Skip to content

Instantly share code, notes, and snippets.

@IoTeacher

IoTeacher/vps-setup.sh

Forked from Virtual-Robert/vps-setup.sh
Created March 18, 2026 19:35
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save IoTeacher/23bfbf44ab32a2b75de946d3d9df70a4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save IoTeacher/23bfbf44ab32a2b75de946d3d9df70a4 to your computer and use it in GitHub Desktop.
Download ZIP
OpenClaw VPS Quick Setup (with Docker + Agent Pipeline)
Raw
vps-setup.sh
#!/bin/bash
set -e
# OpenClaw VPS Quick Setup
# Download and run: curl -O <url> && chmod +x setup.sh && ./setup.sh
BLUE='\033[0;34m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
NC='\033[0m'
log() { echo -e "${BLUE}[openclaw]${NC} $1"; }
success() { echo -e "${GREEN}[✓]${NC} $1"; }
warn() { echo -e "${YELLOW}[!]${NC} $1"; }
error() { echo -e "${RED}[✗]${NC} $1"; exit 1; }
if [ "$EUID" -ne 0 ]; then
error "Please run as root"
fi
echo ""
echo "🦞 OpenClaw VPS Quick Setup"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
# === Create openclaw user ===
log "Creating openclaw user..."
if id "openclaw" &>/dev/null; then
warn "User 'openclaw' already exists, skipping"
else
adduser openclaw --disabled-password --gecos ""
success "Created user 'openclaw'"
fi
# === Copy SSH keys ===
log "Copying SSH keys to openclaw user..."
mkdir -p /home/openclaw/.ssh
if [ -f /root/.ssh/authorized_keys ]; then
cp /root/.ssh/authorized_keys /home/openclaw/.ssh/
chown -R openclaw:openclaw /home/openclaw/.ssh
chmod 700 /home/openclaw/.ssh
chmod 600 /home/openclaw/.ssh/authorized_keys
success "SSH keys copied"
else
warn "No SSH keys found in /root/.ssh/authorized_keys"
fi
# === Give sudo access (passwordless) ===
log "Granting sudo access..."
usermod -aG sudo openclaw
echo "openclaw ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/openclaw
chmod 440 /etc/sudoers.d/openclaw
success "Sudo access granted"
# === Security hardening ===
log "Updating system..."
apt update -qq && apt upgrade -y -qq
success "System updated"
log "Installing fail2ban..."
apt install -y -qq fail2ban
systemctl enable fail2ban
systemctl start fail2ban
success "fail2ban installed"
log "Configuring firewall..."
ufw default deny incoming > /dev/null
ufw default allow outgoing > /dev/null
ufw allow ssh > /dev/null
echo "y" | ufw enable > /dev/null
success "Firewall enabled"
log "Hardening SSH..."
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart ssh
success "SSH hardened"
# === Install Docker ===
log "Installing Docker..."
if command -v docker &>/dev/null; then
warn "Docker already installed"
else
curl -fsSL https://get.docker.com | sh -s -- --quiet
success "Docker installed"
fi
usermod -aG docker openclaw
success "openclaw added to docker group"
# === Install GitHub CLI ===
log "Installing GitHub CLI..."
if command -v gh &>/dev/null; then
warn "GitHub CLI already installed"
else
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg 2>/dev/null
chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null
apt update -qq && apt install -y -qq gh
success "GitHub CLI installed"
fi
# === Collect API keys ===
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🔑 API Keys Required"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
read -p "Telegram bot token (from @BotFather): " TELEGRAM_TOKEN
read -p "Gemini API key (https://aistudio.google.com/apikey): " GEMINI_KEY
if [ -z "$TELEGRAM_TOKEN" ] || [ -z "$GEMINI_KEY" ]; then
error "Both tokens are required!"
fi
# === Install OpenClaw ===
log "Installing OpenClaw..."
if ! command -v node &>/dev/null; then
curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt install -y -qq nodejs
fi
success "Node.js ready"
npm install -g openclaw --silent
success "OpenClaw installed"
# === Configure OpenClaw ===
log "Configuring OpenClaw..."
su - openclaw << USERSETUP
mkdir -p ~/.openclaw/agents/main/sessions
mkdir -p ~/.openclaw/agents/main/agent
mkdir -p ~/.openclaw/workspace
openclaw config set gateway.mode local 2>/dev/null || true
openclaw config set agents.defaults.model.primary google/gemini-2.5-pro 2>/dev/null || true
USERSETUP
success "OpenClaw configured"
# === Create .env file ===
log "Creating .env file..."
mkdir -p /home/openclaw/.openclaw
cat > /home/openclaw/.openclaw/.env << ENVFILE
TELEGRAM_BOT_TOKEN=${TELEGRAM_TOKEN}
GEMINI_API_KEY=${GEMINI_KEY}
ENVFILE
chown -R openclaw:openclaw /home/openclaw/.openclaw
chmod 600 /home/openclaw/.openclaw/.env
success ".env file created"
# === Create auth-profiles.json (REQUIRED for Gemini) ===
log "Creating auth profile..."
cat > /home/openclaw/.openclaw/agents/main/agent/auth-profiles.json << AUTHFILE
{"google":{"apiKey":"${GEMINI_KEY}"}}
AUTHFILE
chown -R openclaw:openclaw /home/openclaw/.openclaw
success "Auth profile created"
# === Install Agent Pipeline ===
echo ""
read -p "Install agent pipeline for Docker-sandboxed coding agents? (y/n): " INSTALL_PIPELINE
if [[ "$INSTALL_PIPELINE" =~ ^[Yy]$ ]]; then
log "Downloading agent pipeline..."
GIST_BASE="https://gist.githubusercontent.com/Virtual-Robert/f074593cd08c2b6960219ae366a071ce/raw"
su - openclaw << 'PIPELINESETUP'
mkdir -p ~/agent-pipeline/scripts ~/agent-pipeline/defaults
cd ~/agent-pipeline
curl -fsSL "https://gist.githubusercontent.com/Virtual-Robert/f074593cd08c2b6960219ae366a071ce/raw/Dockerfile" -o Dockerfile
curl -fsSL "https://gist.githubusercontent.com/Virtual-Robert/f074593cd08c2b6960219ae366a071ce/raw/blueprint.sh" -o scripts/blueprint.sh
curl -fsSL "https://gist.githubusercontent.com/Virtual-Robert/f074593cd08c2b6960219ae366a071ce/raw/pipeline.sh" -o scripts/pipeline.sh
curl -fsSL "https://gist.githubusercontent.com/Virtual-Robert/f074593cd08c2b6960219ae366a071ce/raw/feedback.sh" -o scripts/feedback.sh
curl -fsSL "https://gist.githubusercontent.com/Virtual-Robert/f074593cd08c2b6960219ae366a071ce/raw/eslint.config.mjs" -o defaults/eslint.config.mjs
curl -fsSL "https://gist.githubusercontent.com/Virtual-Robert/f074593cd08c2b6960219ae366a071ce/raw/.prettierrc.json" -o defaults/.prettierrc.json
chmod +x scripts/*.sh
PIPELINESETUP
success "Agent pipeline downloaded"
log "Building Docker image (this may take a few minutes)..."
su - openclaw -c "cd ~/agent-pipeline && docker build -t agent-base:latest ." && success "Docker image built" || warn "Docker build failed — run manually later"
echo ""
echo "Agent pipeline installed! To use it, add these to ~/.openclaw/.env:"
echo " GH_TOKEN=<your-github-token>"
echo " OPENAI_API_KEY=<your-openai-key> # for Codex"
echo " ANTHROPIC_API_KEY=<your-anthropic-key> # for Claude"
fi
# === Create startup script ===
log "Creating startup script..."
cat > /home/openclaw/start-openclaw.sh << 'STARTER'
#!/bin/bash
source ~/.openclaw/.env
export GEMINI_API_KEY
export TELEGRAM_BOT_TOKEN
exec openclaw gateway
STARTER
chmod +x /home/openclaw/start-openclaw.sh
chown openclaw:openclaw /home/openclaw/start-openclaw.sh
success "Startup script created"
# === Done ===
IP=$(hostname -I | awk '{print $1}')
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
success "🦞 OpenClaw setup complete!"
echo ""
echo "Next steps:"
echo ""
echo " 1. Switch to openclaw user:"
echo " su - openclaw"
echo ""
echo " 2. Start OpenClaw:"
echo " ./start-openclaw.sh"
echo ""
echo " 3. Message your bot on Telegram"
echo " Copy the pairing code, then run:"
echo " openclaw pairing approve telegram <CODE>"
echo ""
echo " 4. Message again — it responds! 🎉"
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment