🏗️ Infrastructure Overview

• 4 nodes with reserved internal IPs
• Ubuntu 24.04 LTS (Noble Numbat) on all nodes
• Docker Engine 28.3.x in standalone mode
• Portainer CE 2.24.1 for centralized management
• Tailscale VPN for secure remote access
• Local network isolation - no public ports exposed

🖥️ Hardware Fleet

The cluster consists of 4 nodes with varied capabilities:

🚀 GitHub Actions

Self-hosted runners for CI/CD workflows:

• 6 runners on ci-04 only (mini PCs host services)
• Organization-level runners (johnsenai org)
• Ephemeral containers for security
• Playwright pre-installed with browser cache
• Labels: self-hosted, johnsen-ci-04, linux, x64
• Image: myoung34/github-runner:ubuntu-noble

🐳 Container Platform

• Docker Engine 28.3.x on all nodes
• Standalone mode (no Swarm orchestration)
• 28 containers running across the cluster
• Compose-based stack deployments via Portainer
• Registries: Docker Hub + GitHub Container Registry

🎛️ Management Platform

Portainer CE 2.24.1 provides centralized control:

• Server on ci-01, agents on ci-02/03/04
• Web UI on port 9443 (HTTPS)
• Agent communication on port 9001
• Compose stack deployment (standalone mode)
• Container logs, stats, and monitoring

⚡ Cluster Resources

Aggregate capacity across the cluster:

• Total CPU: 28 cores / 36 threads
• Total RAM: 112 GB
• Total Storage: 3.8 TB
• GitHub Runners: 6 concurrent
• Network: 1 Gbps per node

🔧 Key Services

Isolated environments with independent routing:

• Traefik - Reverse proxy (ci-02 + ci-03)
• Production Site - johnsen.ai (ci-03)
• Preview Dashboard - dev.johnsen.ai (ci-02)
• Stats Agents - Metrics collection (all nodes)
• Tailscale - VPN access (ci-01, ci-02, ci-03)
• BuildKit - Docker image builds (ci-04)

🌐 Network & Access

• Tailscale VPN required for all access
• No public ports exposed to internet
• johnsen.ai → ci-03 (production)
• dev.johnsen.ai → ci-02 (previews)
• Firewall: UFW with SSH/Docker ports only