mDNS resolves single-label names under .home.arpa (e.g.
mevy.home.arpa) but cannot resolve multi-label names like
blog.mevy.home.arpa because no single device "owns" the compound
name. The Clawdie multitenant naming policy uses hierarchical site
naming (<site>.<tenant>.<base>), so a local DNS resolver is required.
dnsmasq is a small (~2 MB) FreeBSD-native DNS server used by most
home routers and homelabs. Bundling it with the ISO removes the
"works on my machine" failure mode for fresh installs that try to
reach blog.mevy.home.arpa.
Mirrors the addition that will land in clawdie-ai's
infra/packages/host-baseline.txt once the multitenant naming policy
note is approved.
Bundles the 'just' command runner on the USB image. Provides
discoverable project commands via justfile in Clawdie-AI.
---
Build: pass | Tests: not run (Linux)
Add py311-aider_chat to host baseline for the controlplane harness
(Aider + Pi multi-agent orchestrator). Add forgejo package to jail
list for the code service. Bake ZAI_API_BASE into firstboot .env
to fix litellm endpoint mismatch discovered during Aider testing.
---
Build: pass | Tests: not run (Linux)
BREAKING CHANGE: Removes --target and --gpu-driver flags, unified ISO for all use cases
## Phase 0: GPU Fix + Unified ISO
### Core Changes
**GPU Package Installation (FIXES CRITICAL GAP):**
- Add clawdie_shell_nvidia_install() function to shell-nvidia.sh
- NVIDIA drivers now installed after detection (previously only configured)
- Works offline (USB packages) or online (pkg install)
- Resolves issue where rc.conf was set but driver not installed
**Unified ISO Architecture:**
- Remove --target flag from build.sh (no more vps/baremetal branching)
- Remove --gpu-driver flag from build.sh (runtime detection instead)
- All packages included on every ISO (desktop + all GPU drivers)
- Single image works on VPS, baremetal, and cloud
**Runtime Detection:**
- Add shell-desktop.sh for display detection at firstboot
- VPS/cloud: no display → lightdm disabled (headless)
- Baremetal: display detected → lightdm enabled (Lumina desktop)
- GPU detection always runs, installs correct driver version
**Sudo Unification:**
- Replace all doas references with sudo across entire codebase
- Update AGENTS.md with system configuration guidelines
- Update all documentation (BUILD.md, README.md, REQUIREMENTS.md, etc.)
- Admin panel now uses sudo for privileged operations
### Files Modified
**Core System:**
- build.sh: Remove target/gpu-driver logic, unified package selection
- firstboot/firstboot.sh: Add desktop detection module
- firstboot/shell-nvidia.sh: Add package installation function (+33 lines)
**New Files:**
- firstboot/shell-desktop.sh: Display detection and desktop enablement
- packages/pkg-list-nvidia-all.txt: All three NVIDIA driver versions (390/470/590)
- .opencode/plans/phase0-gpu-fix-unified-iso.md: Implementation plan
**Documentation:**
- PLAN-UNIFY.md: Update Step 3 for unified approach
- REQUIREMENTS.md: Simplify (no target choice), update for sudo
- BUILD.md: Update for unified ISO, sudo commands
- README.md: Update installation instructions
- AGENTS.md: Add system configuration section (sudo standardization)
- ADMIN-PANEL.md: Update privileged operations to use sudo
- CLAWDIE-SHELL.md: Update example commands to sudo
- CLAWDIE-ISO-REFACTORED.md: Update access paths to sudo
- REFACTOR-SUMMARY.md: Update permissions section to sudo
### Benefits
**Simplicity:**
- One build command: ./build.sh (no flags needed)
- One ISO to test and maintain
- No wrong choices for users
- No documentation explaining target differences
**Flexibility:**
- VPS can use GUI via VNC (wayvnc always available)
- Baremetal can run headless (disable lightdm)
- Repurpose hardware without reinstall
- All GPU drivers available for any hardware
**Technical:**
- Fixes critical GPU driver installation gap
- Runtime detection replaces build-time decisions
- Disk overhead: ~650MB (1-2% of 50GB - acceptable)
- No runtime overhead on VPS (services disabled by detection)
### Testing Required
- [ ] Build unified ISO: ./build.sh
- [ ] Test on VPS (no display): lightdm disabled, packages installed
- [ ] Test on baremetal (display): lightdm enabled, Lumina boots
- [ ] Test on NVIDIA hardware: driver installed and loaded
- [ ] Test sudo commands work without password prompts
- [ ] Verify all doas references removed
- Create packages/pkg-list-lumina.txt with Lumina desktop environment packages
- Delete pkg-list-xfce.txt, pkg-list-mate.txt, pkg-list-kde.txt
- Remove desktop-installer from pkg-list-desktop-base.txt
- build.cfg: DEFAULT_DESKTOP=lumina (sole supported DE)
- build.sh: use pkg-list-lumina.txt instead of pkg-list-xfce.txt
- BUILD.md: update DEFAULT_DESKTOP comment
- CLAWDIE-ISO.md: add deprecation notice, update all DE references to Lumina only
Lumina is the sole supported FreeBSD-native desktop environment as per
LUMINA-INTEGRATION.md and CLAWDIE-ISO-REFACTORED.md specifications.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Rename all modules: clawdie-shell-{func}.sh → shell-{func}.sh
- Update references in firstboot.sh and installerconfig
- Update self-detection case statements in each module
- Reduces naming redundancy and improves clarity
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Create versioned NVIDIA driver package lists to support 6 GPU-specific ISO variants:
- pkg-list-nvidia-590.txt: Maxwell & newer (GTX 750 Ti+, RTX 20/30/40)
- pkg-list-nvidia-470.txt: Kepler (GTX 600/700, Titan Black)
- pkg-list-nvidia-390.txt: Fermi (GTX 400/500)
Each includes the appropriate driver version and nvidia-settings for clean, per-variant bundling. The old pkg-list-nvidia.txt is deprecated but kept for reference.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
.forgejo/workflows/build.yml:
- Forgejo Actions pipeline: push to main + weekly cron + manual dispatch
- Two-stage: fetch-only (no root) → assemble ISO (root via sudo)
- Publishes ISO to CMS nginx downloads; Codeberg release entry (metadata only)
- Uploads packages/ as workflow artifact for pkg-cache seeding
packages/:
- pkg-list-host.txt — host baseline (mirrors clawdie-ai infra/packages/)
- pkg-list-jails.txt — union of all jail package lists
- pkg-list-desktop-base.txt — Xorg + drm base for all DEs
- pkg-list-xfce.txt / kde.txt / mate.txt / nvidia.txt — per-DE packages
build.sh:
- --fetch-only flag: downloads packages + memstick, no root, CI step 1
- Real pkg fetch loop: reads all pkg-list-*.txt, deduplicates, runs pkg fetch
- pkg repo step: generates offline repo metadata after fetch
- Resolves "latest" Clawdie version via Codeberg API
firstboot/firstboot.sh:
- Seeds zroot/pkg-cache from USB packages/ after desktop install
- npm run install-all runs fully offline — no internet needed for jails
- Creates ZFS dataset if not present, falls back to plain directory
runner/README.md:
- forgejo-runner install + register on FreeBSD
- Scoped sudoers entry (build.sh + publish.sh only)
- rc.d service setup
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
