#!/bin/sh # clawdie-iso build configuration # Sourced by build.sh — edit before building FREEBSD_VERSION="15.0-RELEASE" FREEBSD_ARCH="amd64" FREEBSD_RELEASE_SERIES="${FREEBSD_VERSION%-RELEASE}" FREEBSD_ISO_BASE_URL="https://download.freebsd.org/releases/${FREEBSD_ARCH}/${FREEBSD_ARCH}/ISO-IMAGES/${FREEBSD_RELEASE_SERIES}" FREEBSD_MEMSTICK_URL="${FREEBSD_ISO_BASE_URL}/FreeBSD-${FREEBSD_VERSION}-${FREEBSD_ARCH}-memstick.img" FREEBSD_MEMSTICK_SHA256_URL="${FREEBSD_ISO_BASE_URL}/CHECKSUM.SHA256-FreeBSD-${FREEBSD_VERSION}-${FREEBSD_ARCH}" # ISO version metadata. # The ISO carries its own product version — it does NOT borrow a component's # number. Component versions (zot, colibri, clawdie-ai, clawdie-iso) are recorded # as provenance in build-manifest.json. Bump this for each milestone image. ISO_VERSION="${ISO_VERSION:-0.10.0}" BUILD_CHANNEL="${BUILD_CHANNEL:-dev}" # dev | release # Output image # User-facing operator image format: # clawdie---usb-DD.MM.YY.img # # USB KEY SIZING GUIDE: # 32GB USB → IMAGE_SIZE="28G" (current fast-iteration default) # 64GB USB → IMAGE_SIZE="50G" (roomier operator media) # 128GB USB → IMAGE_SIZE="80G" (more offline growth) # # Current validation target: 32GB-class USB sticks. # Raise IMAGE_SIZE manually when the workflow shifts back to larger media. IMAGE_SIZE="28G" # build.sh derives IMAGE_NAME from desktop, the FreeBSD major-version codename, # and the build date. # Clawdie-AI ref to bundle from Forgejo. # Use main for install validation so ISO firstboot exercises the current # post-install setup/token flow. Use --clawdie-version X.Y.Z for release builds. CLAWDIE_VERSION="main" CLAWDIE_REF="${CLAWDIE_REF:-main}" # Default installer choices (can be overridden by setup.txt on the writable USB config partition) DEFAULT_PKG_BRANCH="latest" # latest or quarterly DEFAULT_DESKTOP="xfce" # operator USB desktop # GPU driver variant (set at build time via the GPU_DRIVER environment variable) # intel | amd | nvidia-590 | nvidia-470 | nvidia-390 | vesa | "" (auto-detect) # Use the :- form so an env value (e.g. `GPU_DRIVER=nvidia-590 ./build.sh`) is # honored; a plain GPU_DRIVER="" here would clobber the environment. GPU_DRIVER="${GPU_DRIVER:-}" # Universal NVIDIA lane (opt-in). When YES, the image carries an on-image NVIDIA # pkg repo for all three branches (390/470/580), does NOT bake a single branch, # and clawdie_live_gpu runs in "nvidia-auto": at boot it detects the GPU, installs # the matching branch from the on-image repo, and kldloads it before SDDM. On any # failure it falls back to the integrated/scfb path (never worse than today). # Builds a larger image. Leave NO for single-branch GPU_DRIVER=nvidia-* builds. NVIDIA_UNIVERSAL="${NVIDIA_UNIVERSAL:-NO}" # Deploy target TARGET="baremetal" # vps | baremetal # Cloud pre-bake vars (supplied via --assistant-name, --domain, --tz flags, # or via environment variables). Env vars take precedence. ASSISTANT_NAME="${ASSISTANT_NAME:-}" AGENT_DOMAIN="${AGENT_DOMAIN:-}" AGENT_GENDER="${AGENT_GENDER:-}" TZ="${TZ:-}" # LLM provider/model. Leave blank for post-install setup and Clawdie-AI profile defaults. PI_TUI_PROVIDER="${PI_TUI_PROVIDER:-}" PI_TUI_MODEL="${PI_TUI_MODEL:-}" # API keys (pre-baked for cloud, deferred to web UI for baremetal) ZAI_API_KEY="${ZAI_API_KEY:-}" OPENROUTER_API_KEY="${OPENROUTER_API_KEY:-}" ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY:-}" # Embeddings. Leave base URL blank to let Clawdie-AI choose OpenRouter when # OPENROUTER_API_KEY is present, otherwise local llama-server. EMBED_BASE_URL="${EMBED_BASE_URL:-}" EMBED_MODEL="${EMBED_MODEL:-}" EMBED_API_KEY="${EMBED_API_KEY:-}" EMBED_DIMENSIONS="${EMBED_DIMENSIONS:-1024}" # Canonical build-host source checkout root. Keep all source repos under # /home/clawdie/ai across agents/build hosts so detached worktrees and tmp builds do not # depend on fragile ../ sibling layout. CLAWDIE_AI_REPO="${CLAWDIE_AI_REPO:-/home/clawdie/ai/clawdie-ai}" # Colibri Rust control-plane service for the live operator USB. # The ISO build stages prebuilt FreeBSD release binaries from COLIBRI_REPO or # COLIBRI_ARTIFACT_DIR; it does not compile Rust while the image is mounted. FEATURE_COLIBRI="${FEATURE_COLIBRI:-YES}" COLIBRI_REPO="${COLIBRI_REPO:-/home/clawdie/ai/colibri}" COLIBRI_ARTIFACT_DIR="${COLIBRI_ARTIFACT_DIR:-}" # Auto-start the Colibri daemon at boot. Enabled now that live boot is proven on # AMD hardware. The rc.d service is REQUIRE: LOGIN — it starts after the login # milestone, so it cannot block SDDM/XFCE even if it fails. Pair with the daemon # socket-perms fix (colibri fix-colibri-socket-perms, 0770 socket) so the # operator's colibri-tui can connect; without it the daemon runs but group # operators get EACCES. Still env-overridable: COLIBRI_DAEMON_ENABLE=NO ./build.sh. COLIBRI_DAEMON_ENABLE="${COLIBRI_DAEMON_ENABLE:-YES}" COLIBRI_COST_MODE="${COLIBRI_COST_MODE:-smart}" # `service clawdie` is reserved for installed disk/server systems. The current # live USB does not stage a clawdie rc.d service or mini-binary; it uses the # lightweight `colibri_daemon` control plane directly. Add deployed-system # service packaging only after that implementation is chosen. # Colibri's bundled agent harness (the consolidation target — see colibri ADR # docs/ADR-agent-harness-consolidation.md). Shipped under the colibri umbrella as # a single static Go binary (providers incl. DeepSeek, Telegram bot, json/rpc # modes, SKILL.md, extensions), so it has NO separate feature flag: it stages # automatically whenever FEATURE_COLIBRI=YES. Internal escape hatch only — # COLIBRI_STAGE_AGENT=NO stages the daemon without the agent (debug builds). # Pin a tag for reproducible images; the agent has no FreeBSD release, so the # build host compiles it: (cd $ZOT_REPO && git checkout $ZOT_VERSION && # GOOS=freebsd GOARCH=amd64 go build -trimpath -o bin/zot ./cmd/zot) COLIBRI_STAGE_AGENT="${COLIBRI_STAGE_AGENT:-YES}" ZOT_VERSION="${ZOT_VERSION:-v0.2.29}" ZOT_REPO="${ZOT_REPO:-/home/clawdie/ai/zot}" ZOT_ARTIFACT_DIR="${ZOT_ARTIFACT_DIR:-}" # Optional: bake the operator's DeepSeek key into the agent's auth.json (0600). # Leave blank to stage an auth.json.sample template the operator fills in, or # to configure at runtime via agent env / `zot telegram-bot setup`. ZOT_DEEPSEEK_KEY="${ZOT_DEEPSEEK_KEY:-}" # Local LLM runtime (optional) # Choices: none | ollama | llama_cpp LOCAL_LLM_PROVIDER="${LOCAL_LLM_PROVIDER:-none}" FEATURE_OLLAMA="${FEATURE_OLLAMA:-NO}" FEATURE_LLAMA_CPP="${FEATURE_LLAMA_CPP:-NO}" FEATURE_OLLAMA_HPP="${FEATURE_OLLAMA_HPP:-NO}" OLLAMA_RAM_ESTIMATE="${OLLAMA_RAM_ESTIMATE:-8-16 GB}" OLLAMA_DISK_ESTIMATE="${OLLAMA_DISK_ESTIMATE:-4-20 GB per model}" LLAMA_CPP_RAM_ESTIMATE="${LLAMA_CPP_RAM_ESTIMATE:-8-16 GB}" LLAMA_CPP_DISK_ESTIMATE="${LLAMA_CPP_DISK_ESTIMATE:-4-20 GB per model}" USB_LLM_MODELS_PATH="${USB_LLM_MODELS_PATH:-/mnt/media/llm-models}" # Telegram (pre-baked for cloud, deferred for baremetal) TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-}" TELEGRAM_ADMIN_IDS="${TELEGRAM_ADMIN_IDS:-}" FEATURE_TELEGRAM="${FEATURE_TELEGRAM:-}" # Tailscale (recommended for secure remote access) # On the operator USB, tailscaled is enabled by default. A build may optionally # bake a one-shot TAILSCALE_AUTHKEY for first-boot autojoin, or the operator # can authenticate later with `mdo -u root tailscale up`. The disk installer # firstboot flow on main also uses TAILSCALE_AUTHKEY for unattended join. FEATURE_TAILSCALE="${FEATURE_TAILSCALE:-YES}" TAILSCALE_AUTHKEY="${TAILSCALE_AUTHKEY:-}" # Code hosting (local git + Forgejo by default) CODE_HOSTING_MODE="${CODE_HOSTING_MODE:-git}" FEATURE_GIT="${FEATURE_GIT:-YES}" FEATURE_GITEA="${FEATURE_GITEA:-NO}" FORGEJO_DISK_ESTIMATE="${FORGEJO_DISK_ESTIMATE:-1.2 GB}" # SSH public key (optional, supplied via --ssh-key flag) SSH_PUBLIC_KEY="${SSH_PUBLIC_KEY:-}" # System passwords (optional, supplied via flags) ROOT_PASSWORD="${ROOT_PASSWORD:-}" CLAWDIE_USER_PASSWORD="${CLAWDIE_USER_PASSWORD:-}"