# Clawdbot Fly.io PRIVATE deployment configuration
# Use this template for hardened deployments with no public IP exposure.
#
# This config is suitable when:
# - You only make outbound calls (no inbound webhooks needed)
# - You use ngrok/Tailscale tunnels for any webhook callbacks
# - You access the gateway via `fly proxy` or WireGuard, not public URL
# - You want the deployment hidden from internet scanners (Shodan, etc.)
#
# See https://fly.io/docs/reference/configuration/

app = "my-clawdbot"  # change to your app name
primary_region = "iad"  # change to your closest region

[build]
  dockerfile = "Dockerfile"

[env]
  NODE_ENV = "production"
  CLAWDBOT_PREFER_PNPM = "1"
  CLAWDBOT_STATE_DIR = "/data"
  NODE_OPTIONS = "--max-old-space-size=1536"

[processes]
  app = "node dist/index.js gateway --allow-unconfigured --port 3000 --bind lan"

# NOTE: No [http_service] block = no public ingress allocated.
# The gateway will only be accessible via:
#   - fly proxy 3000:3000 -a <app-name>
#   - fly wireguard (then access via internal IPv6)
#   - fly ssh console

[[vm]]
  size = "shared-cpu-2x"
  memory = "2048mb"

[mounts]
  source = "clawdbot_data"
  destination = "/data"