[{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/agents/","section":"Tags","summary":"","title":"Agents","type":"tags"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/bazzite/","section":"Tags","summary":"","title":"Bazzite","type":"tags"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/cloudflare/","section":"Tags","summary":"","title":"Cloudflare","type":"tags"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/docker/","section":"Tags","summary":"","title":"Docker","type":"tags"},{"content":"OpenClaw is an agent gateway. Give it personas, Slack credentials, and MCP server configs, and it runs Claude Code instances that behave like named people in your Slack workspace. Each persona can call tools, post messages, handle DMs, and run scheduled tasks.\nI have five running on the TrueNAS SCALE box in my closet:\nHobbs — personal ops. Calendar, homelab, household coordination, and the cron that reads session logs and opens PRs against this repo. Sloane — career/writing. Public-voice content, positioning, the other blog. Bea — shared household surface. Coordinates with my fiancée\u0026rsquo;s Slack presence. Familiar — D\u0026amp;D companion. Reads campaign data via the D\u0026amp;D Beyond MCP. Ember — family-side, on a separate Slack workspace. The isolation model is per-MCP-surface, not per-tool-toggle. Hobbs gets the full personal-ops surface: vault access, knowledge graph, wellbeing (read-only), task dispatch. Familiar gets only the D\u0026amp;D MCP and a separate knowledge graph project. Bea gets her own knowledge project but not the sensitive personal surfaces. You pick what each agent can see by configuring which MCPs they load, not by flipping individual tool permissions at runtime.\nThe compute is at Anthropic — the gateway just handles orchestration and message routing. A 4-core Celeron can run this fine.\nCoordination between agents in shared channels was the part that needed explicit design. Hobbs and Bea both participate in household Slack channels. Without a mention gate, they\u0026rsquo;d both fire on any message and produce duplicate replies. The solution was requireMention: true in the channel config for the shared channels: Bea is the default for those; Hobbs only fires when @-mentioned. In the channel where Hobbs runs alone, mention gates are off.\nThis post was drafted by Hobbs, opened as a PR, and merged by me. The cycle is the point — getting to a state where the editorial pass is clean enough to trust without reading every draft first.\n","date":"2026-05-24","externalUrl":null,"permalink":"/posts/2026-05-24-openclaw-agents/","section":"Posts","summary":"Running five OpenClaw agents on a home NAS. The isolation pattern is per-MCP-surface, not per-tool-toggle. This post is written by one of them.","title":"five agents on a closet nas","type":"posts"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/categories/homelab/","section":"Categories","summary":"","title":"Homelab","type":"categories"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/homelab/","section":"Tags","summary":"","title":"Homelab","type":"tags"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/categories/infra/","section":"Categories","summary":"","title":"Infra","type":"categories"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/categories/mcp/","section":"Categories","summary":"","title":"Mcp","type":"categories"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/mcp/","section":"Tags","summary":"","title":"Mcp","type":"tags"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/categories/meta/","section":"Categories","summary":"","title":"Meta","type":"categories"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/migration/","section":"Tags","summary":"","title":"Migration","type":"tags"},{"content":"Three MCP servers and Open WebUI moved from the gaming workstation to the closet NAS in mid-May. The decision wasn\u0026rsquo;t complicated: those services don\u0026rsquo;t need a GPU, and a machine that\u0026rsquo;s sometimes gaming isn\u0026rsquo;t a good host for always-on infrastructure.\nThe migration pattern was the same for each:\nWrite a Docker Compose stack for the NAS in the closet IaC repo. Add an auth proxy in front of the service. Add a Cloudflare tunnel entry to reach it externally. Update the MCP client configs (OpenCode, VS Code, Claude Code) to point at the new address. Disable the old unit on the workstation. Each one took about an hour. Most of that time was getting the tunnel ingress right the first time.\nThe VRAM improvement on the workstation was better than expected. Before the migration, several Docker containers were running alongside Ollama, Kokoro TTS, and Speaches STT — not using GPU directly, but pulling memory and CPU from the same machine that was trying to serve those models. Getting those containers off made Ollama\u0026rsquo;s cold starts noticeably faster, and TTS/STT latency dropped.\nThe constraint that didn\u0026rsquo;t move: task-dispatch, the MCP server that dispatches Claude Code as subprocesses. It depends on the workstation\u0026rsquo;s local environment and can\u0026rsquo;t usefully run on a low-power NAS. That one stays.\nThe broader principle: the NAS handles coordination and data; the workstation handles compute. Anything that doesn\u0026rsquo;t fit that split is a sign something is in the wrong place.\n","date":"2026-05-24","externalUrl":null,"permalink":"/posts/2026-05-24-moving-mcps/","section":"Posts","summary":"basic-memory, mcpvault, wellbeing, and Open WebUI moved from the bazzite workstation to the closet NAS in mid-May. The VRAM recovery was the real payoff.","title":"moving mcps off the gaming machine","type":"posts"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/openclaw/","section":"Tags","summary":"","title":"OpenClaw","type":"tags"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/posts/","section":"Posts","summary":"","title":"Posts","type":"posts"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/site/","section":"Tags","summary":"","title":"Site","type":"tags"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/slack/","section":"Tags","summary":"","title":"Slack","type":"tags"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/","section":"superterran.net","summary":"","title":"superterran.net","type":"page"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"Two machines carry the weight.\nThe gaming/dev workstation is a Bazzite box running an AMD Ryzen 9 9950X and an RTX 4070 with 64GB RAM. Bazzite is Fedora Silverblue with Gamescope layered on — immutable OS. The machine handles anything that requires GPU or local filesystem access: Ollama for local LLMs, Kokoro for TTS, Speaches for STT.\nThe other machine is a 4-core Celeron NAS in the closet running TrueNAS SCALE with 32GB ECC. No discrete GPU, doesn\u0026rsquo;t need one. It runs the always-on services: MCP servers, the OpenClaw gateway, Open WebUI, and the Cloudflare tunnel outward.\nSix MCP servers total:\nmcpvault — reads my Obsidian vault over SSE. Session logs, machine profiles, agent context, skills. basic-memory — knowledge graph, HTTP transport. Distilled decisions and facts that outlast individual sessions. wellbeing — personal health data surface. It exists; its contents stay private. dndbeyond — D\u0026amp;D character and campaign data. One of the agents is a campaign companion; he needs this one. task-dispatch — dispatches Claude Code as subprocesses. Stays on the workstation. context7 — library docs, runs as a local stdio process. Network-accessible servers sit behind Cloudflare tunnels with bearer-token auth proxied by Caddy. LAN clients skip the proxy and hit services directly. The published *.superterran.net hostnames are the only externally-reachable surface.\nOn top of this: five OpenClaw agents running on the NAS gateway. Each gets its own Slack persona, its own lane definition, its own slice of the MCP surface. Hobbs is the personal ops one — the agent that reads session logs and opens PRs against this repo.\nThe editorial pass is the only thing in this pipeline that\u0026rsquo;s manual.\n","date":"2026-05-24","externalUrl":null,"permalink":"/posts/2026-05-24-the-stack/","section":"Posts","summary":"Two machines, six MCP servers, Cloudflare tunnels, and one agent that writes these posts. What’s running behind superterran.net.","title":"the stack","type":"posts"},{"content":"","date":"2026-05-24","externalUrl":null,"permalink":"/tags/truenas/","section":"Tags","summary":"","title":"Truenas","type":"tags"},{"content":"This is a new Hugo site at the apex of superterran.net, served from GitHub Pages out of superterran/superterran.github.io. It\u0026rsquo;s a working notebook for the projects I run on the side of my actual job — homelab, MCP/agent infrastructure, the Cloudflare-tunneled mess that fronts a closet TrueNAS box and a Bazzite workstation in my house, and whatever else I\u0026rsquo;m tinkering with.\nThe site is operated by an agent. His name\u0026rsquo;s Hobbs, and he\u0026rsquo;s one of a handful of OpenClaw agents I run for personal ops — calendar, household, homelab, that kind of thing. Once a day he reads my session logs and dream-cycle output, picks anything that would make a halfway-interesting post, opens a PR against the repo, and waits for me to merge. After enough successful rounds we\u0026rsquo;ll let him merge his own. The trust gate isn\u0026rsquo;t theoretical — it\u0026rsquo;s the whole point of starting with PRs.\nI have another blog, doughatcher.com, that\u0026rsquo;s been around longer and is positioned for the public-voice version of me — Adobe Commerce, post-launch, the things a consulting practice cares about. That site has its own editorial pipeline and its own voice. This one is different on purpose. The other site is the front of the shop. This one is the workshop. Different registers, different audiences.\nA few things this site won\u0026rsquo;t do:\nNo work names. If I\u0026rsquo;m writing about something I learned on a client engagement, the client doesn\u0026rsquo;t get named. Neither does anyone I work with. The lesson can be specific; the people can\u0026rsquo;t. No household, no surprise plans, no anything from my agents\u0026rsquo; confidential channels. Hobbs is bound by the same guardrails I\u0026rsquo;d want a human chief-of-staff bound by. If something here looks like it crossed a line, open an issue on the repo — that\u0026rsquo;s a real bug, not a feature. No content marketing voice. This is not where I produce headlines like \u0026ldquo;Five Lessons I Learned From X.\u0026rdquo; If a post starts to read like a LinkedIn carousel that\u0026rsquo;s a defect, not a stylistic choice. What it will do is leave a trail. I do a lot of things and most of them evaporate into git history nobody reads, including me a month later. This site is the laziest possible way to make some of that legible without me having to remember to write about it. Hobbs handles the remembering.\nI\u0026rsquo;m writing this one post by hand. Everything after this should be his.\n","date":"2026-05-24","externalUrl":null,"permalink":"/posts/2026-05-24-what-this-is/","section":"Posts","summary":"Why superterran.net exists, who runs it, and the rules it operates under.","title":"what this is","type":"posts"},{"content":"superterran.net is a working notebook. Projects I\u0026rsquo;m building, infra I\u0026rsquo;m running, things I figured out the hard way. Mostly homelab, MCP/agent infrastructure, Hugo and devops side-quests, the occasional opinion about a tool.\nIt\u0026rsquo;s not my main blog. doughatcher.com is the public-voice site — Adobe Commerce, post-launch, the C-level stuff. This one is the workshop floor.\nhow it works # Posts here are drafted by an agent (Hobbs, one of my personal-ops agents) reading my session logs and dream-cycle output, and opened as PRs against superterran/superterran.github.io. I review and merge — at least for now. Eventually he\u0026rsquo;ll merge his own, once we\u0026rsquo;ve had enough successful rounds to trust the editorial pass.\nThe agent reads my work product. He\u0026rsquo;s bound by guardrails about what gets surfaced (no real names from work, no private/household content, no secrets, nothing from any of my other agents\u0026rsquo; confidential channels). If something here looks like it crossed a line, it\u0026rsquo;s a bug in those rails — open an issue on the repo.\nwhy it exists # Two reasons:\nI do a lot of things and most of them disappear into git history. This site is the lowest-friction way to leave a trail without remembering to leave one. The other site, doughatcher.com, has an editorial pipeline that produces a particular voice — useful for that audience, but not for the \u0026ldquo;huh, look at this weird thing\u0026rdquo; kind of post. Different sites, different registers. The voice here is closer to a workshop notebook than a content marketing feed. If a post reads like a LinkedIn carousel, that\u0026rsquo;s a bug too.\n","externalUrl":null,"permalink":"/about/","section":"about","summary":"","title":"about","type":"about"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"}]