-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.env.example
More file actions
65 lines (54 loc) · 4.4 KB
/
.env.example
File metadata and controls
65 lines (54 loc) · 4.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# .env — Secrets & VPS access
# Never leaves local. Values referenced in stack.yml via ${VAR} syntax.
# Copy to .env and fill in your values: cp .env.example .env
# ── VPS Access (used directly by scripts for SSH) ──────────────
VPS_IP=
HOSTNAME=
SSH_USER=ubuntu # Initial SSH user — changed to adminclaw during hardening
SSH_PORT=22 # Current SSH port — updated to SSH_HARDENED_PORT after hardening
SSH_HARDENED_PORT=222 # Target SSH port for hardening (removed from .env after hardening completes)
SSH_KEY=~/.ssh/vps1_openclaw_ed25519
# ── STACK CONFIG ENV ─────────────────────────────────────────────────
# The rest of the below vars are referenced in stack.yml.example
# You can add or remove any of these to match your stack.yml
# Secrets or any config values can be added directly to stack.yml if you prefer
#
# ── AUTO-GENERATED VARS ──────────────────────────────────────
# These are auto-generated by `npm run pre-deploy` and appended to .env:
# ADMINCLAW_PASSWORD, OPENCLAW_PASSWORD, AI_WORKER_ADMIN_AUTH_TOKEN,
# <CLAW_NAME>_GATEWAY_TOKEN, EGRESS_PROXY_AUTH_TOKEN, SANDBOX_REGISTRY_TOKEN
# Set them above the auto-generated section to override.
# ── Cloudflare ─────────────────────────────────────────────────
CLOUDFLARE_API_TOKEN= # Optional: auto-route setup (create at dash.cloudflare.com/profile/api-tokens)
CLOUDFLARE_TUNNEL_TOKEN= # Create tunnel in CF Dashboard, paste token here
# ── AI Gateway ─────────────────────────────────────────────────
AI_GATEWAY_URL= # e.g. https://ai-gateway-proxy.example.workers.dev
AI_GATEWAY_TOKEN=
# ── Logging ────────────────────────────────────────────────────
LOG_WORKER_URL= # e.g. https://log-receiver.example.workers.dev
LOG_WORKER_TOKEN=
# ── Monitoring ─────────────────────────────────────────────────
HOSTALERT_TELEGRAM_BOT_TOKEN=
HOSTALERT_TELEGRAM_CHAT_ID=
# ── Identity ───────────────────────────────────────────────────
ADMIN_TELEGRAM_ID= # Send message to @userinfobot to get your numeric user ID
ROOT_DOMAIN=example.com # Used in stack.yml.example for configuring each claw's subdomain
# ── Per-Claw Telegram Bots ─────────────────────────────────────
# Convention: <CLAW_NAME>_TELEGRAM_BOT_TOKEN (create via @BotFather)
# Each claw MUST use a unique bot token to avoid polling conflicts.
PERSONAL_CLAW_TELEGRAM_BOT_TOKEN=
WORK_CLAW_TELEGRAM_BOT_TOKEN=
# ── Local Browser Node (docker/local-browser-node) ──────────────
# Claw name in stack.yml for the local browser node to connect to
# Also requires Cloudflare Access Token.
LOCAL_BROWSER_NODE_CLAW=personal-claw
# ── Cloudflare Access Token ─────────────────────────────────────
# Required if using Egress Proxy (Codex subscription) or local browser node
# Securely connects to VPS services through Cloudflare Access & Tunnel
CF_ACCESS_CLIENT_ID= # Service token: CF Dashboard → Zero Trust → Access → Service Tokens
CF_ACCESS_CLIENT_SECRET= # Only shown once when creating the token
# ── VPS Skills ───────────────────────────────────────────────────
# adminclaw & openclaw users are currently hardcoded into the playbooks
# Do not change these without also changing the playbooks and scripts
VPS_SUDO_USER=adminclaw # User created during hardening, granted passwordless sudo
VPS_APP_USER=openclaw # User created during VPS setup, no sudo