ALAI Infrastructure Map & Ops Runbooks

Last updated: 2026-03-12 | Author: John (AI Director)

1. Infrastructure Overview

Azure VM — vm-alai-support

Property	Value
IP	4.223.110.181
Region	Sweden Central
Size	Standard_B2als_v2 (2 vCPU, 4GB RAM)
OS	Ubuntu 22.04 LTS
SSH	`ssh -i ~/.ssh/azure_alai [email protected]`
Resource Group	rg-alai-support
Cost	~$35/mo (Founders Hub credits, expires 2026-11-15)
Compose	/opt/alai/docker-compose.yml

ANVIL — Mac Studio M3 Max (Local)

Property	Value
Role	AI inference, product dev, agent orchestration
Services	Ollama, Qdrant, Pi-Orchestrator, Telegram, Email, Tool-Shed
Tunnel	Cloudflare Tunnel for lobby, api, mc, auth, track, ssh, vnc

2. Services on Azure VM (16 containers)

Service	URL	Container
BookStack (Wiki)	docs.basicconsulting.no	alai-bookstack-1
Documenso (e-Sign)	sign.basicconsulting.no	alai-documenso-1
Planka (Boards)	boards.basicconsulting.no	alai-planka-1
Vaultwarden	vault.basicconsulting.no	alai-vaultwarden-1
Baikal (CalDAV)	calendar.basicconsulting.no	alai-baikal-1
Grafana	grafana.basicconsulting.no	alai-grafana-1
Prometheus	prometheus.basicconsulting.no	alai-prometheus-1
Paperless-ngx	archive.basicconsulting.no	alai-paperless-1
Caddy (TLS proxy)	—	alai-caddy-1

3. ANVIL Daemons

Daemon	LaunchAgent	Script
Pi-Orchestrator	com.john.pi-orchestrator	~/system/kernel/pi-orchestrator.js
Telegram Agent	com.john.telegram-agent	~/system/tools/telegram-agent.js
Email Agent	com.john.email-agent	~/system/daemons/email-agent.js
Vault Keeper	com.john.vault-keeper	~/system/daemons/vault-keeper.js
Event Dispatcher	com.john.event-dispatcher	~/system/daemons/event-dispatcher.js
Tool-Shed	com.john.tool-shed	~/system/tools/tool-shed.js (:3050)

4. DNS — Cloudflare

Zone: basicconsulting.no | Zone ID: 4670dbd0acfeab4174ac0d4746d11ea0

Subdomain	Target	Proxy
docs, sign, boards, vault, calendar, grafana, prometheus, archive	4.223.110.181 (Azure VM)	Orange cloud
lobby, lobby-api, api, drop-api, mc, auth, track, ssh, vnc	Cloudflare Tunnel (ANVIL)	Orange cloud

5. Runbooks

5.1 Azure VM Full Restart

az vm restart -g rg-alai-support -n vm-alai-support
ssh -i ~/.ssh/azure_alai [email protected]
cd /opt/alai && docker compose up -d
docker ps  # verify 16 containers

5.2 Single Service Recovery

ssh -i ~/.ssh/azure_alai [email protected]
cd /opt/alai && docker compose restart bookstack
docker logs alai-bookstack-1 --tail 50

5.3 TLS Certificate Issues

Caddy auto-renews. If problems: disable CF proxy temporarily, restart caddy, re-enable proxy.

5.4 ANVIL Daemon Recovery

launchctl list | grep com.john
launchctl kickstart -k gui/$(id -u)/com.john.pi-orchestrator
tail -50 ~/system/logs/pi-orchestrator.log

5.5 Database Backup

docker exec alai-bookstack-db-1 mysqldump -u bookstack bookstack > bookstack.sql
docker exec alai-planka-db-1 pg_dump -U postgres planka > planka.sql
docker exec alai-documenso-db-1 pg_dump -U documenso documenso > documenso.sql

5.6 Pi-Orchestrator Not Processing

curl http://localhost:8401/status
claude auth status
launchctl kickstart -k gui/$(id -u)/com.john.pi-orchestrator
node ~/system/tools/mc.js list --status open --limit 10

5.7 Email Agent Not Fetching

export NODE_TLS_REJECT_UNAUTHORIZED=0
node ~/system/daemons/email-agent.js --test
tail -20 ~/system/logs/email-agent.log

5.8 SSH IP Update

az network nsg rule update -g rg-alai-support --nsg-name nsg-alai-support \
  -n AllowSSH --source-address-prefixes "NEW_IP"

6. Security

All services behind Cloudflare Access (Zero Trust)
SSH restricted to office IP
Docker .env (chmod 600) with secrets
Let's Encrypt TLS on all domains
Gitleaks pre-commit + CI on all 6 products

7. Monthly Cost

Item	Cost
Azure VM (B2als_v2)	~$35/mo
Cloudflare	Free
Total	~$36/mo (Azure Founders Hub credits until Nov 2026)