For ssh/shell - set up a regular user, and add capabilities via group membership and/or doas (or sudo).
You want to limit access to files (eg: regular user can't read /etc/shadow or write to /bin/doas or /bin/sh) - and maybe limit some commands (/bin/su).
Not actually mine, but theirs (hence no "show hn").
But after learning that Claude code and OpenCode both are closed projects with poor quality control and development process - I thought this looked interesting - and seems to not have been discussed here previously.
> I used Claude Code for most of the setup. I had a blast.
So, most/all of TFA is copied from Claude code? Or in other words, what you did was prompt Claude - not actually following the instructions on this page (they are the output of Claude)?
Feels weird reading a sort of fictional/parallel reality description - if you follow these instructions you will arrive at a similar result as I got - only this is not how I did it...
I opened Obsidian, wrote down the steps that I performed + pieces claude did. Most of what I did was little troubleshooting bits or hooking things together.
That + every little quirk or weird thing I ran into (eg: phantom process killer, which I actually did setup via adb) that I felt was worth mentioning and might help.
Then I told Claude to organize the document better, read it over myself, asked for edits or things to add, etc.
My god, the amount of hate this site has for LLMs, it's unbearable. Good for you for having a project and seeing it through, all the lazy "It UsEd An LlM So It DoeSn'T CoUnT" gatekeeping doesn't belong here and I wish all those uncurious comments were flagged.
I thought the content was interesting, but didn't really match the headline - I didn't learn how I could vibe code a website on a phone - I learned how I could "traditionally" deploy an existing site on a phone (ie: no help on using LLM, no information on how to create a static website).
As I can't trust Claude Code to use a correct shell, I don't know why I would trust this feature.
reply