Single Script, Fully Reviewable
Everything lives in one Python file so you can audit behavior end to end before use.
LLM-Powered Server Setup
Describe your server in Markdown. Provision does the rest.
Provision converts a plain-English server configuration into a verified execution plan, runs it on pretty much any Unixy system (Debian, RHEL, macOS, etc.), and self-repairs common failures automatically. Bring one API key (Anthropic, OpenAI, or Google). Typical provisioning runs are very cheap. Config can come from a URL or a local Markdown file on the server.
Open source. Single Python script. Read it first, then run it on fresh VMs/LXCs.
curl -sSL http://provision.sh/provision.py | python3 -
Config URL: https://example.com/my-server.md
API Key (Anthropic/Google/OpenAI): •••••••••••
Planning tasks... ✓
Executing... [14/14] ✓
Complete: 14/14 tasks succeededWhat Provision Is
Provision is an open-source, single Python script. You can inspect the whole runtime path before execution: Markdown input, planned tasks, generated commands, verification, and repair logic. Review it first, then run it.
Open Source by Design
The tool is meant to be transparent, inspectable, and easy to validate in your own environment.
Human-Readable Input
Define setup in Markdown using sections and bullets. No rigid schema required.
URL or Local File
Use a hosted Markdown config URL or point Provision at a local config file already on the server.
Distro Support
Works on pretty much any Unixy distribution (Debian, Ubuntu, RHEL, CentOS, macOS, etc).
Bring Any Major API Key
All you need is a valid Anthropic, Google, or OpenAI API key.
How It Works
The runtime flow is deterministic: gather input, plan discrete tasks, execute safely, verify, repair on failure, and only ask for help when absolutely needed.
1
Bootstrap Python and dependencies, then collect config source (URL or local file) and API key.
2
Load Markdown config and prompt for {{VARIABLE}} placeholders.
3
Send config to the planner prompt to produce an ordered JSON checklist.
4
Generate non-interactive commands for each task and execute with timeout controls.
5
Run verification command; if failure occurs, invoke self-repair up to 3 attempts.
6
Summarize all actions, logs, and final success status in a clear report.
Config Example
Provision accepts straightforward Markdown specs. Full example shown below, or open:
rs_config.md
# Robert's standard setup
## System
- Set the timezone to America/Los_Angeles
- Ensure the system is fully updated
## Packages
- Install: openssh-server, joe, htop, curl, wget, git, fish, cifs_utils
## Users
- Create user rcs1000 with password {{secret:RCS_PASSWORD}}
- Add rcs1000 to the sudo group
- Set rcs1000's default shell to fish
## SSH Configuration
- Disable root login via SSH
- Allow password login
- Restart the SSH service
## Custom
- Install Tailscale using the official Tailscale apt repository
- Do not start the Tailscale service, as it requires logging in
- Install uv using the official uv repositorySecurity and Guardrails
Provision is intended for fresh installs on trusted infrastructure. It includes practical controls like
preview mode, bounded retries, explicit user escalation, and a fully reviewable single-script runtime:
provision.py.
Single Script You Can Audit
Provision is one Python file. Read it end-to-end before execution:
provision.py.
Plan Before Run
--plan shows intended commands before any changes are executed.
Controlled Retries
Self-repair is capped (3 attempts) to prevent runaway loops and hidden repeated failures.
Secret Handling
Secret placeholders can remain tokenized in LLM prompts and be substituted only at execution time.
Get Started
Step 1 is to read the script. Step 2 is to run it as root on a fresh system, provide a config URL or local file path, and enter an Anthropic/Google/OpenAI API key.
curl -sSL http://provision.sh/provision.py | python3 -
# Optional flags
# --config URL_OR_LOCAL_PATH --provider anthropic|google|openai --plan --log /var/log/provision.log --verboseRecommended: run --plan first, review the output, then execute.