From c18d02978baceec69f497be14589cc1ef32f49ec Mon Sep 17 00:00:00 2001 From: krakenhavoc Date: Mon, 9 Mar 2026 13:27:53 -0400 Subject: [PATCH 1/5] feat: add openclaw vm deployment --- .../deployments/lab/env/lab/terraform.tfvars | 13 ++++ terraform/deployments/lab/main.tf | 35 ++++++++++ .../lab/templates/setup-openclaw.yaml.tftpl | 66 +++++++++++++++++++ terraform/deployments/lab/variables.tf | 18 +++++ 4 files changed, 132 insertions(+) create mode 100644 terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl diff --git a/terraform/deployments/lab/env/lab/terraform.tfvars b/terraform/deployments/lab/env/lab/terraform.tfvars index b107099..20c406a 100644 --- a/terraform/deployments/lab/env/lab/terraform.tfvars +++ b/terraform/deployments/lab/env/lab/terraform.tfvars @@ -4,6 +4,19 @@ pve = { } vm_disk_datastore_id = "ssd_1641G_thin" vm_cloudinit_datastore_id = "ssd_1641G_thin" +openclaw = { + name_prefix = "openclaw" + description = "OpenClaw Gateway - Managed by Terraform" + tags = ["openclaw"] + bios = "ovmf" + cpu_cores = 4 + memory_mb = 16384 + os_disk_size = 50 + disk_interface = "virtio0" + network_bridge = "vmbr0" + vlan_id = 200 + admin_username = "krkn" +} pwnbox = { name_prefix = "pwnbox" description = "CTF Pwnbox - Managed by Terraform" diff --git a/terraform/deployments/lab/main.tf b/terraform/deployments/lab/main.tf index 172142e..b0861d2 100644 --- a/terraform/deployments/lab/main.tf +++ b/terraform/deployments/lab/main.tf @@ -1,3 +1,38 @@ +resource "proxmox_virtual_environment_file" "openclaw_cloudinit" { + provider = pve + content_type = "snippets" + datastore_id = "snippets" + node_name = var.pve.host + + source_raw { + data = templatefile("${path.module}/templates/setup-openclaw.yaml.tftpl", { + openclaw_hostname = var.openclaw.name_prefix + admin_username = var.openclaw.admin_username + }) + file_name = "setup-${var.openclaw.name_prefix}.yaml" + } +} + +module "openclaw" { + source = "git::https://github.com/krakenhavoc/HomeLab.git//terraform/modules/compute/pm-cloudinit-vm?ref=v0.2.0" + + vm_name = var.openclaw.name_prefix + vm_node_name = var.pve.host + vm_description = var.openclaw.description + vm_tags = var.openclaw.tags + vm_bios = var.openclaw.bios + clone_vm_id = data.proxmox_virtual_environment_vms.noble_template.vms[0].vm_id + vm_cpu_cores = var.openclaw.cpu_cores + vm_memory_mb = var.openclaw.memory_mb + vm_disk_datastore_id = var.vm_disk_datastore_id + vm_disk_interface = var.openclaw.disk_interface + vm_disk_size = var.openclaw.os_disk_size + vm_cloudinit_datastore_id = var.vm_cloudinit_datastore_id + vm_cloudinit_user_data_file_id = proxmox_virtual_environment_file.openclaw_cloudinit.id + vm_network_bridge = var.openclaw.network_bridge + vm_vlan_id = var.openclaw.vlan_id +} + resource "proxmox_virtual_environment_file" "pwnbox_cloudinit" { provider = pve content_type = "snippets" diff --git a/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl b/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl new file mode 100644 index 0000000..7eeb8d0 --- /dev/null +++ b/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl @@ -0,0 +1,66 @@ +#cloud-config +preserve_hostname: false +hostname: ${openclaw_hostname} +ssh_pwauth: false +package_update: true +package_upgrade: true +packages: + - qemu-guest-agent + - curl + - git + - openssl + - procps + +users: + - name: ${admin_username} + gecos: "OpenClaw Admin" + groups: sudo + shell: /bin/bash + sudo: "ALL=(ALL) NOPASSWD:ALL" + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZzMMk21CqtHkvN3b0euByxFNR042KCcot981yCwUlu + +runcmd: + - curl -fsSL https://deb.nodesource.com/setup_22.x | bash - + - apt-get install -y nodejs + - npm install -g pnpm@10.23.0 + - git clone -b fork https://github.com/krakenhavoc/openclaw.git /opt/openclaw + - cd /opt/openclaw && pnpm install + - cd /opt/openclaw && pnpm build + - cd /opt/openclaw && pnpm ui:build + - chown -R ${admin_username}:${admin_username} /opt/openclaw + - mkdir -p /home/${admin_username}/.openclaw + - chown -R ${admin_username}:${admin_username} /home/${admin_username}/.openclaw + - | + cat > /etc/systemd/system/openclaw-gateway.service < Date: Mon, 9 Mar 2026 14:19:46 -0400 Subject: [PATCH 2/5] fix: security hardening settings --- .../lab/templates/setup-openclaw.yaml.tftpl | 63 +++++++++++++++++-- 1 file changed, 59 insertions(+), 4 deletions(-) diff --git a/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl b/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl index 7eeb8d0..58ecf64 100644 --- a/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl +++ b/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl @@ -21,8 +21,9 @@ users: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZzMMk21CqtHkvN3b0euByxFNR042KCcot981yCwUlu runcmd: - - curl -fsSL https://deb.nodesource.com/setup_22.x | bash - - - apt-get install -y nodejs + - curl -fsSL https://nodejs.org/dist/v22.12.0/node-v22.12.0-linux-x64.tar.xz -o /tmp/node.tar.xz + - tar -xJf /tmp/node.tar.xz -C /usr/local --strip-components=1 + - rm /tmp/node.tar.xz - npm install -g pnpm@10.23.0 - git clone -b fork https://github.com/krakenhavoc/openclaw.git /opt/openclaw - cd /opt/openclaw && pnpm install @@ -30,6 +31,60 @@ runcmd: - cd /opt/openclaw && pnpm ui:build - chown -R ${admin_username}:${admin_username} /opt/openclaw - mkdir -p /home/${admin_username}/.openclaw + - | + cat > /home/${admin_username}/.openclaw/openclaw.json < /home/${admin_username}/.openclaw/.env - chown -R ${admin_username}:${admin_username} /home/${admin_username}/.openclaw - | cat > /etc/systemd/system/openclaw-gateway.service < Date: Mon, 9 Mar 2026 15:45:35 -0400 Subject: [PATCH 3/5] fix: minor settings change claude code installation --- .../lab/templates/setup-openclaw.yaml.tftpl | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl b/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl index 58ecf64..a4ffe92 100644 --- a/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl +++ b/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl @@ -25,14 +25,17 @@ runcmd: - tar -xJf /tmp/node.tar.xz -C /usr/local --strip-components=1 - rm /tmp/node.tar.xz - npm install -g pnpm@10.23.0 + - npm install -g @anthropic-ai/claude-code - git clone -b fork https://github.com/krakenhavoc/openclaw.git /opt/openclaw - cd /opt/openclaw && pnpm install - cd /opt/openclaw && pnpm build - cd /opt/openclaw && pnpm ui:build - chown -R ${admin_username}:${admin_username} /opt/openclaw + - printf '#!/bin/bash\nexec /usr/local/bin/node /opt/openclaw/openclaw.mjs "$@"\n' > /usr/local/bin/openclaw + - chmod +x /usr/local/bin/openclaw - mkdir -p /home/${admin_username}/.openclaw - | - cat > /home/${admin_username}/.openclaw/openclaw.json < /home/${admin_username}/.openclaw/openclaw.json <<'JSONEOF' { "meta": { "lastTouchedVersion": "2026.3.3", @@ -42,13 +45,13 @@ runcmd: "providers": { "azure-foundry": { "baseUrl": "https://eus2-foundry.services.ai.azure.com", - "apiKey": "$${AZURE_FOUNDRY_API_KEY}", + "apiKey": "${AZURE_FOUNDRY_API_KEY}", "api": "openai-completions", "models": [] }, "azure-gpt": { "baseUrl": "https://eus2-foundry.cognitiveservices.azure.com/openai", - "apiKey": "$${AZURE_FOUNDRY_API_KEY}", + "apiKey": "${AZURE_FOUNDRY_API_KEY}", "api": "openai-responses", "models": [] } @@ -83,7 +86,7 @@ runcmd: } } } - EOF + JSONEOF - echo "OPENCLAW_STATE_DIR=/home/${admin_username}/.openclaw" > /home/${admin_username}/.openclaw/.env - chown -R ${admin_username}:${admin_username} /home/${admin_username}/.openclaw - | @@ -97,8 +100,9 @@ runcmd: Type=simple User=${admin_username} WorkingDirectory=/opt/openclaw + Environment=HOME=/home/${admin_username} EnvironmentFile=-/home/${admin_username}/.openclaw/.env - ExecStart=/usr/bin/node /opt/openclaw/openclaw.mjs gateway --bind lan --port 18789 --allow-unconfigured + ExecStart=/usr/local/bin/node /opt/openclaw/openclaw.mjs gateway --bind lan --port 18789 Restart=always RestartSec=5 TimeoutStopSec=30 @@ -118,4 +122,4 @@ power_state: timeout: 30 condition: true -final_message: "${openclaw_hostname} is up. Populate /home/${admin_username}/.openclaw/.env and run: systemctl start openclaw-gateway" +final_message: "${openclaw_hostname} is up. Add API keys to /home/${admin_username}/.openclaw/.env and run: systemctl start openclaw-gateway" From 13b696733220d48af2264e0c81660d413a01ed0e Mon Sep 17 00:00:00 2001 From: krakenhavoc Date: Mon, 9 Mar 2026 15:55:06 -0400 Subject: [PATCH 4/5] fix: escape tftpl replacement --- terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl b/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl index a4ffe92..c89788b 100644 --- a/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl +++ b/terraform/deployments/lab/templates/setup-openclaw.yaml.tftpl @@ -45,13 +45,13 @@ runcmd: "providers": { "azure-foundry": { "baseUrl": "https://eus2-foundry.services.ai.azure.com", - "apiKey": "${AZURE_FOUNDRY_API_KEY}", + "apiKey": "$${AZURE_FOUNDRY_API_KEY}", "api": "openai-completions", "models": [] }, "azure-gpt": { "baseUrl": "https://eus2-foundry.cognitiveservices.azure.com/openai", - "apiKey": "${AZURE_FOUNDRY_API_KEY}", + "apiKey": "$${AZURE_FOUNDRY_API_KEY}", "api": "openai-responses", "models": [] } From 8ee29512142b12a9788b20db8a2f377430a5804c Mon Sep 17 00:00:00 2001 From: krakenhavoc Date: Tue, 17 Mar 2026 10:47:49 -0400 Subject: [PATCH 5/5] feat: add openclaw updater helper --- scripts/deployments/openclaw/update-openclaw.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 scripts/deployments/openclaw/update-openclaw.sh diff --git a/scripts/deployments/openclaw/update-openclaw.sh b/scripts/deployments/openclaw/update-openclaw.sh new file mode 100644 index 0000000..2883992 --- /dev/null +++ b/scripts/deployments/openclaw/update-openclaw.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -e + +cd /opt/openclaw +git pull origin fork +pnpm install +pnpm build +pnpm ui:build +sudo systemctl restart openclaw-gateway +echo "OpenClaw updated and restarted."