Automated, hardened installation of Clawdbot with Docker, Homebrew, and Tailscale VPN support for Linux and macOS.
- 🔒 Firewall-first: UFW (Linux) + Application Firewall (macOS) + Docker isolation
- 🔐 Tailscale VPN: Secure remote access without exposing services
- 🍺 Homebrew: Package manager for both Linux and macOS
- 🐳 Docker: Docker CE (Linux) / Docker Desktop (macOS)
- 🛡️ Multi-OS Support: Debian, Ubuntu, and macOS
- 🚀 One-command install: Complete setup in minutes
- 🔧 Auto-configuration: DBus, systemd, environment setup
- 📦 pnpm installation: Uses
pnpm install -g clawdbot@latest
Install the latest stable version from npm:
curl -fsSL https://raw.githubusercontent.com/pasogott/clawdbot-ansible/main/install.sh | bashInstall from source for development or testing:
# Clone the installer
git clone https://github.com/pasogott/clawdbot-ansible.git
cd clawdbot-ansible
# Install in development mode
ansible-playbook playbook.yml --ask-become-pass -e clawdbot_install_mode=development- Tailscale (mesh VPN)
- UFW firewall (SSH + Tailscale ports only)
- Docker CE + Compose V2 (for sandboxes)
- Node.js 22.x + pnpm
- Clawdbot on host (not containerized)
- Systemd service (auto-start)
After installation completes, switch to the clawdbot user:
sudo su - clawdbotThen run the quick-start onboarding wizard:
clawdbot onboard --install-daemonThis will:
- Guide you through the setup wizard
- Configure your messaging provider (WhatsApp/Telegram/Signal)
- Install and start the daemon service
# Configure manually
clawdbot configure
# Login to provider
clawdbot providers login
# Test gateway
clawdbot gateway
# Install as daemon
clawdbot daemon install
clawdbot daemon start
# Check status
clawdbot status
clawdbot logs- Installs via
pnpm install -g clawdbot@latest - Gets latest stable version from npm registry
- Automatic updates via
pnpm install -g clawdbot@latest - Recommended for production
- Clones from
https://github.com/clawdbot/clawdbot.git - Builds from source with
pnpm build - Symlinks binary to
~/.local/bin/clawdbot - Adds helpful aliases:
clawdbot-rebuild- Rebuild after code changesclawdbot-dev- Navigate to repo directoryclawdbot-pull- Pull, install deps, and rebuild
- Recommended for development and testing
Enable with: -e clawdbot_install_mode=development
- Public ports: SSH (22), Tailscale (41641/udp) only
- Docker available: For Clawdbot sandboxes (isolated execution)
- Docker isolation: Containers can't expose ports externally (DOCKER-USER chain)
- Non-root: Clawdbot runs as unprivileged user
- Systemd hardening: NoNewPrivileges, PrivateTmp
Verify: nmap -p- YOUR_SERVER_IP should show only port 22 open.
- Configuration Guide - All configuration options
- Development Mode - Build from source
- Security Architecture - Security details
- Technical Details - Architecture overview
- Troubleshooting - Common issues
- Agent Guidelines - AI agent instructions
- Debian 11+ or Ubuntu 20.04+
- Root/sudo access
- Internet connection
- macOS 11 (Big Sur) or later
- Homebrew will be installed automatically
- Admin/sudo access
- Internet connection
- Homebrew package manager
- Node.js 22.x + pnpm
- Clawdbot via
pnpm install -g clawdbot@latest - Essential development tools
- Git, zsh, oh-my-zsh
- Docker CE + Compose V2
- UFW firewall (configured)
- Tailscale VPN
- systemd service
- Docker Desktop (via Homebrew Cask)
- Application Firewall
- Tailscale app
# Install dependencies
sudo apt update && sudo apt install -y ansible git
# Clone repository
git clone https://github.com/pasogott/clawdbot-ansible.git
cd clawdbot-ansible
# Install Ansible collections
ansible-galaxy collection install -r requirements.yml
# Run installation
./run-playbook.shBuild from source for development:
# Same as above, but with development mode flag
./run-playbook.sh -e clawdbot_install_mode=development
# Or directly:
ansible-playbook playbook.yml --ask-become-pass -e clawdbot_install_mode=developmentThis will:
- Clone clawdbot repo to
~/code/clawdbot - Run
pnpm installandpnpm build - Symlink binary to
~/.local/bin/clawdbot - Add development aliases to
.bashrc
All configuration variables can be found in roles/clawdbot/defaults/main.yml.
You can override them in three ways:
ansible-playbook playbook.yml --ask-become-pass \
-e clawdbot_install_mode=development \
-e "clawdbot_ssh_keys=['ssh-ed25519 AAAAC3... user@host']"# Create vars.yml
cat > vars.yml << EOF
clawdbot_install_mode: development
clawdbot_ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxxxxxxxx user@host"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB... user@host"
clawdbot_repo_url: "https://github.com/YOUR_USERNAME/clawdbot.git"
clawdbot_repo_branch: "feature-branch"
tailscale_authkey: "tskey-auth-xxxxxxxxxxxxx"
EOF
# Use it
ansible-playbook playbook.yml --ask-become-pass -e @vars.ymlEdit roles/clawdbot/defaults/main.yml before running the playbook.
| Variable | Default | Description |
|---|---|---|
clawdbot_user |
clawdbot |
System user name |
clawdbot_home |
/home/clawdbot |
User home directory |
clawdbot_install_mode |
release |
release or development |
clawdbot_ssh_keys |
[] |
List of SSH public keys |
clawdbot_repo_url |
https://github.com/clawdbot/clawdbot.git |
Git repository (dev mode) |
clawdbot_repo_branch |
main |
Git branch (dev mode) |
tailscale_authkey |
"" |
Tailscale auth key for auto-connect |
nodejs_version |
22.x |
Node.js version to install |
See roles/clawdbot/defaults/main.yml for the complete list.
ansible-playbook playbook.yml --ask-become-pass \
-e "clawdbot_ssh_keys=['ssh-ed25519 AAAAC3... user@host']"ansible-playbook playbook.yml --ask-become-pass \
-e clawdbot_install_mode=development \
-e clawdbot_repo_url=https://github.com/YOUR_USERNAME/clawdbot.git \
-e clawdbot_repo_branch=feature-branchansible-playbook playbook.yml --ask-become-pass \
-e tailscale_authkey=tskey-auth-xxxxxxxxxxxxxMIT - see LICENSE
- Clawdbot: https://github.com/clawdbot/clawdbot
- This installer: https://github.com/pasogott/clawdbot-ansible/issues