# Clawdbot VPS Setup Plan ## Overview Set up Clawdbot on a new dedicated VPS. ## 1. Provision VPS **Provider**: netcup **Plan**: VPS mikro G11s - 4 vCPU, 4GB RAM, 120GB SSD **OS**: Ubuntu 24.04 or Debian 12 **Location**: Nuremberg Manual step: Order from netcup.com, add your SSH key during setup. ## 2. Initial Server Setup ```bash # SSH in as root ssh root@ # Create non-root user adduser usermod -aG sudo # Disable root SSH login sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config systemctl restart sshd # Basic firewall ufw allow OpenSSH ufw enable ``` ## 3. Installation: Ansible Playbook Using clawdbot-ansible for automated setup with security hardening. **Prerequisites on local machine:** - Ansible installed (`brew install ansible` on macOS) - SSH access to VPS configured **Steps:** ```bash # Clone the ansible repo git clone https://github.com/clawdbot/clawdbot-ansible cd clawdbot-ansible # Edit inventory file with new VPS IP # inventory.yml: # all: # hosts: # clawdbot: # ansible_host: # ansible_user: root # Run playbook ansible-playbook -i inventory.yml playbook.yml ``` **What Ansible configures:** - UFW firewall (only SSH + Tailscale exposed) - Tailscale VPN for secure access - Node.js 22 + pnpm - Docker CE (for sandboxed execution) - Clawdbot with systemd service - Security hardening (NoNewPrivileges, PrivateTmp) ## 4. Authentication Setup Use your existing Claude Code subscription (no separate API key needed): ```bash # Option A: Generate setup-token from your local machine claude setup-token # Copy the generated token # Then on the VPS, during Clawdbot onboard clawdbot onboard # Choose "Claude Code CLI" auth method # Paste the setup-token when prompted ``` **Alternative**: If Claude Code CLI is installed on VPS, you can also do OAuth directly: ```bash clawdbot onboard # Choose OAuth, complete browser login ``` This uses your Claude subscription - no API billing. ## 5. Channel Configuration: Discord Discord setup for you and another user (no phone number needed): ### Create Discord Bot 1. Go to [Discord Developer Portal](https://discord.com/developers/applications) 2. New Application → name it "Clawdbot" or similar 3. Go to Bot → Add Bot → Copy **Bot Token** 4. Enable **Message Content Intent** (required) 5. OAuth2 → URL Generator: - Scopes: `bot`, `applications.commands` - Permissions: View Channels, Send Messages, Read Message History, Embed Links, Attach Files ### Create Private Discord Server 1. Create a new Discord server (just for you and another user) 2. Invite the other user 3. Use the generated OAuth2 URL to add the bot ### Configure Clawdbot ```bash # Set the bot token export DISCORD_BOT_TOKEN="your_token_here" # Or add to Clawdbot config clawdbot channels add --channel discord --token "your_token_here" ``` **How it works:** - Message the bot in your private server channel - Both you and the other user can interact in the same channel - DMs to the bot also work (first message requires approval) - Each channel maintains isolated conversation memory ## 6. Admin Access (Tailscale) Tailscale is for **admin access only** (Control UI, logs, SSH). Your Discord interactions with Clawdbot go through Discord's servers directly. ```bash # During/after Ansible run, authenticate Tailscale on VPS tailscale up # Access Control UI via Tailscale IP: http://:18789 ``` ## 7. Maintenance - Clawdbot updates: `npm update -g clawdbot@latest` or `git pull && pnpm build` - Server updates: `apt update && apt upgrade` - Monitor with: `journalctl -u clawdbot -f` (if using systemd) ## Requirements Checklist - [ ] netcup account to order VPS - [ ] Discord account (you and another user) - [ ] Claude Code subscription (you already have this) - [ ] Tailscale account (free tier works) ## Verification After setup: 1. `systemctl status clawdbot` - service running 2. Access Control UI via Tailscale IP 3. Test Discord channel (send yourself a message)