216 lines
4.9 KiB
Markdown
216 lines
4.9 KiB
Markdown
# HOFMANNS.AI - SETUP INSTRUCTIONS FOR AI AGENTS
|
|
|
|
**Ziel:** Jetson Orin Nano als zentraler Hub mit SSO (Passkeys) + RustDesk
|
|
|
|
---
|
|
|
|
## WICHTIG: Architektur
|
|
|
|
```
|
|
JETSON (192.168.1.50) = MASTER
|
|
├── Authentik (SSO mit Face ID / Fingerprint)
|
|
├── RustDesk Server (hbbs/hbbr)
|
|
├── Alle Services (HA, Whisper, Jellyfin, etc.)
|
|
├── Private Daten (Kunden, Source, Docs)
|
|
└── Cloudflare Tunnel → *.hofmanns.ai
|
|
|
|
INFOMANIAK (185.143.102.153) = DEV/PILOT
|
|
├── Git Repos
|
|
├── Dev Environments
|
|
├── AI Agents arbeiten hier
|
|
└── Kann jederzeit resettet werden
|
|
```
|
|
|
|
---
|
|
|
|
## FILES IN THIS PACKAGE
|
|
|
|
```
|
|
jetson-setup/
|
|
│
|
|
├── FOR JETSON (192.168.1.50):
|
|
│ ├── setup.sh → Run first after JetPack flash
|
|
│ ├── docker-compose.yml → All services including Authentik
|
|
│ ├── homepage/ → Dashboard config
|
|
│ └── whisper-webui-jetson/ → GPU-accelerated Whisper
|
|
│
|
|
├── FOR INFOMANIAK (185.143.102.153):
|
|
│ └── infomaniak/
|
|
│ ├── setup-infomaniak.sh → Optional dev setup
|
|
│ └── docker-compose.yml → Dev services only
|
|
│
|
|
└── DOCUMENTATION:
|
|
├── CHAT-SUMMARY-COMPLETE.md → Full context
|
|
├── README.md → User guide
|
|
└── AI-SETUP-INSTRUCTIONS.md → This file
|
|
```
|
|
|
|
---
|
|
|
|
## JETSON SETUP STEPS
|
|
|
|
### 1. Flash JetPack (on Ubuntu PC with SDK Manager)
|
|
|
|
```bash
|
|
# Jetson in Recovery Mode
|
|
# SDK Manager → Jetson Orin Nano 8GB → JetPack 6.x → NVMe
|
|
```
|
|
|
|
### 2. First Boot Config
|
|
|
|
```bash
|
|
# After first boot, copy files to Jetson
|
|
scp -r jetson-setup/ d@192.168.1.50:~/
|
|
|
|
# SSH to Jetson
|
|
ssh d@192.168.1.50
|
|
|
|
# Run setup
|
|
cd ~/jetson-setup
|
|
chmod +x setup.sh
|
|
sudo ./setup.sh
|
|
sudo reboot
|
|
```
|
|
|
|
### 3. Start Services
|
|
|
|
```bash
|
|
cd ~/docker
|
|
docker-compose up -d
|
|
```
|
|
|
|
### 4. Configure Authentik
|
|
|
|
1. Open: `http://192.168.1.50:9000/if/flow/initial-setup/`
|
|
2. Create admin account
|
|
3. Enable WebAuthn/Passkeys:
|
|
- Admin → Flows → default-authentication-flow
|
|
- Add Stage: "authenticator_validate" with WebAuthn
|
|
4. Create Application for each service
|
|
5. Set up Forward Auth proxy
|
|
|
|
### 5. Configure Cloudflare Tunnel
|
|
|
|
```bash
|
|
# Install cloudflared
|
|
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64 -o cloudflared
|
|
chmod +x cloudflared
|
|
sudo mv cloudflared /usr/local/bin/
|
|
|
|
# Login and create tunnel
|
|
cloudflared tunnel login
|
|
cloudflared tunnel create jetson-home
|
|
|
|
# Configure tunnel
|
|
cat > ~/.cloudflared/config.yml << EOF
|
|
tunnel: <TUNNEL_ID>
|
|
credentials-file: /home/d/.cloudflared/<TUNNEL_ID>.json
|
|
|
|
ingress:
|
|
- hostname: auth.hofmanns.ai
|
|
service: http://localhost:9000
|
|
- hostname: portal.hofmanns.ai
|
|
service: http://localhost:3001
|
|
- hostname: home.hofmanns.ai
|
|
service: http://localhost:8123
|
|
- hostname: whisper.hofmanns.ai
|
|
service: http://localhost:7860
|
|
- hostname: files.hofmanns.ai
|
|
service: http://localhost:8081
|
|
- hostname: "*.hofmanns.ai"
|
|
service: http://localhost:80
|
|
- service: http_status:404
|
|
EOF
|
|
|
|
# Run as service
|
|
sudo cloudflared service install
|
|
sudo systemctl enable cloudflared
|
|
sudo systemctl start cloudflared
|
|
```
|
|
|
|
### 6. DNS Records (Cloudflare)
|
|
|
|
| Type | Name | Content |
|
|
|------|------|---------|
|
|
| CNAME | auth | <TUNNEL_ID>.cfargotunnel.com |
|
|
| CNAME | portal | <TUNNEL_ID>.cfargotunnel.com |
|
|
| CNAME | home | <TUNNEL_ID>.cfargotunnel.com |
|
|
| CNAME | whisper | <TUNNEL_ID>.cfargotunnel.com |
|
|
| CNAME | files | <TUNNEL_ID>.cfargotunnel.com |
|
|
|
|
### 7. Register Passkeys
|
|
|
|
1. Open auth.hofmanns.ai on each device
|
|
2. Login with initial password
|
|
3. Settings → MFA → Add WebAuthn Device
|
|
4. Use Face ID / Fingerprint to register
|
|
5. Done - no more passwords needed
|
|
|
|
---
|
|
|
|
## RUSTDESK SETUP
|
|
|
|
### Server runs on Jetson:
|
|
|
|
```bash
|
|
# After docker-compose up, get the key:
|
|
cat ~/docker/rustdesk/id_ed25519.pub
|
|
```
|
|
|
|
### Client Config (all devices):
|
|
|
|
| Setting | Value |
|
|
|---------|-------|
|
|
| ID Server | jetson.hofmanns.ai (or via tunnel) |
|
|
| Relay Server | jetson.hofmanns.ai |
|
|
| Key | (from id_ed25519.pub) |
|
|
|
|
---
|
|
|
|
## PORTS OVERVIEW
|
|
|
|
### Jetson (192.168.1.50):
|
|
|
|
| Port | Service |
|
|
|------|---------|
|
|
| 80 | Nginx Proxy Manager |
|
|
| 443 | Nginx Proxy Manager (SSL) |
|
|
| 81 | NPM Admin UI |
|
|
| 3001 | Homepage Dashboard |
|
|
| 8123 | Home Assistant |
|
|
| 9000 | Authentik |
|
|
| 9090 | Cockpit |
|
|
| 7860 | Whisper |
|
|
| 8096 | Jellyfin |
|
|
| 8081 | FileBrowser |
|
|
| 8384 | Syncthing |
|
|
| 11434 | Ollama |
|
|
| 21115-21119 | RustDesk |
|
|
|
|
---
|
|
|
|
## USER REQUIREMENTS
|
|
|
|
- **NO passwords** - only Face ID / Fingerprint
|
|
- **NO email codes** - Passkeys only
|
|
- **NO 2FA apps** - device IS the auth
|
|
- **ONE login** - session stays active
|
|
- **ALL devices** - Quest 3, Android, Laptop, TV
|
|
- **Browser-based** - no apps needed (except RustDesk client)
|
|
|
|
---
|
|
|
|
## RESULT
|
|
|
|
After setup, user experience:
|
|
|
|
1. Open browser → portal.hofmanns.ai
|
|
2. Touch finger OR show face
|
|
3. **Done. Everything accessible. All day.**
|
|
|
|
---
|
|
|
|
**Package created:** December 2025
|
|
**For:** Dee / hofmanns.ai / DOUANA®
|
|
**By:** Claude (Anthropic)
|