Synology DS224+ - Always-On Infrastructure Hub
Synology DS224+ - Always-On Infrastructure Hub
The NAS is NOT just storage - it's our always-on server.
Current Status
| Component | Status | Notes |
|---|---|---|
| Tailscale | ACTIVE | blueflynas.tailcf98b3.ts.net (100.104.119.76) |
| MinIO S3 | RUNNING | Port 9000/9001 |
| DSM Web UI | RUNNING | Port 5001 |
| cloudflared | TODO | Install from SynoCommunity |
| GitLab Runner | TODO | For CI/CD jobs |
| PostgreSQL | TODO | Database server |
| Redis | TODO | Cache server |
Network Access
| Context | Endpoint |
|---|---|
| Tailscale (Private) | blueflynas.tailcf98b3.ts.net |
| Local LAN | 192.168.68.60 |
| Cloudflare (Public) | nas.blueflyagents.com (when tunnel active) |
What To Install
Priority 1: cloudflared (Cloudflare Tunnel)
Source: SynoCommunity cloudflared
This moves the tunnel from Mac to always-on NAS.
# Add SynoCommunity repo: # Package Center Settings Package Sources Add # Name: SynoCommunity # URL: https://packages.synocommunity.com/ # Then install cloudflared from Package Center
Priority 2: GitLab Runner
Source: Container Manager (Docker)
Run CI/CD jobs locally without GitLab.com runners.
# docker-compose.yml version: '3' services: gitlab-runner: image: gitlab/gitlab-runner:latest volumes: - /volume1/docker/gitlab-runner/config:/etc/gitlab-runner - /var/run/docker.sock:/var/run/docker.sock restart: always
Priority 3: Database Services
PostgreSQL + Redis for local development.
# docker-compose.yml services: postgres: image: postgres:15 volumes: - /volume1/docker/postgres/data:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} ports: - "5432:5432" redis: image: redis:7-alpine volumes: - /volume1/docker/redis/data:/data ports: - "6379:6379"
Hardware Specs
| Spec | Value |
|---|---|
| Model | DS224+ |
| CPU | Intel Celeron J4125 (4-core, 2.0GHz) |
| RAM | 2GB (expandable to 6GB) |
| Storage | 2-bay SATA |
| Network | 2x 1GbE |
| DSM Version | 7.x |
Limitation: No AVX Support
The J4125 CPU lacks AVX instructions. Some containers won't work:
- Elasticsearch
- Some ML models
- Most standard containers work fine
Directory Structure
/volume1/
docker/
cloudflared/
config.yml
gitlab-runner/
config/
minio/
data/
postgres/
data/
redis/
data/
llm-platform/
models/
training-data/
checkpoints/
backups/
cloudflared Setup (PRIORITY 1)
Current State: Running on Mac as root with token. Must move to NAS for always-on.
Option A: Docker Container (Recommended)
Using Container Manager on Synology:
# docker-compose.yml for /volume1/docker/cloudflared/ version: '3' services: cloudflared: image: cloudflare/cloudflared:latest container_name: cloudflared command: tunnel run --token eyJhIjoiNDlhMGNjZDM2ZTUyYzc5MWRiMjk2MDRlN2ZlM2I3OTMiLCJ0IjoiZjZkYTdiZGYtZDBmOC00Nzk2LWE4MDQtYWZiNzk4NGJiZTExIiwicyI6ImZxdXQvdkJrdlB1UmhjL04wRHd3dWNXK3lDd3NUU1B3Yi9EMDRiTjRWVmM9In0= restart: always network_mode: host # Use host network for Tailscale access
Steps:
- SSH to NAS:
ssh admin@192.168.68.60 - Create directory:
mkdir -p /volume1/docker/cloudflared - Create docker-compose.yml with above content
- In Container Manager Project Create from docker-compose.yml
- After NAS is running, stop Mac cloudflared:
sudo pkill cloudflared
Option B: SynoCommunity Package
- Package Center Settings Package Sources
- Add: Name=
SynoCommunity, URL=https://packages.synocommunity.com/ - Install
cloudflared - Configure via SSH with token
Cloudflare Dashboard Config
The tunnel uses remote config (token mode). Ingress rules are at: https://one.dash.cloudflare.com/ Zero Trust Networks Tunnels agent-webhook
Current hostnames:
| Hostname | Target | Notes |
|---|---|---|
| gpu.blueflyagents.com | vastai-gpu:11434 | Ollama API |
| llm.blueflyagents.com | vastai-gpu:8000 | vLLM API |
| api.blueflyagents.com | Mac:3005 | Move to NAS |
| mesh.bluefly.internal | Mac:3005 | Move to NAS |
| storage.blueflyagents.com | NAS:9000 | MinIO S3 |
| nas.blueflyagents.com | NAS:5001 | DSM Web UI |
After Migration
Once NAS is running cloudflared:
- Update Cloudflare dashboard to point api/mesh to NAS IP
- Stop cloudflared on Mac
- Mac becomes optional for development
MinIO S3 (Already Running)
| Setting | Value |
|---|---|
| Endpoint (Private) | http://blueflynas.tailcf98b3.ts.net:9000 |
| Endpoint (Public) | https://storage.blueflyagents.com |
| Console | http://blueflynas.tailcf98b3.ts.net:9001 |
| Bucket | bluefly-models |
Synology CSI - Kubernetes Storage Integration
Synology CSI Driver - Official Kubernetes storage driver.
This allows OrbStack K8s (or any K8s) to dynamically provision storage from the NAS!
Features
- ReadWriteMany (multiple pods)
- Volume cloning
- Storage expansion
- Snapshots
Requirements
- Kubernetes 1.19+
- DSM 7.0+
- iSCSI, SMB, or NFS configured
Setup (for OrbStack K8s)
# Install CSI driver kubectl apply -f https://raw.githubusercontent.com/SynologyOpenSource/synology-csi/main/deploy/kubernetes/v1.26/ # Create StorageClass cat <<EOF | kubectl apply -f - apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: synology-iscsi provisioner: csi.san.synology.com parameters: fsType: ext4 dsm: "192.168.68.60" location: "/volume1" reclaimPolicy: Retain allowVolumeExpansion: true EOF
Use Cases
- Persistent volumes for agent services
- Shared storage across pods (ReadWriteMany)
- Model storage for ML workloads
- Database persistence (PostgreSQL, Redis)
References
- Synology CSI Driver - Official K8s storage driver
- SynoCommunity Packages
- Synology Container Manager
- GitLab Runner on Synology
- Synology GitLab Setup