Update stack.yml for new volume mounts; add README

README.md

@@ -0,0 +1,52 @@
+# OpenClaw Deployment
+
+Custom OpenClaw Gateway build for ARM64 with Google Workspace tools.
+
+## What's in Here
+
+- `stack.yml` - Docker Swarm stack for Dokploy
+- `docker/` - Custom image build (ARM64 + gog + gcloud)
+- `config/` - Runtime configs (volume-mounted)
+- `secrets/` - Credentials (volume-mounted, gitignored)
+- `AGENTS.md` - Full deployment guide
+
+## Quick Start
+
+```bash
+# 1. Put your Google OAuth client secret in place
+cp /path/to/client_secret.json secrets/google-client-secret.json
+
+# 2. Build the custom image
+cd docker && ./build-arm64.sh
+
+# 3. Push to your registry
+docker tag openclaw:custom-arm64 registry.lan/openclaw:latest
+docker push registry.lan/openclaw:latest
+
+# 4. Deploy
+export OPENCLAW_IMAGE=registry.lan/openclaw:latest
+docker stack deploy -c stack.yml openclaw
+
+# 5. Setup gog (Google Workspace)
+docker exec -it $(docker ps -q -f name=openclaw-gateway) setup-gog.sh
+docker exec -it $(docker ps -q -f name=openclaw-gateway) gog auth add you@gmail.com --services gmail,calendar,drive
+```
+
+## Custom Image Includes
+
+- `gog` - Google Workspace CLI (Gmail, Calendar, Drive, Sheets, Docs)
+- `gcloud` - Google Cloud SDK
+- `jq`, `curl`, `htop`, `tree` - General utilities
+- SSH key persistence in named volume
+
+## Volumes
+
+| Volume | Mount | Purpose |
+|--------|-------|---------|
+| `openclaw-config` | `/home/node/.openclaw` | OpenClaw runtime data |
+| `openclaw-workspace` | `/home/node/.openclaw/workspace` | Agent workspace |
+| `gog-data` | `/data/gog` | gog OAuth tokens |
+| Host `./config` | `/data/config` | Config files (ro) |
+| Host `./secrets` | `/data/secrets` | Secrets (ro) |
+
+See `AGENTS.md` for full deployment details.

stack.yml

@@ -8,9 +8,18 @@ services:
       TERM: xterm-256color
       OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN}
       MOONSHOT_API_KEY: ${MOONSHOT_API_KEY}
+      OPENCLAW_CONFIG_DIR: /data/config
+      GOG_CONFIG_DIR: /data/gog
+      GOOGLE_APPLICATION_CREDENTIALS: /data/secrets/google-credentials.json
+      GOG_ACCOUNT: ${GOG_ACCOUNT:-}
     volumes:
       - openclaw-config:/home/node/.openclaw
       - openclaw-workspace:/home/node/.openclaw/workspace
+      # Mount configs and secrets from host (not baked into image)
+      - ./config:/data/config:ro
+      - ./secrets:/data/secrets:ro
+      # gog OAuth tokens persist here
+      - gog-data:/data/gog
     ports:
       - target: 18789
         published: ${OPENCLAW_GATEWAY_PORT:-18789}
@@ -28,6 +37,9 @@ services:
           - node.hostname == tpi-n1
     networks:
       - dokploy-network
+    # Add Gitea SSH access (if needed for git operations)
+    extra_hosts:
+      - "gitea.bendtstudio.com:192.168.2.130"
     command:
       [
         "node",
@@ -39,36 +51,10 @@ services:
         "18789",
       ]
 
-  # Note: CLI service is interactive and best run locally or via docker run
-  # Uncomment if you need it for specific use cases
-  # openclaw-cli:
-  #   image: ${OPENCLAW_IMAGE:-openclaw:local}
-  #   environment:
-  #     HOME: /home/node
-  #     TERM: xterm-256color
-  #     OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN}
-  #     BROWSER: echo
-  #     MOONSHOT_API_KEY: ${MOONSHOT_API_KEY}
-  #   volumes:
-  #     - openclaw-config:/home/node/.openclaw
-  #     - openclaw-workspace:/home/node/.openclaw/workspace
-  #   stdin_open: true
-  #   tty: true
-  #   init: true
-  #   deploy:
-  #     replicas: 1
-  #     placement:
-  #       constraints:
-  #         - node.hostname == tpi-n1
-  #     restart_policy:
-  #       condition: unless-stopped
-  #   networks:
-  #     - dokploy-network
-  #   entrypoint: ["node", "dist/index.js"]
-
 volumes:
   openclaw-config:
   openclaw-workspace:
+  gog-data:
 
 networks:
   dokploy-network: