diff --git a/build.cfg b/build.cfg index 3a79883..2f807c0 100644 --- a/build.cfg +++ b/build.cfg @@ -33,7 +33,6 @@ IMAGE_SIZE="50G" # post-install setup/token flow. Use --clawdie-version X.Y.Z for release builds. CLAWDIE_VERSION="main" CLAWDIE_REF="${CLAWDIE_REF:-main}" -CLAWDIE_TARBALL_URL="https://codeberg.org/Clawdie/Clawdie-AI/archive/${CLAWDIE_REF}.tar.gz" # Default installer choices (can be overridden by setup.txt on the writable USB config partition) DEFAULT_PKG_BRANCH="latest" # latest or quarterly @@ -53,7 +52,7 @@ AGENT_DOMAIN="${AGENT_DOMAIN:-}" AGENT_GENDER="${AGENT_GENDER:-}" TZ="${TZ:-}" -# LLM provider (default: zai with glm-5) +# LLM provider/model. Leave blank for post-install setup and Clawdie-AI profile defaults. PI_TUI_PROVIDER="${PI_TUI_PROVIDER:-}" PI_TUI_MODEL="${PI_TUI_MODEL:-}" @@ -62,7 +61,8 @@ ZAI_API_KEY="${ZAI_API_KEY:-}" OPENROUTER_API_KEY="${OPENROUTER_API_KEY:-}" ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY:-}" -# Embeddings (default: OpenRouter with bge-m3) +# Embeddings. Leave base URL blank to let Clawdie-AI choose OpenRouter when +# OPENROUTER_API_KEY is present, otherwise local llama-server. EMBED_BASE_URL="${EMBED_BASE_URL:-}" EMBED_MODEL="${EMBED_MODEL:-}" EMBED_API_KEY="${EMBED_API_KEY:-}" diff --git a/docs/VPS-MIGRATION.md b/docs/VPS-MIGRATION.md index 124a543..0705489 100644 --- a/docs/VPS-MIGRATION.md +++ b/docs/VPS-MIGRATION.md @@ -1,149 +1,76 @@ -# Clawdie-VPS — Linux→FreeBSD Migration for VPS +# VPS / Cloud Deployment Notes -**Status:** Ready for testing — 2026-03-18 -**Target:** Vultr, Hetzner, OVH, any VPS with custom ISO support +**Status:** experimental / legacy path. The primary validation target is the +unified ISO live installer. VPS/cloud deployment remains supported as a design +goal, but the scripts under `vps/` have not yet been brought fully in line with +the current post-install `/setup` flow. + +Use this page as orientation, not as a release checklist. --- -## Quick Start (Vultr) +## Current Direction -### Step 1: Upload mfsBSD ISO +The target VPS flow should match the ISO contract: -1. Download mfsBSD ISO: https://depenguin.me/files/mfsbsd-15.0-RELEASE-amd64.iso -2. In Vultr panel: **Server → Settings → Custom ISO → Upload ISO** -3. Attach the ISO to your server -4. Reboot +1. install FreeBSD 15.x on the VPS, +2. copy the Clawdie firstboot payload, +3. boot into `clawdie-firstboot`, +4. run `just install`, +5. start the loopback-bound controlplane, +6. rotate a one-time setup token, +7. finish provider/model, Telegram, and operator account setup at `/setup`. -### Step 2: Boot and SSH - -After reboot, the server boots into mfsBSD (FreeBSD in RAM): - -```bash -ssh mfsbsd@ -# password: mfsroot -``` - -### Step 3: Run Installer - -```bash -fetch -o - https://clawdie.si/vps-setup.sh | sh -``` - -Or with custom config: - -```bash -fetch -o setup.sh https://clawdie.si/vps-setup.sh -# Edit ASSISTANT_NAME, AGENT_DOMAIN, TZ at the top -vi setup.sh -sh setup.sh -``` - -### Step 4: After Reboot - -```bash -ssh clawdie@ -cd ~/clawdie-ai -just install -``` - -Done! Clawdie-AI is running on FreeBSD. +Provider keys and Telegram credentials are **not** install-time requirements. +They can be pre-baked only for controlled images, but the preferred path is +post-install setup. --- -## How It Works +## Existing Files +```text +vps/ +├── setup.txt.tpl # current preferred config template shape +├── firstboot-vps.sh # legacy/experimental headless firstboot entrypoint +├── clawdie.conf.tpl # deprecated compatibility template +└── clawdie-vps-migrate.sh ``` -Vultr VPS - └─ Boot from mfsBSD ISO (FreeBSD in RAM) - └─ SSH as mfsbsd - └─ Run clawdie-vps-setup.sh - ├─ Partition disk (ZFS) - ├─ Install FreeBSD base - ├─ Configure system (users, network, TZ) - ├─ Install packages (node24, git, tmux, etc.) - ├─ Download Clawdie-AI from Codeberg - ├─ Generate secrets + .env - └─ Reboot -Final boot from HDD - └─ FreeBSD + Clawdie-AI ready - └─ Run: just install -``` +`setup.txt.tpl` now reflects the identity/substrate-first contract. The older +`clawdie.conf.tpl` path is deprecated. --- -## Provider Support +## Provider Notes -| Provider | Method | Difficulty | Notes | -|----------|--------|------------|-------| -| **Vultr** | Custom ISO | Easy ⭐ | Upload mfsBSD ISO directly | -| **Hetzner** | Rescue + depenguin.me | Medium | Use depenguin.me script first | -| **OVH** | Rescue mode | Medium | Same as Hetzner | -| **Hostinger** | Check panel | Unknown | Look for ISO upload or rescue | -| **DigitalOcean** | Recovery console | Hard | No ISO support, use depenguin.me | - ---- - -## Configuration Options - -Edit these at the top of `clawdie-vps-setup.sh`: - -| Variable | Default | Description | -|----------|---------|-------------| -| `ASSISTANT_NAME` | Clawdie | Display name | -| `AGENT_NAME` | clawdie | System hostname (auto-derived) | -| `AGENT_DOMAIN` | clawdie.local | Domain name | -| `TZ` | UTC | Timezone (e.g., Europe/Ljubljana) | -| `PI_PROVIDER` | anthropic | LLM provider | -| `CLAWDIE_VERSION` | 0.8.2 | Clawdie-AI release | - ---- - -## Files - -``` -clawdie-iso/vps/ -├── clawdie-vps-setup.sh ← Main installer (runs on mfsBSD) -├── clawdie-vps-migrate.sh ← Linux→mfsBSD migration (for rescue mode) -├── clawdie.conf.tpl ← Headless config template -└── firstboot-vps.sh ← Alternative: interactive wizard -``` +| Provider | Likely path | Status | +| ---------------- | ----------------------------------- | ------------ | +| Vultr | Custom ISO or mfsBSD rescue | experimental | +| Hetzner / OVH | Rescue shell then FreeBSD bootstrap | experimental | +| DigitalOcean | Recovery console / custom image | hard | +| Generic baremetal| Unified ISO live installer | primary | --- ## Security Notes -1. **Change mfsBSD password** after first SSH if concerned -2. **All secrets auto-generated** with 32-char random strings -3. **.env mode 600** — only clawdie user can read -4. **Wheel group has passwordless sudo** — change if desired +- Prefer Tailscale for remote SSH access when possible. +- If no Tailscale auth key is available, SSH on port 22 remains public and must + be secured by the operator. +- Do not expose `http://127.0.0.1:3100/setup` directly to the public internet. + Use console access or SSH tunneling: ---- - -## Troubleshooting - -### SSH connection refused -- Wait 30-60 seconds after reboot for mfsBSD to start -- Check Vultr console for boot progress - -### Disk not detected -- Check with: `sysctl kern.disks` -- Manually set: `DISK=/dev/da0 ./clawdie-vps-setup.sh` - -### Install fails -- Check internet: `fetch http://example.com` -- Check logs in `/var/log/install.log` - ---- - -## Alternative: Build Custom ISO - -For fully offline installs, you can build a custom mfsBSD ISO with Clawdie pre-bundled: - -```bash -cd clawdie-iso -./build-vps.sh -# Output: tmp/output/clawdie-vps-DD.mmm.YYYY.iso +```sh +ssh -L 3100:127.0.0.1:3100 clawdie@ ``` -This requires more setup and is optional — the script approach above is simpler. +--- + +## Cleanup Needed Before Release + +- Reconcile `firstboot-vps.sh` with the current ISO live firstboot contract. +- Remove the deprecated `clawdie.conf.tpl` path after migration is complete. +- Add a real VPS validation run to `TESTING.md` once the path is exercised. + +**Last updated:** 12.maj.2026 diff --git a/firstboot/MODULE-MANIFEST.md b/firstboot/MODULE-MANIFEST.md index db19f3a..73fe823 100644 --- a/firstboot/MODULE-MANIFEST.md +++ b/firstboot/MODULE-MANIFEST.md @@ -42,8 +42,8 @@ **Wizard Inputs:** None **Outputs (Exports):** -- `ASSISTANT_NAME`, `HOSTNAME`, `AGENT_DOMAIN`, `TZ` -- `OPENROUTER_API_KEY`, `TELEGRAM_BOT_TOKEN`, `TELEGRAM_ADMIN_ID` +- identity/substrate values: `ASSISTANT_NAME`, `HOSTNAME`, `AGENT_DOMAIN`, `TZ` +- optional pre-baked provider/channel values, if present for backward compatibility - `ZFS_POOL`, `ZFS_LAYOUT`, `ZFS_DATA_DISKS`, `ZFS_HOT_SPARES`, `ZFS_PREFIX` - optional hardware hints from `system.env` @@ -52,7 +52,7 @@ **Skip Condition:** - no `CLAWDIE` FAT32 partition found - or `setup.txt` missing -- or one of the three required bootstrap keys is blank +- or identity/substrate values are incomplete for the non-interactive path **Error Handling:** - safe-fail back to wizard @@ -89,13 +89,13 @@ - `TZ` — Timezone (e.g., "Europe/Ljubljana") **Wizard Inputs (Tier 2 - Optional):** -- `LLM_PROVIDER` — default: "anthropic" -- `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, etc. — API keys (optional) -- `TELEGRAM_BOT_TOKEN` — Telegram integration (optional) +- Provider/model values — normally configured after first boot in `/setup` +- Provider API keys — optional backward-compatible pre-bake only +- Telegram credentials — optional backward-compatible pre-bake only **Outputs (Created):** - `$ENV_FILE` — `/home/clawdie/.env` (chmod 600) - - Contains: identity + feature flags from the firstboot wizard + - Contains: identity + feature flags from the live installer handoff or fallback wizard - Copied into: `/home/clawdie/clawdie-ai/.env` by shell-deploy (1.6) - Completed by: Clawdie-AI onboarding (secrets + derived defaults) @@ -609,7 +609,7 @@ Use this manifest to: 3. **Handle wizard tiers:** - Tier 1 (required): ASSISTANT_NAME, AGENT_DOMAIN, TZ - - Tier 2 (optional): LLM_PROVIDER, API keys, Telegram token + - Tier 2 (optional): provider/model and Telegram values for backward-compatible pre-bake 4. **Define checkpoint names** for progress tracking @@ -617,7 +617,7 @@ Use this manifest to: ## Version History -- **v1.0.2** (current): 12 modules, ZFS/desktop/npm-globals, bundled npm CLIs +- **current dev ISO**: live QML installer, post-install setup token, 12 shell modules, ZFS/desktop/npm-globals, bundled npm CLIs - **v0.9.0**: 8 modules, runtime GPU detection, no ZFS/desktop/npm-globals - **v0.5.0**: 6 modules, PF firewall, glasspane VNC support - **v1.1 (planned):** Add shell-gpu-passthrough.sh, add shell-upgrade.sh diff --git a/firstboot/integration-test.sh b/firstboot/integration-test.sh index 9816b5c..c7f1dd8 100755 --- a/firstboot/integration-test.sh +++ b/firstboot/integration-test.sh @@ -83,7 +83,7 @@ touch "$LOG_FILE" "$PROGRESS_FILE" "$RC_CONF" "$LOADER_CONF" "$SYSCTL_CONF" echo "" echo "╔════════════════════════════════════════════════════════════════╗" -echo "║ Clawdie Shell v1.0.2 Integration Test ║" +echo "║ Clawdie Shell Integration Test ║" echo "║ 8-module sequential execution (cloud/VM scenario) ║" echo "╚════════════════════════════════════════════════════════════════╝" echo "" @@ -159,7 +159,7 @@ echo "║ System State: ║" [ -d "$CLAWDIE_AI_DIR" ] && echo "║ Clawdie-AI: deployed ║" || echo "║ Clawdie-AI: MISSING ║" echo "║ ║" -echo "║ GPU Support (v1.0.2): ║" +echo "║ GPU Support: ║" echo "║ ✓ Intel integrated (i915kms) ║" echo "║ ✓ AMD AMDGPU ║" echo "║ ✓ VESA fallback ║" diff --git a/firstboot/shell-env.sh b/firstboot/shell-env.sh index f1063c2..64c3ddd 100755 --- a/firstboot/shell-env.sh +++ b/firstboot/shell-env.sh @@ -100,11 +100,10 @@ clawdie_shell_env_append_new_keys() { fi } - # Keys added in v0.10.x / v1.0.0 that older installs may not have + # Keys added in v0.10.x / v1.0.0 that older installs may not have. + # Do not append provider/model defaults here; Clawdie-AI resolves those at + # runtime unless the operator explicitly configures them. _env_append_if_missing "DB_RUNTIME" '"jail"' - _env_append_if_missing "EMBED_BASE_URL" '"https://openrouter.ai/api/v1"' - _env_append_if_missing "EMBED_MODEL" '"BAAI/bge-m3"' - _env_append_if_missing "EMBED_API_KEY" '""' _env_append_if_missing "EMBED_DIMENSIONS" '"1024"' _env_append_if_missing "LOCAL_LLM_PROVIDER" '"none"' _env_append_if_missing "FEATURE_OLLAMA" '"NO"' @@ -146,6 +145,29 @@ clawdie_shell_env_write_file() { cp_secret=$(openssl rand -base64 32) auth_secret=$(openssl rand -base64 32) + # Provider/model are intentionally unset by default; Clawdie-AI resolves the + # recommended runtime profile and post-install setup writes the operator's + # chosen provider. Embeddings follow the Clawdie-AI default: OpenRouter only + # when an OpenRouter key exists, otherwise local llama-server. + local pi_tui_provider pi_tui_model embed_base_url embed_model embed_api_key + pi_tui_provider="${PI_TUI_PROVIDER:-}" + pi_tui_model="${PI_TUI_MODEL:-}" + if [ -n "${EMBED_BASE_URL:-}" ]; then + embed_base_url="$EMBED_BASE_URL" + elif [ -n "${OPENROUTER_API_KEY:-}" ]; then + embed_base_url="https://openrouter.ai/api/v1" + else + embed_base_url="http://localhost:8080/v1" + fi + embed_model="${EMBED_MODEL:-BAAI/bge-m3}" + if [ -n "${EMBED_API_KEY:-}" ]; then + embed_api_key="$EMBED_API_KEY" + elif [ "$embed_base_url" = "https://openrouter.ai/api/v1" ]; then + embed_api_key="${OPENROUTER_API_KEY:-}" + else + embed_api_key="" + fi + # Remove existing .env if present rm -f "$ENV_FILE" 2>/dev/null || true @@ -174,8 +196,8 @@ SYSTEM_LOCALE="$SYSTEM_LOCALE" KEYMAP="$KEYMAP" # === LLM Provider === -PI_TUI_PROVIDER="${PI_TUI_PROVIDER:-zai}" -PI_TUI_MODEL="${PI_TUI_MODEL:-glm-5}" +PI_TUI_PROVIDER="$pi_tui_provider" +PI_TUI_MODEL="$pi_tui_model" ZAI_API_KEY="${ZAI_API_KEY:-}" ZAI_API_BASE="${ZAI_API_BASE:-https://api.z.ai/api/coding/paas/v4}" OPENROUTER_API_KEY="${OPENROUTER_API_KEY:-}" @@ -183,9 +205,9 @@ ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY:-}" CLAUDE_CODE_OAUTH_TOKEN="${CLAUDE_CODE_OAUTH_TOKEN:-}" # === Embeddings === -EMBED_BASE_URL="${EMBED_BASE_URL:-https://openrouter.ai/api/v1}" -EMBED_MODEL="${EMBED_MODEL:-BAAI/bge-m3}" -EMBED_API_KEY="${EMBED_API_KEY:-}" +EMBED_BASE_URL="$embed_base_url" +EMBED_MODEL="$embed_model" +EMBED_API_KEY="$embed_api_key" EMBED_DIMENSIONS="${EMBED_DIMENSIONS:-1024}" # === Database === diff --git a/vps/setup.txt.tpl b/vps/setup.txt.tpl index 559d78a..e356617 100644 --- a/vps/setup.txt.tpl +++ b/vps/setup.txt.tpl @@ -1,14 +1,13 @@ # setup.txt — Headless VPS installation config # Copy to /usr/local/share/clawdie-iso/setup.txt before running firstboot-vps.sh # -# This is the same first-boot setup contract used by the USB installer. - -OPENROUTER_API_KEY= -TELEGRAM_BOT_TOKEN= -TELEGRAM_ADMIN_ID= +# Provider keys and Telegram are no longer required at install time. Configure +# them after first boot through the Clawdie setup page unless you deliberately +# want to pre-bake credentials for a controlled image. ASSISTANT_NAME=Clawdie HOSTNAME=clawdie +AGENT_DOMAIN=clawdie.home.arpa TIMEZONE=UTC INSTALL_MODE=fresh @@ -18,7 +17,18 @@ ZFS_DATA_DISKS=1 ZFS_HOT_SPARES=0 ZFS_PREFIX=clawdie-runtime -# Optional +# Optional access +# SSH_AUTHORIZED_KEY=ssh-ed25519 AAAA... +# CLAWDIE_USER_PASSWORD= + +# Optional pre-baked provider/channel credentials (prefer post-install /setup) +# OPENROUTER_API_KEY= +# OPENAI_API_KEY= +# ANTHROPIC_API_KEY= +# ZAI_API_KEY= +# TELEGRAM_BOT_TOKEN= +# TELEGRAM_ADMIN_ID= + +# Optional locale # SYSTEM_LOCALE=en_US.UTF-8 # KEYMAP=us -# SSH_AUTHORIZED_KEY=ssh-ed25519 AAAA...