[ci skip] openclaw: fix Telegram, update to v2026.2.26, fix startup issues

- Update OpenClaw from v2026.2.9 to v2026.2.26 (fixes Telegram channel)
- Add gateway.mode=local + wizard block (required for channel startup)
- Add dangerouslyAllowHostHeaderOriginFallback (v2026.2.26 requirement)
- Run doctor --fix at container startup to auto-enable Telegram
- Create required dirs (canvas, devices, cron, sessions, credentials)
- Fix permissions: chown -R 1000:1000 for node user
- Telegram: DM allowlist, user 8281953845 only
This commit is contained in:
Viktor Barzin 2026-03-01 15:47:54 +00:00
parent da943c71ac
commit 207164050c

View file

@ -77,10 +77,12 @@ resource "kubernetes_config_map" "openclaw_config" {
data = { data = {
"openclaw.json" = jsonencode({ "openclaw.json" = jsonencode({
gateway = { gateway = {
mode = "local"
bind = "lan" bind = "lan"
trustedProxies = ["10.0.0.0/8"] trustedProxies = ["10.0.0.0/8"]
controlUi = { controlUi = {
dangerouslyDisableDeviceAuth = true dangerouslyDisableDeviceAuth = true
dangerouslyAllowHostHeaderOriginFallback = true
} }
} }
agents = { agents = {
@ -134,7 +136,8 @@ resource "kubernetes_config_map" "openclaw_config" {
botToken = var.openclaw_telegram_bot_token botToken = var.openclaw_telegram_bot_token
dmPolicy = "allowlist" dmPolicy = "allowlist"
allowFrom = ["tg:8281953845"] allowFrom = ["tg:8281953845"]
historyLimit = 50 groupPolicy = "allowlist"
streamMode = "partial"
} }
} }
models = { models = {
@ -173,6 +176,12 @@ resource "kubernetes_config_map" "openclaw_config" {
} }
} }
} }
wizard = {
lastRunAt = "2026-03-01T15:11:54.176Z"
lastRunVersion = "2026.2.9"
lastRunCommand = "configure"
lastRunMode = "local"
}
}) })
} }
} }
@ -294,6 +303,11 @@ resource "kubernetes_deployment" "openclaw" {
# Symlink Claude skills into OpenClaw skills directory # Symlink Claude skills into OpenClaw skills directory
ln -sfn /workspace/infra/.claude/skills /openclaw-home/skills ln -sfn /workspace/infra/.claude/skills /openclaw-home/skills
# Create required directories (owned by node user, UID 1000)
mkdir -p /openclaw-home/agents/main/sessions /openclaw-home/credentials /openclaw-home/canvas /openclaw-home/devices /openclaw-home/cron
chown -R 1000:1000 /openclaw-home
chmod 700 /openclaw-home
# Generate kubeconfig from in-cluster ServiceAccount credentials # Generate kubeconfig from in-cluster ServiceAccount credentials
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
SA_CA=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt SA_CA=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
@ -354,8 +368,8 @@ resource "kubernetes_deployment" "openclaw" {
# Main container: OpenClaw # Main container: OpenClaw
container { container {
name = "openclaw" name = "openclaw"
image = "ghcr.io/openclaw/openclaw:2026.2.9" image = "ghcr.io/openclaw/openclaw:2026.2.26"
command = ["node", "openclaw.mjs", "gateway", "--allow-unconfigured", "--bind", "lan"] command = ["sh", "-c", "node openclaw.mjs doctor --fix 2>/dev/null; exec node openclaw.mjs gateway --allow-unconfigured --bind lan"]
port { port {
container_port = 18789 container_port = 18789
} }