mirror of
https://github.com/treyturner/openclaw.git
synced 2026-06-14 21:19:30 -05:00
A personalized OpenClaw image built on top of ghcr.io/openclaw/openclaw
- Dockerfile 100%
| .github | ||
| patches | ||
| ticktick-mcp | ||
| .dockerignore | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||
treyturner/openclaw
Custom OpenClaw image built on top of ghcr.io/openclaw/openclaw with:
- MCPs installed and configured for use:
- Playwright (
@playwright/mcp) - TickTick (
dev-mirzabicer/ticktick)
- Playwright (
- Chromium browser
- Commonly needed workflow utilities:
- bash with
openclawcompletion - curl
- docker cli for sandboxing
- ffmpeg
- git
- imagemagick
- jq
- openssh-client
- python3-venv
- rsync
- vim
- yq
- bash with
Usage
Example .env:
# Host mount paths
OPENCLAW_USER_BASE=/mnt/cache/appdata/openclaw
# Gateway settings
OPENCLAW_GATEWAY_BIND=lan
# Auth token (generate once with `openssl rand -hex 32`)
OPENCLAW_GATEWAY_TOKEN=
# API keys
ANTHROPIC_API_KEY=
#BRAVE_API_KEY=
#OPENAI_API_KEY=
TAVILY_API_KEY=
# TickTick
## All vars mandatory, see https://github.com/dev-mirzabicer/ticktick-sdk#the-two-api-problem
## see https://developer.ticktick.com/manage to create your client ID/secret. Set an OAuth
## redirect URL of http://127.0.0.1:8080/callback
## Access token is retrieved via `ticktick-sdk auth` and is good for 180 days
TICKTICK_ACCESS_TOKEN=
TICKTICK_CLIENT_ID=
TICKTICK_CLIENT_SECRET=
TICKTICK_PASSWORD=
TICKTICK_USERNAME=
# Optional
OPENCLAW_EXTRA_MOUNTS=
Example docker-compose.yml:
x-hardening: &hardening
user: "node:node"
tmpfs:
- /tmp:rw,nosuid,nodev,size=1g
- /run:rw,nosuid,nodev,size=64m
pids_limit: 512
x-environment: &environment
OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN}
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
BRAVE_API_KEY: ${BRAVE_API_KEY}
OPENAI_API_KEY: ${OPENAI_API_KEY}
TAVILY_API_KEY: ${TAVILY_API_KEY}
TICKTICK_ACCESS_TOKEN: ${TICKTICK_ACCESS_TOKEN}
TICKTICK_CLIENT_ID: ${TICKTICK_CLIENT_ID}
TICKTICK_CLIENT_SECRET: ${TICKTICK_CLIENT_SECRET}
TICKTICK_PASSWORD: ${TICKTICK_PASSWORD}
TICKTICK_USERNAME: ${TICKTICK_USERNAME}
x-volumes: &volumes
- ${OPENCLAW_USER_BASE}/config:/home/node/.openclaw
services:
gateway:
<<: *hardening
image: ghcr.io/treyturner/openclaw
container_name: openclaw
environment:
<<: *environment
volumes: *volumes
ports:
- "${OPENCLAW_GATEWAY_PORT:-18789}:18789"
- "${OPENCLAW_BRIDGE_PORT:-18790}:18790"
init: true
restart: unless-stopped
command:
[
"node", "dist/index.js", "gateway",
"--bind", "${OPENCLAW_GATEWAY_BIND:-lan}",
"--port", "18789"
]
cli:
<<: *hardening
image: ghcr.io/treyturner/openclaw
profiles: ["cli"]
container_name: openclaw_cli
environment:
<<: *environment
BROWSER: echo
volumes: *volumes
stdin_open: true
tty: true
init: true
entrypoint: ["node", "dist/index.js"]
networks:
default:
name: openclaw
Build strategy
This repo builds and publishes only when the upstream base image digest changes.
Workflow:
- Check digest of
ghcr.io/openclaw/openclaw:latest - Skip if image tag
base-<digest-short>already exists - Build candidate image (single build, local load)
- Run smoke test (
playwrightlaunches chromium and loadsexample.com) - Tag + push if test passes
Schedule: daily at 08:00 UTC + manual dispatch.
Published tags
latestdailyYYYYMMDD<short git sha>base-<upstream-digest-short>
Build args
Extra packages can be baked into the image by adding them to space-separated strings set into:
EXTRA_APT_PKGSEXTRA_NPM_GLOBAL_PKGSEXTRA_NPM_LOCAL_PKGSEXTRA_PIP_PKGS
Notes
- This repository contains packaging/build customization.
- Upstream OpenClaw licensing still applies to upstream components included in the final image.