p24-infra Docs

elements

5 min read

p24-infra Element Registry

Source of truth: Supabase dev_r_services table (project_id = 'p24-infra'). This file is a human-readable mirror — update both when infrastructure changes. Compliance dashboard: Grafana p24-infra Health Standard: project-standards.md Last updated: 2026-05-13

Categories

Servers

NameLabelProviderOSIPCPURAMStatus
IONOS VPSvps-i1IONOSAlmaLinux 9.7217.154.82.1626 vCPU7.4 GBactive
Hostinger VPSvps-h1HostingerUbuntu 24.04.372.60.32.612 vCPU7.8 GBactive
Local workstationradieulocalWindows 10i5-8600K 6c64 GBactive
OVH Server Fvps-ovh1OVHTBD6 core12 GBplanned
Pinbox24 Dev VPSvps-p24dev51.68.155.224legacy

SSH access (all servers): key C:\Users\konar\.ssh\id_ed25519 — username root

Container Services — vps-i1 (IONOS)

Compose: /root/traccar/docker-compose.yml (Traccar), /opt/p24-infra/monitoring/docker-compose.yml (monitoring stack)

ContainerImagePortsPurposeComplianceWorkbook
traccartraccar/traccar:6.12.2127.0.0.1:8082, 0.0.0.0:5027GPS fleet tracking✅ full (−rotation)traccar-operations.md
traccar-dbmysql:8.0internalMySQL for Traccarpart of traccar
monitoring-prometheus-1prom/prometheus:v2.55.1127.0.0.1:9090Metrics collection⚠️ partial (+healthcheck 2026-05-14)monitoring-stack-operations.md
monitoring-thanos-sidecar-1quay.io/thanos/thanos:v0.36.110901-10902TSDB upload to Wasabi⚠️ partial (+healthcheck)
monitoring-thanos-query-1quay.io/thanos/thanos:v0.36.1127.0.0.1:10904Unified PromQL⚠️ partial (+healthcheck)
monitoring-grafana-1grafana/grafana:11.3.0127.0.0.1:3000Dashboards⚠️ partial (+healthcheck +backup 2026-05-14)grafana-operations.md
monitoring-renderer-1grafana/grafana-image-renderer:3.11.6127.0.0.1:8081PNG renders for reports❌ low (+healthcheck)
monitoring-alertmanager-1prom/alertmanager:v0.27.0127.0.0.1:9093Alert routing (email)⚠️ partial (+healthcheck)monitoring-stack-operations.md
monitoring-loki-1grafana/loki:3.3.2127.0.0.1:3100Log aggregation❌ (+healthcheck)
monitoring-promtail-1grafana/promtail:3.3.2Log shipping → Loki❌ (+healthcheck)
monitoring-blackbox-exporter-1prom/blackbox-exporter:v0.25.0127.0.0.1:9115HTTP probes⚠️ (+healthcheck)
monitoring-caddy-1caddy:2.8-alpine80, 443TLS reverse proxy⚠️ (+healthcheck)
monitoring-uptime-kuma-1louislam/uptime-kuma:1127.0.0.1:3001Uptime monitoring UI❌ (+healthcheck)
monitoring-queue-exporter-1custom Python127.0.0.1:9200Supabase queue → Prometheus❌ (+healthcheck)
monitoring-cost-exporter-1custom Python127.0.0.1:9210Vercel/Supabase/Wasabi costs❌ (+healthcheck)
monitoring-pg-stats-exporter-1custom Python127.0.0.1:9201Supabase slow queries❌ (+healthcheck)
monitoring-backup-exporter-1custom Python127.0.0.1:9220Wasabi backup status❌ (+healthcheck)
monitoring-gotenberg-1gotenberg/gotenberg:8internalPDF conversion engine❌ (+healthcheck)
monitoring-pdf-service-1custom Python127.0.0.1:8100PDF service API❌ (+healthcheck)
openclaw-openclaw-gateway-1OpenClaw18789, 18790WhatsApp gateway
openclaw-openclaw-cli-1OpenClawClaude CLI integration❌ Exited(1)
node_exporterprom/node-exporter9100Host metrics⚠️
cadvisorgcr.io/cadvisor/cadvisor8080Container metrics⚠️

Native processes (non-Docker) on vps-i1:

ProcessPortPurposeManaged by
claude-proxy.py8765OpenAI-compat proxy → Claude CLIsystemd / cron
cloudflared20241, 20242Cloudflare tunnelsystemd
actions-runner (et-oper)GitHub Actions CIsystemd
actions-runner-kdpGitHub Actions CI (KDP)systemd

Container Services — vps-h1 (Hostinger)

Compose: /root/docker-compose.yml

ContainerImagePortsPurposeComplianceWorkbook
root-traefik-1traefik80, 443TLS reverse proxymonitoring-stack-operations.md (Caddy equivalent)
root-n8n-1n8nio/n8n127.0.0.1:5678Workflow automation⚠️ partialn8n-operations.md
wahaWAHA NOWEB127.0.0.1:13000WhatsApp gateway (DE +49)⚠️ partialwaha-operations.md
root-node-exporter-1prom/node-exporterhost:9100Host metrics⚠️
root-cadvisor-1gcr.io/cadvisor/cadvisor8080Container metrics⚠️

Native processes on vps-h1:

ProcessPortPurpose
actions-runner-hstgrGitHub Actions CI (et-oper, label: hstgr)
Claude Code CLIAutonomous agent (claude-runner user)

SaaS Services

ServiceProviderPlanUsed forAccountStatus
SupabaseSupabase Inc.ProPrimary DB, auth, storage, queuesmwkqmgadqnkkihjdeqsiactive
VercelVercel Inc.ProFrontend hosting (6 projects)devp24coms-projects teamactive
GitHubGitHub Inc.ProSource control, CI/CD, issuesradieuactive
CloudflareCloudflare Inc.FreeDNS (zintegrowana.online), email routing, tunnelzone 57cb3d8f24c7cc319fb703394edc7b87active
n8n Cloudn8n GmbHSecondary workflow automationn8n-cloud.infra.zintegrowana.onlineactive
Mailgun EUSinchSMTP for alerts (smtp.eu.mailgun.org)monitoring@services.pinbox24.comactive
SentrySentry Inc.Error tracking (et-operational-platform)easy-access-technology-sp-z-oo orgactive
DiscordDiscord Inc.freeInfra alerts, notificationsactive
Google Cloud (GCP)Googlefree tierOAuth2 clients for n8n Gmailecotrans.automataion@gmail.comactive
Amazon AWS — ECRAmazonDocker image registry for all Pinbox24 containers (21 repos)account 563740926945, eu-central-1active
Amazon AWS — otherAmazonamazon-kdp-tango (KDP API)active
Anthropic (Claude)AnthropicClaude Max subscriptionClaude Code on all VPSes + localradieu@gmail.comactive
Wasabi S3WasabiObject storage — see §Storageactive
ATRAXATRAXGPS data provider (vehicle positions)active
Convertio.aipaidPDF conversion for Pinbox24 Angularscheduled for removal

Storage

BucketProviderRegionEndpointPurpose
ecotrans-monitoringWasabieu-central-1s3.eu-central-1.wasabisys.comThanos long-term metrics
p24-infraWasabieu-central-2s3.eu-central-2.wasabisys.comService backups (traccar-server/, …)
ecotrans-monitoring-testWasabieu-central-1s3.eu-central-1.wasabisys.comTest bucket

Backup prefix convention: s3://p24-infra/{service-name}/YYYY-MM-DD.{ext}.gz

Networking & DNS

Zone / ResourceProviderTypeValuePurpose
zintegrowana.onlineCloudflarezoneID: 57cb3d8f24c7cc319fb703394edc7b87All infra subdomains
*.vps-i1.infra.zintegrowana.onlineCloudflareA wildcard217.154.82.162All IONOS services
*.vps-h1.infra.zintegrowana.onlineCloudflareA wildcard72.60.32.61All Hostinger services
n8n-cloud.infra.zintegrowana.onlineCloudflareCNAMEp24.app.n8n.cloudn8n Cloud
eco-trans.eudomainEcotrans corporate website
Email routing ai-dev-*@zintegrowana.onlineCloudflareroutingradieu@gmail.comAI agent GitHub accounts
Cloudflare tunnelCloudflaretunnelports 20241/20242 on vps-i1Exposes claude-proxy.py:8765
ecr.pinbox24.infra.zintegrowana.onlineCloudflare / AWS ECRCNAME563740926945.dkr.ecr.eu-central-1.amazonaws.comOfficial Docker image registry — all Pinbox24 prod images

Active service URLs:

URLServiceAuth
grafana.vps-i1.infra.zintegrowana.onlineGrafanaGrafana login
prometheus.vps-i1.infra.zintegrowana.onlinePrometheusbasic_auth
alertmanager.vps-i1.infra.zintegrowana.onlineAlertmanagerbasic_auth
traccar.vps-i1.infra.zintegrowana.onlineTraccarTraccar login
n8n.vps-h1.infra.zintegrowana.onlinen8nn8n login
waha2.vps-h1.infra.zintegrowana.onlineWAHAWAHA_API_KEY
n8n-cloud.infra.zintegrowana.onlinen8n Cloudn8n cloud login

Automation & CI/CD

NameTypeHostTriggerRepoPurpose
GitHub Actions runner ionosGH runnervps-i1 /opt/actions-runnerpush/PRet-operational-platformCI/CD
GitHub Actions runner ionos-kdpGH runnervps-i1 /opt/actions-runner-kdppush/PRamazon-kdp-tangoKDP CI
GitHub Actions runner hstgrGH runnervps-h1 /opt/actions-runner-hstgrpush/PRet-operational-platformCI/CD
playwright-nightly.ymlGH Actionsvps-i1cron 02:00 UTCet-operational-platformE2E tests vs staging
provision-new-vps.ymlGH Actionsmanualp24-infraVPS provisioning
claude-nightly.sh (IONOS)cronvps-i103:00 UTCet-operational-platform/process-issues on rc2
claude-nightly.sh (Hostinger)cronvps-h103:30 UTCet-operational-platform/process-issues on main
sync-claude-token.shcronvps-i1*/30 * * * *Sync OAuth token → OpenClaw
Traccar backupcronvps-i10 2 * * *mysqldump → Wasabi
backup-ionos.shcronvps-i130 2 * * *p24-infraNightly backup: Traccar MySQL + Grafana dashboards + Caddy certs → Wasabi (age-encrypted)
backup-hstgr.shcronvps-h10 2 * * *p24-infraNightly backup: n8n SQLite + workflows + WAHA sessions + Traefik acme.json → Wasabi (age-encrypted)
backup-supabase.shGH Actionsdaily (supabase-backup.yml)p24-infraSupabase pg_dump → Wasabi (age-encrypted)
n8n Hostinger workflowsn8nvps-h1variousATRAX GPS sync, WhatsApp routing
n8n Cloud workflowsn8ncloudvariousSecondary automations

AI Agents

AgentHostUserAuthTaskSchedule
Claude Code (IONOS)vps-i1claude-runnerClaude Max OAuth/process-issues et-oper rc203:00 UTC
Claude Code (Hostinger)vps-h1claude-runnerClaude Max OAuth/process-issues et-oper main03:30 UTC
OpenClaw sessionsvps-i1openclaw-gatewayClaude Max OAuth (shared)WhatsApp issue intake → p24_issuesevent-driven
Claude Code (local)radieu workstationradieuClaude Max OAuthDevOps, code authoring, SSH orchestrationon-demand
AI-Dev-IO1vps-i1AI-Dev-IO1 GH userClaude Max OAuthDevelopment agentTBD
AI-Dev-HS1vps-h1AI-Dev-HS1 GH userClaude Max OAuthDevelopment agentTBD

Scripts & Tools

ScriptLocationLanguagePurposeCalled by
dns-manager.pyscripts/dns-manager.pyPythonCloudflare DNS CRUD via APImanual, provisioning
backup.py (Traccar)services/traccar/scripts/backup.pyPythonmysqldump → Wasabicron 02:00 UTC
generate-config.sh (Traccar)services/traccar/scripts/generate-config.shbashInject password into traccar.xmlprovisioning, manual
sync-claude-token.sh/root/sync-claude-token.sh on vps-i1bashSync Claude OAuth token → OpenClaw envcron */30
claude-nightly.sh/root/claude-nightly.sh on vps-i1, vps-h1bashAuth check + /process-issuescron nightly
claude-proxy.py/root/claude-proxy.py on vps-i1PythonOpenAI-compat proxy → Claude CLIn8n, Cloudflare tunnel
setup-server.shmonitoring/scripts/setup-server.shbashFirst-time VPS setupmanual
install-node-exporter.shmonitoring/scripts/install-node-exporter.shbashInstall node_exportermanual
install-cadvisor.shmonitoring/scripts/install-cadvisor.shbashInstall cAdvisormanual
setup-claude-env.shscripts/setup-claude-env.shbashClaude env sync on env changePreToolUse hook
Ansible playbook provision-new-vps.ymlansible/playbooks/AnsibleFull VPS provisioningmanual / GH Actions

GitHub Repositories

RepoVisibilityPrimary branchCIPurpose
radieu/p24-infraprivatemainGH ActionsThis repo — infra configs
radieu/et-operational-platformprivatemainGH Actions (ionos, hstgr)Fleet management platform
radieu/p24-nextjs-v2026privatePinbox24 Next.js v5
radieu/eco-trans-euprivateEcotrans website
radieu/fuse-angularprivatePinbox24 Angular (current prod)
radieu/amazon-kdp-tangoprivateGH Actions (ionos-kdp)KDP automation
radieu/et-driver-tech-check-telegram-appprivateTelegram bot
radieu/et-email-dispo-ai-agentprivateAI email dispatch
radieu/fleet-health-checkprivateFleet health utility
radieu/p24-etprivatep24 ↔ Ecotrans integration
radieu/game-playprivateSide project

Credentials Index

Key names and storage locations only — values NEVER in this file or any git commit. Rotation history: secrets-rotation-log.md Policy: 03-secrets-management.md

Key namePurposeStored inBackupFreqLast rotatedNext due
SUPABASE_SERVICE_KEYSupabase service role — full DB access.env.localGH Secret (p24-infra, et-oper)90 d2026-05-082026-08-06
NEXT_PUBLIC_SUPABASE_ANON_KEYSupabase anon/public key (RLS-restricted).env.localVercel env
SUPABASE_ACCESS_TOKENSupabase management API token.env.local90 d2026-05-082026-08-06
SUPABASE_GRAFANA_PASSWORDgrafana_readonly DB role password.env.localGH Secret, monitoring .env180 dbootstrapoverdue
VERCEL_TOKENVercel deploy / CLI.env.local90 d2026-05-082026-08-06
GH_TOKENGitHub PAT — CI + cross-repo ops.env.localGH Secret90 d2026-05-082026-08-06
ANTHROPIC_API_KEYClaude API (CI + agents).env.localGH Secret (p24-infra)90 d2026-05-082026-08-06
SENTRY_AUTH_TOKENSentry CLI / release tracking.env.local90 d2026-05-082026-08-06
WASABI_ACCESS_KEY / WASABI_SECRET_KEY (ecotrans-monitoring)Thanos metrics bucket (S3)monitoring .env on vps-i1GH Secret180 dbootstrapoverdue
WASABI_ACCESS_KEY / WASABI_SECRET_KEY (p24-infra)Traccar backups bucket (S3)/root/traccar/.env on vps-i1.env.local180 dbootstrapoverdue
CLOUDFLARE_TOKEN_ZINTEGROWANADNS edit scope — zintegrowana.online.env.localGH Secret180 dbootstrapoverdue
GRAFANA_ADMIN_PASSWORDGrafana admin login.env.localGH Secret, monitoring .env180 dbootstrapoverdue
MYSQL_PASSWORDTraccar MySQL database password/root/traccar/.env on vps-i1180 dbootstrapoverdue
SMTP_USER / SMTP_PASSWORDMailgun EU SMTP credentialsGH Secretmonitoring .env365 dbootstrapoverdue
EMAIL_SENDER_API_KEYEmail API auth (Alertmanager → email webhook)monitoring .env on vps-i1.env.local180 dbootstrapoverdue
WAHA_API_KEYWAHA WhatsApp gateway auth.env.localvps-h1 .env180 dbootstrapoverdue
HSTGR_N8N_API_KEYn8n Hostinger REST API key.env.local90 dbootstrapoverdue
HSTGR_N8N_MCP_TOKENn8n MCP integration token.env.local90 dbootstrapoverdue
ATRAX_AUTH_STRINGAtrax fleet API authentication.env.localn8n env var180 dbootstrapoverdue
openAI-monitoring-tokenOpenAI API (monitoring workflows).env.local180 dbootstrapoverdue
TRELLO_API_KEY / TRELLO_TOKENTrello board integration.env.localvps env365 dbootstrapoverdue
DISCORD_WEBHOOK_URLDiscord infra alerts (p24-infra)GH Secret.env.localbootstrap
P24_DISCORD_INFRA_SCRIPTS_ERRORS_WEBHOOK_URLDiscord script errors webhook.env.localGH Secret, Vercel envbootstrap
id_ed25519 (root)SSH root key — all VPS + all Pinbox24 BMS serversC:\Users\konar\.ssh\id_ed25519GH Secret VPS_ROOT_SSH_KEY365 dbootstrapoverdue
claude-admin-keySSH claude-admin key — vps-i1 scopedd:\tmp\claude-admin-keyGH Secret VPS_SSH_PRIVATE_KEY365 dbootstrapoverdue
VPS1_hostinger_root_passwordHostinger VPS root SSH password.env.local365 dbootstrapoverdue
Claude Max OAuthClaude Code auth on VPS agents/home/claude-runner/.claude/.credentials.jsonauto

Open / Unknown

Items requiring investigation or documentation:

ItemStatusAction
GitLab org/instanceunknownet-lager likely here — find and document
Amazon AWS servicesunknownWhich services used by amazon-kdp-tango
n8n Cloud workflowsunknownDocument what runs there
Cloudflare tunnel targetspartialVerify what exactly is exposed beyond claude-proxy:8765
OpenClaw CLI containerExited(1)Debug and fix — see issue tracker
openclaw-openclaw-gateway ports 18789/18790activeNo monitoring, no workbook
Uptime KumarunningNo integration with Prometheus, no workbook

Graph View

Backlinks