chore: update docker-compose and entrypoint script for directory structure changes
- Changed CLAWDBOT_STATE_DIR and CLAWDBOT_WORKSPACE_DIR paths from /data to /home/node for improved organization. - Updated GATEWAY_BIND default value from loopback to lan for broader accessibility. - Adjusted volume mappings in docker-compose for consistency with new directory structure. - Modified entrypoint script to reflect updated directory paths and ensure proper setup.
This commit is contained in:
parent
acf7491094
commit
3c4f74a337
@ -26,26 +26,26 @@ services:
|
||||
TELEGRAM_ALLOWED_USERS: ${TELEGRAM_ALLOWED_USERS:-}
|
||||
DISCORD_ALLOWED_USERS: ${DISCORD_ALLOWED_USERS:-}
|
||||
# Gateway configuration
|
||||
GATEWAY_BIND: ${GATEWAY_BIND:-loopback}
|
||||
GATEWAY_BIND: ${GATEWAY_BIND:-lan}
|
||||
GATEWAY_PORT: ${GATEWAY_PORT:-18789}
|
||||
GATEWAY_AUTH: ${GATEWAY_AUTH:-off}
|
||||
GATEWAY_TOKEN: ${GATEWAY_TOKEN:-}
|
||||
GATEWAY_PASSWORD: ${GATEWAY_PASSWORD:-}
|
||||
# Persistence paths inside container
|
||||
CLAWDBOT_STATE_DIR: /data/.clawdbot
|
||||
CLAWDBOT_WORKSPACE_DIR: /data/workspace
|
||||
CLAWDBOT_STATE_DIR: /home/node/.clawdbot
|
||||
CLAWDBOT_WORKSPACE_DIR: /home/node/clawd
|
||||
volumes:
|
||||
# Persistent storage for credentials, agents, sessions
|
||||
- clawdbot-data:/data
|
||||
- clawdbot-data:/home/node
|
||||
# Host network mode: container shares CVM's network stack
|
||||
# Gateway binds to loopback by default, accessible via CVM's public IP
|
||||
# Gateway binds to LAN (0.0.0.0) by default, accessible via dstack proxy
|
||||
network_mode: host
|
||||
restart: unless-stopped
|
||||
user: root
|
||||
command: >
|
||||
bash -c "
|
||||
mkdir -p /data/.clawdbot /data/workspace &&
|
||||
chown -R node:node /data &&
|
||||
mkdir -p /home/node/.clawdbot /home/node/clawd &&
|
||||
chown -R node:node /home/node &&
|
||||
su node -c '/bin/bash /app/scripts/docker-entrypoint-phala.sh'
|
||||
"
|
||||
|
||||
|
||||
@ -296,10 +296,10 @@ services:
|
||||
GATEWAY_PORT: ${GATEWAY_PORT:-18789}
|
||||
GATEWAY_AUTH: ${GATEWAY_AUTH:-off}
|
||||
# Persistence paths
|
||||
CLAWDBOT_STATE_DIR: /data/.clawdbot
|
||||
CLAWDBOT_WORKSPACE_DIR: /data/workspace
|
||||
CLAWDBOT_STATE_DIR: /home/node/.clawdbot
|
||||
CLAWDBOT_WORKSPACE_DIR: /home/node/clawd
|
||||
volumes:
|
||||
- clawdbot-data:/data
|
||||
- clawdbot-data:/home/node
|
||||
network_mode: host
|
||||
restart: unless-stopped
|
||||
|
||||
@ -387,8 +387,8 @@ Access your gateway URL to:
|
||||
| `GATEWAY_AUTH` | No | Gateway auth mode: `off`, `token`, or `password` (default: `off`) |
|
||||
| `GATEWAY_TOKEN` | No | Gateway token (required when `GATEWAY_AUTH=token`) |
|
||||
| `GATEWAY_PASSWORD` | No | Gateway password (required when `GATEWAY_AUTH=password`) |
|
||||
| `CLAWDBOT_STATE_DIR` | No | Config/credentials path (default: `/data/.clawdbot`) |
|
||||
| `CLAWDBOT_WORKSPACE_DIR` | No | Workspace path (default: `/data/workspace`) |
|
||||
| `CLAWDBOT_STATE_DIR` | No | Config/credentials path (default: `/home/node/.clawdbot`) |
|
||||
| `CLAWDBOT_WORKSPACE_DIR` | No | Workspace path (default: `/home/node/clawd`) |
|
||||
|
||||
### Securing Your Deployment
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
set -e
|
||||
|
||||
CONFIG_DIR="${CLAWDBOT_STATE_DIR:-/data/.clawdbot}"
|
||||
CONFIG_DIR="${CLAWDBOT_STATE_DIR:-/home/node/.clawdbot}"
|
||||
CONFIG_FILE="$CONFIG_DIR/clawdbot.json"
|
||||
|
||||
# Create state directory if it doesn't exist
|
||||
@ -38,7 +38,7 @@ if [ ! -f "$CONFIG_FILE" ] && [ -n "$REDPILL_API_KEY" ]; then
|
||||
--accept-risk \
|
||||
--mode local \
|
||||
--auth-choice redpill-api-key \
|
||||
--workspace "${CLAWDBOT_WORKSPACE_DIR:-/data/workspace}" \
|
||||
--workspace "${CLAWDBOT_WORKSPACE_DIR:-/home/node/clawd}" \
|
||||
--gateway-bind ${GATEWAY_BIND:-loopback} \
|
||||
$GATEWAY_AUTH_ARGS \
|
||||
--skip-daemon \
|
||||
@ -48,6 +48,12 @@ if [ ! -f "$CONFIG_FILE" ] && [ -n "$REDPILL_API_KEY" ]; then
|
||||
|
||||
echo "Auto-configuration complete."
|
||||
|
||||
# Enable password/token-only auth for remote Control UI access
|
||||
# This allows the web UI to connect without device pairing (Web Crypto API)
|
||||
# which is required for HTTPS proxy deployments like Phala dstack
|
||||
node dist/index.js config set gateway.controlUi.allowInsecureAuth true --json
|
||||
echo "✓ Control UI configured for remote access"
|
||||
|
||||
# Configure channel allowlists if user IDs are provided
|
||||
if [ -n "$TELEGRAM_ALLOWED_USERS" ] || [ -n "$DISCORD_ALLOWED_USERS" ]; then
|
||||
echo "Configuring channel allowlists..."
|
||||
|
||||
Loading…
Reference in New Issue
Block a user