chore: update docker-compose and entrypoint script for directory structure changes

- Changed CLAWDBOT_STATE_DIR and CLAWDBOT_WORKSPACE_DIR paths from /data to /home/node for improved organization.
- Updated GATEWAY_BIND default value from loopback to lan for broader accessibility.
- Adjusted volume mappings in docker-compose for consistency with new directory structure.
- Modified entrypoint script to reflect updated directory paths and ensure proper setup.
This commit is contained in:
HashWarlock 2026-01-26 22:26:08 -06:00
parent acf7491094
commit 3c4f74a337
3 changed files with 20 additions and 14 deletions

View File

@ -26,26 +26,26 @@ services:
TELEGRAM_ALLOWED_USERS: ${TELEGRAM_ALLOWED_USERS:-} TELEGRAM_ALLOWED_USERS: ${TELEGRAM_ALLOWED_USERS:-}
DISCORD_ALLOWED_USERS: ${DISCORD_ALLOWED_USERS:-} DISCORD_ALLOWED_USERS: ${DISCORD_ALLOWED_USERS:-}
# Gateway configuration # Gateway configuration
GATEWAY_BIND: ${GATEWAY_BIND:-loopback} GATEWAY_BIND: ${GATEWAY_BIND:-lan}
GATEWAY_PORT: ${GATEWAY_PORT:-18789} GATEWAY_PORT: ${GATEWAY_PORT:-18789}
GATEWAY_AUTH: ${GATEWAY_AUTH:-off} GATEWAY_AUTH: ${GATEWAY_AUTH:-off}
GATEWAY_TOKEN: ${GATEWAY_TOKEN:-} GATEWAY_TOKEN: ${GATEWAY_TOKEN:-}
GATEWAY_PASSWORD: ${GATEWAY_PASSWORD:-} GATEWAY_PASSWORD: ${GATEWAY_PASSWORD:-}
# Persistence paths inside container # Persistence paths inside container
CLAWDBOT_STATE_DIR: /data/.clawdbot CLAWDBOT_STATE_DIR: /home/node/.clawdbot
CLAWDBOT_WORKSPACE_DIR: /data/workspace CLAWDBOT_WORKSPACE_DIR: /home/node/clawd
volumes: volumes:
# Persistent storage for credentials, agents, sessions # Persistent storage for credentials, agents, sessions
- clawdbot-data:/data - clawdbot-data:/home/node
# Host network mode: container shares CVM's network stack # Host network mode: container shares CVM's network stack
# Gateway binds to loopback by default, accessible via CVM's public IP # Gateway binds to LAN (0.0.0.0) by default, accessible via dstack proxy
network_mode: host network_mode: host
restart: unless-stopped restart: unless-stopped
user: root user: root
command: > command: >
bash -c " bash -c "
mkdir -p /data/.clawdbot /data/workspace && mkdir -p /home/node/.clawdbot /home/node/clawd &&
chown -R node:node /data && chown -R node:node /home/node &&
su node -c '/bin/bash /app/scripts/docker-entrypoint-phala.sh' su node -c '/bin/bash /app/scripts/docker-entrypoint-phala.sh'
" "

View File

@ -296,10 +296,10 @@ services:
GATEWAY_PORT: ${GATEWAY_PORT:-18789} GATEWAY_PORT: ${GATEWAY_PORT:-18789}
GATEWAY_AUTH: ${GATEWAY_AUTH:-off} GATEWAY_AUTH: ${GATEWAY_AUTH:-off}
# Persistence paths # Persistence paths
CLAWDBOT_STATE_DIR: /data/.clawdbot CLAWDBOT_STATE_DIR: /home/node/.clawdbot
CLAWDBOT_WORKSPACE_DIR: /data/workspace CLAWDBOT_WORKSPACE_DIR: /home/node/clawd
volumes: volumes:
- clawdbot-data:/data - clawdbot-data:/home/node
network_mode: host network_mode: host
restart: unless-stopped restart: unless-stopped
@ -387,8 +387,8 @@ Access your gateway URL to:
| `GATEWAY_AUTH` | No | Gateway auth mode: `off`, `token`, or `password` (default: `off`) | | `GATEWAY_AUTH` | No | Gateway auth mode: `off`, `token`, or `password` (default: `off`) |
| `GATEWAY_TOKEN` | No | Gateway token (required when `GATEWAY_AUTH=token`) | | `GATEWAY_TOKEN` | No | Gateway token (required when `GATEWAY_AUTH=token`) |
| `GATEWAY_PASSWORD` | No | Gateway password (required when `GATEWAY_AUTH=password`) | | `GATEWAY_PASSWORD` | No | Gateway password (required when `GATEWAY_AUTH=password`) |
| `CLAWDBOT_STATE_DIR` | No | Config/credentials path (default: `/data/.clawdbot`) | | `CLAWDBOT_STATE_DIR` | No | Config/credentials path (default: `/home/node/.clawdbot`) |
| `CLAWDBOT_WORKSPACE_DIR` | No | Workspace path (default: `/data/workspace`) | | `CLAWDBOT_WORKSPACE_DIR` | No | Workspace path (default: `/home/node/clawd`) |
### Securing Your Deployment ### Securing Your Deployment

View File

@ -3,7 +3,7 @@
set -e set -e
CONFIG_DIR="${CLAWDBOT_STATE_DIR:-/data/.clawdbot}" CONFIG_DIR="${CLAWDBOT_STATE_DIR:-/home/node/.clawdbot}"
CONFIG_FILE="$CONFIG_DIR/clawdbot.json" CONFIG_FILE="$CONFIG_DIR/clawdbot.json"
# Create state directory if it doesn't exist # Create state directory if it doesn't exist
@ -38,7 +38,7 @@ if [ ! -f "$CONFIG_FILE" ] && [ -n "$REDPILL_API_KEY" ]; then
--accept-risk \ --accept-risk \
--mode local \ --mode local \
--auth-choice redpill-api-key \ --auth-choice redpill-api-key \
--workspace "${CLAWDBOT_WORKSPACE_DIR:-/data/workspace}" \ --workspace "${CLAWDBOT_WORKSPACE_DIR:-/home/node/clawd}" \
--gateway-bind ${GATEWAY_BIND:-loopback} \ --gateway-bind ${GATEWAY_BIND:-loopback} \
$GATEWAY_AUTH_ARGS \ $GATEWAY_AUTH_ARGS \
--skip-daemon \ --skip-daemon \
@ -48,6 +48,12 @@ if [ ! -f "$CONFIG_FILE" ] && [ -n "$REDPILL_API_KEY" ]; then
echo "Auto-configuration complete." echo "Auto-configuration complete."
# Enable password/token-only auth for remote Control UI access
# This allows the web UI to connect without device pairing (Web Crypto API)
# which is required for HTTPS proxy deployments like Phala dstack
node dist/index.js config set gateway.controlUi.allowInsecureAuth true --json
echo "✓ Control UI configured for remote access"
# Configure channel allowlists if user IDs are provided # Configure channel allowlists if user IDs are provided
if [ -n "$TELEGRAM_ALLOWED_USERS" ] || [ -n "$DISCORD_ALLOWED_USERS" ]; then if [ -n "$TELEGRAM_ALLOWED_USERS" ] || [ -n "$DISCORD_ALLOWED_USERS" ]; then
echo "Configuring channel allowlists..." echo "Configuring channel allowlists..."