pull down to refresh

150 sats \ 1 reply \ @itsrealfake 2h \ parent \ on: Pi: The Minimal Agent Within OpenClaw AI
It all runs in heavily isolated environments

can you elaborate on this a bit? (please)

I'm interested to improve my adoption of these robots, and i'm fairly technical... but haven't really explored using them more creatively, i.e. outside of my dayjob, or for web application development

write
preview
202 sats \ 0 replies \ @optimism 1h

Sure. Basically, never expose anything anywhere, like you would in prod:

  • Don't use services like github.
  • Don't ssh straight into environments, use a stepping stone
  • wireguard between all your servers
  • everything firewalled, including for outgoing.
  • don't expose LLM to production ever. Give it a user on your forge (gitea / forgejo).
  • if you have apps, isolate them at the very least in docker containers, plan your network, also between docker containers
  • dont expose anything to the public, ever. if you need web access, use mtls with your own ca, haproxy everything
  • monitor everything

something like so:

/-----\          /------\
| you | --ssh--> | step |---wg-
\-----/          \------/     |
   |           /     | wg     |
 mtls        /    /-----\     |
   |       /wg    | LLM |     |
   |     /        \-----/     |
/-----\ /             | wg    |
|proxy| ----\wg   /-----\     |
\-----/      ---- |forge| ----|
   |              \-----/     |
   |                 | wg     |
   |              /-----\     |
   \----wg------- | apps| ----|
                  \-----/
reply