| |
| FROM node:22-slim |
|
|
| |
| |
| RUN apt-get update && apt-get install -y --no-install-recommends \ |
| git openssh-client build-essential python3 python3-pip \ |
| g++ make ca-certificates \ |
| && rm -rf /var/lib/apt/lists/* |
|
|
| |
| RUN pip3 install --no-cache-dir huggingface_hub --break-system-packages |
|
|
| |
| |
| RUN update-ca-certificates && \ |
| git config --global http.sslVerify false && \ |
| git config --global url."https://github.com/".insteadOf ssh://git@github.com/ |
|
|
| |
| RUN npm install -g openclaw@latest --unsafe-perm |
|
|
| |
| ENV PORT=7860 \ |
| OPENCLAW_GATEWAY_MODE=local \ |
| HOME=/root |
|
|
| |
| |
| RUN echo 'import os, sys, re, tarfile\n\ |
| from huggingface_hub import HfApi, hf_hub_download\n\ |
| from datetime import datetime\n\ |
| api = HfApi()\n\ |
| repo_id = os.getenv("HF_DATASET")\n\ |
| token = os.getenv("HF_TOKEN")\n\ |
| OLD_PATTERN = re.compile(r"^backup_(\\d{4})-(\\d{2})-(\\d{2})\\.tar\\.gz$")\n\ |
| NEW_PATTERN = re.compile(r"^backup_(\\d{8})_(\\d{6})\\.tar\\.gz$")\n\ |
| \n\ |
| def _sort_key(name):\n\ |
| m_new = NEW_PATTERN.match(name)\n\ |
| if m_new:\n\ |
| return m_new.group(1) + m_new.group(2)\n\ |
| m_old = OLD_PATTERN.match(name)\n\ |
| if m_old:\n\ |
| return m_old.group(1) + m_old.group(2) + m_old.group(3) + "000000"\n\ |
| return ""\n\ |
| \n\ |
| def restore():\n\ |
| try:\n\ |
| print(f"--- [SYNC] 启动恢复流程, 目标仓库: {repo_id} ---")\n\ |
| if not repo_id or not token:\n\ |
| print("--- [SYNC] 跳过恢复: 未配置 HF_DATASET 或 HF_TOKEN ---")\n\ |
| return False\n\ |
| files = api.list_repo_files(repo_id=repo_id, repo_type="dataset", token=token)\n\ |
| backups = [f for f in files if OLD_PATTERN.match(f) or NEW_PATTERN.match(f)]\n\ |
| backups.sort(key=_sort_key, reverse=True)\n\ |
| if not backups:\n\ |
| print("--- [SYNC] 未找到任何备份包 ---")\n\ |
| return False\n\ |
| latest = backups[0]\n\ |
| print(f"--- [SYNC] 发现最新备份: {latest}, 正在下载... ---")\n\ |
| path = hf_hub_download(repo_id=repo_id, filename=latest, repo_type="dataset", token=token)\n\ |
| with tarfile.open(path, "r:gz") as tar: tar.extractall(path="/root/.openclaw/")\n\ |
| print(f"--- [SYNC] 恢复成功! 数据已覆盖至 /root/.openclaw/ ---")\n\ |
| return True\n\ |
| except Exception as e: print(f"--- [SYNC] 恢复异常: {e} ---")\n\ |
| \n\ |
| def backup():\n\ |
| try:\n\ |
| ts = datetime.now().strftime("%Y%m%d_%H%M%S")\n\ |
| name = f"backup_{ts}.tar.gz"\n\ |
| print(f"--- [SYNC] 正在执行全量备份: {name} ---")\n\ |
| with tarfile.open(name, "w:gz") as tar:\n\ |
| base = "/root/.openclaw"\n\ |
| for item in os.listdir(base):\n\ |
| tar.add(os.path.join(base, item), arcname=item)\n\ |
| api.upload_file(path_or_fileobj=name, path_in_repo=name, repo_id=repo_id, repo_type="dataset", token=token)\n\ |
| print(f"--- [SYNC] 备份上传成功! ---")\n\ |
| except Exception as e: print(f"--- [SYNC] 备份失败: {e} ---")\n\ |
| \n\ |
| if __name__ == "__main__":\n\ |
| if len(sys.argv) > 1 and sys.argv[1] == "backup": backup()\n\ |
| else: restore()' > /usr/local/bin/sync.py |
|
|
| |
| |
| RUN echo "#!/bin/bash\n\ |
| set -e\n\ |
| mkdir -p /root/.openclaw/sessions\n\ |
| mkdir -p /root/.openclaw/workspace\n\ |
| \n\ |
| # 启动前判断是否需要恢复数据(已有配置文件则跳过)\n\ |
| if [ ! -f /root/.openclaw/openclaw.json ]; then\n\ |
| echo \"--- [START] 未检测到 openclaw.json,执行数据恢复 ---\"\n\ |
| python3 /usr/local/bin/sync.py restore\n\ |
| else\n\ |
| echo \"--- [START] 检测到 openclaw.json,跳过数据恢复 ---\"\n\ |
| fi\n\ |
| \n\ |
| # 仅在配置文件不存在时生成默认配置(避免覆盖用户自定义配置)\n\ |
| if [ ! -f /root/.openclaw/openclaw.json ]; then\n\ |
| CLEAN_BASE=\$(echo \"\$OPENAI_API_BASE\" | sed \"s|/chat/completions||g\" | sed \"s|/v1/|/v1|g\" | sed \"s|/v1\$|/v1|g\")\n\ |
| echo \"--- [START] 生成默认 openclaw.json 配置 ---\"\n\ |
| cat > /root/.openclaw/openclaw.json <<EOF\n\ |
| {\n\ |
| \"models\": {\n\ |
| \"providers\": {\n\ |
| \"zai\": {\n\ |
| \"baseUrl\": \"\$CLEAN_BASE\",\n\ |
| \"apiKey\": \"\$OPENAI_API_KEY\",\n\ |
| \"api\": \"openai-completions\",\n\ |
| \"models\": [{ \"id\": \"\$MODEL\", \"name\": \"GLM-4.7-Flash\", \"contextWindow\": 204800 }]\n\ |
| }\n\ |
| }\n\ |
| },\n\ |
| \"agents\": { \"defaults\": { \"model\": { \"primary\": \"zai/\$MODEL\" } } },\n\ |
| \"gateway\": {\n\ |
| \"mode\": \"local\", \"bind\": \"custom\", \"customBindHost\": \"0.0.0.0\", \"port\": \$PORT,\n\ |
| \"trustedProxies\": [\"0.0.0.0/0\", \"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\"],\n\ |
| \"auth\": { \"mode\": \"token\", \"token\": \"\$OPENCLAW_GATEWAY_PASSWORD\" },\n\ |
| \"controlUi\": { \"enabled\": true, \"allowInsecureAuth\": true, \"dangerouslyDisableDeviceAuth\": true, \"dangerouslyAllowHostHeaderOriginFallback\": true }\n\ |
| }\n\ |
| }\n\ |
| EOF\n\ |
| else\n\ |
| echo \"--- [START] 检测到已有 openclaw.json,跳过配置生成 ---\"\n\ |
| fi\n\ |
| \n\ |
| # 启动定时备份进程 (每 3 小时执行一次,增强安全性)\n\ |
| (while true; do sleep 10800; python3 /usr/local/bin/sync.py backup; done) &\n\ |
| \n\ |
| # 每次启动前备份一次\n\ |
| # python3 /usr/local/bin/sync.py backup\n\ |
| # 启动 OpenClaw 网关\n\ |
| openclaw doctor --fix\n\ |
| exec openclaw gateway run --port \$PORT\n\ |
| " > /usr/local/bin/start-openclaw && chmod +x /usr/local/bin/start-openclaw |
|
|
| |
| |
|
|
| EXPOSE 7860 |
| CMD ["/usr/local/bin/start-openclaw"] |
