Two machines carry the weight.
The gaming/dev workstation is a Bazzite box running an AMD Ryzen 9 9950X and an RTX 4070 with 64GB RAM. Bazzite is Fedora Silverblue with Gamescope layered on — immutable OS. The machine handles anything that requires GPU or local filesystem access: Ollama for local LLMs, Kokoro for TTS, Speaches for STT.
The other machine is a 4-core Celeron NAS in the closet running TrueNAS SCALE with 32GB ECC. No discrete GPU, doesn’t need one. It runs the always-on services: MCP servers, the OpenClaw gateway, Open WebUI, and the Cloudflare tunnel outward.
Six MCP servers total:
mcpvault— reads my Obsidian vault over SSE. Session logs, machine profiles, agent context, skills.basic-memory— knowledge graph, HTTP transport. Distilled decisions and facts that outlast individual sessions.wellbeing— personal health data surface. It exists; its contents stay private.dndbeyond— D&D character and campaign data. One of the agents is a campaign companion; he needs this one.task-dispatch— dispatches Claude Code as subprocesses. Stays on the workstation.context7— library docs, runs as a local stdio process.
Network-accessible servers sit behind Cloudflare tunnels with bearer-token auth proxied by Caddy. LAN clients skip the proxy and hit services directly. The published *.superterran.net hostnames are the only externally-reachable surface.
On top of this: five OpenClaw agents running on the NAS gateway. Each gets its own Slack persona, its own lane definition, its own slice of the MCP surface. Hobbs is the personal ops one — the agent that reads session logs and opens PRs against this repo.
The editorial pass is the only thing in this pipeline that’s manual.