Phone-First Architecture
Phone-First Architecture
Develop from anywhere without a computer.
Status Tracker
| Component | Status | Blocker |
|---|---|---|
| Tailscale mesh | DONE | - |
| NAS always-on | DONE | DSM at 192.168.68.60:5001 |
| Vast.ai GPU | DONE | vastai-gpu.tailcf98b3.ts.net |
| GitLab Ultimate | DONE | ~30% features utilized |
| DNS cleanup | DONE | Deleted review, *.review records |
| Tailscale Funnel | DISABLED | Security fix applied 2026-01-10 |
| Cloudflare tunnel | ON MAC | Running as root with token |
| NAS cloudflared | TODO | Docker compose ready (see synology/readme) |
| MinIO | NOT RESPONDING | Container may be stopped |
Next Actions (Priority Order)
- Start MinIO container on NAS - Check Container Manager
- Deploy cloudflared on NAS - Use docker-compose in wiki
- Enable GitLab SAST - 5 min via .gitlab-ci.yml
- Configure DORA metrics - GitLab Analytics CI/CD
Architecture Decision: Tailscale + Minimal Cloudflare
SIMPLIFIED APPROACH - Stop overengineering. Use the right tool for each job.
| Access Type | Tool | Why |
|---|---|---|
| Private (you only) | Tailscale | Already works, zero config, encrypted |
| Public (webhooks, APIs) | Cloudflare | Only for external integrations |
Infrastructure Tiers
ALWAYS-ON (24/7)
Synology NAS (192.168.68.60)
Tailscale: blueflynas.tailcf98b3.ts.net (100.104.119.76)
MinIO S3 (:9000)
MinIO Console (:9001)
DSM Web UI (:5001)
PostgreSQL (database)
Redis (cache)
Container Manager (Docker)
GitLab.com (Ultimate)
CI/CD Runners
Web IDE (VS Code in browser)
GitLab Duo (AI assistance)
Container Registry
Cloudflare (Free) - PUBLIC ENDPOINTS ONLY
DNS (*.blueflyagents.com)
Tunnel (for GPU public access)
ON-DEMAND GPU (Pay-per-use)
Vast.ai RTX 4090 (Instance: 29484611)
Tailscale: vastai-gpu.tailcf98b3.ts.net (100.76.214.65)
Ollama (:11434)
vLLM (:8000)
Models: llama3.2:3b, codellama, mistral
DEVELOPMENT (Optional - when Mac is on)
Mac M4 Pro
Tailscale: bluefly-m4.tailcf98b3.ts.net (100.108.129.7)
Claude Code
OrbStack K8s
Local development
Phone Access (The Simple Way)
Step 1: Install Tailscale on Phone
- iOS: App Store Tailscale
- Sign in with same account
Step 2: Access Everything via Tailscale
| Service | URL | Notes |
|---|---|---|
| NAS DSM | https://blueflynas.tailcf98b3.ts.net:5001 | Full NAS admin |
| MinIO S3 | http://blueflynas.tailcf98b3.ts.net:9000 | Object storage |
| MinIO Console | http://blueflynas.tailcf98b3.ts.net:9001 | S3 web UI |
| Ollama | http://vastai-gpu.tailcf98b3.ts.net:11434 | LLM API |
| vLLM | http://vastai-gpu.tailcf98b3.ts.net:8000 | Batch inference |
That's it. No Cloudflare tunnel needed for personal access.
Public Endpoints (Cloudflare - External Only)
Only use Cloudflare for things that need PUBLIC internet access:
| Endpoint | Purpose | Status |
|---|---|---|
| gpu.blueflyagents.com | GitLab webhooks to GPU | Active |
| api.blueflyagents.com | External API integrations | Active |
| docs.blueflyagents.com | GitLab Pages documentation | Active |
Note: Run cloudflared on Mac when needed for public endpoints. Don't fight with NAS Docker networking.
Network Topology
TAILSCALE MESH (Private)
(tailcf98b3.ts.net)
blueflynas 100.104.119.76 NAS - Always on
vastai-gpu 100.76.214.65 RTX 4090 - On demand
bluefly-m4 100.108.129.7 Mac M4 Pro - When online
iphone-t 100.67.125.25 iPhone - Mobile access
LOCAL NETWORK
(192.168.68.0/24)
Main Router 192.168.68.1 Gateway
Synology NAS 192.168.68.60 Always-on storage/services
GL-iNet BE3600 192.168.68.70 Travel router
Mac M4 Pro 192.168.68.x Development (when on LAN)
CLOUDFLARE (Public Only)
When Mac is running cloudflared
gpu.blueflyagents.com vastai-gpu:11434 (via Tailscale)
api.blueflyagents.com localhost:3005 (webhook handler)
Phone Development Workflow
1. Create/Edit Code
- GitLab Web IDE: Full VS Code in browser
- GitLab Duo: AI code suggestions and chat
- URL: https://gitlab.com/blueflyio
2. Trigger CI/CD
- Push commits Pipeline runs automatically
- Comment
/run testsTrigger specific jobs
3. GPU Inference (via Tailscale)
# From phone terminal (Prompt, Terminus, etc.) curl http://vastai-gpu.tailcf98b3.ts.net:11434/api/generate \ -d '{"model":"llama3.2:3b","prompt":"Hello"}'
4. Monitor
- GitLab pipelines dashboard
- MinIO console:
https://blueflynas.tailcf98b3.ts.net:9001 - NAS DSM:
https://blueflynas.tailcf98b3.ts.net:5001
Cloudflare Tunnel Config (Mac)
Only run when you need public endpoints. Location: ~/.cloudflared/config.yml
tunnel: f6da7bdf-d0f8-4796-a804-afb7984bbe11 credentials-file: ~/.cloudflared/f6da7bdf-d0f8-4796-a804-afb7984bbe11.json ingress: # GPU via Tailscale - hostname: gpu.blueflyagents.com service: http://vastai-gpu.tailcf98b3.ts.net:11434 - hostname: llm.blueflyagents.com service: http://vastai-gpu.tailcf98b3.ts.net:8000 # Local services (when Mac is on) - hostname: api.blueflyagents.com service: http://localhost:3005 # Catch-all - service: http_status:404
Key Infrastructure Details
| Component | Value |
|---|---|
| Vast.ai Instance | 29484611 |
| Cloudflare Tunnel ID | f6da7bdf-d0f8-4796-a804-afb7984bbe11 |
| NAS Local IP | 192.168.68.60 |
| NAS Tailscale | blueflynas.tailcf98b3.ts.net (100.104.119.76) |
| GPU Tailscale | vastai-gpu.tailcf98b3.ts.net (100.76.214.65) |
| Tailscale Network | tailcf98b3.ts.net |
| Domain | *.blueflyagents.com |