mDNS resolves single-label names under .home.arpa (e.g.
mevy.home.arpa) but cannot resolve multi-label names like
blog.mevy.home.arpa because no single device "owns" the compound
name. The Clawdie multitenant naming policy uses hierarchical site
naming (<site>.<tenant>.<base>), so a local DNS resolver is required.
dnsmasq is a small (~2 MB) FreeBSD-native DNS server used by most
home routers and homelabs. Bundling it with the ISO removes the
"works on my machine" failure mode for fresh installs that try to
reach blog.mevy.home.arpa.
Mirrors the addition that will land in clawdie-ai's
infra/packages/host-baseline.txt once the multitenant naming policy
note is approved.
Generate CONTROLPLANE_SHARED_SECRET and BETTER_AUTH_SECRET at install
time via openssl rand. Add CONTROLPLANE_HOST_IP, CONTROLPLANE_AUTH_MODE,
CONTROLPLANE_PORT, BETTER_AUTH_URL, GIT_LOCAL_URL to both install heredoc
and upgrade append path. Default to bare git repo (CODE_HOSTING_MODE=git)
instead of Forgejo.
---
Build: pass | Tests: not run (Linux) — shell script, bash -n validated
Four critical fixes before v1.0.0 VM test, informed by PC-BSD failure
modes and GhostBSD's improvements:
1. shell-zfs.sh: zpool labelclear on fresh install
Clear ZFS labels from every device that was in the old pool before
bsdinstall writes new ones. Prevents the "can't find pool by GUID"
boot failure that made PC-BSD reinstalls unreliable.
2. shell-zfs.sh: pre-upgrade snapshot
When operator selects Upgrade, take zfs snapshot -r
pool@pre-upgrade-{timestamp} before any changes. One reboot to
roll back if the upgrade goes wrong. UPGRADE_SNAPSHOT exported for
downstream modules to reference.
3. shell-env.sh: never overwrite secrets on upgrade
clawdie_shell_env_generate() now checks CLAWDIE_BOOT_MODE. In
upgrade mode it calls clawdie_shell_env_append_new_keys() instead
of regenerating — reads existing .env and appends only keys that
are absent. Existing DB passwords, JWT secrets, API keys are never
touched. This fixes the root cause of the orphaned-database bug:
new passwords that don't match the existing pool's data.
4. firstboot.sh: module execution matrix via run_step_if
New run_step_if "<modes>" wrapper marks steps as done without
running them when not applicable to the current boot mode.
Upgrade skips: gpu, nvidia, ssh, system, desktop, pf, tailscale
Upgrade runs: pkg, env (append-only), npm-globals, deploy
Prevents SSH key resets, rc.conf overwrites, and firewall rewrites
during upgrade — all of which undid operator customisations.
Also adds INSTALLER-PLAN.md: full architecture plan for unified
GUI/TUI installer with Fresh / Upgrade / Repair modes, boot
environment support, and a clear phase roadmap to v1.1.0.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
shell-deploy.sh was dropping to the clawdie user before running
just install. setup/service.ts checks isRoot() to decide whether
to install the rc.d service or generate start/stop wrappers — so
running as clawdie meant the agent was never registered with
FreeBSD's service manager and never started at boot.
Fix: run the installer as root. setup/service.ts already handles
privilege separation correctly when invoked as root: it writes
/usr/local/etc/rc.d/{agent}, adds -u {agent} to daemon args so
the running process is never root, and chowns data/logs/groups to
the agent user to prevent EACCES on first write.
Also adds DB_RUNTIME to the generated .env seed so operators can
see the jail vs host postgres option without reading the docs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- build.sh now runs npm ci at ISO build time and bundles node_modules into the clawdie-ai payload tarball\n- firstboot deploy ensures node_modules exist (fallback: npm ci, network required)\n- test mode skips venv/model seeding + verify to avoid host side effects\n- docs/tests updated to match
ISO deploy module now runs `just install` (with a dev fallback to `npm run install`) instead of `npm run install-all`, and docs/tests are updated accordingly.
- Updated firstboot completion messages: Aider and Pi now listed as primary harnesses, Codex as optional
- Added [Unreleased] section to CHANGELOG documenting Aider venv provisioning and harness integration
- Reflects completion of Aider+Pi harness migration across clawdie-ai and clawdie-iso
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Bundles the 'just' command runner on the USB image. Provides
discoverable project commands via justfile in Clawdie-AI.
---
Build: pass | Tests: not run (Linux)
Add py311-aider_chat to host baseline for the controlplane harness
(Aider + Pi multi-agent orchestrator). Add forgejo package to jail
list for the code service. Bake ZAI_API_BASE into firstboot .env
to fix litellm endpoint mismatch discovered during Aider testing.
---
Build: pass | Tests: not run (Linux)
Ships @anthropic-ai/claude-code, @google/gemini-cli, and
@mariozechner/pi-coding-agent as prebuilt .tgz tarballs on the install
media so the agent runtime has its CLI dependencies on first boot
without network access.
Critical: installs to /home/clawdie/.npm-global to match the
npm_config_prefix set by shell-system.sh in /etc/profile.d/clawdie.sh,
so the clawdie user's PATH (and the agent's commandExists() probes)
actually resolve the binaries.
- scripts/fetch-npm-globals.sh: npm pack the 3 CLIs into tmp/npm-globals/
- firstboot/shell-npm-globals.sh: offline install as clawdie user with
matching prefix, runs between pkg setup and deploy
- build.sh: fetch + bundle into ${SHARE}/npm-globals/
- firstboot.sh: source module and run_step before deploy
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ANTHROPIC_API_KEY and CLAUDE_CODE_OAUTH_TOKEN as optional password
fields to both shell wizard and GUI installer. Fields flow through to
.env via shell-env.sh. Document /tmp exemption in AGENTS.md.
Fix 2 critical issues preventing Phase 4 from working on FreeBSD:
1. Path Detection (main.cpp:438-447)
- Detect firstboot.sh location at runtime
- Try /usr/local/share/clawdie-iso/firstboot/firstboot.sh (live ISO)
- Fall back to /home/clawdie/clawdie-iso/firstboot/firstboot.sh (dev)
- Error with helpful message if neither found
- Closes blocker: installer now works on both dev + ISO
2. Progress Tracking (firstboot.sh:49-65, 253-262)
- Add optional _step_num parameter to run_step() function
- Write PROGRESS=N to progress file after each step completes
- Update all 10 step calls with step numbers (1-8)
- Closes blocker: progress bar now moves from 0% to 100%
3. Privilege Escalation (main.cpp:460)
- Add sudo wrapper to firstboot.sh execution
- Prompts for password when needed
- Closes blocker: pkg/sysrc operations now succeed
Files changed:
- main.cpp: +13 lines (path detection + sudo)
- firstboot.sh: +7 lines (progress tracking)
All changes validate:
- C++ compiles clean (2 pre-existing warnings)
- Shell syntax valid (sh -n)
- Binary created: 115 KB
Status: Ready for ISO build + FreeBSD testing
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BREAKING CHANGE: Removes --target and --gpu-driver flags, unified ISO for all use cases
## Phase 0: GPU Fix + Unified ISO
### Core Changes
**GPU Package Installation (FIXES CRITICAL GAP):**
- Add clawdie_shell_nvidia_install() function to shell-nvidia.sh
- NVIDIA drivers now installed after detection (previously only configured)
- Works offline (USB packages) or online (pkg install)
- Resolves issue where rc.conf was set but driver not installed
**Unified ISO Architecture:**
- Remove --target flag from build.sh (no more vps/baremetal branching)
- Remove --gpu-driver flag from build.sh (runtime detection instead)
- All packages included on every ISO (desktop + all GPU drivers)
- Single image works on VPS, baremetal, and cloud
**Runtime Detection:**
- Add shell-desktop.sh for display detection at firstboot
- VPS/cloud: no display → lightdm disabled (headless)
- Baremetal: display detected → lightdm enabled (Lumina desktop)
- GPU detection always runs, installs correct driver version
**Sudo Unification:**
- Replace all doas references with sudo across entire codebase
- Update AGENTS.md with system configuration guidelines
- Update all documentation (BUILD.md, README.md, REQUIREMENTS.md, etc.)
- Admin panel now uses sudo for privileged operations
### Files Modified
**Core System:**
- build.sh: Remove target/gpu-driver logic, unified package selection
- firstboot/firstboot.sh: Add desktop detection module
- firstboot/shell-nvidia.sh: Add package installation function (+33 lines)
**New Files:**
- firstboot/shell-desktop.sh: Display detection and desktop enablement
- packages/pkg-list-nvidia-all.txt: All three NVIDIA driver versions (390/470/590)
- .opencode/plans/phase0-gpu-fix-unified-iso.md: Implementation plan
**Documentation:**
- PLAN-UNIFY.md: Update Step 3 for unified approach
- REQUIREMENTS.md: Simplify (no target choice), update for sudo
- BUILD.md: Update for unified ISO, sudo commands
- README.md: Update installation instructions
- AGENTS.md: Add system configuration section (sudo standardization)
- ADMIN-PANEL.md: Update privileged operations to use sudo
- CLAWDIE-SHELL.md: Update example commands to sudo
- CLAWDIE-ISO-REFACTORED.md: Update access paths to sudo
- REFACTOR-SUMMARY.md: Update permissions section to sudo
### Benefits
**Simplicity:**
- One build command: ./build.sh (no flags needed)
- One ISO to test and maintain
- No wrong choices for users
- No documentation explaining target differences
**Flexibility:**
- VPS can use GUI via VNC (wayvnc always available)
- Baremetal can run headless (disable lightdm)
- Repurpose hardware without reinstall
- All GPU drivers available for any hardware
**Technical:**
- Fixes critical GPU driver installation gap
- Runtime detection replaces build-time decisions
- Disk overhead: ~650MB (1-2% of 50GB - acceptable)
- No runtime overhead on VPS (services disabled by detection)
### Testing Required
- [ ] Build unified ISO: ./build.sh
- [ ] Test on VPS (no display): lightdm disabled, packages installed
- [ ] Test on baremetal (display): lightdm enabled, Lumina boots
- [ ] Test on NVIDIA hardware: driver installed and loaded
- [ ] Test sudo commands work without password prompts
- [ ] Verify all doas references removed
- Change default FEATURE_TAILSCALE from NO to YES
- Add build-time warning if TAILSCALE_AUTHKEY not set
- Update firstboot wizard: Tailscale moves to screen 2
- Add summary screen showing Tailscale status
- Update shell-tailscale.sh to handle missing auth key gracefully
- Update BUILD.md with new recommended/optional flow
User experience:
- With auth key: Tailscale auto-connects (secure)
- Without auth key: Warning shown, build continues (public SSH)
- Wizard allows enabling/disabling with clear warnings
No breaking changes - existing builds still work.
- Archive clawdie-shell, merge everything into clawdie-iso
- --target vps|baremetal build flag
- Tailscale mandatory: security perimeter, glasspane feature
- Port shell-pf.sh + NETWORKING.md from clawdie-shell
- Full implementation plan for next agent session
The .env template was missing two vars that src/config.ts reads at
runtime. Without them embeddings silently fall back to wrong defaults
(768 dims vs the 1024 the pgvector schema expects).
- shell-env.sh: add EMBED_API_KEY + EMBED_DIMENSIONS to template
- build.cfg: add matching defaults (1024 dims)
- firstboot.sh: export the new vars
- cloud-path-test.sh: add EMBED var checks (now 19 total)
Build: not tested | Tests: PASS (cloud-path 19/19, integration 7/7)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
