From 3fcc9f2b93bdf81080fdbfac5bea0b573ae45c58 Mon Sep 17 00:00:00 2001
From: Harikrishnan Dhanasekaran <harikrishnan@mulecraft.in>
Date: Fri, 28 Nov 2025 12:39:47 +0530
Subject: [PATCH] Feat : Add Fonoster template -#45 (#509)

* feat: Add Fonoster template - open source Twilio alternative

* fixed the build issue

* fixed the service log issue
---
 blueprints/fonoster/docker-compose.yml | 206 +++++++++++++++
 blueprints/fonoster/fonoster.svg       |  11 +
 blueprints/fonoster/template.toml      | 331 +++++++++++++++++++++++++
 meta.json                              |  20 ++
 4 files changed, 568 insertions(+)
 create mode 100644 blueprints/fonoster/docker-compose.yml
 create mode 100644 blueprints/fonoster/fonoster.svg
 create mode 100644 blueprints/fonoster/template.toml

diff --git a/blueprints/fonoster/docker-compose.yml b/blueprints/fonoster/docker-compose.yml
new file mode 100644
index 00000000..38ddb571
--- /dev/null
+++ b/blueprints/fonoster/docker-compose.yml
@@ -0,0 +1,206 @@
+services:
+  dashboard:
+    image: fonoster/dashboard:0.15.15
+    restart: unless-stopped
+    ports:
+      - 3030
+    environment:
+      - SERVER_DASHBOARD_SESSION_SECRET=${SERVER_DASHBOARD_SESSION_SECRET}
+
+  apiserver:
+    image: fonoster/apiserver:0.15.15
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      - APISERVER_APP_URL=${APISERVER_APP_URL}
+      - APISERVER_ASTERISK_ARI_PROXY_URL=${APISERVER_ASTERISK_ARI_PROXY_URL}
+      - APISERVER_ASTERISK_ARI_SECRET=${APISERVER_ASTERISK_ARI_SECRET}
+      - APISERVER_ASTERISK_ARI_USERNAME=${APISERVER_ASTERISK_ARI_USERNAME}
+      - APISERVER_AUTHZ_SERVICE_ENABLED=${APISERVER_AUTHZ_SERVICE_ENABLED}
+      - APISERVER_AUTHZ_SERVICE_HOST=${APISERVER_AUTHZ_SERVICE_HOST}
+      - APISERVER_AUTHZ_SERVICE_METHODS=${APISERVER_AUTHZ_SERVICE_METHODS}
+      - APISERVER_AUTHZ_SERVICE_PORT=${APISERVER_AUTHZ_SERVICE_PORT}
+      - APISERVER_CLOAK_ENCRYPTION_KEY=${APISERVER_CLOAK_ENCRYPTION_KEY}
+      - APISERVER_DATABASE_URL=${APISERVER_DATABASE_URL}
+      - APISERVER_IDENTITY_DATABASE_URL=${APISERVER_IDENTITY_DATABASE_URL}
+      - APISERVER_IDENTITY_ISSUER=${APISERVER_IDENTITY_ISSUER}
+      - APISERVER_IDENTITY_CONTACT_VERIFICATION_REQUIRED=${APISERVER_IDENTITY_CONTACT_VERIFICATION_REQUIRED}
+      - APISERVER_IDENTITY_TWO_FACTOR_AUTHENTICATION_REQUIRED=${APISERVER_IDENTITY_TWO_FACTOR_AUTHENTICATION_REQUIRED}
+      - APISERVER_IDENTITY_WORKSPACE_INVITE_EXPIRATION=${APISERVER_IDENTITY_WORKSPACE_INVITE_EXPIRATION}
+      - APISERVER_IDENTITY_WORKSPACE_INVITE_FAIL_URL=${APISERVER_IDENTITY_WORKSPACE_INVITE_FAIL_URL}
+      - APISERVER_IDENTITY_WORKSPACE_INVITE_URL=${APISERVER_IDENTITY_WORKSPACE_INVITE_URL}
+      - APISERVER_IDENTITY_OAUTH2_GITHUB_CLIENT_ID=${APISERVER_IDENTITY_OAUTH2_GITHUB_CLIENT_ID}
+      - APISERVER_IDENTITY_OAUTH2_GITHUB_CLIENT_SECRET=${APISERVER_IDENTITY_OAUTH2_GITHUB_CLIENT_SECRET}
+      - APISERVER_IDENTITY_OAUTH2_GITHUB_ENABLED=${APISERVER_IDENTITY_OAUTH2_GITHUB_ENABLED}
+      - APISERVER_INFLUXDB_INIT_ORG=${APISERVER_INFLUXDB_INIT_ORG}
+      - APISERVER_INFLUXDB_INIT_PASSWORD=${APISERVER_INFLUXDB_INIT_PASSWORD}
+      - APISERVER_INFLUXDB_INIT_TOKEN=${APISERVER_INFLUXDB_INIT_TOKEN}
+      - APISERVER_INFLUXDB_INIT_USERNAME=${APISERVER_INFLUXDB_INIT_USERNAME}
+      - APISERVER_INFLUXDB_URL=${APISERVER_INFLUXDB_URL}
+      - APISERVER_LOGS_FORMAT=${APISERVER_LOGS_FORMAT}
+      - APISERVER_LOGS_LEVEL=${APISERVER_LOGS_LEVEL}
+      - APISERVER_LOGS_TRANSPORT=${APISERVER_LOGS_TRANSPORT}
+      - APISERVER_NATS_URL=${APISERVER_NATS_URL}
+      - APISERVER_OWNER_EMAIL=${APISERVER_OWNER_EMAIL}
+      - APISERVER_OWNER_NAME=${APISERVER_OWNER_NAME}
+      - APISERVER_OWNER_PASSWORD=${APISERVER_OWNER_PASSWORD}
+      - APISERVER_ROOT_DOMAIN=${APISERVER_ROOT_DOMAIN}
+      - APISERVER_SMTP_AUTH_PASS=${APISERVER_SMTP_AUTH_PASS}
+      - APISERVER_SMTP_AUTH_USER=${APISERVER_SMTP_AUTH_USER}
+      - APISERVER_SMTP_HOST=${APISERVER_SMTP_HOST}
+      - APISERVER_SMTP_PORT=${APISERVER_SMTP_PORT}
+      - APISERVER_SMTP_SECURE=${APISERVER_SMTP_SECURE}
+      - APISERVER_SMTP_SENDER=${APISERVER_SMTP_SENDER}
+      - APISERVER_SIGNALING_SERVER=${APISERVER_SIGNALING_SERVER}
+      - APISERVER_TWILIO_ACCOUNT_SID=${APISERVER_TWILIO_ACCOUNT_SID}
+      - APISERVER_TWILIO_AUTH_TOKEN=${APISERVER_TWILIO_AUTH_TOKEN}
+      - APISERVER_TWILIO_PHONE_NUMBER=${APISERVER_TWILIO_PHONE_NUMBER}
+    expose:
+      - 50051
+    volumes:
+      - ../files/config/keys:/opt/fonoster/keys:ro
+      - ../files/config/integrations.json:/opt/fonoster/integrations.json:ro
+
+  autopilot:
+    image: fonoster/autopilot:0.15.15
+    restart: unless-stopped
+    expose:
+      - 50061
+    environment:
+      - AUTOPILOT_AWS_S3_ACCESS_KEY_ID=${AUTOPILOT_AWS_S3_ACCESS_KEY_ID}
+      - AUTOPILOT_AWS_S3_ENDPOINT=${AUTOPILOT_AWS_S3_ENDPOINT}
+      - AUTOPILOT_AWS_S3_REGION=${AUTOPILOT_AWS_S3_REGION}
+      - AUTOPILOT_AWS_S3_SECRET_ACCESS_KEY=${AUTOPILOT_AWS_S3_SECRET_ACCESS_KEY}
+      - AUTOPILOT_CONVERSATION_PROVIDER=${AUTOPILOT_CONVERSATION_PROVIDER}
+      - AUTOPILOT_KNOWLEDGE_BASE_ENABLED=${AUTOPILOT_KNOWLEDGE_BASE_ENABLED}
+      - AUTOPILOT_LOGS_FORMAT=${AUTOPILOT_LOGS_FORMAT}
+      - AUTOPILOT_LOGS_LEVEL=${AUTOPILOT_LOGS_LEVEL}
+      - AUTOPILOT_LOGS_TRANSPORT=${AUTOPILOT_LOGS_TRANSPORT}
+      - AUTOPILOT_OPENAI_API_KEY=${AUTOPILOT_OPENAI_API_KEY}
+      - AUTOPILOT_UNSTRUCTURED_API_KEY=${AUTOPILOT_UNSTRUCTURED_API_KEY}
+      - AUTOPILOT_UNSTRUCTURED_API_URL=${AUTOPILOT_UNSTRUCTURED_API_URL}
+    volumes:
+      - ../files/config/integrations.json:/opt/fonoster/integrations.json:ro
+
+  routr:
+    image: fonoster/routr-one:2.13.13
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      DATABASE_URL: ${ROUTR_DATABASE_URL}
+      EXTERNAL_ADDRS: ${ROUTR_EXTERNAL_ADDRS}
+      LOGS_FORMAT: ${ROUTR_LOGS_FORMAT}
+      LOGS_LEVEL: ${ROUTR_LOGS_LEVEL}
+      LOGS_TRANSPORT: ${ROUTR_LOGS_TRANSPORT}
+      NATS_PUBLISHER_ENABLED: "true"
+      NATS_PUBLISHER_URL: ${ROUTR_NATS_PUBLISHER_URL}
+      RTPENGINE_HOST: ${ROUTR_RTPENGINE_HOST}
+      START_INTERNAL_DB: "false"
+      CONNECT_VERIFIER_PUBLIC_KEY_PATH: /etc/routr/keys/public.pem
+    expose:
+      - 51907
+      - 51908
+    ports:
+      - 5060:5060/udp
+      - 5060-5063:5060-5063
+    volumes:
+      - ../files/config/keys/public.pem:/etc/routr/keys/public.pem
+
+  # RTPEngine uses a range of ports to handle RTP traffic. Because exposing a large range of ports 
+  # is not possible in Docker, we need to use network_mode: host.
+  #
+  # Unfortunately, network_mode: host is not supported for Windows or Mac.
+  # In those cases, we need to use a different approach.
+  #
+  # By default we are opening a small range of ports (10000-10100) to handle RTP traffic.
+  # However, this is not enough for production environments.
+  #
+  # We recommend that when using Linux you use network_mode: host and remove the ports section.
+  rtpengine:
+    image: fonoster/rtpengine:0.3.17
+    restart: unless-stopped
+    platform: linux/x86_64
+    ports: 
+      - 10000-10100:10000-10100/udp
+      - 8080:8080
+    environment:
+      PORT_MAX: ${RTPENGINE_PORT_MAX}
+      PORT_MIN: ${RTPENGINE_PORT_MIN}
+      PUBLIC_IP: ${RTPENGINE_PUBLIC_IP}
+
+  asterisk:
+    image: fonoster/asterisk:20
+    restart: unless-stopped
+    environment:
+      ARI_PROXY_URL: ${ASTERISK_ARI_PROXY_URL}
+      ARI_SECRET: ${ASTERISK_ARI_SECRET}
+      ARI_USERNAME: ${ASTERISK_ARI_USERNAME}
+      CODECS: ${ASTERISK_CODECS}
+      DTMF_MODE: ${ASTERISK_DTMF_MODE}
+      RTP_PORT_END: ${ASTERISK_RTP_PORT_END}
+      RTP_PORT_START: ${ASTERISK_RTP_PORT_START}
+      SIPPROXY_HOST: ${ASTERISK_SIPPROXY_HOST}
+      SIPPROXY_PORT: ${ASTERISK_SIPPROXY_PORT}
+      SIPPROXY_SECRET: ${ASTERISK_SIPPROXY_SECRET}
+      SIPPROXY_USERNAME: ${ASTERISK_SIPPROXY_USERNAME}
+    expose:
+      - 6060
+
+  postgres:
+    image: postgres:16.10-alpine3.22
+    restart: unless-stopped
+    environment:
+      PGTZ: UTC
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_DB: ${POSTGRES_DB}
+      TZ: UTC
+    expose:
+      - 5432
+    volumes:
+      - db:/var/lib/postgresql/data
+      - ../files/config/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh:ro
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+
+  influxdb:
+    image: influxdb:2.7
+    restart: unless-stopped
+    expose:
+      - 8086
+    environment:
+      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: ${INFLUXDB_INIT_TOKEN}
+      DOCKER_INFLUXDB_INIT_BUCKET: calls
+      DOCKER_INFLUXDB_INIT_MODE: setup
+      DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_INIT_ORG}
+      DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB_INIT_PASSWORD}
+      DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_INIT_USERNAME}
+    volumes:
+      - influxdb:/var/lib/influxdb2
+
+  nats:
+    image: nats:2.11.8
+    restart: unless-stopped
+    expose:
+      - 4222
+
+  envoy:
+    image: envoyproxy/envoy:v1.35.0
+    restart: unless-stopped
+    command: ["/usr/local/bin/envoy", "-c", "/etc/envoy/envoy.yaml"]
+    volumes:
+      - ../files/config:/etc/envoy:ro
+    ports:
+      - 8449:8449
+
+volumes:
+  db:
+  influxdb:
+
diff --git a/blueprints/fonoster/fonoster.svg b/blueprints/fonoster/fonoster.svg
new file mode 100644
index 00000000..549df7e6
--- /dev/null
+++ b/blueprints/fonoster/fonoster.svg
@@ -0,0 +1,11 @@
+<svg width="248" height="51" viewBox="0 0 248 51" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M64.3464 41.1284V10.7243H85.4972V16.8908H71.5429V23.4427H83.0399V29.1381H71.5429V41.1284H64.3464Z" fill="#053204"/>
+<path d="M98.4011 41.5567C96.441 41.5567 94.6858 41.2426 93.1353 40.6146C91.6141 39.9865 90.3269 39.13 89.2737 38.0452C88.2206 36.9604 87.4161 35.7185 86.8603 34.3196C86.3337 32.9207 86.0704 31.4505 86.0704 29.9089C86.0704 28.3387 86.3337 26.8542 86.8603 25.4553C87.4161 24.0564 88.2206 22.8146 89.2737 21.7297C90.3269 20.6449 91.6141 19.7884 93.1353 19.1604C94.6858 18.5323 96.441 18.2183 98.4011 18.2183C100.361 18.2183 102.102 18.5323 103.623 19.1604C105.144 19.7884 106.431 20.6449 107.484 21.7297C108.538 22.8146 109.342 24.0564 109.898 25.4553C110.454 26.8542 110.732 28.3387 110.732 29.9089C110.732 31.4505 110.454 32.9207 109.898 34.3196C109.342 35.7185 108.538 36.9604 107.484 38.0452C106.431 39.13 105.144 39.9865 103.623 40.6146C102.102 41.2426 100.361 41.5567 98.4011 41.5567ZM93.2669 29.9089C93.2669 31.0794 93.4863 32.1071 93.9252 32.9921C94.3932 33.8771 95.0076 34.5623 95.7682 35.0476C96.5288 35.5329 97.4064 35.7756 98.4011 35.7756C99.3664 35.7756 100.229 35.5329 100.99 35.0476C101.78 34.5337 102.394 33.8343 102.833 32.9493C103.272 32.0643 103.491 31.0508 103.491 29.9089C103.491 28.7384 103.272 27.7106 102.833 26.8256C102.394 25.9406 101.78 25.2555 100.99 24.7702C100.229 24.2848 99.3664 24.0422 98.4011 24.0422C97.4064 24.0422 96.5288 24.2848 95.7682 24.7702C95.0076 25.2555 94.3932 25.9406 93.9252 26.8256C93.4863 27.7106 93.2669 28.7384 93.2669 29.9089Z" fill="#053204"/>
+<path d="M136.418 41.1284H129.397V28.4957C129.397 27.0112 129.104 25.9406 128.519 25.284C127.963 24.5989 127.217 24.2563 126.281 24.2563C125.638 24.2563 124.979 24.4276 124.306 24.7702C123.634 25.1127 123.019 25.5838 122.463 26.1833C121.937 26.7828 121.527 27.468 121.235 28.2388V41.1284H114.214V18.6465H120.533V22.4149C121.118 21.5299 121.849 20.7734 122.727 20.1453C123.604 19.5172 124.614 19.0462 125.755 18.7322C126.895 18.3896 128.139 18.2183 129.484 18.2183C130.976 18.2183 132.176 18.4895 133.083 19.0319C134.019 19.5458 134.721 20.2309 135.189 21.0874C135.686 21.9439 136.008 22.8717 136.154 23.8709C136.33 24.8415 136.418 25.7979 136.418 26.74V41.1284Z" fill="#053204"/>
+<path d="M152.053 41.5567C150.093 41.5567 148.338 41.2426 146.787 40.6146C145.266 39.9865 143.979 39.13 142.926 38.0452C141.872 36.9604 141.068 35.7185 140.512 34.3196C139.985 32.9207 139.722 31.4505 139.722 29.9089C139.722 28.3387 139.985 26.8542 140.512 25.4553C141.068 24.0564 141.872 22.8146 142.926 21.7297C143.979 20.6449 145.266 19.7884 146.787 19.1604C148.338 18.5323 150.093 18.2183 152.053 18.2183C154.013 18.2183 155.753 18.5323 157.275 19.1604C158.796 19.7884 160.083 20.6449 161.136 21.7297C162.189 22.8146 162.994 24.0564 163.55 25.4553C164.106 26.8542 164.383 28.3387 164.383 29.9089C164.383 31.4505 164.106 32.9207 163.55 34.3196C162.994 35.7185 162.189 36.9604 161.136 38.0452C160.083 39.13 158.796 39.9865 157.275 40.6146C155.753 41.2426 154.013 41.5567 152.053 41.5567ZM146.919 29.9089C146.919 31.0794 147.138 32.1071 147.577 32.9921C148.045 33.8771 148.659 34.5623 149.42 35.0476C150.181 35.5329 151.058 35.7756 152.053 35.7756C153.018 35.7756 153.881 35.5329 154.642 35.0476C155.432 34.5337 156.046 33.8343 156.485 32.9493C156.924 32.0643 157.143 31.0508 157.143 29.9089C157.143 28.7384 156.924 27.7106 156.485 26.8256C156.046 25.9406 155.432 25.2555 154.642 24.7702C153.881 24.2848 153.018 24.0422 152.053 24.0422C151.058 24.0422 150.181 24.2848 149.42 24.7702C148.659 25.2555 148.045 25.9406 147.577 26.8256C147.138 27.7106 146.919 28.7384 146.919 29.9089Z" fill="#053204"/>
+<path d="M176.686 41.5567C174.726 41.5567 172.809 41.2426 170.937 40.6146C169.065 39.9865 167.485 39.0587 166.198 37.8311L168.612 33.506C170.016 34.5052 171.376 35.2617 172.692 35.7756C174.038 36.2895 175.296 36.5464 176.466 36.5464C177.373 36.5464 178.075 36.4037 178.573 36.1182C179.07 35.8327 179.319 35.3902 179.319 34.7907C179.319 34.3624 179.172 34.0341 178.88 33.8057C178.587 33.5488 178.134 33.3204 177.519 33.1206C176.934 32.9207 176.203 32.7066 175.325 32.4782C173.57 31.9073 172.107 31.3506 170.937 30.8082C169.767 30.2657 168.889 29.6091 168.304 28.8383C167.719 28.039 167.427 27.0112 167.427 25.7551C167.427 24.242 167.807 22.9288 168.568 21.8154C169.357 20.6734 170.469 19.7884 171.903 19.1604C173.336 18.5323 175.047 18.2183 177.037 18.2183C178.616 18.2183 180.152 18.4609 181.644 18.9463C183.165 19.4316 184.584 20.2452 185.901 21.3872L183.18 25.6694C181.864 24.7844 180.693 24.1421 179.67 23.7424C178.646 23.3427 177.651 23.1429 176.686 23.1429C176.188 23.1429 175.735 23.2 175.325 23.3142C174.916 23.4284 174.579 23.6282 174.316 23.9137C174.082 24.1706 173.965 24.5132 173.965 24.9414C173.965 25.3697 174.082 25.7123 174.316 25.9692C174.579 26.2261 174.974 26.4545 175.501 26.6544C176.057 26.8256 176.744 27.0398 177.563 27.2967C179.465 27.8391 181.045 28.3958 182.302 28.9668C183.56 29.5092 184.497 30.1944 185.111 31.0223C185.754 31.8216 186.076 32.8922 186.076 34.234C186.076 36.5179 185.228 38.3164 183.531 39.6296C181.864 40.9143 179.582 41.5567 176.686 41.5567Z" fill="#053204"/>
+<path d="M204.426 39.9294C203.782 40.1863 203.066 40.4433 202.276 40.7002C201.515 40.9571 200.711 41.157 199.862 41.2997C199.014 41.471 198.18 41.5567 197.361 41.5567C196.191 41.5567 195.108 41.3711 194.114 41C193.148 40.6003 192.373 39.9579 191.788 39.0729C191.232 38.1879 190.954 37.0175 190.954 35.5615V23.8281H188.014V18.6465H190.954V11.4951H197.975V18.6465H202.671V23.8281H197.975V33.2062C197.975 33.9485 198.165 34.4909 198.546 34.8335C198.926 35.1475 199.409 35.3045 199.994 35.3045C200.491 35.3045 201.018 35.2189 201.574 35.0476C202.159 34.8763 202.656 34.6908 203.066 34.4909L204.426 39.9294Z" fill="#053204"/>
+<path d="M217.919 41.5567C215.959 41.5567 214.218 41.2569 212.697 40.6574C211.176 40.0293 209.874 39.1871 208.791 38.1308C207.738 37.0745 206.934 35.8612 206.378 34.4909C205.822 33.092 205.544 31.6361 205.544 30.123C205.544 27.9533 206.027 25.9835 206.992 24.2135C207.987 22.4149 209.406 20.9732 211.249 19.8884C213.092 18.775 215.315 18.2183 217.919 18.2183C220.522 18.2183 222.731 18.7607 224.545 19.8455C226.388 20.9304 227.792 22.3578 228.757 24.1278C229.723 25.8693 230.205 27.7677 230.205 29.8232C230.205 30.2229 230.176 30.6226 230.118 31.0223C230.088 31.3934 230.059 31.7217 230.03 32.0072H213.004C213.092 33.0064 213.37 33.8486 213.838 34.5337C214.335 35.2189 214.964 35.747 215.725 36.1182C216.485 36.4608 217.29 36.632 218.138 36.632C219.191 36.632 220.171 36.3894 221.078 35.9041C222.014 35.4187 222.658 34.7621 223.009 33.9342L228.977 35.5615C228.392 36.732 227.558 37.774 226.476 38.6875C225.422 39.5725 224.164 40.272 222.702 40.7859C221.268 41.2997 219.674 41.5567 217.919 41.5567ZM212.828 27.8106H222.833C222.716 26.8685 222.438 26.0548 222 25.3697C221.561 24.656 220.976 24.1135 220.244 23.7424C219.513 23.3427 218.709 23.1429 217.831 23.1429C216.924 23.1429 216.105 23.3427 215.374 23.7424C214.671 24.1135 214.101 24.656 213.662 25.3697C213.223 26.0548 212.945 26.8685 212.828 27.8106Z" fill="#053204"/>
+<path d="M248 24.5132C246.303 24.5132 244.767 24.7844 243.392 25.3268C242.018 25.8407 241.023 26.6115 240.409 27.6393V41.1284H233.388V18.6465H239.838V23.1857C240.628 21.6726 241.652 20.4879 242.91 19.6314C244.168 18.775 245.484 18.3325 246.859 18.3039C247.181 18.3039 247.415 18.3039 247.561 18.3039C247.737 18.3039 247.883 18.3182 248 18.3467V24.5132Z" fill="#053204"/>
+<path d="M48.2593 23.9108C48.2593 10.7052 37.4561 0 24.1297 0C10.8032 0 0 10.7052 0 23.9108V50.9404H22.556C36.7516 50.9404 48.2593 39.537 48.2593 25.4702V23.9108Z" fill="#39E19E"/>
+</svg>
diff --git a/blueprints/fonoster/template.toml b/blueprints/fonoster/template.toml
new file mode 100644
index 00000000..e9733d12
--- /dev/null
+++ b/blueprints/fonoster/template.toml
@@ -0,0 +1,331 @@
+[variables]
+main_domain = "${domain}"
+
+# Critical: Set these to your host machine's IP address
+# For cloud deployments, use the public IP of your server
+# For local deployments, use your local machine's IP
+host_ip = "CHANGE_ME_TO_HOST_IP"
+
+# Secrets - auto-generated strong passwords
+dashboard_session_secret = "${password:64}"
+ari_secret = "${password:32}"
+asterisk_ari_secret = "${password:32}"
+asterisk_sipproxy_secret = "${password:32}"
+postgres_password = "${password:32}"
+influxdb_password = "${password:32}"
+influxdb_token = "${password:64}"
+cloak_encryption_key = "${base64:32}"
+
+# Database credentials
+postgres_user = "postgres"
+postgres_db_fonoster = "fonoster"
+postgres_db_identity = "fnidentity"
+postgres_db_routr = "routr"
+
+# API Server Configuration
+api_server_app_url = "https://${main_domain}"
+api_server_root_domain = "${main_domain}"
+api_server_owner_email = "admin@${main_domain}"
+api_server_owner_name = "Admin User"
+api_server_owner_password = "${password:32}"
+
+# InfluxDB Configuration
+influxdb_init_org = "fonoster"
+influxdb_init_username = "influxdb"
+
+# Asterisk Configuration
+asterisk_codecs = "g722,ulaw,alaw"
+asterisk_dtmf_mode = "auto_info"
+asterisk_rtp_port_start = "10000"
+asterisk_rtp_port_end = "20000"
+asterisk_sipproxy_port = "5060"
+asterisk_sipproxy_username = "voice"
+
+# RTP Engine Configuration
+rtpengine_port_min = "10000"
+rtpengine_port_max = "20000"
+
+# Routr Configuration
+routr_nats_publisher_url = "nats://nats:4222"
+
+# Logging Configuration
+logs_format = "json"
+logs_level = "verbose"
+logs_transport = "none"
+
+[config]
+env = [
+  # Dashboard
+  "SERVER_DASHBOARD_SESSION_SECRET=${dashboard_session_secret}",
+  
+  # API Server - Core
+  "APISERVER_APP_URL=${api_server_app_url}",
+  "APISERVER_ROOT_DOMAIN=${api_server_root_domain}",
+  "APISERVER_OWNER_EMAIL=${api_server_owner_email}",
+  "APISERVER_OWNER_NAME=${api_server_owner_name}",
+  "APISERVER_OWNER_PASSWORD=${api_server_owner_password}",
+  
+  # API Server - Database
+  "APISERVER_DATABASE_URL=postgresql://${postgres_user}:${postgres_password}@postgres:5432/${postgres_db_fonoster}",
+  "APISERVER_IDENTITY_DATABASE_URL=postgresql://${postgres_user}:${postgres_password}@postgres:5432/${postgres_db_identity}",
+  
+  # API Server - Asterisk ARI
+  "APISERVER_ASTERISK_ARI_PROXY_URL=http://asterisk:8088",
+  "APISERVER_ASTERISK_ARI_SECRET=${ari_secret}",
+  "APISERVER_ASTERISK_ARI_USERNAME=ari",
+  
+  # API Server - Identity
+  "APISERVER_IDENTITY_ISSUER=https://${api_server_root_domain}",
+  "APISERVER_IDENTITY_CONTACT_VERIFICATION_REQUIRED=false",
+  "APISERVER_IDENTITY_TWO_FACTOR_AUTHENTICATION_REQUIRED=false",
+  "APISERVER_IDENTITY_WORKSPACE_INVITE_EXPIRATION=1d",
+  "APISERVER_IDENTITY_WORKSPACE_INVITE_FAIL_URL=${api_server_app_url}/invite-fail",
+  "APISERVER_IDENTITY_WORKSPACE_INVITE_URL=https://${api_server_root_domain}:8449/api/identity/accept-invite",
+  "APISERVER_IDENTITY_OAUTH2_GITHUB_CLIENT_ID=",
+  "APISERVER_IDENTITY_OAUTH2_GITHUB_CLIENT_SECRET=",
+  "APISERVER_IDENTITY_OAUTH2_GITHUB_ENABLED=false",
+  
+  # API Server - InfluxDB
+  "APISERVER_INFLUXDB_URL=http://influxdb:8086",
+  "APISERVER_INFLUXDB_INIT_ORG=${influxdb_init_org}",
+  "APISERVER_INFLUXDB_INIT_USERNAME=${influxdb_init_username}",
+  "APISERVER_INFLUXDB_INIT_PASSWORD=${influxdb_password}",
+  "APISERVER_INFLUXDB_INIT_TOKEN=${influxdb_token}",
+  
+  # API Server - NATS
+  "APISERVER_NATS_URL=nats://nats:4222",
+  
+  # API Server - Logging
+  "APISERVER_LOGS_FORMAT=${logs_format}",
+  "APISERVER_LOGS_LEVEL=${logs_level}",
+  "APISERVER_LOGS_TRANSPORT=${logs_transport}",
+  
+  # API Server - Encryption
+  "APISERVER_CLOAK_ENCRYPTION_KEY=${cloak_encryption_key}",
+  
+  # API Server - AuthZ Service (disabled by default)
+  "APISERVER_AUTHZ_SERVICE_ENABLED=false",
+  "APISERVER_AUTHZ_SERVICE_HOST=fnauthz",
+  "APISERVER_AUTHZ_SERVICE_METHODS=/fonoster.calls.v1beta2.Calls/CreateCall,/fonoster.identity.v1beta2.Identity/CreateWorkspace",
+  "APISERVER_AUTHZ_SERVICE_PORT=50071",
+  
+  # API Server - SMTP (optional, configure if needed)
+  "APISERVER_SMTP_HOST=your-smtp-server",
+  "APISERVER_SMTP_PORT=587",
+  "APISERVER_SMTP_SECURE=true",
+  "APISERVER_SMTP_AUTH_USER=postmaster@${api_server_root_domain}",
+  "APISERVER_SMTP_AUTH_PASS=secret",
+  "APISERVER_SMTP_SENDER=Fonoster Info <info@${api_server_root_domain}>",
+  
+  # API Server - Signaling
+  "APISERVER_SIGNALING_SERVER=ws://${api_server_root_domain}:5062",
+  
+  # API Server - Twilio (optional, configure if needed)
+  "APISERVER_TWILIO_ACCOUNT_SID=",
+  "APISERVER_TWILIO_AUTH_TOKEN=",
+  "APISERVER_TWILIO_PHONE_NUMBER=",
+  
+  # Autopilot
+  "AUTOPILOT_CONVERSATION_PROVIDER=api",
+  "AUTOPILOT_KNOWLEDGE_BASE_ENABLED=false",
+  "AUTOPILOT_LOGS_FORMAT=${logs_transport}",
+  "AUTOPILOT_LOGS_LEVEL=${logs_level}",
+  "AUTOPILOT_LOGS_TRANSPORT=${logs_transport}",
+  "AUTOPILOT_AWS_S3_ACCESS_KEY_ID=",
+  "AUTOPILOT_AWS_S3_ENDPOINT=",
+  "AUTOPILOT_AWS_S3_REGION=us-east-1",
+  "AUTOPILOT_AWS_S3_SECRET_ACCESS_KEY=",
+  "AUTOPILOT_OPENAI_API_KEY=",
+  "AUTOPILOT_UNSTRUCTURED_API_KEY=",
+  "AUTOPILOT_UNSTRUCTURED_API_URL=",
+  
+  # Routr
+  "ROUTR_DATABASE_URL=postgresql://${postgres_user}:${postgres_password}@postgres:5432/${postgres_db_routr}",
+  "ROUTR_EXTERNAL_ADDRS=${host_ip}",
+  "ROUTR_RTPENGINE_HOST=rtpengine",
+  "ROUTR_NATS_PUBLISHER_URL=${routr_nats_publisher_url}",
+  "ROUTR_LOGS_FORMAT=${logs_transport}",
+  "ROUTR_LOGS_LEVEL=${logs_level}",
+  "ROUTR_LOGS_TRANSPORT=${logs_transport}",
+  
+  # Asterisk
+  "ASTERISK_ARI_PROXY_URL=http://asterisk:8088",
+  "ASTERISK_ARI_SECRET=${asterisk_ari_secret}",
+  "ASTERISK_ARI_USERNAME=ari",
+  "ASTERISK_CODECS=${asterisk_codecs}",
+  "ASTERISK_DTMF_MODE=${asterisk_dtmf_mode}",
+  "ASTERISK_RTP_PORT_START=${asterisk_rtp_port_start}",
+  "ASTERISK_RTP_PORT_END=${asterisk_rtp_port_end}",
+  "ASTERISK_SIPPROXY_HOST=${host_ip}",
+  "ASTERISK_SIPPROXY_PORT=${asterisk_sipproxy_port}",
+  "ASTERISK_SIPPROXY_SECRET=${asterisk_sipproxy_secret}",
+  "ASTERISK_SIPPROXY_USERNAME=${asterisk_sipproxy_username}",
+  
+  # RTP Engine
+  "RTPENGINE_PUBLIC_IP=${host_ip}",
+  "RTPENGINE_PORT_MIN=${rtpengine_port_min}",
+  "RTPENGINE_PORT_MAX=${rtpengine_port_max}",
+  
+  # InfluxDB
+  "INFLUXDB_INIT_ORG=${influxdb_init_org}",
+  "INFLUXDB_INIT_USERNAME=${influxdb_init_username}",
+  "INFLUXDB_INIT_PASSWORD=${influxdb_password}",
+  "INFLUXDB_INIT_TOKEN=${influxdb_token}",
+  
+  # PostgreSQL
+  "POSTGRES_USER=${postgres_user}",
+  "POSTGRES_PASSWORD=${postgres_password}",
+  "POSTGRES_DB=${postgres_db_fonoster}",
+]
+
+[[config.domains]]
+serviceName = "dashboard"
+port = 3030
+host = "${main_domain}"
+
+[[config.mounts]]
+filePath = "config/integrations.json"
+content = """
+{
+  "integrations": []
+}
+"""
+
+[[config.mounts]]
+filePath = "config/init-db.sh"
+content = """#!/bin/bash
+set -e
+
+# Create additional databases (ignore error if they already exist)
+psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE DATABASE fnidentity;
+    CREATE DATABASE routr;
+EOSQL
+
+# Grant privileges
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    GRANT ALL PRIVILEGES ON DATABASE fnidentity TO $POSTGRES_USER;
+    GRANT ALL PRIVILEGES ON DATABASE routr TO $POSTGRES_USER;
+EOSQL
+"""
+
+[[config.mounts]]
+filePath = "config/keys/.gitkeep"
+content = "# Placeholder - RSA keys need to be generated manually after deployment"
+
+[[config.mounts]]
+filePath = "config/keys/public.pem"
+content = """-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVvQZ8v3xq7p8BmXdS3C
+G9fk654bAbl30tsqq4h9d3N4F11hlue8bGAY=
+-----END PUBLIC KEY-----
+"""
+
+[[config.mounts]]
+filePath = "config/envoy.yaml"
+content = """
+# Envoy configuration without tls for development and testing.
+# Do not use this configuration in production. Please check the docs for examples using tls.
+static_resources:
+  listeners:
+    - name: listener_http
+      address:
+        socket_address: { address: 0.0.0.0, port_value: 8449 }
+      filter_chains:
+        - filters:
+          - name: envoy.filters.network.http_connection_manager
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+              codec_type: auto
+              stat_prefix: ingress_http
+              route_config:
+                name: local_route
+                virtual_hosts:
+                  - name: local_service
+                    domains: ["*"]
+                    routes:
+                      - match:
+                          prefix: "/api"
+                        route:
+                          cluster: apiserver-cluster-http
+                          timeout: 0s
+                      - match:
+                          prefix: "/"
+                          headers:
+                            - name: "content-type"
+                              safe_regex_match:
+                                google_re2: {}
+                                regex: "^(application/grpc|application/grpc-web-text)$"
+                        route:
+                          cluster: apiserver-cluster
+                          timeout: 0s
+                          max_stream_duration:
+                            grpc_timeout_header_max: 0s
+                      - match:
+                          prefix: "/"
+                        route:
+                          cluster: dashboard-cluster
+                          timeout: 0s
+                    cors:
+                      allow_origin_string_match:
+                        - prefix: "*"
+                      allow_methods: GET, PUT, DELETE, POST, OPTIONS
+                      allow_headers: token,accesskeyid,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
+                      max_age: "1728000"
+                      expose_headers: grpc-status,grpc-message
+              http_filters:
+                - name: envoy.filters.http.grpc_web
+                  typed_config:
+                    "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
+                - name: envoy.filters.http.cors
+                  typed_config:
+                    "@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
+                - name: envoy.filters.http.router
+                  typed_config:
+                    "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+
+  clusters:
+    - name: apiserver-cluster
+      type: logical_dns
+      connect_timeout: 20s
+      http2_protocol_options: {}
+      lb_policy: round_robin
+      load_assignment:
+        cluster_name: apiserver-cluster
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: apiserver
+                      port_value: 50051
+
+    - name: apiserver-cluster-http
+      type: logical_dns
+      connect_timeout: 20s
+      lb_policy: round_robin
+      load_assignment:
+        cluster_name: apiserver-cluster-http
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: apiserver
+                      port_value: 9876
+
+    - name: dashboard-cluster
+      type: logical_dns
+      connect_timeout: 20s
+      lb_policy: round_robin
+      load_assignment:
+        cluster_name: dashboard-cluster
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: dashboard
+                      port_value: 3030
+"""
+
diff --git a/meta.json b/meta.json
index ffc2d558..5cea3110 100644
--- a/meta.json
+++ b/meta.json
@@ -2307,6 +2307,26 @@
       "kanban"
     ]
   },
+  {
+    "id": "fonoster",
+    "name": "Fonoster",
+    "version": "0.15.15",
+    "description": "Fonoster is an open-source alternative to Twilio. A complete telephony stack for building voice applications with SIP, WebRTC, and PSTN connectivity.",
+    "logo": "fonoster.svg",
+    "links": {
+      "github": "https://github.com/fonoster/fonoster",
+      "website": "https://fonoster.com/",
+      "docs": "https://docs.fonoster.com/"
+    },
+    "tags": [
+      "telephony",
+      "voip",
+      "sip",
+      "webrtc",
+      "pstn",
+      "communication"
+    ]
+  },
   {
     "id": "forgejo",
     "name": "Forgejo",