Commit ·
324aa0a
1
Parent(s): de215dc
Enforce Telegram relay and DNS resolvers
Browse files
start.sh
CHANGED
|
@@ -9,8 +9,26 @@ export OPENCLAW_HOST="0.0.0.0"
|
|
| 9 |
export OPENCLAW_PORT
|
| 10 |
export SYNC_INTERVAL="${SYNC_INTERVAL:-300}"
|
| 11 |
export PLAYWRIGHT_BROWSERS_PATH="${PLAYWRIGHT_BROWSERS_PATH:-/ms-playwright}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
|
| 13 |
mkdir -p /root/workspace
|
|
|
|
| 14 |
|
| 15 |
/app/sync-root-data.sh restore
|
| 16 |
mkdir -p /root/.openclaw
|
|
@@ -80,7 +98,7 @@ generate_openclaw_config() {
|
|
| 80 |
"botToken": "${TELEGRAM_BOT_TOKEN:-}",
|
| 81 |
"dmPolicy": "allowlist",
|
| 82 |
"allowFrom": [${allow_id}],
|
| 83 |
-
"apiRoot": "
|
| 84 |
"webhookUrl": "https://elysiadev11-openclaw.hf.space/tg-webhook",
|
| 85 |
"webhookSecret": "${OPENCLAW_GATEWAY_PASSWORD:-}",
|
| 86 |
"webhookPath": "/tg-webhook",
|
|
@@ -120,6 +138,33 @@ else
|
|
| 120 |
echo "Existing /root/.openclaw/openclaw.json found; keeping it."
|
| 121 |
fi
|
| 122 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 123 |
/app/sync-root-data.sh loop &
|
| 124 |
|
| 125 |
run_openclaw() {
|
|
|
|
| 9 |
export OPENCLAW_PORT
|
| 10 |
export SYNC_INTERVAL="${SYNC_INTERVAL:-300}"
|
| 11 |
export PLAYWRIGHT_BROWSERS_PATH="${PLAYWRIGHT_BROWSERS_PATH:-/ms-playwright}"
|
| 12 |
+
export TELEGRAM_API_ROOT="${TELEGRAM_API_ROOT:-https://tg-relay.markdevil11.workers.dev}"
|
| 13 |
+
export OPENCLAW_TELEGRAM_API_ROOT="${OPENCLAW_TELEGRAM_API_ROOT:-${TELEGRAM_API_ROOT}}"
|
| 14 |
+
|
| 15 |
+
configure_dns() {
|
| 16 |
+
if [ -w /etc/resolv.conf ]; then
|
| 17 |
+
cat > /etc/resolv.conf <<'EOF'
|
| 18 |
+
nameserver 1.1.1.1
|
| 19 |
+
nameserver 1.0.0.1
|
| 20 |
+
nameserver 8.8.8.8
|
| 21 |
+
nameserver 8.8.4.4
|
| 22 |
+
options timeout:2 attempts:3 rotate
|
| 23 |
+
EOF
|
| 24 |
+
echo "DNS configured with Cloudflare and Google resolvers."
|
| 25 |
+
else
|
| 26 |
+
echo "WARN: /etc/resolv.conf is not writable; keeping existing DNS."
|
| 27 |
+
fi
|
| 28 |
+
}
|
| 29 |
|
| 30 |
mkdir -p /root/workspace
|
| 31 |
+
configure_dns
|
| 32 |
|
| 33 |
/app/sync-root-data.sh restore
|
| 34 |
mkdir -p /root/.openclaw
|
|
|
|
| 98 |
"botToken": "${TELEGRAM_BOT_TOKEN:-}",
|
| 99 |
"dmPolicy": "allowlist",
|
| 100 |
"allowFrom": [${allow_id}],
|
| 101 |
+
"apiRoot": "${TELEGRAM_API_ROOT}",
|
| 102 |
"webhookUrl": "https://elysiadev11-openclaw.hf.space/tg-webhook",
|
| 103 |
"webhookSecret": "${OPENCLAW_GATEWAY_PASSWORD:-}",
|
| 104 |
"webhookPath": "/tg-webhook",
|
|
|
|
| 138 |
echo "Existing /root/.openclaw/openclaw.json found; keeping it."
|
| 139 |
fi
|
| 140 |
|
| 141 |
+
python3 - <<'PY'
|
| 142 |
+
import json
|
| 143 |
+
import os
|
| 144 |
+
from pathlib import Path
|
| 145 |
+
|
| 146 |
+
path = Path('/root/.openclaw/openclaw.json')
|
| 147 |
+
api_root = os.environ.get('TELEGRAM_API_ROOT', 'https://tg-relay.markdevil11.workers.dev')
|
| 148 |
+
if not path.exists():
|
| 149 |
+
raise SystemExit(0)
|
| 150 |
+
|
| 151 |
+
try:
|
| 152 |
+
data = json.loads(path.read_text())
|
| 153 |
+
except Exception as exc:
|
| 154 |
+
print(f'WARN: cannot update Telegram apiRoot in openclaw.json: {exc}')
|
| 155 |
+
raise SystemExit(0)
|
| 156 |
+
|
| 157 |
+
channels = data.setdefault('channels', {})
|
| 158 |
+
telegram = channels.setdefault('telegram', {})
|
| 159 |
+
old = telegram.get('apiRoot')
|
| 160 |
+
if old != api_root:
|
| 161 |
+
telegram['apiRoot'] = api_root
|
| 162 |
+
path.write_text(json.dumps(data, indent=2) + '\n')
|
| 163 |
+
print(f'Updated Telegram apiRoot: {old!r} -> {api_root!r}')
|
| 164 |
+
else:
|
| 165 |
+
print(f'Telegram apiRoot already set to {api_root}')
|
| 166 |
+
PY
|
| 167 |
+
|
| 168 |
/app/sync-root-data.sh loop &
|
| 169 |
|
| 170 |
run_openclaw() {
|