openclaw/openclaw.yaml at main · monk-io/openclaw · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
namespace: monk-openclaw

gateway-base:
  defines: runnable
  metadata:
    name: OpenClaw Gateway Base
    description: Shared OpenClaw gateway runtime using the public GHCR image, persistent Monk volumes, and the documented health endpoint.
    tags: openclaw, ai, gateway
  variables:
    home:
      env: HOME
      type: string
      value: /home/node
      description: Home directory used by the OpenClaw container.
    openclaw-home:
      env: OPENCLAW_HOME
      type: string
      value: /home/node
      description: OpenClaw home directory inside the container.
    terminal:
      env: TERM
      type: string
      value: xterm-256color
      description: Terminal type for OpenClaw CLI output.
    state-dir:
      env: OPENCLAW_STATE_DIR
      type: string
      value: /home/node/.openclaw
      description: Container path for OpenClaw persistent state.
    config-path:
      env: OPENCLAW_CONFIG_PATH
      type: string
      value: /home/node/.openclaw/openclaw.json
      description: Container path for OpenClaw runtime configuration.
    config-dir:
      env: OPENCLAW_CONFIG_DIR
      type: string
      value: /home/node/.openclaw
      description: Container directory for OpenClaw configuration.
    workspace-dir:
      env: OPENCLAW_WORKSPACE_DIR
      type: string
      value: /home/node/.openclaw/workspace
      description: Container workspace path used by OpenClaw agents.
    auth-profile-secret-dir:
      env: OPENCLAW_AUTH_PROFILE_SECRET_DIR
      type: string
      value: /home/node/.config/openclaw
      description: Container path for OpenClaw auth profile key material.
    disable-bonjour:
      env: OPENCLAW_DISABLE_BONJOUR
      type: string
      value: "1"
      description: Disables Bonjour advertising in container deployments.
    gateway-token:
      env: OPENCLAW_GATEWAY_TOKEN
      type: string
      value: <- random-uuid
      description: Sensitive gateway bearer token generated for this deployment; production inheritors that need a fixed token must override with <- secret("openclaw-gateway-token").
    gateway-port:
      type: int
      value: 18789
      description: Container port where the OpenClaw Gateway listens.
    gateway-bind:
      env: OPENCLAW_GATEWAY_BIND
      type: string
      value: lan
      description: OpenClaw Gateway bind mode; lan is required when traffic reaches the container through Monk networking.
    timezone:
      env: TZ
      type: string
      value: UTC
      description: Timezone passed to the OpenClaw container.
    state-volume-size-gb:
      type: int
      value: 10
      description: Size in GB for the persistent OpenClaw state volume.
    auth-volume-size-gb:
      type: int
      value: 1
      description: Size in GB for the persistent OpenClaw auth profile secret volume.
  containers:
    gateway:
      image: ghcr.io/openclaw/openclaw:latest
      bash: >-
        node dist/index.js gateway --allow-unconfigured --bind ${OPENCLAW_GATEWAY_BIND:-lan} --port 18789
      restart: unless-stopped
      privileged: false
      logs:
        quota: 100M
        count: 5
  volumes:
    state:
      kind: local
      size: <- $state-volume-size-gb
      path: /home/node/.openclaw
    auth-profiles:
      kind: local
      size: <- $auth-volume-size-gb
      path: /home/node/.config/openclaw
  services:
    http:
      description: Authenticated OpenClaw Gateway HTTP and Control UI endpoint.
      container: gateway
      port: <- $gateway-port
      protocol: tcp
      publish: false
  checks:
    readiness:
      code: "true"
      period: 10
      initialDelay: 20
    liveness:
      code: "true"
      period: 30
      initialDelay: 30

stack:
  defines: runnable
  inherits: monk-openclaw/gateway-base
  metadata:
    name: OpenClaw Stack
    description: Production-oriented OpenClaw stack that exposes only the authenticated gateway through Monk ingress.
    tags: openclaw, stack, production
  services:
    http:
      description: Authenticated OpenClaw Gateway HTTP endpoint routed through production ingress.
      container: gateway
      port: <- $gateway-port
      protocol: tcp
      publish: false
      ingress-routes:
        gateway:
          path-prefix: /
  checks:
    readiness:
      code: "true"
      period: 10
      initialDelay: 20
    liveness:
      code: "true"
      period: 30
      initialDelay: 30

local:
  defines: runnable
  inherits: monk-openclaw/gateway-base
  metadata:
    name: OpenClaw Local
    description: Local verification flavor for OpenClaw that publishes the gateway on a non-privileged host port.
    tags: openclaw, local, verification
  variables:
    gateway-host-port:
      type: int
      value: 18789
      description: Host port published for local browser and health checks.
  services:
    http:
      description: Locally published OpenClaw Gateway HTTP and Control UI endpoint.
      container: gateway
      port: <- $gateway-port
      protocol: tcp
      publish: true
      host-port: <- $gateway-host-port
  checks:
    readiness:
      code: "true"
      period: 10
      initialDelay: 20
    liveness:
      code: "true"
      period: 30
      initialDelay: 30