# ALAI Infrastructure Map & Ops Runbooks # ALAI Infrastructure Map & Ops Runbooks **Last updated:** 2026-03-12 | **Author:** John (AI Director) ## 1. Infrastructure Overview ### Azure VM — vm-alai-support
PropertyValue
IP4.223.110.181
RegionSweden Central
SizeStandard\_B2als\_v2 (2 vCPU, 4GB RAM)
OSUbuntu 22.04 LTS
SSH`ssh -i ~/.ssh/azure_alai alai-admin@4.223.110.181`
Resource Grouprg-alai-support
Cost~$35/mo (Founders Hub credits, expires 2026-11-15)
Compose/opt/alai/docker-compose.yml
### ANVIL — Mac Studio M3 Max (Local)
PropertyValue
RoleAI inference, product dev, agent orchestration
ServicesOllama, Qdrant, Pi-Orchestrator, Telegram, Email, Tool-Shed
TunnelCloudflare Tunnel for lobby, api, mc, auth, track, ssh, vnc
## 2. Services on Azure VM (16 containers)
ServiceURLContainer
BookStack (Wiki)docs.basicconsulting.noalai-bookstack-1
Documenso (e-Sign)sign.basicconsulting.noalai-documenso-1
Planka (Boards)boards.basicconsulting.noalai-planka-1
Vaultwardenvault.basicconsulting.noalai-vaultwarden-1
Baikal (CalDAV)calendar.basicconsulting.noalai-baikal-1
Grafanagrafana.basicconsulting.noalai-grafana-1
Prometheusprometheus.basicconsulting.noalai-prometheus-1
Paperless-ngxarchive.basicconsulting.noalai-paperless-1
Caddy (TLS proxy)alai-caddy-1
## 3. ANVIL Daemons
DaemonLaunchAgentScript
Pi-Orchestratorcom.john.pi-orchestrator~/system/kernel/pi-orchestrator.js
Telegram Agentcom.john.telegram-agent~/system/tools/telegram-agent.js
Email Agentcom.john.email-agent~/system/daemons/email-agent.js
Vault Keepercom.john.vault-keeper~/system/daemons/vault-keeper.js
Event Dispatchercom.john.event-dispatcher~/system/daemons/event-dispatcher.js
Tool-Shedcom.john.tool-shed~/system/tools/tool-shed.js (:3050)
## 4. DNS — Cloudflare Zone: basicconsulting.no | Zone ID: 4670dbd0acfeab4174ac0d4746d11ea0
SubdomainTargetProxy
docs, sign, boards, vault, calendar, grafana, prometheus, archive4.223.110.181 (Azure VM)Orange cloud
lobby, lobby-api, api, drop-api, mc, auth, track, ssh, vncCloudflare Tunnel (ANVIL)Orange cloud
## 5. Runbooks ### 5.1 Azure VM Full Restart ``` az vm restart -g rg-alai-support -n vm-alai-support ssh -i ~/.ssh/azure_alai alai-admin@4.223.110.181 cd /opt/alai && docker compose up -d docker ps # verify 16 containers ``` ### 5.2 Single Service Recovery ``` ssh -i ~/.ssh/azure_alai alai-admin@4.223.110.181 cd /opt/alai && docker compose restart bookstack docker logs alai-bookstack-1 --tail 50 ``` ### 5.3 TLS Certificate Issues Caddy auto-renews. If problems: disable CF proxy temporarily, restart caddy, re-enable proxy. ### 5.4 ANVIL Daemon Recovery ``` launchctl list | grep com.john launchctl kickstart -k gui/$(id -u)/com.john.pi-orchestrator tail -50 ~/system/logs/pi-orchestrator.log ``` ### 5.5 Database Backup ``` docker exec alai-bookstack-db-1 mysqldump -u bookstack bookstack > bookstack.sql docker exec alai-planka-db-1 pg_dump -U postgres planka > planka.sql docker exec alai-documenso-db-1 pg_dump -U documenso documenso > documenso.sql ``` ### 5.6 Pi-Orchestrator Not Processing ``` curl http://localhost:8401/status claude auth status launchctl kickstart -k gui/$(id -u)/com.john.pi-orchestrator node ~/system/tools/mc.js list --status open --limit 10 ``` ### 5.7 Email Agent Not Fetching ``` export NODE_TLS_REJECT_UNAUTHORIZED=0 node ~/system/daemons/email-agent.js --test tail -20 ~/system/logs/email-agent.log ``` ### 5.8 SSH IP Update ``` az network nsg rule update -g rg-alai-support --nsg-name nsg-alai-support \ -n AllowSSH --source-address-prefixes "NEW_IP" ``` ## 6. Security - All services behind Cloudflare Access (Zero Trust) - SSH restricted to office IP - Docker .env (chmod 600) with secrets - Let's Encrypt TLS on all domains - Gitleaks pre-commit + CI on all 6 products ## 7. Monthly Cost
ItemCost
Azure VM (B2als\_v2)~$35/mo
CloudflareFree
Total~$36/mo (Azure Founders Hub credits until Nov 2026)