clawdie-iso/build.cfg

#!/bin/sh
# clawdie-iso build configuration
# Sourced by build.sh — edit before building

FREEBSD_VERSION="15.0-RELEASE"
FREEBSD_ARCH="amd64"
FREEBSD_RELEASE_SERIES="${FREEBSD_VERSION%-RELEASE}"
FREEBSD_ISO_BASE_URL="https://download.freebsd.org/releases/${FREEBSD_ARCH}/${FREEBSD_ARCH}/ISO-IMAGES/${FREEBSD_RELEASE_SERIES}"
FREEBSD_MEMSTICK_URL="${FREEBSD_ISO_BASE_URL}/FreeBSD-${FREEBSD_VERSION}-${FREEBSD_ARCH}-memstick.img"
FREEBSD_MEMSTICK_SHA256_URL="${FREEBSD_ISO_BASE_URL}/CHECKSUM.SHA256-FreeBSD-${FREEBSD_VERSION}-${FREEBSD_ARCH}"

# ISO version metadata.
# ISO version is independent from the bundled Clawdie-AI runtime version.
ISO_VERSION="0.1.0"
BUILD_CHANNEL="${BUILD_CHANNEL:-dev}"  # dev | release

# Output image
# User-facing operator image format:
#   clawdie-<desktop>-<freebsd-codename>-usb-DD.MM.YY.img
#
# USB KEY SIZING GUIDE:
#   32GB  USB  → IMAGE_SIZE="28G"  (current fast-iteration default)
#   64GB  USB  → IMAGE_SIZE="50G"  (roomier operator media)
#   128GB USB  → IMAGE_SIZE="80G"  (more offline growth)
#
# Current validation target: 32GB-class USB sticks.
# Raise IMAGE_SIZE manually when the workflow shifts back to larger media.
IMAGE_SIZE="28G"
# build.sh derives IMAGE_NAME from desktop, the FreeBSD major-version codename,
# and the build date.

# Clawdie-AI ref to bundle from Forgejo.
# Use main for install validation so ISO firstboot exercises the current
# post-install setup/token flow. Use --clawdie-version X.Y.Z for release builds.
CLAWDIE_VERSION="main"
CLAWDIE_REF="${CLAWDIE_REF:-main}"

# Default installer choices (can be overridden by setup.txt on the writable USB config partition)
DEFAULT_PKG_BRANCH="latest"     # latest or quarterly
DEFAULT_DESKTOP="xfce"          # operator USB desktop

# GPU driver variant (set at build time via the GPU_DRIVER environment variable)
# intel | amd | nvidia-590 | nvidia-470 | nvidia-390 | vesa | "" (auto-detect)
# Use the :- form so an env value (e.g. `GPU_DRIVER=nvidia-590 ./build.sh`) is
# honored; a plain GPU_DRIVER="" here would clobber the environment.
GPU_DRIVER="${GPU_DRIVER:-}"

# Universal NVIDIA lane (opt-in). When YES, the image carries an on-image NVIDIA
# pkg repo for all three branches (390/470/580), does NOT bake a single branch,
# and clawdie_live_gpu runs in "nvidia-auto": at boot it detects the GPU, installs
# the matching branch from the on-image repo, and kldloads it before SDDM. On any
# failure it falls back to the integrated/scfb path (never worse than today).
# Builds a larger image. Leave NO for single-branch GPU_DRIVER=nvidia-* builds.
NVIDIA_UNIVERSAL="${NVIDIA_UNIVERSAL:-NO}"

# Deploy target
TARGET="baremetal"          # vps | baremetal

# Cloud pre-bake vars (supplied via --assistant-name, --domain, --tz flags,
# or via environment variables). Env vars take precedence.
ASSISTANT_NAME="${ASSISTANT_NAME:-}"
AGENT_DOMAIN="${AGENT_DOMAIN:-}"
AGENT_GENDER="${AGENT_GENDER:-}"
TZ="${TZ:-}"

# LLM provider/model. Leave blank for post-install setup and Clawdie-AI profile defaults.
PI_TUI_PROVIDER="${PI_TUI_PROVIDER:-}"
PI_TUI_MODEL="${PI_TUI_MODEL:-}"

# API keys (pre-baked for cloud, deferred to web UI for baremetal)
ZAI_API_KEY="${ZAI_API_KEY:-}"
OPENROUTER_API_KEY="${OPENROUTER_API_KEY:-}"
ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY:-}"

# Embeddings. Leave base URL blank to let Clawdie-AI choose OpenRouter when
# OPENROUTER_API_KEY is present, otherwise local llama-server.
EMBED_BASE_URL="${EMBED_BASE_URL:-}"
EMBED_MODEL="${EMBED_MODEL:-}"
EMBED_API_KEY="${EMBED_API_KEY:-}"
EMBED_DIMENSIONS="${EMBED_DIMENSIONS:-1024}"

# Canonical build-host source checkout root. Keep all source repos under
# /home/clawdie/ai across agents/build hosts so detached worktrees and tmp builds do not
# depend on fragile ../ sibling layout.
CLAWDIE_AI_REPO="${CLAWDIE_AI_REPO:-/home/clawdie/ai/clawdie-ai}"

# Colibri Rust control-plane service for the live operator USB.
# The ISO build stages prebuilt FreeBSD release binaries from COLIBRI_REPO or
# COLIBRI_ARTIFACT_DIR; it does not compile Rust while the image is mounted.
FEATURE_COLIBRI="${FEATURE_COLIBRI:-YES}"
COLIBRI_REPO="${COLIBRI_REPO:-/home/clawdie/ai/colibri}"
COLIBRI_ARTIFACT_DIR="${COLIBRI_ARTIFACT_DIR:-}"
# Auto-start the Colibri daemon at boot. Enabled now that live boot is proven on
# AMD hardware. The rc.d service is REQUIRE: LOGIN — it starts after the login
# milestone, so it cannot block SDDM/XFCE even if it fails. Pair with the daemon
# socket-perms fix (colibri fix-colibri-socket-perms, 0770 socket) so the
# operator's colibri-tui can connect; without it the daemon runs but group
# operators get EACCES. Still env-overridable: COLIBRI_DAEMON_ENABLE=NO ./build.sh.
COLIBRI_DAEMON_ENABLE="${COLIBRI_DAEMON_ENABLE:-YES}"
COLIBRI_COST_MODE="${COLIBRI_COST_MODE:-smart}"

# Clawdie deployed-system service lane.
# `service clawdie` is the target service name for installed disk/server systems.
# The live USB uses the lightweight `colibri_daemon` service directly; this lane
# is opt-in (default NO) for builds that explicitly validate deployed-system
# behavior. The binary is built from the same /home/clawdie/ai/colibri checkout.
# The two credentials are normally baked into the binary at build time:
#   (cd /home/clawdie/ai/colibri && CLAWDIE_TG_TOKEN=... CLAWDIE_DEEPSEEK_KEY=... \
#       cargo build --release -p clawdie)
# Leave them blank to ship a "bring your own key" binary configured via the
# rc.d env file (/usr/local/etc/clawdie/clawdie.env) at runtime instead.
# CLAWDIE_ENABLE defaults NO for live-USB builds: stage the binary + rc.d for
# explicit deploy-lane tests without making `service clawdie` the live control
# plane. Deployed disk/server images should flip this to YES once the target
# host is meant to boot into the persistent Clawdie service.
FEATURE_CLAWDIE="${FEATURE_CLAWDIE:-NO}"
CLAWDIE_ARTIFACT_DIR="${CLAWDIE_ARTIFACT_DIR:-}"
CLAWDIE_ENABLE="${CLAWDIE_ENABLE:-NO}"

# zot agent harness (the consolidation target — see colibri ADR
# docs/ADR-agent-harness-consolidation.md). zot is a single static Go binary
# (providers incl. DeepSeek, Telegram bot, json/rpc modes, SKILL.md, extensions).
# Opt-in (default NO) while Pi stays the default harness during migration.
# Pin a tag for reproducible images; zot has no FreeBSD release, so the build
# host compiles it: (cd $ZOT_REPO && git checkout $ZOT_VERSION &&
#   GOOS=freebsd GOARCH=amd64 go build -trimpath -o bin/zot ./cmd/zot)
FEATURE_ZOT="${FEATURE_ZOT:-NO}"
ZOT_VERSION="${ZOT_VERSION:-v0.2.29}"
ZOT_REPO="${ZOT_REPO:-/home/clawdie/ai/zot}"
ZOT_ARTIFACT_DIR="${ZOT_ARTIFACT_DIR:-}"
# Optional: bake the operator's DeepSeek key into $ZOT_HOME/auth.json (0600).
# Leave blank to stage an auth.json.sample template the operator fills in, or
# to configure at runtime via `zot` env / `zot telegram-bot setup`.
ZOT_DEEPSEEK_KEY="${ZOT_DEEPSEEK_KEY:-}"

# Local LLM runtime (optional)
# Choices: none | ollama | llama_cpp
LOCAL_LLM_PROVIDER="${LOCAL_LLM_PROVIDER:-none}"
FEATURE_OLLAMA="${FEATURE_OLLAMA:-NO}"
FEATURE_LLAMA_CPP="${FEATURE_LLAMA_CPP:-NO}"
FEATURE_OLLAMA_HPP="${FEATURE_OLLAMA_HPP:-NO}"
OLLAMA_RAM_ESTIMATE="${OLLAMA_RAM_ESTIMATE:-8-16 GB}"
OLLAMA_DISK_ESTIMATE="${OLLAMA_DISK_ESTIMATE:-4-20 GB per model}"
LLAMA_CPP_RAM_ESTIMATE="${LLAMA_CPP_RAM_ESTIMATE:-8-16 GB}"
LLAMA_CPP_DISK_ESTIMATE="${LLAMA_CPP_DISK_ESTIMATE:-4-20 GB per model}"
USB_LLM_MODELS_PATH="${USB_LLM_MODELS_PATH:-/mnt/media/llm-models}"

# Telegram (pre-baked for cloud, deferred for baremetal)
TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-}"
TELEGRAM_ADMIN_IDS="${TELEGRAM_ADMIN_IDS:-}"
FEATURE_TELEGRAM="${FEATURE_TELEGRAM:-}"

# Tailscale (recommended for secure remote access)
# On the operator USB, tailscaled is enabled by default. A build may optionally
# bake a one-shot TAILSCALE_AUTHKEY for first-boot autojoin, or the operator
# can authenticate later with `mdo -u root tailscale up`. The disk installer
# firstboot flow on main also uses TAILSCALE_AUTHKEY for unattended join.
FEATURE_TAILSCALE="${FEATURE_TAILSCALE:-YES}"
TAILSCALE_AUTHKEY="${TAILSCALE_AUTHKEY:-}"

# Code hosting (local git + Forgejo by default)
CODE_HOSTING_MODE="${CODE_HOSTING_MODE:-git}"
FEATURE_GIT="${FEATURE_GIT:-YES}"
FEATURE_GITEA="${FEATURE_GITEA:-NO}"
FORGEJO_DISK_ESTIMATE="${FORGEJO_DISK_ESTIMATE:-1.2 GB}"

# SSH public key (optional, supplied via --ssh-key flag)
SSH_PUBLIC_KEY="${SSH_PUBLIC_KEY:-}"

# System passwords (optional, supplied via flags)
ROOT_PASSWORD="${ROOT_PASSWORD:-}"
CLAWDIE_USER_PASSWORD="${CLAWDIE_USER_PASSWORD:-}"