# OpenBoatmobile

**Deploy OpenClaw agents to Hetzner Cloud or DigitalOcean with one command.**

OpenBoatmobile is a reusable, distributable Terraform repository for spinning up AI agent infrastructure. Choose your provider, set your secrets, and deploy.

## Features

- **Provider-agnostic**: Deploy to Hetzner Cloud or DigitalOcean
- **Full automation**: Server provisioning and either OpenClaw or Hermes installation
- **Tailscale integration**: Secure remote access without exposing ports
- **Secrets management**: Environment-based, no secrets in git
- **One agent focus**: Clean single-agent deployments
- **Discord connectivity**: Quick setup for Discord bot during deployment

## Quick Start

```bash
# Clone
git clone https://github.com/YOUR_USERNAME/openboatmobile-ai.git
cd openboatmobile

# Configure secrets
cp .env.example .env
$EDITOR .env

# Deploy
source .env && terraform init && terraform apply
```

**Documentation:** [GETTING-STARTED.md](docs/GETTING-STARTED.md)

## Cost Comparison

| Provider | Instance | vCPU | RAM | Disk | Price |
|----------|----------|------|-----|------|-------|
| **Hetzner** | cpx21 | 2 | 4 GB | 80 GB | **€4.49/mo** |
| DigitalOcean | s-2vcpu-4gb | 2 | 4 GB | 80 GB | $24/mo |

Hetzner is ~70% cheaper for equivalent specs.

## Documentation

| Document | Purpose |
|----------|---------|
| [GETTING-STARTED.md](docs/GETTING-STARTED.md) | Step-by-step deployment guide |
| [SECRETS.md](docs/SECRETS.md) | Managing API tokens and keys |
| [HETZNER_SETUP.md](docs/HETZNER_SETUP.md) | Hetzner Cloud detailed setup |
| [DIGITALOCEAN_SETUP.md](docs/DIGITALOCEAN_SETUP.md) | DigitalOcean detailed setup |
| [TAILSCALE_SETUP.md](docs/TAILSCALE_SETUP.md) | Secure remote access |
| [DISCORD_SETUP.md](docs/DISCORD_SETUP.md) | Discord bot integration |
| [DOCKER_VS_DIRECT.md](docs/DOCKER_VS_DIRECT.md) | Docker vs direct installation guide |
| [HERMES_DEBUGGING.md](docs/HERMES_DEBUGGING.md) | Debugging Hermes Agent issues |
| [TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) | Common issues and fixes |

## Usage

### 1. Prerequisites

- Terraform >= 1.5.4
- SSH key pair
- Hetzner or DigitalOcean API token
- API key for Venice AI or alternative inference provider
- (Optional) Tailscale auth key
- (Optional) Discord bot token and private server

### 2. Configure Secrets

```bash
cp .env.example .env
$EDITOR .env
```

Required:
```bash
TF_VAR_cloud_provider=hetzner  # or digitalocean
TF_VAR_hcloud_token=your-hetzner-token  # for Hetzner
TF_VAR_venice_api_key=your-venice-key
TF_VAR_ssh_key_names='["your-key-name"]'
```

Optional:
```bash
TF_VAR_docker_enabled=true  # Set to false for direct installation (no Docker)
```

Recommended:
```bash
TF_VAR_enable_tailscale=true
TF_VAR_tailscale_auth_key=tskey-auth-xxxxx
```

### 3. Deploy

```bash
source .env
terraform init
terraform plan
terraform apply
```

### 4. Connect

```bash
# SSH (from Terraform output - username varies by framework)
# For Hermes: ssh hermes@<SERVER_IP>
# For OpenClaw: ssh openclaw@<SERVER_IP>
ssh <USERNAME>@<SERVER_IP>

# Run OpenClaw onboarding (OpenClaw framework only)
openclaw onboard --install-daemon

# If using Tailscale
sudo tailscale serve --bg 18789
```

## Configuration

See [examples/terraform.tfvars.example](examples/terraform.tfvars.example)

## Project Structure

```
openboatmobile/
├── main.tf              # Provider selector
├── variables.tf         # Input variables
├── outputs.tf           # Deployment outputs
├── cloudinit.tf         # Cloud-init config generator
├── providers/
│   ├── digitalocean.tf  # DO-specific resources
│   └── hetzner.tf       # Hetzner-specific resources
├── templates/
│   └── userdata.tpl     # Cloud-init script
├── examples/
│   └── terraform.tfvars.example
├── docs/
│   ├── GETTING-STARTED.md
│   ├── SECRETS.md
│   ├── HETZNER_SETUP.md
│   ├── DIGITALOCEAN_SETUP.md
│   ├── TAILSCALE_SETUP.md
│   ├── DISCORD_SETUP.md
│   └── TROUBLESHOOTING.md
├── .env.example         # Secrets template
├── .gitignore
└── README.md
```

## Security

OpenBoatmobile deploys with security best practices:

| Feature | Description |
|---------|-------------|
| Loopback binding | Gateway binds to 127.0.0.1 only |
| Firewall | SSH-only inbound |
| fail2ban | Brute force protection |
| Auto-updates | Unattended security patches |
| Non-root user | Deploy with dedicated OS user (`hermes` or `openclaw` based on framework) |
| Tailscale | No public HTTPS exposure |

## Support

- [OpenClaw docs](https://docs.openclaw.ai)
- [Hermes docs](https://hermes-agent.nousresearch.com/docs/)

## License

Apache 2.0

## Origin

OpenBoatmobile is part of the **Krusty Planet** project — infrastructure for AI agent deployments.

---