feat(openclaw): deploy OpenClaw AI chatbot gateway on VM 120

- Add Docker Compose configs with security hardening (cap_drop ALL, non-root, read-only FS) - Add Prometheus node_exporter scrape target for 192.168.2.120:9100 - Update services/README.md, INDEX.md, and CLAUDE_STATUS.md with VM 120 - Image pinned to v2026.2.1 (patches CVE-2026-25253) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 18:07:09 -07:00
parent e481c95da4
commit e08951de21
9 changed files with 1031 additions and 20 deletions
--- a/services/README.md
+++ b/services/README.md
@@ -321,7 +321,7 @@ The Twingate connector is configured via the Twingate Admin Console:
 - Proxmox Web UI (192.168.2.200:8006)
 - Grafana Monitoring (192.168.2.114:3000)
 - Nginx Proxy Manager (192.168.2.101:81)
- n8n Workflows (192.168.2.107:5678)
+- n8n Workflows (192.168.2.113:5678)
 - Development VMs and services

 **Access Policies**:
@@ -331,6 +331,39 @@ The Twingate connector is configured via the Twingate Admin Console:

 ---

+## OpenClaw - AI Chatbot Gateway
+
+**Directory**: `openclaw/`
+**Deployment**: VM 120 (openclaw) at 192.168.2.120
+**Ports**:
+- 18789 (Gateway WebSocket + UI)
+- 18790 (Bridge)
+- 1455 (OAuth)
+
+**Description**: Multi-platform AI chatbot gateway bridging messaging platforms (Discord, Telegram, Slack, WhatsApp) with LLM providers (Anthropic, OpenAI, Ollama)
+**Image**: ghcr.io/openclaw/openclaw:2026.2.1
+
+**Key Features**:
+- Multi-provider LLM support (Anthropic, OpenAI, Ollama)
+- Multi-platform messaging integration
+- WebSocket gateway with web UI
+- Pairing-based DM security policy
+- Hardened container (cap_drop ALL, non-root, read-only filesystem)
+
+**Security Note**: Version must be >= 2026.2.1 (CVE-2026-25253 patch). All ports bound to localhost only; access via Nginx Proxy Manager reverse proxy at openclaw.apophisnetworking.net.
+
+**Deployment**:
+```bash
+cd openclaw
+cp .env.example .env
+# Edit .env: add GATEWAY_TOKEN (openssl rand -hex 32) and at least one LLM API key
+docker compose up -d
+```
+
+**Complete Documentation**: See `services/openclaw/README.md`
+
+---
+
 ## General Deployment Instructions

 ### Prerequisites
@@ -413,6 +446,10 @@ docker compose down -v
 ```
 services/
 ├── README.md                    # This file
+├── openclaw/
+│   ├── docker-compose.yml       # OpenClaw main configuration
+│   ├── docker-compose.override.yml  # Security hardening overlay
+│   └── .env.example             # Environment variable template
 ├── bytestash/
 │   ├── docker-compose.yaml
 │   └── .gitkeep