| FROM node:22-slim |
|
|
| # Install system dependencies |
| RUN apt-get update && apt-get install -y --no-install-recommends \ |
| git openssh-client build-essential python3 python3-pip \ |
| g++ make ca-certificates curl chromium tzdata \ |
| libnss3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 \ |
| libxcomposite1 libxdamage1 libxext6 libxfixes3 libxrandr2 \ |
| libgbm1 libasound2 libpangocairo-1.0-0 libpango-1.0-0 \ |
| && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ |
| && echo "Asia/Shanghai" > /etc/timezone \ |
| && rm -rf /var/lib/apt/lists/* |
|
|
| # Install Python packages |
| RUN pip3 install --no-cache-dir huggingface_hub --break-system-packages |
|
|
| # Git and CA config |
| RUN update-ca-certificates && \ |
| git config --global http.sslVerify false && \ |
| git config --global url."https://github.com/".insteadOf ssh://git@github.com/ |
|
|
| ENV HOME=/root |
| ENV PORT=7860 \ |
| OPENCLAW_GATEWAY_MODE=local \ |
| OPENCLAW_BROWSER_PATH=/usr/bin/chromium |
|
|
| # Install OpenClaw |
| RUN npm install -g openclaw@latest zod --unsafe-perm |
|
|
| # Generate sync.py using a Heredoc to avoid syntax/escaping issues |
| RUN cat <<'EOF' > /usr/local/bin/sync.py |
| import os, sys, tarfile |
| from huggingface_hub import HfApi, hf_hub_download |
| from datetime import datetime, timedelta |
|
|
| api = HfApi() |
| repo_id = os.getenv("HF_DATASET") |
| token = os.getenv("HF_TOKEN") |
|
|
| def restore(): |
| try: |
| print(f"--- [SYNC] Start recovery process, target repository: {repo_id} ---") |
| if repo_id and token: |
| files = api.list_repo_files(repo_id=repo_id, repo_type="dataset", token=token) |
| now = datetime.now() |
| found = False |
| for i in range(5): |
| day = (now - timedelta(days=i)).strftime("%Y-%m-%d") |
| name = f"backup_{day}.tar.gz" |
| if name in files: |
| print(f"--- [SYNC] Backup file found: {name}, Downloading... ---") |
| path = hf_hub_download(repo_id=repo_id, filename=name, repo_type="dataset", token=token) |
| with tarfile.open(path, "r:gz") as tar: |
| tar.extractall(path="/root/.openclaw/") |
| print(f"--- [SYNC] Recovery successful! ---") |
| found = True |
| break |
| if not found: |
| print("--- [SYNC] No backup packages found for the last 5 days---") |
| else: |
| print("--- [SYNC] Skip recovery: HF_DATASET or HF_TOKEN not configured ---") |
|
|
| # Clean up .lock files |
| count = 0 |
| for root, dirs, fs in os.walk("/root/.openclaw/"): |
| for f in fs: |
| if f.endswith(".lock"): |
| try: |
| os.remove(os.path.join(root, f)) |
| count += 1 |
| except: pass |
| if count > 0: |
| print(f"--- [SYNC] {count} residual lock files cleaned up---") |
| return True |
| except Exception as e: |
| print(f"--- [SYNC] Recovery Exception: {e} ---") |
|
|
| def backup(): |
| try: |
| day = datetime.now().strftime("%Y-%m-%d") |
| name = f"backup_{day}.tar.gz" |
| print(f"--- [SYNC] Performing a full backup: {name} ---") |
| def lock_filter(tarinfo): |
| if tarinfo.name.endswith(".lock"): return None |
| return tarinfo |
| with tarfile.open(name, "w:gz") as tar: |
| for target in ["sessions", "workspace", "agents", "memory", "plugins", "openclaw.json"]: |
| full_path = f"/root/.openclaw/{target}" |
| if os.path.exists(full_path): |
| tar.add(full_path, arcname=target, filter=lock_filter) |
| if repo_id and token: |
| api.upload_file(path_or_fileobj=name, path_in_repo=name, repo_id=repo_id, repo_type="dataset", token=token) |
| print("--- [SYNC] Backup upload successful! ---") |
| except Exception as e: |
| print(f"--- [SYNC] Backup failed: {e} ---") |
|
|
| if __name__ == "__main__": |
| if len(sys.argv) > 1 and sys.argv[1] == "backup": |
| backup() |
| else: |
| restore() |
| EOF |
|
|
| # Create startup script |
| RUN cat <<'EOF' > /usr/local/bin/start-openclaw |
| #!/bin/bash |
| set -e |
| mkdir -p /root/.openclaw/{sessions,workspace,plugins,agents/main/sessions,credentials} |
| ln -s /root/.openclaw/workspace /root/.openclaw/memory || true |
| chmod 700 /root/.openclaw || true |
|
|
| python3 /usr/local/bin/sync.py restore || true |
|
|
| export OPENCLAW_GATEWAY_TOKEN="${OPENCLAW_GATEWAY_PASSWORD}" |
| CLEAN_BASE=$(echo "${OPENAI_API_BASE}" | sed "s|/chat/completions||g" | sed "s|/v1/|/v1|g" | sed "s|/v1$|/v1|g") |
|
|
| cat > /root/.openclaw/openclaw.json <<EOC |
| { |
| "models": { |
| "mode": "merge", |
| "providers": { |
| "zai": { |
| "baseUrl": "${CLEAN_BASE}", |
| "apiKey": "${OPENAI_API_KEY}", |
| "api": "openai-completions", |
| "models": [ |
| {"id": "glm-4.7", "name": "GLM-4.7 Coding", "contextWindow": 200000, "maxTokens": 8192}, |
| {"id": "glm-5", "name": "GLM-5", "contextWindow": 200000, "maxTokens": 8192} |
| ] |
| } |
| } |
| }, |
| "agents": { |
| "defaults": { |
| "model": {"primary": "zai/glm-4.7"}, |
| "workspace": "~/.openclaw/workspace" |
| } |
| }, |
| "gateway": { |
| "mode": "local", "bind": "lan", "port": ${PORT}, |
| "trustedProxies": ["0.0.0.0/0"], |
| "auth": { "mode": "token", "token": "${OPENCLAW_GATEWAY_PASSWORD}" }, |
| "controlUi": { "allowInsecureAuth": true } |
| } |
| } |
| EOC |
|
|
| (while true; do sleep 10800; python3 /usr/local/bin/sync.py backup || true; done) & |
|
|
| openclaw doctor --fix || true |
| exec openclaw gateway run --port ${PORT} |
| EOF |
|
|
| RUN chmod +x /usr/local/bin/start-openclaw |
|
|
| EXPOSE 7860 |
| CMD ["/usr/local/bin/start-openclaw"] |
