FROM node:22-slim # ========= 1. 安装系统依赖 + Chromium 浏览器 ========= RUN apt-get update && apt-get install -y --no-install-recommends \ git ca-certificates build-essential python3 python3-pip curl \ chromium \ libnss3 libatk-bridge2.0-0 libdrm2 libxkbcommon0 libgbm1 libasound2 \ && rm -rf /var/lib/apt/lists/* ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium RUN pip3 install --no-cache-dir huggingface_hub --break-system-packages RUN npm install -g openclaw@latest --unsafe-perm RUN npx -y @tencent-weixin/openclaw-weixin-cli@latest install ENV PORT=7860 \ OPENCLAW_GATEWAY_MODE=local \ HOME=/root # 设置环境变量,防止 doctor 自动启用 Telegram ENV OPENCLAW_DISABLE_TELEGRAM=1 # ========= 2. 完整的 sync.py 备份恢复脚本 ========= RUN cat > /usr/local/bin/sync.py << 'SYNC_EOF' import os, sys, tarfile from huggingface_hub import HfApi, hf_hub_download from datetime import datetime, timedelta import subprocess import time api = HfApi() repo_id = os.getenv("HF_DATASET") token = os.getenv("HF_TOKEN") def restore(): try: print(f"--- [SYNC] 启动恢复流程, 目标仓库: {repo_id} ---") if not repo_id or not token: print("--- [SYNC] 跳过恢复: 未配置 HF_DATASET 或 HF_TOKEN ---") return False files = api.list_repo_files(repo_id=repo_id, repo_type="dataset", token=token) now = datetime.now() for i in range(5): day = (now - timedelta(days=i)).strftime("%Y-%m-%d") name = f"backup_{day}.tar.gz" if name in files: print(f"--- [SYNC] 发现备份文件: {name}, 正在下载... ---") path = hf_hub_download(repo_id=repo_id, filename=name, repo_type="dataset", token=token) with tarfile.open(path, "r:gz") as tar: tar.extractall(path="/root/.openclaw/") print(f"--- [SYNC] 恢复成功! 数据已覆盖至 /root/.openclaw/ ---") return True print("--- [SYNC] 未找到最近 5 天的备份包 ---") except Exception as e: print(f"--- [SYNC] 恢复异常: {e} ---") def backup(): try: day = datetime.now().strftime("%Y-%m-%d") name = f"backup_{day}.tar.gz" print(f"--- [SYNC] 正在执行全量备份: {name} ---") with tarfile.open(name, "w:gz") as tar: for target in ["sessions", "workspace", "agents", "memory", "openclaw.json", "wechat-data"]: full_path = f"/root/.openclaw/{target}" if os.path.exists(full_path): tar.add(full_path, arcname=target) api.upload_file(path_or_fileobj=name, path_in_repo=name, repo_id=repo_id, repo_type="dataset", token=token) print(f"--- [SYNC] 备份上传成功! ---") for _ in range(3): try: result = subprocess.run(["openclaw", "wechat", "send", "--to=me", f"备份成功: {name}"], capture_output=True, timeout=10) if result.returncode == 0: break except Exception: pass time.sleep(5) except Exception as e: print(f"--- [SYNC] 备份失败: {e} ---") if __name__ == "__main__": if len(sys.argv) > 1 and sys.argv[1] == "backup": backup() else: restore() SYNC_EOF RUN chmod +x /usr/local/bin/sync.py # ========= 3. 启动脚本 start-openclaw(禁用 Telegram + 前台 exec) ========= RUN cat > /usr/local/bin/start-openclaw << 'EOF' #!/bin/bash set -e echo "Starting OpenClaw gateway..." python3 /usr/local/bin/sync.py restore # 彻底删除 Telegram 所有残留文件 rm -rf /root/.openclaw/agents/main/agent/channels/telegram rm -rf /root/.openclaw/credentials/telegram rm -rf /root/.openclaw/agents/main/agent/telegram* rm -rf /root/.openclaw/agents/main/agent/channels/telegram* rm -f /root/.openclaw/agents/main/agent/auth-profiles.json find /root/.openclaw -name "*telegram*" -exec rm -rf {} + 2>/dev/null || true mkdir -p /root/.openclaw/sessions mkdir -p /root/.openclaw/workspace mkdir -p /root/.openclaw/workspace/memory mkdir -p /root/.openclaw/wechat-data touch /root/.openclaw/workspace/MEMORY.md DATE=$(date +%Y-%m-%d) touch /root/.openclaw/workspace/memory/$DATE.md CLEAN_BASE=$(echo "$OPENAI_API_BASE" | sed "s|/chat/completions||g" | sed "s|/v1/|/v1|g" | sed "s|/v1$|/v1|g") if [ -n "$GEMINI_API_KEY" ]; then PROVIDER="google" API_KEY_VAR="$GEMINI_API_KEY" BASE_URL_VAR="https://generativelanguage.googleapis.com/v1beta" MODEL_VAR="$MODEL" PRIMARY_MODEL="google/$MODEL_VAR" API_TYPE="google-generative-ai" else PROVIDER="openai" API_KEY_VAR="$OPENAI_API_KEY" BASE_URL_VAR="$CLEAN_BASE" MODEL_VAR="$MODEL" PRIMARY_MODEL="openai/$MODEL_VAR" API_TYPE="openai-completions" fi # 写入 openclaw.json(显式禁用 telegram) cat > /root/.openclaw/openclaw.json <