From c296bb9ea01385a1391448e28cef913b143b3fff Mon Sep 17 00:00:00 2001
From: Mike Swanson <mike@azcomputerguru.com>
Date: Thu, 19 Mar 2026 09:09:06 -0700
Subject: [PATCH] Session log: workstation setup, ESXi license resets, FreePBX
 phone system fix

- CachyOS workstation: Tailscale fix, brightness fix, /home drive setup
- ESXi .122 and .124: evaluation license resets (expire 2026-05-18)
- FreePBX PBX: fixed fwconsole reload crash (PJSip.class.php trunk_name bug),
  restored Asterisk logging, started phone system
- credentials.md: added ESXi hosts and PBX entries

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 credentials.md                     |  33 +++++++
 session-logs/2026-03-19-session.md | 141 +++++++++++++++++++++++++++++
 2 files changed, 174 insertions(+)
 create mode 100644 session-logs/2026-03-19-session.md

diff --git a/credentials.md b/credentials.md
index c2ee477..9805c12 100644
--- a/credentials.md
+++ b/credentials.md
@@ -252,6 +252,39 @@
 
 ## Dataforth Infrastructure
 
+### ESXi Host (192.168.0.122)
+- **Host:** 192.168.0.122
+- **Role:** VMware ESXi hypervisor
+- **User:** root
+- **Password:** Gptf*77ttb!@#!@#
+- **Web UI:** https://192.168.0.122
+- **Network:** Dataforth LAN (192.168.0.0/24)
+- **SSH User:** sysadmin / Paper123!@#
+- **VMs:** AD1, AD2, FILES-D1, PBX
+
+### ESXi Host (192.168.0.124)
+- **Host:** 192.168.0.124
+- **Role:** VMware ESXi hypervisor
+- **User:** root
+- **Password:** Gptf*77ttb!@#!@#
+- **Web UI:** https://192.168.0.124
+- **Network:** Dataforth LAN (192.168.0.0/24)
+
+### PBX (192.168.100.2)
+- **Host:** 192.168.100.2
+- **Hostname:** pbx.intranet.dataforth.com
+- **Role:** Sangoma FreePBX 17 / Asterisk (phone system)
+- **OS:** Debian 12 (Sangoma FreePBX Distro)
+- **SSH User:** sangoma
+- **SSH Password:** Gptf*77ttb!@#!@#
+- **Web UI:** https://192.168.100.2
+- **Network:** VLAN100 (192.168.100.0/24)
+- **SIP Trunk:** FirstDigital (66.7.123.215, PJSIP)
+- **SIP Network:** 10.208.107.116/30 (SIP_Group vSwitch)
+- **ESXi Host:** 192.168.0.122 (VM ID 9, SAN-D1-15k datastore)
+- **Extensions:** 201-343 range (~35 endpoints)
+- **DIDs:** 520-741-1404 (ring group 600), 520-917-0493 (ext 269), 520-917-0495 (ext 273), 520-917-2235+
+
 ### AD2 (Production Server - 192.168.0.6)
 - **Host:** 192.168.0.6
 - **Hostname:** AD2.intranet.dataforth.com
diff --git a/session-logs/2026-03-19-session.md b/session-logs/2026-03-19-session.md
new file mode 100644
index 0000000..059c17b
--- /dev/null
+++ b/session-logs/2026-03-19-session.md
@@ -0,0 +1,141 @@
+# Session Log: 2026-03-19
+
+## Session Summary
+
+Major workstation setup and Dataforth infrastructure session. Set up new CachyOS Linux install on ASUS laptop (acg-guru-5070), fixed multiple system issues, wiped old Windows drive for /home, reset ESXi licenses, and diagnosed/fixed Dataforth FreePBX phone system.
+
+## Work Completed
+
+### 1. Tailscale Validation & Fix
+- **Issue 1:** `--accept-routes` was false - peers advertising routes but not accepted
+- **Fix:** `sudo tailscale set --accept-routes`
+- **Issue 2:** systemd-resolved and NetworkManager misconfigured for MagicDNS
+- **Fix:** Created `/etc/NetworkManager/conf.d/dns.conf` with `dns=systemd-resolved`, symlinked `/etc/resolv.conf` to `/run/systemd/resolve/stub-resolv.conf`, restarted both services and tailscaled
+- **Result:** All health warnings cleared, MagicDNS working
+
+### 2. Google Chrome Installation
+- Installed via `paru -S --noconfirm google-chrome` (AUR)
+- Version: 146.0.7680.153
+
+### 3. Display Brightness Fix
+- **Issue:** Brightness at 100% per KDE but visually dim
+- **Root cause:** `intel_backlight` was at 100/496 (~20%), KDE was reading `nvidia_0` (100/100)
+- **Fix:** Set intel_backlight to max: `echo 496 > /sys/class/backlight/intel_backlight/brightness`
+- **Hotkey fix:** Created `/etc/udev/rules.d/backlight.rules` to hide `nvidia_0` so KDE only controls `intel_backlight`
+- Ran `sudo chmod 000 /sys/class/backlight/nvidia_0` for immediate effect
+- Restarted `plasma-powerdevil`
+
+### 4. Secondary Drive Setup as /home
+- **Drive:** nvme1n1 (954GB SK Hynix) - old Windows BitLocker drive
+- **Steps:**
+  - Wiped with `wipefs -a`
+  - Created GPT partition table with single ext4 partition (label: "home")
+  - UUID: `4143f922-455f-4154-8f87-6df123548916`
+  - Copied existing /home via `rsync -aAXv /home/ /mnt/`
+  - Updated `/etc/fstab` - replaced btrfs @home subvolume entry with new ext4 mount
+  - Original btrfs @home subvolume still exists on OS drive as backup
+- **Requires reboot to activate**
+
+### 5. ESXi License Resets (Dataforth)
+- **192.168.0.122:** Evaluation expired, reset via SSH
+  - Created sysadmin user (Paper123!@#) for SSH access
+  - Reset: `rm -r /etc/vmware/license.cfg && cp /etc/vmware/.#license.cfg /etc/vmware/license.cfg`
+  - Restarted vpxa and hostd
+  - New expiration: 2026-05-18
+- **192.168.0.124:** Same procedure via root user
+  - SSH enabled from web UI
+  - New expiration: 2026-05-18
+
+### 6. FreePBX/Asterisk Phone System Fix (Dataforth)
+- **PBX:** 192.168.100.2 (pbx.intranet.dataforth.com)
+- **OS:** Sangoma FreePBX Distro 17 / Debian 12
+- **VM:** On ESXi 192.168.0.122, VM ID 9, SAN-D1-15k datastore
+
+#### Issues Found & Fixed:
+1. **Asterisk was not running** - started with `fwconsole start`
+2. **`fwconsole reload` was failing** with `Undefined array key "trunk_name"` in PJSip.class.php line 504
+   - **Root cause:** `getAllTrunks()` SQL query (`LEFT OUTER JOIN` with `IS NULL`) returns extension data mixed with trunk data. Extensions lack `trunk_name` key.
+   - **Also:** Orphaned trunk ID 2 (`FirstDigital_SIP`) in pjsip table with no matching entry in trunks table
+   - **Fix:** Patched line 504: `$tn = $trunk['trunk_name'] ?? null; if ($tn === null) { continue; }`
+   - Backup at PJSip.class.php.bak
+   - Deleted orphaned trunk: `DELETE FROM pjsip WHERE id='2'`
+3. **Asterisk logging was broken** - no `full` log file configured since Jan 27
+   - **Fix:** Added `full => notice,warning,error,verbose,dtmf,fax` to `/etc/asterisk/logger_logfiles_custom.conf`
+   - Logger now writing to `/var/log/asterisk/full`
+4. **Call transfer event listener** was intermittently failing with "Asterisk is not connected" errors in AMI
+
+#### PBX Status After Fix:
+- Asterisk running, PJSIP trunk (FirstDigital) connected
+- 30+ extensions registered
+- fwconsole reload succeeds
+- Full logging restored
+- SIP trunk: FirstDigital at 66.7.123.215 (match: 66.7.123.0/24)
+- Outbound CID: 5207411404
+
+### 7. Packages Installed
+- `nano` (for visudo)
+- `sshpass` (for automated SSH)
+- `expect` (for ESXi/PBX SSH sessions)
+- `google-chrome` (AUR)
+
+### 8. Sudo Configuration
+- Added `guru ALL=(ALL) NOPASSWD: ALL` to sudoers via `EDITOR=nano visudo`
+
+## Credentials
+
+### ESXi Host 1 (192.168.0.122)
+- **Web UI:** https://192.168.0.122
+- **Root:** root / Gptf*77ttb!@#!@#
+- **SSH User:** sysadmin / Paper123!@#
+- **VMs:** AD1, AD2, FILES-D1, PBX
+
+### ESXi Host 2 (192.168.0.124)
+- **Web UI:** https://192.168.0.124
+- **Root:** root / Gptf*77ttb!@#!@#
+
+### PBX (192.168.100.2)
+- **SSH:** sangoma / Gptf*77ttb!@#!@#
+- **Web UI:** https://192.168.100.2
+- **Network:** VLAN100 (192.168.100.0/24)
+- **SIP trunk:** FirstDigital (66.7.123.215)
+- **SIP network:** 10.208.107.116/30 (SIP_Group vSwitch)
+- **DIDs:** 520-741-1404 (ring group 600), 520-917-0493 (ext 269), 520-917-0495 (ext 273), 520-917-2235+
+
+### Existing (used this session)
+- **AD2 (192.168.0.6):** INTRANET\sysadmin / Paper123!@#
+- **D2TESTNAS (192.168.0.9):** root (SSH key auth)
+
+## Infrastructure Details
+
+### Workstation: acg-guru-5070
+- **OS:** CachyOS (Arch-based), kernel 6.19.7-1-cachyos
+- **CPU/GPU:** Intel Arrow Lake-S + NVIDIA RTX 5070 Ti Mobile
+- **Drives:**
+  - nvme0n1: 954GB (CachyOS install, btrfs)
+  - nvme1n1: 954GB (ext4, formatted as /home, UUID: 4143f922-455f-4154-8f87-6df123548916)
+- **Tailscale IP:** 100.95.216.79
+- **Tailnet:** tailea2889.ts.net (azcomputerguru.com)
+
+### Tailscale Subnet Routes
+- pfSense-2: 172.16.0.0/22
+- D2TESTNAS: 192.168.0.0/24
+- **Missing:** 192.168.100.0/24 (VLAN100/PBX) - requires Dataforth WiFi or adding route to pfSense-2
+
+### Files Modified
+- `/etc/NetworkManager/conf.d/dns.conf` (created)
+- `/etc/udev/rules.d/backlight.rules` (created)
+- `/etc/fstab` (modified /home mount)
+- `/home/guru/ClaudeTools/credentials.md` (added ESXi .122, .124, PBX entries)
+- PBX: `/var/www/html/admin/modules/core/functions.inc/drivers/PJSip.class.php` (patched line 504)
+- PBX: `/etc/asterisk/logger_logfiles_custom.conf` (created, added full log)
+
+## Pending/Incomplete Tasks
+
+1. **Reboot required** for /home mount to switch to new ext4 drive
+2. **PBX call testing** - users should verify DIDs, transfers, and general calling work
+3. **PBX VLAN100 routing** - not accessible via Tailscale, need to add 192.168.100.0/24 to pfSense-2's advertised routes
+4. **ESXi license reminder** - both hosts expire 2026-05-18 (60 days)
+5. **PBX auto-start** - verify Asterisk starts automatically on VM boot to prevent future outages
+6. **fail2ban logs** - 70MB/day suggests external SIP scanning; may want to review firewall rules
+7. **Windows reinstall script** - user asked about a PowerShell script for reinstalling Claude config after Windows reset; not found in repo, may need to be created
+8. **PJSip.class.php patch** - will be overwritten on FreePBX module update; monitor for upstream fix