# HOFMANNS.AI - SETUP INSTRUCTIONS FOR AI AGENTS **Ziel:** Jetson Orin Nano als zentraler Hub mit SSO (Passkeys) + RustDesk --- ## WICHTIG: Architektur ``` JETSON (192.168.1.50) = MASTER ├── Authentik (SSO mit Face ID / Fingerprint) ├── RustDesk Server (hbbs/hbbr) ├── Alle Services (HA, Whisper, Jellyfin, etc.) ├── Private Daten (Kunden, Source, Docs) └── Cloudflare Tunnel → *.hofmanns.ai INFOMANIAK (185.143.102.153) = DEV/PILOT ├── Git Repos ├── Dev Environments ├── AI Agents arbeiten hier └── Kann jederzeit resettet werden ``` --- ## FILES IN THIS PACKAGE ``` jetson-setup/ │ ├── FOR JETSON (192.168.1.50): │ ├── setup.sh → Run first after JetPack flash │ ├── docker-compose.yml → All services including Authentik │ ├── homepage/ → Dashboard config │ └── whisper-webui-jetson/ → GPU-accelerated Whisper │ ├── FOR INFOMANIAK (185.143.102.153): │ └── infomaniak/ │ ├── setup-infomaniak.sh → Optional dev setup │ └── docker-compose.yml → Dev services only │ └── DOCUMENTATION: ├── CHAT-SUMMARY-COMPLETE.md → Full context ├── README.md → User guide └── AI-SETUP-INSTRUCTIONS.md → This file ``` --- ## JETSON SETUP STEPS ### 1. Flash JetPack (on Ubuntu PC with SDK Manager) ```bash # Jetson in Recovery Mode # SDK Manager → Jetson Orin Nano 8GB → JetPack 6.x → NVMe ``` ### 2. First Boot Config ```bash # After first boot, copy files to Jetson scp -r jetson-setup/ d@192.168.1.50:~/ # SSH to Jetson ssh d@192.168.1.50 # Run setup cd ~/jetson-setup chmod +x setup.sh sudo ./setup.sh sudo reboot ``` ### 3. Start Services ```bash cd ~/docker docker-compose up -d ``` ### 4. Configure Authentik 1. Open: `http://192.168.1.50:9000/if/flow/initial-setup/` 2. Create admin account 3. Enable WebAuthn/Passkeys: - Admin → Flows → default-authentication-flow - Add Stage: "authenticator_validate" with WebAuthn 4. Create Application for each service 5. Set up Forward Auth proxy ### 5. Configure Cloudflare Tunnel ```bash # Install cloudflared curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64 -o cloudflared chmod +x cloudflared sudo mv cloudflared /usr/local/bin/ # Login and create tunnel cloudflared tunnel login cloudflared tunnel create jetson-home # Configure tunnel cat > ~/.cloudflared/config.yml << EOF tunnel: credentials-file: /home/d/.cloudflared/.json ingress: - hostname: auth.hofmanns.ai service: http://localhost:9000 - hostname: portal.hofmanns.ai service: http://localhost:3001 - hostname: home.hofmanns.ai service: http://localhost:8123 - hostname: whisper.hofmanns.ai service: http://localhost:7860 - hostname: files.hofmanns.ai service: http://localhost:8081 - hostname: "*.hofmanns.ai" service: http://localhost:80 - service: http_status:404 EOF # Run as service sudo cloudflared service install sudo systemctl enable cloudflared sudo systemctl start cloudflared ``` ### 6. DNS Records (Cloudflare) | Type | Name | Content | |------|------|---------| | CNAME | auth | .cfargotunnel.com | | CNAME | portal | .cfargotunnel.com | | CNAME | home | .cfargotunnel.com | | CNAME | whisper | .cfargotunnel.com | | CNAME | files | .cfargotunnel.com | ### 7. Register Passkeys 1. Open auth.hofmanns.ai on each device 2. Login with initial password 3. Settings → MFA → Add WebAuthn Device 4. Use Face ID / Fingerprint to register 5. Done - no more passwords needed --- ## RUSTDESK SETUP ### Server runs on Jetson: ```bash # After docker-compose up, get the key: cat ~/docker/rustdesk/id_ed25519.pub ``` ### Client Config (all devices): | Setting | Value | |---------|-------| | ID Server | jetson.hofmanns.ai (or via tunnel) | | Relay Server | jetson.hofmanns.ai | | Key | (from id_ed25519.pub) | --- ## PORTS OVERVIEW ### Jetson (192.168.1.50): | Port | Service | |------|---------| | 80 | Nginx Proxy Manager | | 443 | Nginx Proxy Manager (SSL) | | 81 | NPM Admin UI | | 3001 | Homepage Dashboard | | 8123 | Home Assistant | | 9000 | Authentik | | 9090 | Cockpit | | 7860 | Whisper | | 8096 | Jellyfin | | 8081 | FileBrowser | | 8384 | Syncthing | | 11434 | Ollama | | 21115-21119 | RustDesk | --- ## USER REQUIREMENTS - **NO passwords** - only Face ID / Fingerprint - **NO email codes** - Passkeys only - **NO 2FA apps** - device IS the auth - **ONE login** - session stays active - **ALL devices** - Quest 3, Android, Laptop, TV - **Browser-based** - no apps needed (except RustDesk client) --- ## RESULT After setup, user experience: 1. Open browser → portal.hofmanns.ai 2. Touch finger OR show face 3. **Done. Everything accessible. All day.** --- **Package created:** December 2025 **For:** Dee / hofmanns.ai / DOUANA® **By:** Claude (Anthropic)