Sign up & request a machine
Create an account at halfpennymac.com/signup with your email and a password. You'll get a confirmation email; click the link and you're in.
From your dashboard at halfpennymac.com/account, click Request a machine. Fill in:
- How many machines you need (1–5 in one go; get in touch for more)
- What you'll use it for: e.g. iOS / macOS builds, OpenClaw agent, Tailscale exit node, local AI inference, browser automation
- Tier: Budget (M1), Starter (M2), Pro (M4), or Max (M4 Pro). Not sure? See the FAQ breakdown.
- Software bundle: Bare macOS (the default), iOS / macOS dev, Local AI / LLM, or Browser automation. Whatever you pick is installed before handover.
- Billing: monthly or annual (saves up to ~25%, paid upfront)
We keep a pool of ready-provisioned Macs. The form tells you per machine which way yours will go:
- Ready now: a ready-provisioned Mac of your tier is waiting, set up with the default Bare macOS bundle. It's assigned to you the moment you submit; the “ready” email (next step) arrives within minutes.
- Built to order (within 48 hours): the ready-provisioned Macs of your tier are all spoken for, or your chosen bundle needs an install pass first. The request sits on your dashboard as Pending while we provision.
Tip: If you need Xcode, a specific macOS version, or a particular tool pre-installed beyond the bundles, mention it in the “What will you use it for?” field and we'll set it up before handing over.
Pay & get credentials
If your machine was Ready now, it's already provisioned and this step starts straight away. Otherwise we provision it first (fresh macOS install, our baseline hardening profile applied via MDM, Tailscale installed, your chosen bundle's software on, your account ready) and mark the request as Fulfilled within 48 hours of your request.
Either way, you'll get an email titled “Your Halfpenny Mac is ready” with a Stripe Checkout link. One click, complete payment, you're back on your dashboard.
The Pending card flips to a Reveal credentials button. Click it and you'll see, for thirty seconds, with a Copy button next to the password:
- Your Tailscale hostname (e.g.
node-05.your-tailnet.ts.net) - Your macOS username
- Your initial password
- A Tailscale invite link, if not already on the tailnet
- Any tier-specific notes
The password isn't stored in plaintext. It's encrypted at rest with AES-256-GCM and decrypted only when you reveal it. You can re-reveal as many times as you need from the dashboard. Provisioning typically completes within a few hours; the 24-hour window covers edge cases and time zones.
Set up Tailscale
Tailscale is how you reach your Mac. It creates an encrypted peer-to-peer connection: no public IP, no port forwarding, works from anywhere.
Choose your platform and follow the steps below:
1. Install Tailscale for Windows
Download and install from tailscale.com/download/windows. Run the installer and follow the prompts.
2. Accept the invite
Click the Tailscale invite link from your dashboard (or the email we sent). Sign in with your Tailscale account, or create one (the free tier is fine). Once joined, your Mac mini appears in the Tailscale app under “Network Devices”.
3. Make sure MagicDNS is on
In the Tailscale app, click the three-dot menu and check that Use Tailscale DNS (MagicDNS) is enabled. This lets you connect using the hostname instead of just the IP.
Verify it's working: Once both devices are on the tailnet, you should be able to ping your Mac mini by its Tailscale hostname (e.g. mini-01-501.tailb6b3a8.ts.net). You can also use the IP address shown in the Tailscale app (a 100.x.x.x address). Give it a minute for the peer-to-peer handshake on first connection.
Connect to your Mac
You sign in with the username and password from your dashboard. Everything runs over your Tailscale tunnel, never exposed to the public internet.
Remote desktop:
Download RealVNC Viewer (free) from realvnc.com. You can also use Jump Desktop from the Microsoft Store.
Open the app, create a new connection, and enter your Tailscale hostname:
Or use the 100.x.x.x IP address shown in the Tailscale app. Sign in with the username and password from your dashboard.
SSH (for command-line access):
Open PowerShell or Windows Terminal and run:
Enter the password from your dashboard when prompted.
If you can't connect
Tailscale shows a green tick but VNC won't reach the Mac? Walk through these in order.
1. Wait a minute on first connection.
The peer-to-peer handshake takes a few seconds after both devices are online. If you just signed into Tailscale, give it 30–60 seconds before assuming something's wrong.
2. Try the IP, not the hostname.
If mini-01-XXX.tailb6b3a8.ts.net doesn't resolve, use the 100.x.x.x address shown next to your Mac in the Tailscale app. If that works but the hostname doesn't, MagicDNS is off; enable it in the Tailscale app settings.
3. Turn off other VPNs.
Corporate or commercial VPNs (NordVPN, ExpressVPN, Cisco AnyConnect, GlobalProtect, etc.) commonly conflict with Tailscale: they hijack DNS, claim conflicting IP ranges, or block UDP. Disconnect the other VPN before connecting to your Mac. They can run side-by-side in some setups, but the easy fix is one at a time.
4. Windows Defender Firewall.
If Tailscale shows connected but no traffic flows, the network profile is likely set to Public, which blocks most inbound rules. Set it to Private:
- Settings → Network & internet → click your active connection → set Network profile type to Private
- Or in Control Panel → Windows Defender Firewall → Allowed apps, make sure Tailscale is allowed on both Private and Public networks.
5. Corporate / split-tunnel VPN.
If you're on a work-issued laptop with a managed VPN client, the VPN often steals the default route or blocks UDP to anywhere outside its tunnel. Tailscale will appear "connected" but packets won't reach the Mac. Disconnect the corporate VPN first, then connect to your Mac. If you need both, ask your IT team to allow UDP/443 outbound and exempt the 100.64.0.0/10 range from the corporate tunnel.
6. Public Wi-Fi blocking UDP.
Hotel, conference, and some corporate guest networks block UDP. Tailscale will fall back to its DERP relays, which works but is noticeably slower (200–400 ms extra latency). Nothing to fix on your end; expect choppier VNC until you're on a normal network.
Still stuck? Open a ticket at /account/support with what you've tried and we'll get on it. If you can paste the output of tailscale ping mini-01-XXX.tailb6b3a8.ts.net from your machine, even better; that tells us exactly where the connection is failing.
Installing software
If you picked a software bundle, that stack (Xcode + fastlane, Ollama + MLX, Playwright + Chrome, …) is already installed when you first sign in. Beyond that, what you can install yourself depends on your tier.
Pro and Max: your account is an administrator with sudo. Install everything yourself: system extensions, kernel extensions, VPN clients, anything that asks for an admin password. The password is the one from your dashboard.
Budget and Starter: you have a standard user account. Most software still installs without admin rights:
- Homebrew: pre-installed, and your account is set up so
brew installworks without sudo - App Store apps: install from your own Apple ID
- Regular .dmg / .pkg installers: most work at user level
For anything that does require an admin password (system extensions, kernel extensions, some developer tools, VPN clients), open a support ticket with what you need. We'll install it and confirm. No extra charge, no faff.
Backups and snapshots
We run nightly snapshots of your home directory to Backblaze B2, encrypted at rest. Snapshots are kept for 14 rolling days by default. Everything is managed from /account/backups: pause backups, change retention, or switch to your own encryption key (if you lose its passphrase, the backups are unrecoverable, even by us).
To restore, go to the same page, pick a snapshot, and tell us what you need back: the whole home directory or specific files and folders. You'll get an email when it's done. We aim to complete restores within 4 hours during UK business hours.
A few things snapshots don't cover: system-level files, apps installed outside your home directory, and anything you've explicitly stored outside ~. For critical data, keep your own off-device backups too.
What's excluded by default: rebuildable caches and large model files, such as Xcode DerivedData, node_modules, build outputs, and AI model caches (~/.ollama, ~/.cache/huggingface, LM Studio, etc). Documents, code, settings, and saved data are included. Want a specific path captured? Open a ticket.
Restore scope: we restore your files. If the Mac is being swapped (hardware failure), the macOS account itself is recreated, with a new password delivered the same way as your first one. Installed apps come from the standard provisioning. Most things just work; a few app sign-ins may need redoing.
Account security
Your account at halfpennymac.com/account is the only place your machine credentials live. A few things to know:
Two-factor authentication: Optional. Visit /account/security, scan the QR with an authenticator app (1Password, Aegis, Google Authenticator, Authy), and enter the 6-digit code. Subsequent sign-ins prompt for the code after your password.
Credential reveal: The password we deliver is encrypted at rest with AES-256-GCM. The dashboard decrypts on demand and displays it for 30 seconds with a Copy button, then re-hides. You can re-reveal whenever you need.
Billing: Subscriptions are managed by Stripe. Update your card, view invoices, or cancel via the Manage billing button on /account/billing. We never see card numbers; Stripe handles all of it.
Forgot your password? Use /forgot-password. We email a reset link valid for one hour. The Mac's password is separate and unaffected.
Getting help
Support runs through your dashboard. Open a ticket at /account/support and we reply there and by email. You'll get a reply from a real person, not a support bot. You can also email team@halfpennymac.com; it lands in the same queue.
Max tier customers have a dedicated Slack channel for quicker back-and-forth.
Common things we can help with:
- Installing admin-level software (Budget and Starter tiers)
- Snapshot restores
- Xcode or toolchain setup
- CI/CD runner configuration
- Tailscale connectivity issues
- Upgrading or downgrading your tier
- Any questions not covered in the FAQ
If something is down or broken, put “URGENT” in the ticket subject and we'll prioritise it.