Quick Start Guide¶
Goal: Get access and start working in under 10 minutes.
Prerequisites¶
You need: - A device (MacBook, iPad, or PC) - Access to Tailscale VPN - SSH public key added to servers (ask admin if not done)
Step 1: Connect to Tailscale (1 minute)¶
- Open Tailscale app on your device
- Verify you're connected (green checkmark)
- Your device should have a
100.x.x.xIP address
Verify connection:
Step 2: SSH to Server (1 minute)¶
Option A: Hetzner VPS (Germany)¶
Option B: Kimsufi (Canada)¶
Recommended for most work: Hetzner VPS (has Infisical, PostgreSQL, Redis, all dev tools)
Step 3: First dev() Session (5 minutes)¶
Once connected via SSH:
You'll be prompted to select:
- Project: Choose from
~/Coding/*or type project name - Infisical Project: Usually
personal-vault - Infisical Environment: Usually
dev - Gemini Account:
edu1,edu2,edu3,edu4(or skip) - Claude Account:
personal,edu1,edu2,work(or skip) - OpenAI Account:
chatgpt,edu1,edu2,work(or skip)
Example:
📂 Select a project: my-app
🔐 Select Infisical project: personal-vault
🌍 Select environment: dev
🤖 Select Gemini account: edu1
🤖 Select Claude account: personal
🤖 Select OpenAI account: skip
🚀 Launching container...
You're now inside a Docker container with:
- ✅ Claude Code pre-installed
- ✅ Gemini CLI pre-installed
- ✅ All your secrets from Infisical (as environment variables)
- ✅ Your code mounted at /app
- ✅ SSH keys mounted (for git operations)
Step 4: Start Working (2 minutes)¶
Use AI Agents¶
Verify Secrets Loaded¶
# Check environment variables
env | grep API_KEY
# Should see:
# ANTHROPIC_API_KEY=sk-ant-...
# GOOGLE_API_KEY=...
# etc.
Git Operations¶
Git authentication: Uses your mounted SSH keys automatically.
Step 5: Exit Container¶
What happens on exit:
- Container is automatically removed (--rm flag)
- Temporary secrets file (/tmp/env-$$.list) is automatically deleted
- Your code changes are preserved (mounted from ~/Coding/)
Common First-Time Issues¶
"Infisical not authenticated"¶
# Authenticate to Infisical
infisical login --domain=http://100.80.53.55:8080
# Or with HTTPS
infisical login --domain=https://secrets.kua.cl
"OAuth file not found"¶
You haven't set up that AI account yet. Either: - Skip the account selection - Set up the account (see Multi-Identity Guide)
"Permission denied (publickey)"¶
Your SSH public key isn't added to the server yet. Contact admin or see SSH Keys Guide.
"Container fails to start"¶
Check Docker is running:
If not, contact admin to verify Docker installation.
What's Next?¶
Now that you're up and running:
- Understand the workflow: Daily Workflow Guide
- Set up from scratch: First-Time Setup
- Learn about SSH keys: SSH Key Management
- Learn about Infisical: Infisical Secrets Guide
- Deep dive into dev(): dev() Function Guide
Quick Reference¶
Server IPs¶
| Server | Tailscale IP | Public IP | User |
|---|---|---|---|
| Hetzner VPS (Germany) | 100.80.53.55 | 46.224.146.107 | kavi |
| Kimsufi (Canada) | 100.81.231.36 | 144.217.76.53 | ubuntu |
Service URLs¶
| Service | URL |
|---|---|
| Infisical | https://secrets.kua.cl |
| Documentation | http://100.80.53.55:8001 |
| Plex | https://plex.kua.cl |
| Overseerr | https://overseerr.kua.cl |
| KaviCloud | https://media.kua.cl |
Essential Commands¶
# SSH to servers
ssh kavi@100.80.53.55 # Hetzner
ssh ubuntu@100.81.231.36 # Kimsufi
# Development
dev # Launch dev container
dev my-project # Launch specific project
# Infisical
infisical login --domain=https://secrets.kua.cl
infisical projects # List projects
infisical secrets # List secrets
For AI Agents¶
Context Boundaries:
- You are inside a Docker container when using dev()
- Your working directory is /app/<project>/
- Do not edit files outside /app/
- Secrets are available as environment variables
- SSH keys are mounted read-only at /root/.ssh/
- Never ask users for API keys (they're already in the environment)
Self-Onboarding: - Read the Development Overview - Understand .ai-context.md Standard - Review Security Model