hofmann/gandalf.hofmanns
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
gandalf.hofmanns/AI-SETUP-INSTRUCTIONS.md

4.9 KiB
Raw Blame History

HOFMANNS.AI - SETUP INSTRUCTIONS FOR AI AGENTS

Ziel: Jetson Orin Nano als zentraler Hub mit SSO (Passkeys) + RustDesk

WICHTIG: Architektur

JETSON (192.168.1.50) = MASTER
├── Authentik (SSO mit Face ID / Fingerprint)
├── RustDesk Server (hbbs/hbbr)
├── Alle Services (HA, Whisper, Jellyfin, etc.)
├── Private Daten (Kunden, Source, Docs)
└── Cloudflare Tunnel → *.hofmanns.ai

INFOMANIAK (185.143.102.153) = DEV/PILOT
├── Git Repos
├── Dev Environments
├── AI Agents arbeiten hier
└── Kann jederzeit resettet werden

FILES IN THIS PACKAGE

jetson-setup/
│
├── FOR JETSON (192.168.1.50):
│   ├── setup.sh                 → Run first after JetPack flash
│   ├── docker-compose.yml       → All services including Authentik
│   ├── homepage/                → Dashboard config
│   └── whisper-webui-jetson/    → GPU-accelerated Whisper
│
├── FOR INFOMANIAK (185.143.102.153):
│   └── infomaniak/
│       ├── setup-infomaniak.sh  → Optional dev setup
│       └── docker-compose.yml   → Dev services only
│
└── DOCUMENTATION:
    ├── CHAT-SUMMARY-COMPLETE.md → Full context
    ├── README.md                → User guide
    └── AI-SETUP-INSTRUCTIONS.md → This file

JETSON SETUP STEPS

1. Flash JetPack (on Ubuntu PC with SDK Manager)

# Jetson in Recovery Mode
# SDK Manager → Jetson Orin Nano 8GB → JetPack 6.x → NVMe

2. First Boot Config

# After first boot, copy files to Jetson
scp -r jetson-setup/ d@192.168.1.50:~/

# SSH to Jetson
ssh d@192.168.1.50

# Run setup
cd ~/jetson-setup
chmod +x setup.sh
sudo ./setup.sh
sudo reboot

3. Start Services

cd ~/docker
docker-compose up -d

4. Configure Authentik

  1. Open: http://192.168.1.50:9000/if/flow/initial-setup/
  2. Create admin account
  3. Enable WebAuthn/Passkeys:
    • Admin → Flows → default-authentication-flow
    • Add Stage: "authenticator_validate" with WebAuthn
  4. Create Application for each service
  5. Set up Forward Auth proxy

5. Configure Cloudflare Tunnel

# Install cloudflared
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64 -o cloudflared
chmod +x cloudflared
sudo mv cloudflared /usr/local/bin/

# Login and create tunnel
cloudflared tunnel login
cloudflared tunnel create jetson-home

# Configure tunnel
cat > ~/.cloudflared/config.yml << EOF
tunnel: <TUNNEL_ID>
credentials-file: /home/d/.cloudflared/<TUNNEL_ID>.json

ingress:
  - hostname: auth.hofmanns.ai
    service: http://localhost:9000
  - hostname: portal.hofmanns.ai
    service: http://localhost:3001
  - hostname: home.hofmanns.ai
    service: http://localhost:8123
  - hostname: whisper.hofmanns.ai
    service: http://localhost:7860
  - hostname: files.hofmanns.ai
    service: http://localhost:8081
  - hostname: "*.hofmanns.ai"
    service: http://localhost:80
  - service: http_status:404
EOF

# Run as service
sudo cloudflared service install
sudo systemctl enable cloudflared
sudo systemctl start cloudflared

6. DNS Records (Cloudflare)

Type Name Content
CNAME auth <TUNNEL_ID>.cfargotunnel.com
CNAME portal <TUNNEL_ID>.cfargotunnel.com
CNAME home <TUNNEL_ID>.cfargotunnel.com
CNAME whisper <TUNNEL_ID>.cfargotunnel.com
CNAME files <TUNNEL_ID>.cfargotunnel.com

7. Register Passkeys

  1. Open auth.hofmanns.ai on each device
  2. Login with initial password
  3. Settings → MFA → Add WebAuthn Device
  4. Use Face ID / Fingerprint to register
  5. Done - no more passwords needed

RUSTDESK SETUP

Server runs on Jetson:

# After docker-compose up, get the key:
cat ~/docker/rustdesk/id_ed25519.pub

Client Config (all devices):

Setting Value
ID Server jetson.hofmanns.ai (or via tunnel)
Relay Server jetson.hofmanns.ai
Key (from id_ed25519.pub)

PORTS OVERVIEW

Jetson (192.168.1.50):

Port Service
80 Nginx Proxy Manager
443 Nginx Proxy Manager (SSL)
81 NPM Admin UI
3001 Homepage Dashboard
8123 Home Assistant
9000 Authentik
9090 Cockpit
7860 Whisper
8096 Jellyfin
8081 FileBrowser
8384 Syncthing
11434 Ollama
21115-21119 RustDesk

USER REQUIREMENTS

  • NO passwords - only Face ID / Fingerprint
  • NO email codes - Passkeys only
  • NO 2FA apps - device IS the auth
  • ONE login - session stays active
  • ALL devices - Quest 3, Android, Laptop, TV
  • Browser-based - no apps needed (except RustDesk client)

RESULT

After setup, user experience:

  1. Open browser → portal.hofmanns.ai
  2. Touch finger OR show face
  3. Done. Everything accessible. All day.

Package created: December 2025 For: Dee / hofmanns.ai / DOUANA® By: Claude (Anthropic)