# Session Log: 2026-03-19

## Session Summary

Major workstation setup and Dataforth infrastructure session. Set up new CachyOS Linux install on ASUS laptop (acg-guru-5070), fixed multiple system issues, wiped old Windows drive for /home, reset ESXi licenses, and diagnosed/fixed Dataforth FreePBX phone system.

## Work Completed

### 1. Tailscale Validation & Fix
- **Issue 1:** `--accept-routes` was false - peers advertising routes but not accepted
- **Fix:** `sudo tailscale set --accept-routes`
- **Issue 2:** systemd-resolved and NetworkManager misconfigured for MagicDNS
- **Fix:** Created `/etc/NetworkManager/conf.d/dns.conf` with `dns=systemd-resolved`, symlinked `/etc/resolv.conf` to `/run/systemd/resolve/stub-resolv.conf`, restarted both services and tailscaled
- **Result:** All health warnings cleared, MagicDNS working

### 2. Google Chrome Installation
- Installed via `paru -S --noconfirm google-chrome` (AUR)
- Version: 146.0.7680.153

### 3. Display Brightness Fix
- **Issue:** Brightness at 100% per KDE but visually dim
- **Root cause:** `intel_backlight` was at 100/496 (~20%), KDE was reading `nvidia_0` (100/100)
- **Fix:** Set intel_backlight to max: `echo 496 > /sys/class/backlight/intel_backlight/brightness`
- **Hotkey fix:** Created `/etc/udev/rules.d/backlight.rules` to hide `nvidia_0` so KDE only controls `intel_backlight`
- Ran `sudo chmod 000 /sys/class/backlight/nvidia_0` for immediate effect
- Restarted `plasma-powerdevil`

### 4. Secondary Drive Setup as /home
- **Drive:** nvme1n1 (954GB SK Hynix) - old Windows BitLocker drive
- **Steps:**
  - Wiped with `wipefs -a`
  - Created GPT partition table with single ext4 partition (label: "home")
  - UUID: `4143f922-455f-4154-8f87-6df123548916`
  - Copied existing /home via `rsync -aAXv /home/ /mnt/`
  - Updated `/etc/fstab` - replaced btrfs @home subvolume entry with new ext4 mount
  - Original btrfs @home subvolume still exists on OS drive as backup
- **Requires reboot to activate**

### 5. ESXi License Resets (Dataforth)
- **192.168.0.122:** Evaluation expired, reset via SSH
  - Created sysadmin user (Paper123!@#) for SSH access
  - Reset: `rm -r /etc/vmware/license.cfg && cp /etc/vmware/.#license.cfg /etc/vmware/license.cfg`
  - Restarted vpxa and hostd
  - New expiration: 2026-05-18
- **192.168.0.124:** Same procedure via root user
  - SSH enabled from web UI
  - New expiration: 2026-05-18

### 6. FreePBX/Asterisk Phone System Fix (Dataforth)
- **PBX:** 192.168.100.2 (pbx.intranet.dataforth.com)
- **OS:** Sangoma FreePBX Distro 17 / Debian 12
- **VM:** On ESXi 192.168.0.122, VM ID 9, SAN-D1-15k datastore

#### Issues Found & Fixed:
1. **Asterisk was not running** - started with `fwconsole start`
2. **`fwconsole reload` was failing** with `Undefined array key "trunk_name"` in PJSip.class.php line 504
   - **Root cause:** `getAllTrunks()` SQL query (`LEFT OUTER JOIN` with `IS NULL`) returns extension data mixed with trunk data. Extensions lack `trunk_name` key.
   - **Also:** Orphaned trunk ID 2 (`FirstDigital_SIP`) in pjsip table with no matching entry in trunks table
   - **Fix:** Patched line 504: `$tn = $trunk['trunk_name'] ?? null; if ($tn === null) { continue; }`
   - Backup at PJSip.class.php.bak
   - Deleted orphaned trunk: `DELETE FROM pjsip WHERE id='2'`
3. **Asterisk logging was broken** - no `full` log file configured since Jan 27
   - **Fix:** Added `full => notice,warning,error,verbose,dtmf,fax` to `/etc/asterisk/logger_logfiles_custom.conf`
   - Logger now writing to `/var/log/asterisk/full`
4. **Call transfer event listener** was intermittently failing with "Asterisk is not connected" errors in AMI

#### PBX Status After Fix:
- Asterisk running, PJSIP trunk (FirstDigital) connected
- 30+ extensions registered
- fwconsole reload succeeds
- Full logging restored
- SIP trunk: FirstDigital at 66.7.123.215 (match: 66.7.123.0/24)
- Outbound CID: 5207411404

### 7. Packages Installed
- `nano` (for visudo)
- `sshpass` (for automated SSH)
- `expect` (for ESXi/PBX SSH sessions)
- `google-chrome` (AUR)

### 8. Sudo Configuration
- Added `guru ALL=(ALL) NOPASSWD: ALL` to sudoers via `EDITOR=nano visudo`

## Credentials

### ESXi Host 1 (192.168.0.122)
- **Web UI:** https://192.168.0.122
- **Root:** root / Gptf*77ttb!@#!@#
- **SSH User:** sysadmin / Paper123!@#
- **VMs:** AD1, AD2, FILES-D1, PBX

### ESXi Host 2 (192.168.0.124)
- **Web UI:** https://192.168.0.124
- **Root:** root / Gptf*77ttb!@#!@#

### PBX (192.168.100.2)
- **SSH:** sangoma / Gptf*77ttb!@#!@#
- **Web UI:** https://192.168.100.2
- **Network:** VLAN100 (192.168.100.0/24)
- **SIP trunk:** FirstDigital (66.7.123.215)
- **SIP network:** 10.208.107.116/30 (SIP_Group vSwitch)
- **DIDs:** 520-741-1404 (ring group 600), 520-917-0493 (ext 269), 520-917-0495 (ext 273), 520-917-2235+

### Existing (used this session)
- **AD2 (192.168.0.6):** INTRANET\sysadmin / Paper123!@#
- **D2TESTNAS (192.168.0.9):** root (SSH key auth)

## Infrastructure Details

### Workstation: acg-guru-5070
- **OS:** CachyOS (Arch-based), kernel 6.19.7-1-cachyos
- **CPU/GPU:** Intel Arrow Lake-S + NVIDIA RTX 5070 Ti Mobile
- **Drives:**
  - nvme0n1: 954GB (CachyOS install, btrfs)
  - nvme1n1: 954GB (ext4, formatted as /home, UUID: 4143f922-455f-4154-8f87-6df123548916)
- **Tailscale IP:** 100.95.216.79
- **Tailnet:** tailea2889.ts.net (azcomputerguru.com)

### Tailscale Subnet Routes
- pfSense-2: 172.16.0.0/22
- D2TESTNAS: 192.168.0.0/24
- **Missing:** 192.168.100.0/24 (VLAN100/PBX) - requires Dataforth WiFi or adding route to pfSense-2

### Files Modified
- `/etc/NetworkManager/conf.d/dns.conf` (created)
- `/etc/udev/rules.d/backlight.rules` (created)
- `/etc/fstab` (modified /home mount)
- `/home/guru/ClaudeTools/credentials.md` (added ESXi .122, .124, PBX entries)
- PBX: `/var/www/html/admin/modules/core/functions.inc/drivers/PJSip.class.php` (patched line 504)
- PBX: `/etc/asterisk/logger_logfiles_custom.conf` (created, added full log)

## Pending/Incomplete Tasks

1. **Reboot required** for /home mount to switch to new ext4 drive
2. **PBX call testing** - users should verify DIDs, transfers, and general calling work
3. **PBX VLAN100 routing** - not accessible via Tailscale, need to add 192.168.100.0/24 to pfSense-2's advertised routes
4. **ESXi license reminder** - both hosts expire 2026-05-18 (60 days)
5. **PBX auto-start** - verify Asterisk starts automatically on VM boot to prevent future outages
6. **fail2ban logs** - 70MB/day suggests external SIP scanning; may want to review firewall rules
7. **Windows reinstall script** - user asked about a PowerShell script for reinstalling Claude config after Windows reset; not found in repo, may need to be created
8. **PJSip.class.php patch** - will be overwritten on FreePBX module update; monitor for upstream fix