Add workspace config: docker build files, agent identity, user config, gitignore

2026-02-20 18:39:22 +00:00
parent fdbac8136d
commit 8d30148e77
16 changed files with 446 additions and 0 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -0,0 +1,60 @@
+# OpenClaw Gateway - Custom ARM64 Build
+# Platform: linux/arm64
+# Configs are volume-mounted at runtime, not baked into image
+
+FROM --platform=linux/arm64 ghcr.io/openclaw/openclaw:latest
+
+USER root
+
+# Install additional system packages
+RUN apt-get update && apt-get install -y \
+    jq \
+    curl \
+    htop \
+    tree \
+    ca-certificates \
+    gnupg \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Google Cloud SDK (for gcloud CLI if needed)
+RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \
+    | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \
+    && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg \
+    | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg \
+    && apt-get update && apt-get install -y google-cloud-cli \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install gog (Google Workspace CLI) for ARM64
+# Using direct binary install since brew may not be available
+RUN GOG_VERSION=$(curl -s https://api.github.com/repos/steipete/gog/releases/latest | jq -r .tag_name) \
+    && curl -L "https://github.com/steipete/gog/releases/download/${GOG_VERSION}/gog_Linux_arm64.tar.gz" \
+    | tar -xz -C /usr/local/bin/ \
+    && chmod +x /usr/local/bin/gog
+
+# Copy custom tools into the image
+COPY docker/tools/* /usr/local/bin/
+COPY docker/bin/* /usr/local/bin/
+RUN chmod +x /usr/local/bin/*
+
+# Create directories for volume-mounted configs
+# These will be mounted at runtime with your secrets and configs
+RUN mkdir -p /data/config /data/secrets /data/gog \
+    && chown -R node:node /data
+
+# Set environment for config paths
+ENV OPENCLAW_CONFIG_DIR=/data/config
+ENV GOG_CONFIG_DIR=/data/gog
+ENV GOOGLE_APPLICATION_CREDENTIALS=/data/secrets/google-credentials.json
+
+# Link gog config to persistent location
+RUN ln -sf /data/gog /home/node/.config/gog
+
+# SSH keys will be stored in persistent volume
+# Create directory and symlink for SSH
+RUN mkdir -p /home/node/.openclaw/ssh \
+    && ln -sf /home/node/.openclaw/ssh /home/node/.ssh
+
+# Switch back to node user
+USER node
+
+# Default entrypoint from base image
--- a/docker/bin/git-backup.sh
+++ b/docker/bin/git-backup.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# git-backup.sh - Quick backup of workspace to git
+# Run this before deploying new images
+
+cd /home/node/.openclaw/workspace
+
+echo "=== OpenClaw Workspace Backup ==="
+echo "Status:"
+git status --short
+
+echo ""
+echo "Adding changes..."
+git add -A
+
+if git diff --cached --quiet; then
+    echo "Nothing to commit"
+else
+    echo "Committing..."
+    git commit -m "Backup: $(date -Iseconds)"
+    echo "Done. Commit hash: $(git rev-parse --short HEAD)"
+fi
--- a/docker/build-arm64.sh
+++ b/docker/build-arm64.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+# build-arm64.sh - Build the custom OpenClaw image for ARM64
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR/.."
+
+echo "=== Building OpenClaw Custom Image (ARM64) ==="
+echo ""
+
+# Ensure BuildKit is enabled for proper platform support
+export DOCKER_BUILDKIT=1
+
+# Build for arm64
+docker build \
+    --platform linux/arm64 \
+    -f docker/Dockerfile \
+    -t openclaw:custom-arm64 \
+    -t openclaw:latest \
+    .
+
+echo ""
+echo "=== Build Complete ==="
+echo "Image: openclaw:custom-arm64"
+echo ""
+echo "To run:"
+echo "  cd docker && docker-compose up -d"
+echo ""
+echo "Or manually:"
+echo "  docker run -d \\"
+echo "    -v \$(pwd)/config:/data/config:ro \\"
+echo "    -v \$(pwd)/secrets:/data/secrets:ro \\"
+echo "    -p 8080:8080 \\"
+echo "    openclaw:custom-arm64"
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -0,0 +1,51 @@
+version: "3.8"
+
+services:
+  openclaw:
+    build:
+      context: ..
+      dockerfile: docker/Dockerfile
+      platforms:
+        - linux/arm64
+    image: openclaw:custom-arm64
+    container_name: openclaw-gateway
+    restart: unless-stopped
+    
+    # OpenClaw ports
+    ports:
+      - "8080:8080"
+    
+    # Persistent volumes for configs and secrets
+    volumes:
+      # Your workspace (for memory, agents, etc)
+      - ./workspace:/home/node/.openclaw/workspace
+      
+      # Configs mounted from host (not in image)
+      - ./config:/data/config:ro
+      
+      # Secrets mounted from host (read-only, not in image)
+      - ./secrets:/data/secrets:ro
+      
+      # gog OAuth tokens and config (persistent)
+      - gog-data:/data/gog
+      
+      # OpenClaw runtime data
+      - openclaw-data:/home/node/.openclaw
+    
+    environment:
+      - OPENCLAW_CONFIG_DIR=/data/config
+      - GOG_CONFIG_DIR=/data/gog
+      - GOOGLE_APPLICATION_CREDENTIALS=/data/secrets/google-credentials.json
+      - GOG_ACCOUNT=${GOG_ACCOUNT:-}
+    
+    # Health check using our custom tool
+    healthcheck:
+      test: ["CMD", "healthcheck.sh"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+volumes:
+  gog-data:
+  openclaw-data:
--- a/docker/tools/healthcheck.sh
+++ b/docker/tools/healthcheck.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+# healthcheck.sh - Quick container health check for OpenClaw gateway
+# Usage: healthcheck [--wait]
+
+set -e
+
+WAIT_MODE=false
+if [ "$1" == "--wait" ]; then
+    WAIT_MODE=true
+fi
+
+check_health() {
+    if curl -sf http://localhost:8080/health > /dev/null 2>&1; then
+        echo "✓ Gateway healthy"
+        return 0
+    else
+        return 1
+    fi
+}
+
+if [ "$WAIT_MODE" = true ]; then
+    echo "Waiting for gateway to be healthy..."
+    until check_health; do
+        sleep 1
+    done
+else
+    if check_health; then
+        exit 0
+    else
+        echo "✗ Gateway not responding"
+        exit 1
+    fi
+fi
--- a/docker/tools/setup-gog.sh
+++ b/docker/tools/setup-gog.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# setup-gog.sh - Initialize gog with credentials from volume
+# Run this after container starts and secrets are mounted
+
+set -e
+
+CREDS_FILE="/data/secrets/google-client-secret.json"
+
+if [ ! -f "$CREDS_FILE" ]; then
+    echo "ERROR: Google client secret not found at $CREDS_FILE"
+    echo "Mount your secrets JSON to /data/secrets/google-client-secret.json"
+    exit 1
+fi
+
+echo "Setting up gog with credentials..."
+gog auth credentials "$CREDS_FILE"
+
+echo ""
+echo "Available gog accounts:"
+gog auth list 2>/dev/null || echo "No accounts configured yet."
+
+echo ""
+echo "To add an account, run:"
+echo "  gog auth add you@gmail.com --services gmail,calendar,drive"