2026-05-12 19:58:33 +02:00
|
|
|
# VPS / Cloud Deployment Notes
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
**Status:** experimental / legacy path. The primary validation target is the
|
|
|
|
|
unified ISO live installer. VPS/cloud deployment remains supported as a design
|
|
|
|
|
goal, but the scripts under `vps/` have not yet been brought fully in line with
|
|
|
|
|
the current post-install `/setup` flow.
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
Use this page as orientation, not as a release checklist.
|
2026-04-05 09:04:45 +00:00
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
## Current Direction
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
The target VPS flow should match the ISO contract:
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
1. install FreeBSD 15.x on the VPS,
|
|
|
|
|
2. copy the Clawdie firstboot payload,
|
|
|
|
|
3. boot into `clawdie-firstboot`,
|
|
|
|
|
4. run `just install`,
|
|
|
|
|
5. start the loopback-bound controlplane,
|
|
|
|
|
6. rotate a one-time setup token,
|
|
|
|
|
7. finish provider/model, Telegram, and operator account setup at `/setup`.
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
Provider keys and Telegram credentials are **not** install-time requirements.
|
|
|
|
|
They can be pre-baked only for controlled images, but the preferred path is
|
|
|
|
|
post-install setup.
|
2026-04-05 09:04:45 +00:00
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
## Existing Files
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
```text
|
|
|
|
|
vps/
|
|
|
|
|
├── setup.txt.tpl # current preferred config template shape
|
|
|
|
|
├── firstboot-vps.sh # legacy/experimental headless firstboot entrypoint
|
|
|
|
|
├── clawdie.conf.tpl # deprecated compatibility template
|
|
|
|
|
└── clawdie-vps-migrate.sh
|
|
|
|
|
```
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
`setup.txt.tpl` now reflects the identity/substrate-first contract. The older
|
|
|
|
|
`clawdie.conf.tpl` path is deprecated.
|
2026-04-05 09:04:45 +00:00
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
## Provider Notes
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
| Provider | Likely path | Status |
|
|
|
|
|
| ---------------- | ----------------------------------- | ------------ |
|
|
|
|
|
| Vultr | Custom ISO or mfsBSD rescue | experimental |
|
|
|
|
|
| Hetzner / OVH | Rescue shell then FreeBSD bootstrap | experimental |
|
|
|
|
|
| DigitalOcean | Recovery console / custom image | hard |
|
|
|
|
|
| Generic baremetal| Unified ISO live installer | primary |
|
2026-04-05 09:04:45 +00:00
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
## Security Notes
|
|
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
- Prefer Tailscale for remote SSH access when possible.
|
|
|
|
|
- If no Tailscale auth key is available, SSH on port 22 remains public and must
|
|
|
|
|
be secured by the operator.
|
|
|
|
|
- Do not expose `http://127.0.0.1:3100/setup` directly to the public internet.
|
|
|
|
|
Use console access or SSH tunneling:
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
```sh
|
|
|
|
|
ssh -L 3100:127.0.0.1:3100 clawdie@<host>
|
|
|
|
|
```
|
2026-04-05 09:04:45 +00:00
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
## Cleanup Needed Before Release
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
- Reconcile `firstboot-vps.sh` with the current ISO live firstboot contract.
|
|
|
|
|
- Remove the deprecated `clawdie.conf.tpl` path after migration is complete.
|
|
|
|
|
- Add a real VPS validation run to `TESTING.md` once the path is exercised.
|
2026-04-05 09:04:45 +00:00
|
|
|
|
2026-05-12 19:58:33 +02:00
|
|
|
**Last updated:** 12.maj.2026
|
