Skip to main content

ALAI Infrastructure — Service Catalog & Runbooks

ALAI Infrastructure — Service Catalog & Runbooks

Last updated: 2026-03-11 | Maintained by: John (AI Director) Host: Mac Studio M3 Ultra (ANVIL) | OS: macOS Quick health: node ~/system/tools/daemon-health.js

🐳 Docker Services (23 containers)

Core Platform Services

Service Image Port External URL Health Restart
Vaultwarden vaultwarden/server :8200 vault.basicconsulting.no ✅ healthy cd ~/system/services/vaultwarden && docker compose restart
BookStack linuxserver/bookstack :6875 docs.basicconsulting.no ✅ running cd ~/system/services/bookstack && docker compose restart
BookStack DB linuxserver/mariadb :3306 (internal) ✅ running Restarts with BookStack
Planka plankanban/planka :3100 boards.basicconsulting.no ✅ healthy cd ~/system/services/planka && docker compose restart
Planka DB postgres:15-alpine internal ✅ healthy Restarts with Planka
Documenso documenso/documenso :3003 sign.basicconsulting.no ✅ running cd ~/system/services/documenso && docker compose restart
Documenso DB postgres:15-alpine internal ✅ healthy Restarts with Documenso
Documenso MinIO minio/minio :9002/:9003 ✅ running Restarts with Documenso
Baikal (CalDAV) ckulka/baikal:nginx :5232 calendar.basicconsulting.no ✅ running cd ~/system/services/baikal && docker compose restart
Qdrant (Vector DB) qdrant/qdrant :6333/:6334 ✅ running docker restart qdrant

Product Database Services

Service Port Product Health Restart
drop-postgres :5433 Drop ✅ healthy cd ~/ALAI/products/Drop && docker compose restart drop-postgres
plock-db :5434 Plock ✅ healthy cd ~/ALAI/products/Plock && docker compose restart plock-db
plock-redis :6380 Plock ✅ healthy Restarts with plock-db
bilko-postgres :5436 Bilko ✅ running cd ~/ALAI/products/Bilko && docker compose restart bilko-postgres
bilko-redis :6382 Bilko ✅ running Restarts with bilko
lobby-postgres :5437 Lobby ✅ healthy cd ~/ALAI/products/Lobby && docker compose restart lobby-postgres
lumiscare-postgres :5432 LumisCare ✅ healthy Client project
lumiscare-redis :6379 LumisCare ✅ healthy Client project
backend-postgres :5435 BasicFakta ✅ healthy cd ~/ALAI/products/BasicFakta && docker compose restart
backend-redis :6381 BasicFakta ✅ healthy Restarts with backend

Monitoring Stack (Drop)

Service Port URL Restart
Grafana :3300 grafana.basicconsulting.no docker restart drop-grafana
Prometheus :9090 prometheus.basicconsulting.no docker restart drop-prometheus
Node Exporter :9100 docker restart drop-node-exporter

☁️ Cloudflare Tunnel (cloudflared)

LaunchAgent: com.john.cloudflared Config: ~/.cloudflared/config.yml Tunnel ID: 3315a609-7934-45c5-ad0c-56d86d16374d

Exposed Services

Hostname Backend Purpose
docs.basicconsulting.no localhost:6875 BookStack wiki
vault.basicconsulting.no localhost:8200 Vaultwarden
sign.basicconsulting.no localhost:3003 Documenso (e-signing)
boards.basicconsulting.no localhost:3100 Planka (kanban)
calendar.basicconsulting.no localhost:5232 Baikal (CalDAV)
mc.basicconsulting.no localhost:3030 MC Dashboard
api.basicconsulting.no localhost:3001 API gateway
drop-api.basicconsulting.no localhost:3201 Drop API
lobby.basicconsulting.no localhost:3010 Lobby frontend
lobby-api.basicconsulting.no localhost:3009 Lobby API
auth.basicconsulting.no localhost:9000 Authentik (SSO)
grafana.basicconsulting.no localhost:3300 Grafana dashboards
prometheus.basicconsulting.no localhost:9090 Prometheus metrics
track.basicconsulting.no localhost:3456 Email tracking pixel
ssh.basicconsulting.no localhost:22 SSH access
vnc.basicconsulting.no localhost:5900 VNC screen sharing

Runbook: Tunnel down

# Check status
launchctl list | grep cloudflared

# Restart
launchctl stop com.john.cloudflared
launchctl start com.john.cloudflared

# Verify
cloudflared tunnel info 3315a609-7934-45c5-ad0c-56d86d16374d

# Logs
tail -50 ~/system/logs/cloudflared.log

🔐 Vaultwarden

Container: vaultwarden | Port: :8200 URL: vault.basicconsulting.no (Cloudflare Access protected) Local: http://localhost:8200 | HTTPS proxy: https://localhost:8443 (Caddy) Admin token: In ~/system/services/vaultwarden/.env

Dependencies

  • Docker
  • Caddy HTTPS proxy (com.john.caddy-vault) — needed for bw CLI
  • vault-keeper daemon (com.john.vault-keeper) — auto-unlock

Runbook: Vault locked/unauthenticated

# Check status
NODE_TLS_REJECT_UNAUTHORIZED=0 bw status

# If "locked" — vault-keeper auto-fixes every 15 min. Manual:
NODE_TLS_REJECT_UNAUTHORIZED=0 bw unlock --raw > /tmp/bw-session

# If "unauthenticated" — needs full re-login:
NODE_TLS_REJECT_UNAUTHORIZED=0 bw login --apikey
# Enter client_id and client_secret from ~/system/config/vault-apikey.json
# Then unlock:
NODE_TLS_REJECT_UNAUTHORIZED=0 bw unlock --raw > /tmp/bw-session

# Verify
NODE_TLS_REJECT_UNAUTHORIZED=0 BW_SESSION=$(cat /tmp/bw-session) bw list items --search "Email" | head

Runbook: Caddy proxy down

# Caddy provides HTTPS for bw CLI (self-signed cert)
launchctl list | grep caddy-vault
# Restart
launchctl stop com.john.caddy-vault && launchctl start com.john.caddy-vault
# Verify
curl -sk https://localhost:8443 | head -1

📧 Email System

Daemon: com.john.email-agent (every 5 min) Accounts: [email protected], [email protected], [email protected], [email protected], [email protected] IMAP: imap.one.com:993 | SMTP: send.one.com:465 Credentials: Vaultwarden (via bw CLI)

Runbook: Email agent not processing

# Check logs
tail -30 ~/system/logs/email-agent-launchd.log

# Common issue: Vault not unlocked
NODE_TLS_REJECT_UNAUTHORIZED=0 bw status
# Fix: See Vaultwarden runbook above

# Manual test run
NODE_TLS_REJECT_UNAUTHORIZED=0 node ~/system/daemons/email-agent.js --dry-run

# Restart daemon
launchctl stop com.john.email-agent && launchctl start com.john.email-agent

# Check inbox DB
node -e "const e=require('$HOME/system/tools/email-inbox.js');console.log(JSON.stringify(e.getStats(),null,2))"

💬 Telegram Bot

Daemon: com.john.telegram-agent (KeepAlive) Bot: @johnbasicas_bot Config: macOS Keychain (telegram-bot-token) AI Backend: Claude CLI → Ollama (llama3.1:8b) → static fallback

Runbook: Bot not responding

# Check daemon
launchctl list | grep telegram-agent

# Check logs
tail -20 ~/system/logs/telegram-agent.log

# Restart
launchctl stop com.john.telegram-agent && launchctl start com.john.telegram-agent

# Test AI backend
node -e "const{getResponse}=require('$HOME/system/tools/comms-responder.js');getResponse('test',[]).then(r=>console.log(r.backend,r.text.substring(0,100)))"

# Test connection
node ~/system/tools/telegram-agent.js --test

💬 Slack Bot

Daemon: com.john.slack-bot (KeepAlive) Workspace: ALAI Holding AS

Runbook: Slack bot not responding

launchctl list | grep slack-bot
tail -20 ~/system/logs/slack-bot.log
launchctl stop com.john.slack-bot && launchctl start com.john.slack-bot

📋 BookStack (Wiki)

Container: bookstack + bookstack_db Port: :6875 | URL: docs.basicconsulting.no API config: ~/system/config/bookstack.json (creds in Vaultwarden)

Runbook: BookStack down

cd ~/system/services/bookstack
docker compose ps
docker compose restart
# Check logs
docker logs bookstack --tail 20

📝 Documenso (E-Signing)

Containers: documenso + documenso-db + documenso-minio Port: :3003 | URL: sign.basicconsulting.no

Runbook: Documenso down

cd ~/system/services/documenso
docker compose ps
docker compose restart
docker logs documenso --tail 20

📋 Planka (Kanban)

Containers: planka + planka-db Port: :3100 | URL: boards.basicconsulting.no

Runbook: Planka down

cd ~/system/services/planka
docker compose ps
docker compose restart
docker logs planka --tail 20

📅 Baikal (CalDAV/CardDAV)

Container: baikal Port: :5232 | URL: calendar.basicconsulting.no

Runbook: Baikal down

cd ~/system/services/baikal
docker compose ps
docker compose restart
docker logs baikal --tail 20

🤖 Ollama (Local AI)

Process: ollama serve (background) Port: :11434 Models: llama3.1:8b, qwen2.5-coder:32b, bge-m3, llama-guard3:8b, custom ALAI models

Runbook: Ollama down

# Check
curl -s http://localhost:11434/api/tags | python3 -m json.tool | head

# Restart
ollama serve &

# Verify models
ollama list

⚙️ Key LaunchAgent Daemons

Daemon Label Purpose Priority
Cloudflared com.john.cloudflared Tunnel to internet P1
Vault Keeper com.john.vault-keeper Auto-unlock Vaultwarden P1
Caddy Vault com.john.caddy-vault HTTPS proxy for bw CLI P1
Slack Bot com.john.slack-bot Slack communication P1
Telegram Agent com.john.telegram-agent Telegram bot P1
Email Agent com.john.email-agent Email processing P1
Email Tracker com.john.email-tracker Open/click tracking P2
Comms Agent com.john.comms-agent Cross-platform comms P2
Ops Watchdog com.john.ops-watchdog Service health checks P1
Event Dispatcher com.john.event-dispatcher Event bus processing P1
Pi Orchestrator com.john.pi-orchestrator Task delegation to agents P1
Autowork com.john.autowork Background task execution P2
N8N com.john.n8n Workflow automation P2
MC Dashboard com.john.mc-dashboard Mission Control web UI P2

Generic daemon restart

# Stop
launchctl stop com.john.<name>
# Start
launchctl start com.john.<name>
# Full reload
launchctl unload ~/Library/LaunchAgents/com.john.<name>.plist
launchctl load ~/Library/LaunchAgents/com.john.<name>.plist
# Check status
launchctl list | grep <name>

🔄 Cold Start (Full System Bring-Up)

If the Mac Studio reboots:

# 1. Docker starts automatically (Docker Desktop)
# 2. LaunchAgents auto-load (RunAtLoad=true)
# 3. vault-keeper unlocks Vaultwarden (reads Keychain)
# 4. All services come up within ~2 minutes

# Verify everything:
bash ~/system/ops/cold-start.sh
node ~/system/tools/daemon-health.js
docker ps

🆘 Emergency Contacts

No comments to display

Back to top