A standardized remote development stack for global contributors to program on NVIDIA Jetson boards through a secure Tailscale tailnet, with consistent ROS 2 containers and CI for both arm64 and amd64 architectures.
This repository provides a complete infrastructure-as-code solution for remote robotics development, enabling:
- Secure Remote Access: Tailscale tailnet with SSH key authentication
- Consistent Development Environment: ROS 2 Humble containers across x86 and ARM64
- Multi-Architecture Support: Unified development experience across platforms
- CI/CD Pipeline: Automated container builds and deployments
- Hardened Security: SSH hardening, fail2ban, and network isolation
Set up a small Ubuntu 22.04 server as your bastion host:
# Export your Tailscale auth key
export TAILSCALE_AUTH_KEY="tskey-auth-..."
# Clone and setup
git clone https://github.com/your-org/triton-remote-jetson-lab.git
cd triton-remote-jetson-lab
chmod +x scripts/*.sh
./scripts/setup_jump_host.shOn each Jetson with JetPack 6:
# Run the setup script
./scripts/setup_jetson.sh# Copy and configure environment
cp env.example .env
# Edit .env with your specific values# For x86 development
docker compose --profile x64 up -d
# For Jetson development
docker compose --profile jetson up -d
# For infrastructure services
docker compose --profile broker up -d# Attach to container
docker compose exec ros2-dev bash
# Build your workspace
cd /workspace
colcon build
source install/setup.bash| Project | Primary Board | Alternative | Use Case |
|---|---|---|---|
| Shellby | Jetson Orin Nano 8 GB | Raspberry Pi 5 + Hailo 10H | Mobile manipulation |
| SeaLink | Raspberry Pi 5/CM4 + Hailo 10H | Jetson Orin Nano | Marine robotics |
| Luna AUV | Jetson Orin NX 16 GB | - | Autonomous underwater vehicle |
| CrabBots | Jetson Orin Nano 8 GB | Jetson Orin NX 16 GB | Multi-sensor navigation |
| Base Station | x86 + NVIDIA GPU | - | Simulation and training |
- SSH keys configured (no password auth)
- Root SSH access disabled
- Tailscale ACLs configured
- fail2ban installed and configured
- Firewall rules applied
- Docker daemon secured
- Container images scanned
- Secrets management configured
- Log aggregation enabled
- Backup strategy implemented
The following diagram illustrates the complete system architecture and data flow:
graph TB
subgraph "Remote Development Environment"
DevA["Developer A<br/>VS Code Remote"]
DevB["Developer B<br/>SSH Client"]
DevC["Developer C<br/>Jupyter Lab"]
end
subgraph "Tailscale Secure Network"
Tailnet["Tailnet 100.64.0.0/10"]
end
subgraph "Core Infrastructure"
Bastion["Bastion Host<br/>Ubuntu 22.04<br/>SSH Gateway"]
Registry["Container Registry<br/>GHCR"]
CI["CI/CD Pipeline<br/>GitHub Actions"]
Monitor["Monitoring Stack<br/>Prometheus + Grafana"]
end
subgraph "Message Brokers"
NATS["NATS Server<br/>High Performance"]
MQTT["Mosquitto MQTT<br/>IoT Protocol"]
end
subgraph "Storage & Analytics"
MinIO["MinIO S3<br/>Object Storage"]
Loki["Loki<br/>Log Aggregation"]
DB["Time Series DB<br/>InfluxDB"]
end
subgraph "Field Devices"
OrinNX["Luna AUV<br/>Jetson Orin NX 16GB"]
OrinNano1["CrabBot<br/>Jetson Orin Nano 8GB"]
OrinNano2["Shellby<br/>Jetson Orin Nano 8GB"]
PiHailo["SeaLink<br/>Pi 5 + Hailo 10H"]
BaseStation["Base Station<br/>x86 + NVIDIA GPU"]
end
subgraph "Container Runtime"
DockerX64["ROS 2 x86_64<br/>Development"]
DockerARM["ROS 2 ARM64<br/>Jetson Runtime"]
end
%% Developer connections
DevA -->|SSH over Tailscale| Bastion
DevB -->|SSH over Tailscale| Bastion
DevC -->|HTTPS over Tailscale| Bastion
%% Tailscale network
Bastion -.->|Secure Mesh| Tailnet
OrinNX -.->|Secure Mesh| Tailnet
OrinNano1 -.->|Secure Mesh| Tailnet
OrinNano2 -.->|Secure Mesh| Tailnet
PiHailo -.->|Secure Mesh| Tailnet
%% Bastion to devices
Bastion -->|SSH via Tailnet| OrinNX
Bastion -->|SSH via Tailnet| OrinNano1
Bastion -->|SSH via Tailnet| OrinNano2
Bastion -->|SSH via Tailnet| PiHailo
%% CI/CD flow
CI -->|Build & Push| Registry
Registry -->|Pull Images| DockerX64
Registry -->|Pull Images| DockerARM
%% Container deployment
DockerX64 -->|Deploy| BaseStation
DockerARM -->|Deploy| OrinNX
DockerARM -->|Deploy| OrinNano1
DockerARM -->|Deploy| OrinNano2
DockerARM -->|Deploy| PiHailo
%% Telemetry flow
OrinNX -->|Sensor Data| NATS
OrinNano1 -->|Navigation Data| NATS
OrinNano2 -->|Manipulation Data| MQTT
PiHailo -->|Marine Data| MQTT
BaseStation -->|Simulation Data| NATS
%% Data processing
NATS -->|Store| MinIO
MQTT -->|Store| MinIO
NATS -->|Metrics| Monitor
MQTT -->|Metrics| Monitor
%% Logging
OrinNX -->|Logs| Loki
OrinNano1 -->|Logs| Loki
OrinNano2 -->|Logs| Loki
PiHailo -->|Logs| Loki
Bastion -->|Logs| Loki
%% Monitoring
Monitor -->|Dashboards| DevA
Monitor -->|Alerts| DevB
Monitor -->|Metrics| DB
%% Storage
MinIO -->|Backup| DB
Loki -->|Search| Monitor
├── devcontainer/ # VS Code devcontainer configuration
├── docker/ # Multi-arch Dockerfiles
│ ├── ros2-x64/ # x86_64 ROS 2 Humble
│ └── ros2-jetson/ # ARM64 ROS 2 Humble + CUDA
├── docs/ # Documentation
│ ├── architecture.md # System architecture
│ ├── security.md # Security hardening guide
│ └── boards.md # Board specifications
├── infra/ # Infrastructure as Code
│ └── ansible/ # Ansible playbooks
├── scripts/ # Setup and utility scripts
└── .github/ # CI/CD workflows
- Remote Access: Connect via Tailscale tailnet
- Container Development: Use standardized ROS 2 containers
- Code Sync: Git-based development with container mounts
- Testing: Multi-arch CI pipeline
- Deployment: Automated image builds and pushes
- Architecture Guide - System design and data flows
- Security Guide - Hardening and best practices
- Board Specifications - Hardware configurations
- Contributing Guide - Development conventions
- Security Policy - Vulnerability reporting
See CONTRIBUTING.md for development conventions, issue templates, and contribution guidelines.
This project is licensed under the MIT License - see the LICENSE file for details.
- Issues: Use GitHub Issues for bug reports and feature requests
- Security: Report vulnerabilities via SECURITY.md
- Documentation: Check the
docs/directory for detailed guides
Made with ❤️ by the Triton team