sirtimbly/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify to named volumes only (cattle not pets)

Browse Source
This commit is contained in:
Klaatu
2026-02-20 18:56:03 +00:00
parent e4215ca329
commit 3df8a2143e
4 changed files with 33 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
README.md
View File

@@ -4,29 +4,26 @@ Custom OpenClaw Gateway build for ARM64 with Google Workspace tools.
## What's in Here ## What's in Here
- `stack.yml` - Docker Swarm stack for Dokploy - `stack.yml` - Docker Swarm stack for Dokploy (pure named volumes)
- `docker/` - Custom image build (ARM64 + gog + gcloud) - `docker/` - Custom image build (ARM64 + gog + gcloud)
- `config/` - Runtime configs (volume-mounted)
- `secrets/` - Credentials (volume-mounted, gitignored)
- `AGENTS.md` - Full deployment guide - `AGENTS.md` - Full deployment guide
## Quick Start ## Quick Start
```bash ```bash
# 1. Put your Google OAuth client secret in place # 1. Build the custom image
cp /path/to/client_secret.json secrets/google-client-secret.json
# 2. Build the custom image
cd docker && ./build-arm64.sh cd docker && ./build-arm64.sh
# 3. Push to your registry # 2. Push to your registry
docker tag openclaw:custom-arm64 registry.lan/openclaw:latest docker tag openclaw:custom-arm64 registry.lan/openclaw:latest
docker push registry.lan/openclaw:latest docker push registry.lan/openclaw:latest
# 4. Deploy # 3. Deploy
export OPENCLAW_IMAGE=registry.lan/openclaw:latest
docker stack deploy -c stack.yml openclaw docker stack deploy -c stack.yml openclaw
# 4. Copy in your Google client secret
docker cp /path/to/client_secret.json $(docker ps -q -f name=openclaw-gateway):/home/node/.openclaw/google-client-secret.json
# 5. Setup gog (Google Workspace) # 5. Setup gog (Google Workspace)
docker exec -it $(docker ps -q -f name=openclaw-gateway) setup-gog.sh docker exec -it $(docker ps -q -f name=openclaw-gateway) setup-gog.sh
docker exec -it $(docker ps -q -f name=openclaw-gateway) gog auth add you@gmail.com --services gmail,calendar,drive docker exec -it $(docker ps -q -f name=openclaw-gateway) gog auth add you@gmail.com --services gmail,calendar,drive
@@ -39,14 +36,24 @@ docker exec -it $(docker ps -q -f name=openclaw-gateway) gog auth add you@gmail.
- `jq`, `curl`, `htop`, `tree` - General utilities - `jq`, `curl`, `htop`, `tree` - General utilities
- SSH key persistence in named volume - SSH key persistence in named volume
## Volumes ## Volumes (Named Only)
| Volume | Mount | Purpose | | Volume | Mount | Purpose |
|--------|-------|---------| |--------|-------|---------|
| `openclaw-config` | `/home/node/.openclaw` | OpenClaw runtime data | | `openclaw-config` | `/home/node/.openclaw` | Configs, secrets, SSH keys, gog tokens |
| `openclaw-workspace` | `/home/node/.openclaw/workspace` | Agent workspace | | `openclaw-workspace` | `/home/node/.openclaw/workspace` | Agent workspace |
| `gog-data` | `/data/gog` | gog OAuth tokens | | `gog-data` | `/home/node/.openclaw/gog` | gog OAuth tokens (separate for clarity) |
| Host `./config` | `/data/config` | Config files (ro) |
| Host `./secrets` | `/data/secrets` | Secrets (ro) | **To access files in volumes:**
```bash
# Copy in
docker cp localfile.txt container:/home/node/.openclaw/
# Copy out
docker cp container:/home/node/.openclaw/file.txt .
# Or exec in
docker exec -it container bash
```
See `AGENTS.md` for full deployment details. See `AGENTS.md` for full deployment details.

25
docker/Dockerfile
View File

@@ -1,6 +1,6 @@
# OpenClaw Gateway - Custom ARM64 Build # OpenClaw Gateway - Custom ARM64 Build
# Platform: linux/arm64 # Platform: linux/arm64
# Configs are volume-mounted at runtime, not baked into image # All configs via named volumes - copy files in with docker cp
FROM --platform=linux/arm64 ghcr.io/openclaw/openclaw:latest FROM --platform=linux/arm64 ghcr.io/openclaw/openclaw:latest
@@ -25,7 +25,6 @@ RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Install gog (Google Workspace CLI) for ARM64 # Install gog (Google Workspace CLI) for ARM64
# Using direct binary install since brew may not be available
RUN GOG_VERSION=$(curl -s https://api.github.com/repos/steipete/gog/releases/latest | jq -r .tag_name) \ RUN GOG_VERSION=$(curl -s https://api.github.com/repos/steipete/gog/releases/latest | jq -r .tag_name) \
&& curl -L "https://github.com/steipete/gog/releases/download/${GOG_VERSION}/gog_Linux_arm64.tar.gz" \ && curl -L "https://github.com/steipete/gog/releases/download/${GOG_VERSION}/gog_Linux_arm64.tar.gz" \
| tar -xz -C /usr/local/bin/ \ | tar -xz -C /usr/local/bin/ \
@@ -36,25 +35,13 @@ COPY docker/tools/* /usr/local/bin/
COPY docker/bin/* /usr/local/bin/ COPY docker/bin/* /usr/local/bin/
RUN chmod +x /usr/local/bin/* RUN chmod +x /usr/local/bin/*
# Create directories for volume-mounted configs # Create directories in the persistent volume location
# These will be mounted at runtime with your secrets and configs RUN mkdir -p /home/node/.openclaw/ssh /home/node/.openclaw/gog \
RUN mkdir -p /data/config /data/secrets /data/gog \ && chown -R node:node /home/node/.openclaw
&& chown -R node:node /data
# Set environment for config paths # Link gog config and ssh to standard locations
ENV OPENCLAW_CONFIG_DIR=/data/config RUN ln -sf /home/node/.openclaw/gog /home/node/.config/gog \
ENV GOG_CONFIG_DIR=/data/gog
ENV GOOGLE_APPLICATION_CREDENTIALS=/data/secrets/google-credentials.json
# Link gog config to persistent location
RUN ln -sf /data/gog /home/node/.config/gog
# SSH keys will be stored in persistent volume
# Create directory and symlink for SSH
RUN mkdir -p /home/node/.openclaw/ssh \
&& ln -sf /home/node/.openclaw/ssh /home/node/.ssh && ln -sf /home/node/.openclaw/ssh /home/node/.ssh
# Switch back to node user # Switch back to node user
USER node USER node
# Default entrypoint from base image

7
docker/tools/setup-gog.sh
View File

@@ -1,14 +1,15 @@
#!/bin/bash #!/bin/bash
# setup-gog.sh - Initialize gog with credentials from volume # setup-gog.sh - Initialize gog with credentials from volume
# Run this after container starts and secrets are mounted # Usage: docker cp client_secret.json container:/home/node/.openclaw/
# docker exec container setup-gog.sh
set -e set -e
CREDS_FILE="/data/secrets/google-client-secret.json" CREDS_FILE="/home/node/.openclaw/google-client-secret.json"
if [ ! -f "$CREDS_FILE" ]; then if [ ! -f "$CREDS_FILE" ]; then
echo "ERROR: Google client secret not found at $CREDS_FILE" echo "ERROR: Google client secret not found at $CREDS_FILE"
echo "Mount your secrets JSON to /data/secrets/google-client-secret.json" echo "Copy it in first: docker cp client_secret.json \$(docker ps -q -f name=openclaw):/home/node/.openclaw/google-client-secret.json"
exit 1 exit 1
fi fi

12
stack.yml
View File

@@ -8,18 +8,11 @@ services:
TERM: xterm-256color TERM: xterm-256color
OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN} OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN}
MOONSHOT_API_KEY: ${MOONSHOT_API_KEY} MOONSHOT_API_KEY: ${MOONSHOT_API_KEY}
OPENCLAW_CONFIG_DIR: /data/config
GOG_CONFIG_DIR: /data/gog
GOOGLE_APPLICATION_CREDENTIALS: /data/secrets/google-credentials.json
GOG_ACCOUNT: ${GOG_ACCOUNT:-} GOG_ACCOUNT: ${GOG_ACCOUNT:-}
volumes: volumes:
- openclaw-config:/home/node/.openclaw - openclaw-config:/home/node/.openclaw
- openclaw-workspace:/home/node/.openclaw/workspace - openclaw-workspace:/home/node/.openclaw/workspace
# Mount configs and secrets from host (not baked into image) - gog-data:/home/node/.openclaw/gog
- ./config:/data/config:ro
- ./secrets:/data/secrets:ro
# gog OAuth tokens persist here
- gog-data:/data/gog
ports: ports:
- target: 18789 - target: 18789
published: ${OPENCLAW_GATEWAY_PORT:-18789} published: ${OPENCLAW_GATEWAY_PORT:-18789}
@@ -37,9 +30,6 @@ services:
- node.hostname == tpi-n1 - node.hostname == tpi-n1
networks: networks:
- dokploy-network - dokploy-network
# Add Gitea SSH access (if needed for git operations)
extra_hosts:
- "gitea.bendtstudio.com:192.168.2.130"
command: command:
[ [
"node", "node",