Infrastructure Overview — devp24 / Ecotrans
Synthetic knowledge base for p24-infra
Living document. Update when topology changes.
0. Conventions
Error notification standard
Every script, GitHub Action, cron job, and automation MUST on error:
- Send Discord embed via
P24_DISCORD_INFRA_SCRIPTS_ERRORS_WEBHOOK_URL - Create a GitHub Issue in this repo (
radieu/p24-infra) viaP24_INFRA_GH_TOKEN
Discord (curl pattern — bash)
curl -s -X POST "$P24_DISCORD_INFRA_SCRIPTS_ERRORS_WEBHOOK_URL" \
-H "Content-Type: application/json" \
-d "{\"embeds\":[{\"title\":\"🔴 ERROR — <system-name>\",\"color\":15158332,\"description\":\"$ERROR_MSG\",\"url\":\"$RUN_URL\"}]}"Color codes: red=15158332, green=3066993, yellow=16776960.
GitHub Issue in p24-infra (gh CLI pattern)
gh issue create \
--repo radieu/p24-infra \
--title "🔴 [<system-name>] <short description>" \
--label "bug" \
--body "## Error details\n\n$ERROR_BODY"Requires P24_INFRA_GH_TOKEN (PAT with repo write access to p24-infra).
Where to get secrets
| Secret | GitHub Actions | VPS / bash | Vercel |
|---|---|---|---|
P24_DISCORD_INFRA_SCRIPTS_ERRORS_WEBHOOK_URL | ${{ secrets.P24_DISCORD_INFRA_SCRIPTS_ERRORS_WEBHOOK_URL }} | .env.local / env var | process.env.P24_DISCORD_INFRA_SCRIPTS_ERRORS_WEBHOOK_URL |
P24_INFRA_GH_TOKEN | ${{ secrets.P24_INFRA_GH_TOKEN }} | .env.local as GITHUB_TOKEN | not needed (no issue creation from frontend) |
1. Projects Portfolio
et-operational-platform
Fleet management platform for Ecotrans — primary active project.
| Property | Value |
|---|---|
| Stack | Next.js Pages Router + TypeScript + Supabase + shadcn/ui |
| GitHub | radieu/et-operational-platform (private) |
| Vercel prod | et-operational-platform → tracks main |
| Vercel staging | et-operational-platform-7ktl → tracks staging |
| Database | Supabase Pro — project ref mwkqmgadqnkkihjdeqsi |
| CI runner | GitHub Actions self-hosted ionos on IONOS VPS /opt/actions-runner |
| Autonomous agent | claude-runner on IONOS VPS — runs /process-issues nightly on rc2 branch |
| E2E nightly | .github/workflows/playwright-nightly.yml — 02:00 UTC vs staging; artefakty 7d; on fail GH Issue |
| Gitflow | feature/* → dev → staging → rc → main |
Roles: platform_admin, manager, technician, driver, dispo_manager, dispatcher.
Pinbox24.com — Angular version (current production)
Business process management platform — currently live.
| Property | Value |
|---|---|
| Stack | Angular + Fuse Material admin template |
| GitHub | radieu/fuse-angular (private) |
| Dev server | VPS 51.68.155.224:22 (root, separate from IONOS) |
| Public API | https://api.w4.pinbox24.com/api/ |
| PDF conversion | Convertio.ai (external SaaS — scheduled for replacement, see §7) |
Pinbox24 — Next.js v5 (in development)
Next-generation rewrite of Pinbox24 in Next.js 14.
| Property | Value |
|---|---|
| Stack | Next.js 14 + Supabase + Vercel — Turborepo monorepo |
| GitHub | radieu/p24-nextjs-v2026 (private) |
| Vercel | p24-nextjs-v2026 (devp24com team) |
| Structure | apps/pinbox24 + packages/form-engine |
et-lager
Warehouse management system for Ecotrans.
| Property | Value |
|---|---|
| Stack | Next.js, Node 24 |
| Vercel | et-lager → et-lager.vercel.app |
| GitHub | Not on radieu GitHub — likely GitLab or separate org |
| Status | Active (READY deployment) |
eco-trans-eu
Ecotrans corporate website.
| Property | Value |
|---|---|
| Stack | Next.js |
| GitHub | radieu/eco-trans-eu (private) |
| Vercel | eco-trans-eu → eco-trans-eu.vercel.app |
amazon-kdp-tango
Amazon Kindle Direct Publishing automation.
| Property | Value |
|---|---|
| GitHub | radieu/amazon-kdp-tango (private) |
| CI runner | GitHub Actions self-hosted on IONOS VPS /opt/actions-runner-kdp |
| Cloud | Uses Amazon services (KDP API) |
Other GitHub repos
| Repo | Purpose |
|---|---|
et-driver-tech-check-telegram-app | Telegram bot for driver tech checks |
et-email-dispo-ai-agent | AI email agent for dispatching |
fleet-health-check | Fleet health check utility |
p24-et | p24 ↔ Ecotrans integration |
p24-infra | This repo — infrastructure configs |
game-play | Side project |
2. Compute Infrastructure
IONOS VPS — primary compute hub
| Property | Value |
|---|---|
| IP | 217.154.82.162 |
| OS | AlmaLinux 9.7 |
| Specs | 6 vCPU, 7.4 GB RAM, 239 GB disk |
| Cost | ~6€/month |
| SSH (root) | Key: C:\Users\konar\.ssh\id_ed25519 |
| SSH (claude-admin) | Key in GitHub Secret VPS_SSH_PRIVATE_KEY |
| Monitoring dir | /opt/p24-infra |
Running services:
| Process | Type | Port | Purpose |
|---|---|---|---|
openclaw-openclaw-gateway | Docker | 18789, 18790 | OpenClaw WhatsApp gateway |
openclaw-openclaw-cli | Docker | — | OpenClaw Claude CLI (currently exited) |
traccar | Docker | 8082 (web), 5027 (GPS/UDP) | GPS fleet tracking server |
traccar-db | Docker | internal | MySQL 8.0 for Traccar |
claude-proxy.py | Python3 | 8765 | HTTP proxy bridging OpenAI-format → Claude CLI |
cloudflared | system | 20241, 20242 | Cloudflare tunnel (exposes internal services) |
| Claude Code processes | native | — | 3 active agents running (OpenClaw sessions) |
| GitHub Actions runner | native | — | /opt/actions-runner — et-operational-platform |
| GitHub Actions runner (KDP) | native | — | /opt/actions-runner-kdp — amazon-kdp-tango |
Users:
| User | Purpose |
|---|---|
root | Admin — SSH via id_ed25519 |
github-runner | GitHub Actions CI/CD |
claude-runner | Autonomous Claude agent — nightly process-issues |
claude-admin | Claude Code remote admin (created 2026-05-06) — docker + sudo-scoped |
docker-compose stacks on IONOS:
/root/openclaw/docker-compose.yml— OpenClaw/root/traccar/docker-compose.yml— Traccar + MySQL
Key scripts in /root/:
| Script | Purpose |
|---|---|
claude-nightly.sh | Autonomous Claude agent — pulls rc2, runs /process-issues (odrebne od playwright-nightly.yml) |
claude-proxy.py | OpenAI-compatible proxy on :8765 → routes to Claude Code CLI |
sync-claude-token.sh | Syncs claude-runner OAuth token → OpenClaw container |
config-kdp-runner.sh | Configure KDP GitHub Actions runner |
claude-runner flow (autonomous agent):
cron/nightly → claude-nightly.sh
→ git pull rc2 of et-operational-platform
→ inject TRELLO env vars
→ claude --dangerously-skip-permissions -p /process-issues
(reads Trello backlog → creates/triages GitHub issues → implements)
Hostinger VPS — n8n + Claude agent + GH runner
Primary n8n automation server, now also Claude Code agent host.
| Property | Value |
|---|---|
| IP | 72.60.32.61 |
| Hostname | srv1072950 |
| OS | Ubuntu 24.04.3 LTS |
| Specs | 2 vCPU (AMD EPYC 9354P), 7.8 GB RAM, 96 GB disk |
| SSH (root) | Key: C:\Users\konar\.ssh\id_ed25519 |
| Compose file | /root/docker-compose.yml |
Running containers:
| Container | Status | Ports | Purpose |
|---|---|---|---|
root-traefik-1 | Up | 80, 443 | TLS reverse proxy (Let’s Encrypt) |
root-n8n-1 | Up | 127.0.0.1:5678 | n8n workflow automation |
Installed (2026-05-08):
- Node.js v20.20.2
- Claude Code CLI v2.1.133 (
/usr/bin/claude) - User
claude-runner(/home/claude-runner/workspace) - GitHub Actions runner
hstgr-srv1072950(labels:self-hosted, hstgr) — systemd, enabled
GitHub Actions runner:
- Service:
actions.runner.radieu-et-operational-platform.hstgr-srv1072950.service - Runner dir:
/opt/actions-runner-hstgr/, runs asclaude-runner - Repo:
radieu/et-operational-platform - Use in workflows:
runs-on: [self-hosted, hstgr]
n8n access:
- URL:
https://n8n.vps-h1.infra.zintegrowana.online/ - API key:
.env.local→HSTGR_N8N_API_KEY - MCP token:
.env.local→HSTGR_N8N_MCP_TOKEN - n8n credentials: ATRAX auth, Gmail OAuth2, Trello, Supabase
Claude agent (as of 2026-05-08):
- Repo cloned:
/home/claude-runner/workspace/et-oper(main branch) - Env:
/home/claude-runner/.claude-env— GITHUB_TOKEN, TRELLO_API_KEY, TRELLO_TOKEN, TRELLO_BOARD_NAME (no ANTHROPIC_API_KEY — uses OAuth) - Auth: Claude Max OAuth subscription — credentials in
/home/claude-runner/.claude/.credentials.json- Access token (~8-12h) auto-refreshed silently by Claude Code; refresh token persists for months
- Nightly script detects auth failure and fires Discord alert; re-auth:
python d:\tmp\reauth-hstgr.py
- Nightly script:
/root/claude-nightly.sh— auth-check →/process-issues→ Discord alert on failure - Cron:
30 3 * * *(03:30 UTC, 30 min after IONOS agent) - Logs:
/home/claude-runner/workspace/et-oper/docs/logs/hstgr-run-<date>.log
Monitoring exporters (as of 2026-05-08):
root-node-exporter-1—network_mode: host, port 9100 (all interfaces)root-cadvisor-1— port 8080 (0.0.0.0), Docker metrics- Scraped by Prometheus on IONOS VPS (see
monitoring/prometheus/prometheus.yml) - UFW inactive — ports open by default
n8n.io Cloud — second n8n instance
Separate cloud-hosted n8n account.
| Property | Value |
|---|---|
| Provider | n8n.io (managed cloud) |
| Purpose | Separate workflow set (backups, different automations) |
| Relation | Independent of Hostinger n8n — different account |
Pinbox24 Dev VPS
Development server for Pinbox24 Angular version.
| Property | Value |
|---|---|
| IP | 51.68.155.224 |
| SSH | root with password (in .env.local as DEV_PINBOX_SERVER_*) |
| Purpose | Pinbox24.com Angular — dev/staging environment |
3. Frontend Hosting — Vercel
Team: devp24com's projects — team_RuXLTWx5DXK6n0HUKoOUTGY3
| Project | Vercel ID | Branch | Domain | Status |
|---|---|---|---|---|
et-operational-platform | prj_ziLl911FOYLAeukQujL4NjxR4eWy | main | et-operational-platform.vercel.app | Production |
et-operational-platform-7ktl | prj_lli8awSYVqRiny00VHCo7bYZRX7I | staging | et-operational-platform-7ktl.vercel.app | Staging |
et-lager | prj_Ucdch6SHP4ZSsqBhsK2Jf2rg2AwX | master | et-lager.vercel.app | Production |
eco-trans-eu | prj_QNexVt2rNFgp2HUKXKX3kDkr4zKP | — | eco-trans-eu.vercel.app | Production |
p24-nextjs-v2026 | prj_szccZC02nRqe0nPDwHHrbkmAwth9 | — | — | Dev |
game-play | prj_qmfqikpplVgZ0iLYzrhOtAfsUCT2 | — | — | Side |
4. Database — Supabase
| Project | Ref | Plan | Used by |
|---|---|---|---|
| et-operational-platform | mwkqmgadqnkkihjdeqsi | Pro | et-operational-platform |
| DB host (direct) | db.mwkqmgadqnkkihjdeqsi.supabase.co:5432 | — | Grafana readonly |
| Anon key | In .env.local | — | Frontend |
| Service role key | In .env.local | — | Backend, n8n, queue-exporter |
Roles for monitoring:
grafana_readonly— SELECT on:pending_transcriptions,pending_pdf_processing,incidents,fleet_positions,whatsapp_messages,p24_issues
Tables added 2026-05-10 (is-10):
p24_issues— unified issue tracker (source:whatsapp_group_infra); fields: ticket_ref (INFRA-N), title, description, panel, module, view_type, reported_by_jid_hash (GDPR), status, priority, attachments, raw_payload. Migration:monitoring/supabase/migrations/001_p24_issues.sql
5. Version Control
GitHub — radieu account
All active projects. Private repos. GitHub Pro.
CI/CD via GitHub Actions — self-hosted runner ionos on IONOS VPS.
GitHub Actions - Playwright Nightly (et-operational-platform)
File: .github/workflows/playwright-nightly.yml
Runner: self-hosted ionos (IONOS VPS /opt/actions-runner)
| Property | Value |
|---|---|
| Trigger | schedule: cron 0 2 * * * (02:00 UTC = 03:00 CET) + workflow_dispatch |
| Target | Staging Vercel URL |
| Retries | 2x per test |
| On PASS | Discord embed (green) + artefakt playwright-nightly-report-<run_id> w GitHub Actions (retention 7d) |
| On FAIL | Discord embed (red) via P24_DISCORD_INFRA_SCRIPTS_ERRORS_WEBHOOK_URL + GitHub Issue (bug,triage,e2e-regression) |
Znane problemy (2026-05-08):
- Do 2026-05-08 brak harmonogramu schedule — tylko workflow_dispatch; cron dodano 2026-05-08
- Wszystkie runy failure 0s = runner ionos offline lub workflow file issue
- Sprawdz status: GitHub Settings Actions Runners ionos
GitLab
et-lageris likely here (not found on GitHub)- IONOS VPS has
claude-runnerandgithub-runnerusers — GitLab runner config was empty (may have been removed or is configured differently) - TODO: locate GitLab instance/org and document
6. Cloud Services
Cloudflare
- Account active
- cloudflared tunnel running on IONOS VPS (ports 20241/20242)
- Likely exposes:
claude-proxy.py(port 8765) and/or internal services over HTTPS without opening firewall ports - DNS for domains probably managed here
Google Cloud Platform (GCP)
- Account:
ecotrans.automataion@gmail.com - Google Developer Console — OAuth 2.0 clients:
| Client name | Client ID | Used for |
|---|---|---|
| ET-MCP | 1096943796691-8cmbcih9jr7aueagsipdvti5aa8c2fbm | MCP server integration |
| ET Ecotrans Automation n8n | 1096943796691-kg26shtkkqb3m3d7rerqkokmulpb5unc | n8n Gmail OAuth2 workflow |
- Gmail OAuth2 credential in n8n is pending (new Web app OAuth client needed — see n8n Gmail credential memory note)
Amazon Web Services
- Used by
amazon-kdp-tangoproject (Kindle Direct Publishing API) - TODO: document which AWS services (likely IAM, possibly S3 or Lambda)
- AWS credentials not visible in
.env.local— likely stored in amazon-kdp-tango repo secrets
Wasabi S3 (planned — monitoring)
- Bucket:
ecotrans-monitoring(prod),ecotrans-monitoring-test(test) - Region:
eu-central-1 - Endpoint:
s3.eu-central-1.wasabisys.com - Not yet provisioned — needed for Thanos long-term metrics storage
7. Automation & AI Stack
OpenClaw — WhatsApp AI Gateway
Self-hosted, running on IONOS VPS.
- Gateway container (healthy): WhatsApp group listener, ports 18789/18790
- CLI container (exited — see #16): Claude Code CLI integration; needs debug
- Mounts host Claude Code binary (
/usr/bin/claude) into container - Shares
claude-runner.claudecredentials read-only - Token sync:
sync-claude-token.shcopies OAuth access token from claude-runner → OpenClaw env - Active use case (2026-05-10, is-10): WhatsApp group
et-operational-platform-zgłoszenia— DE number handles issue intake via/p24-issue-reporterskill. Completed issues inserted intop24_issues(Supabase). Workspace:monitoring/openclaw-workspace/ - groupPolicy:
openon DE account (listens on all groups)
Claude Code — Autonomous Agents
Three tiers:
| Agent | Where | Trigger | Task |
|---|---|---|---|
claude-runner | IONOS VPS | cron 03:00 UTC | /process-issues on et-operational-platform rc2 |
claude-runner | Hostinger VPS | cron 03:30 UTC | /process-issues on et-operational-platform main |
| OpenClaw sessions | IONOS VPS | WhatsApp messages | ET Platform issue intake (p24_issues) |
| Remote admin (Claude Code CLI) | IONOS VPS | /usr/bin/claude | DevOps tasks via SSH from dev machine |
claude-proxy.py on port 8765: OpenAI-compatible HTTP endpoint → proxies to Claude Code CLI. Exposed via Cloudflare tunnel.
n8n Workflows
Two separate instances — workflows differ between them.
Hostinger n8n (n8n.vps-h1.infra.zintegrowana.online):
- Credentials: Atrax (GPS API), Gmail OAuth2, Trello, Supabase
- ATRAX integration: uses
ATRAX_AUTH_STRINGenv var passed as payload (never edit auth nodes directly) - Gmail OAuth2: pending new Web app client in GCP Console
n8n.io Cloud:
- Separate account, separate workflow set
- Used for: n8n workflow backups and alternative automations
- TODO: document what workflows run here specifically
Traccar — GPS Fleet Tracking
- Docker on IONOS VPS, port 8082 (web UI), 5027 (GPS protocol, TCP+UDP)
- MySQL 8.0 backend (
traccar-dbcontainer) - Tracks 500-car Ecotrans fleet (planned — currently in setup)
8. Planned Infrastructure Work
P1 — Monitoring stack (this repo)
Deploy Prometheus + Grafana + Thanos on IONOS VPS (test), then OVH VPS (production).
See docs/monitoring-prometheus-grafana.md for full plan.
Status: Repo created, configs ready, deployment pending.
P2 — PDF conversion service (replace Convertio.ai)
Pinbox24.com currently uses Convertio.ai (paid SaaS) for PDF conversion.
Plan: self-hosted Docker container on VPS with open-source PDF tools (likely gotenberg or pdf2image/Poppler + Tesseract).
Impact: Pinbox24.com — remove Convertio dependency, reduce cost, add privacy. Target VPS: IONOS or dedicated OVH VPS. Stack: Docker, Flask or FastAPI, Poppler + Tesseract (matches existing et-operational-platform PDF plan).
P3 — OpenClaw CLI container (fix)
openclaw-openclaw-cli-1 is Exited (1) — needs debugging and restart.
P4 — n8n Gmail OAuth2
Create new Web app OAuth client in Google Cloud Console for n8n Gmail integration.
See memory: project_n8n_gmail_credential.md.
P5 — OVH VPS Server F provisioning
Production monitoring server — 6 cores, 12GB RAM, 7€/month. Not yet provisioned. Phase 0 testing runs on IONOS VPS.
9. Secrets Inventory
Values never stored here — locations only.
| Secret | Location | Shared with |
|---|---|---|
| Supabase service role key | .env.local + GH Secret SUPABASE_SERVICE_KEY | et-oper, p24-infra |
| Supabase anon key | .env.local + Vercel env | Frontend |
| Anthropic API key | .env.local → rotate immediately (exposed in LLM session 2026-05-06) | Local use only — VPS claude-runners use Claude Max OAuth subscription, not API key |
| GitHub PAT | .env.local → rotate immediately | claude-runner, CI |
| Vercel token | .env.local → rotate | CI/CD |
| Sentry auth token | .env.local → rotate | Error tracking |
| n8n Hostinger API key | .env.local | n8n MCP, automation |
| ATRAX auth string | .env.local + n8n env var | GPS data pull |
| IONOS VPS root password | .env.local | Manual access |
| Pinbox24 dev VPS password | .env.local | Manual access |
| Trello API key + token | .env.local | claude-runner, Trello skill |
| Google OAuth client secrets | .env.local | n8n Gmail, MCP |
| VPS SSH private key (claude-admin) | GitHub Secret VPS_SSH_PRIVATE_KEY on p24-infra | Claude Code remote admin |
| VPS SSH root key (base64) | GitHub Secret VPS_ROOT_SSH_KEY on p24-infra | provision-new-vps.yml workflow SSH |
| GitHub PAT (runner token) | GitHub Secret GH_TOKEN on p24-infra | Runner registration in provision workflow |
| Discord webhook (infra alerts) | GitHub Secret DISCORD_WEBHOOK_URL on p24-infra | claude-nightly.sh auth failure alerts |
| IONOS SSH private key (root) | C:\Users\konar\.ssh\id_ed25519 | Root access |
| P24_DISCORD_INFRA_SCRIPTS_ERRORS_WEBHOOK_URL | .env.local + GH Secret (et-oper, p24-infra) + Vercel env (all envs) | Discord infra alerts |
| Wasabi keys | not yet set — add to .env on VPS + GH Secrets | Thanos monitoring |
Credentials that went through LLM session 2026-05-06 and must be rotated — ROTATION PENDING — see secrets-rotation-log.md:
ANTHROPIC_API_KEY— Anthropic Console — ROTATION PENDINGGITHUB_PAT— GitHub Settings → Developer settings — ROTATION PENDINGVERCEL_TOKEN— Vercel Account Settings → Tokens — ROTATION PENDINGSENTRY_AUTH_TOKEN— Sentry Settings → Auth Tokens — ROTATION PENDINGSUPABASE_ACCESS_TOKEN— Supabase Dashboard → Account tokens — ROTATION PENDINGSUPABASE_SERVICE_ROLE_KEY— Supabase Project Settings → API — ROTATION PENDING
10. Access Quick Reference
# IONOS VPS — root
ssh -i C:\Users\konar\.ssh\id_ed25519 root@217.154.82.162
# IONOS VPS — claude-admin (limited sudo)
ssh -i <claude-admin-key> claude-admin@217.154.82.162
# Pinbox24 dev VPS
ssh root@51.68.155.224 # password in .env.local
# Vercel team
# https://vercel.com/devp24coms-projects
# Supabase project
# https://supabase.com/dashboard/project/mwkqmgadqnkkihjdeqsi
# n8n Hostinger
# https://n8n.vps-h1.infra.zintegrowana.online/
# Traccar (GPS)
# http://217.154.82.162:8082
# OpenClaw gateway
# ws://217.154.82.162:18789 (or via Cloudflare tunnel)11. Open / Unknown
- GitLab: org/instance not documented —
et-lagerlikely here - Amazon AWS: which services exactly (S3? Lambda? ECR?)
- n8n.io Cloud: which workflows, what backups
- Cloudflare tunnel targets: what exactly is exposed (probably
claude-proxy.pyon 8765) - OpenClaw CLI container: why
Exited (1)— needs investigation - Hostinger n8n workflows: API returned 0 workflows — may need different API key or they’re on n8n.io instance