Add locked-down kids instance configuration

2026-02-22 20:28:48 +00:00
parent dd6b3aa63d
commit 52d2555cca
5 changed files with 259 additions and 0 deletions
--- a/kids-instance/docker-compose.kids.yml
+++ b/kids-instance/docker-compose.kids.yml
@@ -0,0 +1,34 @@
+# OpenClaw Kids Instance - Locked Down & Safe
+# Run with: docker-compose -f docker-compose.kids.yml up -d
+
+version: '3.8'
+
+services:
+  openclaw-kids:
+    image: ghcr.io/openclaw/openclaw:latest
+    container_name: openclaw-kids
+    restart: unless-stopped
+    ports:
+      - "18790:18789"  # Different port from main instance
+    environment:
+      - OPENCLAW_CONFIG=/config/openclaw-kids.json
+      - OPENCLAW_STATE_DIR=/state
+    volumes:
+      - ./config:/config:ro
+      - ./state:/state
+      - ./workspace-kids:/workspace-kids
+      - /var/run/docker.sock:/var/run/docker.sock:ro  # For sandboxing
+    networks:
+      - openclaw-kids
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+
+networks:
+  openclaw-kids:
+    driver: bridge