026-06-14
|
||||||
|
- Upload endpoint: `/admin/upload-image.php`
|
||||||
|
- Saved to: `/uploads/products/` (must be owned by `tomsj4710:nogroup`, chmod 755)
|
||||||
|
- **Do NOT include `header.php` in upload-image.php** — it outputs full HTML which breaks JSON response
|
||||||
|
- Upload-image.php uses `require_once '../includes/auth.php'` + `AdminAuth::getUser()` check directly
|
||||||
|
- JS in product-edit.php uses `fetch('/admin/upload-image.php', {credentials: 'same-origin', ...})`
|
||||||
|
- Textarea for image URLs must be `name="image_urls"` (form handler reads `$_POST['image_urls']`)
|
||||||
|
|
||||||
|
## CSV Import — Fixed 2026-06-14
|
||||||
|
- `tags`, `images`, `dimensions` columns have MySQL `CHECK (json_valid())` constraints
|
||||||
|
- CSV cells with plain text (e.g. `coffee,dark roast`) or plain URLs must be converted to JSON arrays before insert
|
||||||
|
- `toJsonField()` helper in import-export.php handles: already-valid JSON (pass-through), comma-separated → JSON array, empty → NULL
|
||||||
|
- Always wrap `$r['tags']` and `$r['images']` with `toJsonField()` in any import code
|
||||||
|
|
||||||
|
**Why:** Reference when debugging or extending Tom's Java Jive.
|
||||||
|
**How to apply:** Always check these schema quirks before writing new queries against this DB.
|
||||||
@@ -0,0 +1,65 @@
|
|||||||
|
---
|
||||||
|
name: project-tomsjavajive-email
|
||||||
|
description: "Tom's Java Jive email service — CyberMail (CyberPersons), API key stored in config.php"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
|
||||||
|
---
|
||||||
|
|
||||||
|
## Email Service: CyberMail by CyberPersons
|
||||||
|
|
||||||
|
**API Key:** `sk_live_d52bf062797105aeaafac9954c21ff988e9b41b77315807d`
|
||||||
|
**API Key Management:** https://platform.cyberpersons.com/email/api-keys/
|
||||||
|
**Webmail / Hosting Management:** https://platform.cyberpersons.com/email/webmail/hosting/
|
||||||
|
|
||||||
|
**Stored in:** `/home/tomsjavajive.com/public_html/config/config.php`
|
||||||
|
- Constant: `CYBERMAIL_API_KEY`
|
||||||
|
- Replaced the old `SENDGRID_API_KEY` placeholder
|
||||||
|
|
||||||
|
## Email Handler
|
||||||
|
- File: `/home/tomsjavajive.com/public_html/includes/email.php`
|
||||||
|
- Class: `SendGridEmail` (still named SendGrid — rename when integrating CyberMail API)
|
||||||
|
- Sends: order confirmation, shipping notification, password reset, welcome, abandoned cart
|
||||||
|
- Currently references `CYBERMAIL_API_KEY` constant (was SENDGRID_API_KEY)
|
||||||
|
|
||||||
|
## CyberMail API Reference
|
||||||
|
- **Send:** `POST https://platform.cyberpersons.com/email/v1/send`
|
||||||
|
- **Status:** `GET https://platform.cyberpersons.com/email/v1/messages/{message_id}`
|
||||||
|
- **Account Stats:** `GET https://platform.cyberpersons.com/email/v1/account/stats`
|
||||||
|
- **Auth:** `Authorization: Bearer {api_key}`
|
||||||
|
|
||||||
|
## Error Codes
|
||||||
|
| HTTP | error.type | Description |
|
||||||
|
|------|-----------|-------------|
|
||||||
|
| 400 | invalid_request | Missing required fields or invalid email format |
|
||||||
|
| 403 | domain_not_verified | Sending domain not verified |
|
||||||
|
| 403 | domain_not_found | Domain not registered to account |
|
||||||
|
| 403 | account_inactive | Account suspended or inactive |
|
||||||
|
| 403 | forbidden | API key domain/IP restriction |
|
||||||
|
| 404 | not_found | Message ID not found |
|
||||||
|
| 429 | rate_limit_exceeded | Rate limit reached (includes retry_after field) |
|
||||||
|
| 500 | send_failed | Sending failed after failover |
|
||||||
|
| 503 | service_unavailable | No healthy mail nodes |
|
||||||
|
|
||||||
|
## PHP Integration
|
||||||
|
- `email.php` uses `Authorization: Bearer` header, curl over HTTPS (port 443 — no DO block)
|
||||||
|
- Success returns `['success'=>true, 'message_id'=>'...']`
|
||||||
|
- Failure returns `['success'=>false, 'error'=>'friendly message', 'error_type'=>'code', 'code'=>httpCode]`
|
||||||
|
- 429 errors include retry_after seconds in the error message
|
||||||
|
- **Required fields:** `from`, `to`, `subject`, `html` (or `text`)
|
||||||
|
- **Optional:** `text`, `cc`, `bcc`, `reply_to`, `tags`, `metadata`, `headers`
|
||||||
|
- **Success response:** 202 with `data.message_id`, `data.status`
|
||||||
|
- **Domain must be verified** at platform.cyberpersons.com before sending
|
||||||
|
|
||||||
|
## SMTP Credentials (blocked by DigitalOcean — use API instead)
|
||||||
|
- Host: mail.cyberpersons.com | Port: 587 | Security: STARTTLS
|
||||||
|
- Username: `smtp_49a1fa9c0f15d2d7`
|
||||||
|
- Password: `T3mOFSMK1SG1l4D1d7N8NefRd8xypwMy`
|
||||||
|
- DO blocks outbound port 587 — API over HTTPS is the working approach
|
||||||
|
|
||||||
|
## Current Status
|
||||||
|
- email.php rewritten to use CyberMail API (curl over HTTPS port 443)
|
||||||
|
- `SendGridEmail` class renamed to `Email`, `sendEmail()` helper unchanged
|
||||||
|
- Blocked by: `tomsjavajive.com` domain not verified in CyberMail dashboard
|
||||||
|
- Fix: verify domain at platform.cyberpersons.com (add DNS TXT/CNAME records)
|
||||||
@@ -0,0 +1,30 @@
|
|||||||
|
---
|
||||||
|
name: project-tomtomgames-email
|
||||||
|
description: "TomTomGames email service — CyberMail API + SMTP, same API key as tomsjavajive"
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: f0b18417-cc26-4fdf-87ec-7b2d69b02c44
|
||||||
|
---
|
||||||
|
|
||||||
|
## Email Service: CyberMail (same account as tomsjavajive.com)
|
||||||
|
|
||||||
|
**API Key:** `sk_live_7f9b0f9a29f6de31a0d229d4af75d56b094ad724fc58a57d` (verified working 2026-06-06)
|
||||||
|
**SMTP Host:** mail.cyberpersons.com | Port: 587 | Security: STARTTLS
|
||||||
|
**SMTP Username:** `smtp_ad34c4d915da7bfc`
|
||||||
|
**SMTP Password:** `m47o2-UqPgM-IBeYNRz-uHSJAHnPGe9w`
|
||||||
|
**From:** noreply@tomtomgames.com
|
||||||
|
|
||||||
|
## Files Updated
|
||||||
|
- `/home/tomtomgames.com/includes/config.php` — CYBERMAIL_API_KEY + SMTP constants
|
||||||
|
- `/home/tomtomgames.com/includes/mailer.php` — rewritten to use CyberMail API via cybermailSend()
|
||||||
|
- `/home/tomtomgames.com/public_html/api/admin.php` — mail() replaced with cybermailSend()
|
||||||
|
|
||||||
|
## Email Functions
|
||||||
|
- `cybermailSend($to, $name, $subject, $text, $html, $tags)` — primary send function
|
||||||
|
- `sendgridSend()` — kept as alias (calls cybermailSend) for backward compatibility
|
||||||
|
- `sendVerificationEmail($email, $alias, $token)` — registration/resend verification
|
||||||
|
|
||||||
|
## Emails Sent
|
||||||
|
- Account verification (registration + resend)
|
||||||
|
- Password reset (admin.php)
|
||||||
@@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
name: project-webserver
|
||||||
|
description: CyberPanel/OpenLiteSpeed DO server at 165.22.1.228 hosting tomsjavajive.com and 5 other sites
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: 002fe81e-7e03-414d-b842-1f94f1390a22
|
||||||
|
---
|
||||||
|
|
||||||
|
CyberPanel server running OpenLiteSpeed + MariaDB + PHP (lsphp).
|
||||||
|
|
||||||
|
**SSH:** root / Gonewalk1974!@# @ 165.22.1.228
|
||||||
|
|
||||||
|
**Sites hosted** (all under /home/<domain>/public_html/):
|
||||||
|
- tomsjavajive.com — coffee shop e-commerce (PHP, custom built, Stripe, loyalty/rewards)
|
||||||
|
- epictravelexpeditions.com
|
||||||
|
- orbishosting.com — email only via CyberPanel; no local site (forwarded/maintained elsewhere — do NOT treat as a stub needing a site built)
|
||||||
|
- orbis.orbishosting.com
|
||||||
|
- parkerslingshotrentals.com
|
||||||
|
- tomtomgames.com
|
||||||
|
|
||||||
|
**Stack:** OpenLiteSpeed, MariaDB 10.11, PHP (lsphp), Redis, Memcached, PowerDNS, Postfix/Dovecot, CyberPanel
|
||||||
|
|
||||||
|
**tomsjavajive.com structure:**
|
||||||
|
- /home/tomsjavajive.com/public_html/
|
||||||
|
- admin/ — admin portal (dashboard, products, orders, customers, analytics, etc.)
|
||||||
|
- api/ — backend API endpoints
|
||||||
|
- account/ — customer account pages
|
||||||
|
- config/ — config.php, database.php
|
||||||
|
- includes/ — shared PHP includes
|
||||||
|
|
||||||
|
**Why:** IP changed from 206.189.229.53 to 165.22.1.228 as of 2026-05-22.
|
||||||
|
**How to apply:** Use 165.22.1.228 for all SSH access to these sites.
|
||||||
@@ -0,0 +1,69 @@
|
|||||||
|
---
|
||||||
|
name: project-yealink-phones
|
||||||
|
description: Complete Yealink phone inventory — 5 physical phones (T48S/T57W/AX86R) + 3 voicemail-only virtual extensions on FusionPBX
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: project
|
||||||
|
originSessionId: 5419c63f-5e28-41c3-9055-3d9a33550b52
|
||||||
|
---
|
||||||
|
|
||||||
|
## Physical Phones
|
||||||
|
|
||||||
|
| IP | MAC | Model | Label | Ext | Status |
|
||||||
|
|----|-----|-------|-------|-----|--------|
|
||||||
|
| 10.48.200.2 | `80:5e:c0:35:04:77` | T48S | Myron Blair Desk Phone | 1000 | Online |
|
||||||
|
| 10.48.200.43 | `80:5e:0c:15:0c:4f` | T48S | Tommy Ivy Desk Phone | 1001 | Online |
|
||||||
|
| 10.48.200.65 | `c4:fc:22:13:e1:89` | AX86R | Myron Blair AX86 WiFi Work Phone | 1002 | Online |
|
||||||
|
| 10.48.200.83 | `80:5e:0c:e9:44:f8` | T57W | Kitchen Phone | 1003 | Online |
|
||||||
|
| 10.48.200.85 | `80:5e:0c:30:75:96` | T57W | Master Bedroom Phone | 1004 | Online |
|
||||||
|
| 10.48.200.3 | `c4:fc:22:28:63:71` | T57W | United Mirror & Glass | External SIP | Online |
|
||||||
|
|
||||||
|
## Virtual Extensions (Voicemail Only — No Physical Phone)
|
||||||
|
|
||||||
|
| Ext | Name |
|
||||||
|
|-----|------|
|
||||||
|
| 1010 | Parker County Slingshot |
|
||||||
|
| 1011 | Epic Travel Expeditions |
|
||||||
|
| 1012 | Tom's Java Jive |
|
||||||
|
|
||||||
|
## IVR
|
||||||
|
|
||||||
|
| Ext | Purpose |
|
||||||
|
|-----|---------|
|
||||||
|
| 900 | Auto-attendant (IVR) |
|
||||||
|
|
||||||
|
## SIP Credentials
|
||||||
|
|
||||||
|
| Ext | SIP Password |
|
||||||
|
|-----|-------------|
|
||||||
|
| 1000 | `Xk9mPw3nQv7rLs2t` |
|
||||||
|
| 1001 | `Tv8xNm4pWq6rZs3k` |
|
||||||
|
| 1002 | `yXHaJTwa8rj?$GkrVFQB` |
|
||||||
|
|
||||||
|
## FusionPBX Connection
|
||||||
|
|
||||||
|
- Server: `134.209.72.226`, Port: `5080`, Transport: UDP
|
||||||
|
- SSH: relay through DO (`165.22.1.228`) → FusionPBX (`134.209.72.226`)
|
||||||
|
- Web: `https://fusion.orbishosting.com` (admin / fY7XP5swgtpbzrYLhkeVYkA4744)
|
||||||
|
- Provisioning URL: `https://fusion.orbishosting.com/app/provision/` (provision-master / Joker1974!!!)
|
||||||
|
|
||||||
|
## Yealink Web UI Login
|
||||||
|
|
||||||
|
T48S phones use RSA-encrypted password login (PKCS#1 v1.5). T57W uses HTTPS on port 8080.
|
||||||
|
|
||||||
|
- After factory reset, provisioning URL is cleared — must re-enter manually on phone
|
||||||
|
- Path: Menu → Settings → Advanced → Auto Provision
|
||||||
|
- To re-provision without reboot: Menu → Settings → Advanced → Auto Provision → Update Now
|
||||||
|
|
||||||
|
## BLF Buttons (confirmed working 2026-05-29)
|
||||||
|
|
||||||
|
- Device profile "yealink" (UUID 2c68fe07-b29a-4429-a3c2-7ce9010c69ff)
|
||||||
|
- 10 BLF keys, type=16 in FusionPBX
|
||||||
|
- Buttons: Myron 1000, Tommy 1001, Myron-WkPh 1002, Kitchen 1003, Bedroom 1004, PC Slingshot 1010, Park 5901/5902/5903, Page All
|
||||||
|
|
||||||
|
## Key Notes
|
||||||
|
|
||||||
|
- `manage-presence = true` set in FreeSWITCH external sofia profile (DB-managed)
|
||||||
|
- BLF type=16 required in FusionPBX (pickup_value required)
|
||||||
|
- `overwrite_mode=1` required in provisioning
|
||||||
|
- AVOID: `sofia profile external restart` — drops all registrations
|
||||||
@@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
name: user-cryptex
|
||||||
|
description: Physical Cryptex safe combination key — 3D printed on Creality K2 Pro
|
||||||
|
metadata:
|
||||||
|
node_type: memory
|
||||||
|
type: user
|
||||||
|
originSessionId: b1e93a6a-f101-4ea4-aafb-9cb7e2958821
|
||||||
|
---
|
||||||
|
|
||||||
|
**Cryptex safe key:** `NEBYMJ`
|
||||||
|
|
||||||
|
Printed on Creality K2 Pro. Physical combination lock safe.
|
||||||
File diff suppressed because one or more lines are too long
@@ -0,0 +1 @@
|
|||||||
|
['back_bathroom', 'back_bedroom', 'back_door', 'back_yard', 'camper', 'car', 'car_port', 'dining_room', 'down_hill', 'front_bedroom', 'front_door', 'front_yard', 'garage', 'hallway', 'hdmibroadcast', 'kitchen', 'konnected_alarm', 'living_room', 'master_bedroom', 'office', 'outdoors', 'side_yard', 'storage', 'utility_room']
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
404: Not Found
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
404: Not Found
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
404: Not Found
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
404: Not Found
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
404: Not Found
|
||||||
Reference in New Issue
Block a user