Remove macOS support, make Tailscale optional, and fix installation issues#1
Open
justin-russell wants to merge 17 commits intomainfrom
Open
Remove macOS support, make Tailscale optional, and fix installation issues#1justin-russell wants to merge 17 commits intomainfrom
justin-russell wants to merge 17 commits intomainfrom
Conversation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Resolves conflicts between OpenClaw rename and security hardening: - Applied scoped sudo permissions with openclaw naming - Added dynamic UID to service template - Merged security features (fail2ban, unattended-upgrades) - Added ansible.posix collection and fixed authorized_key FQCN - Updated comments to reference OpenClaw instead of Clawdbot Co-Authored-By: olsonale <olsonale@users.noreply.github.com> Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove bare-metal macOS support due to system-level permission risks. Linux-only deployment provides better security isolation. Changes: - Remove macOS-specific task files (firewall, docker, tailscale, system-tools) - Remove Homebrew and zsh dependencies (Linux-only now) - Add macOS detection with explicit failure message - Update README with deprecation notice and rationale - Simplify install.sh to Debian/Ubuntu only - Remove multi-OS orchestrator files Security rationale: System-level modifications on primary host OS introduce significant risks. Future support may use virtualization. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Major changes: - Make Tailscale optional (tailscale_enabled: false by default) - Add ci_test mode to skip Docker/firewall/systemd tasks in CI - Add Docker-based CI test harness (convergence, verification, idempotency) - Convert show-lobster.sh to template for conditional Tailscale display - Update firewall to conditionally open Tailscale port CI Test Harness: - tests/Dockerfile.ubuntu2404 - Ubuntu container with Ansible - tests/entrypoint.sh - Test execution (convergence → verify → idempotency) - tests/verify.yml - Post-install assertions - tests/run-tests.sh - Local test runner - Validates ~75% of playbook (skips Docker-in-Docker, firewall, systemd) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Bug fixes: - Create .bash_profile to source .bashrc for login shells (fixes environment not loading for sudo su - openclaw) - Simplify install.sh to only install dependencies (no longer downloads/runs playbook automatically) - Update install.sh messaging and instructions Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This reverts commit 3f5d9aa.
Fixes environment not loading when using 'sudo su - openclaw'. Login shells need .bash_profile to source .bashrc. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Complete functional parity with PR openclaw#16 while preserving openclaw naming. Initial fixes (7): - Add home directory ownership fix to prevent permission errors - Move .bashrc configuration from system-tools to user.yml - Add ci_test conditionals to all systemd-related tasks - Fix binary path resolution (use PATH instead of hardcoded paths) - Remove all Homebrew path references - Update pnpm installation to use idempotent check-first approach - Change apt upgrade to use ci_test conditional Additional fixes from comprehensive double-check (7): - Use ansible.builtin.authorized_key instead of ansible.posix - Remove ansible.posix collection dependency from requirements.yml - Remove "Connect Tailscale VPN" from completion message (now optional) - Add comprehensive security entries to .gitignore - Add network interface validation in firewall configuration - Improve pnpm config idempotency with proper change detection - Add install_mode validation with clear error messages Files modified: 12 - .gitignore: Added security-related ignore patterns - playbook.yml: Fixed apt upgrade conditional - requirements.yml: Removed ansible.posix dependency - run-playbook.sh: Removed optional Tailscale from completion - roles/openclaw/tasks/user.yml: Multiple critical fixes - roles/openclaw/tasks/system-tools-linux.yml: Removed .bashrc config - roles/openclaw/tasks/firewall-linux.yml: Added validation - roles/openclaw/tasks/nodejs.yml: Improved pnpm check - roles/openclaw/tasks/openclaw.yml: Added validation and idempotency - roles/openclaw/tasks/openclaw-release.yml: Fixed paths - roles/openclaw/tasks/openclaw-development.yml: Fixed paths - roles/openclaw/templates/openclaw-host.service.j2: Fixed PATH and ExecStart All functional changes from PR openclaw#16 are now incorporated with correct openclaw naming throughout. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
justin-russell
force-pushed
the
remove-macos-support
branch
from
21a2f28 to
1f552e4
Compare
…refs - Add ansible.posix collection to requirements.yml (>=1.5.0) - Change ansible.builtin.authorized_key to ansible.posix.authorized_key - Update documentation references from clawdbot to openclaw - Fix Jinja2 template lstrip_blocks to use boolean instead of string Addresses PR openclaw#16 maintainer feedback for clawdbot → openclaw rename. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Update LICENSE copyright from Clawdbot to OpenClaw Contributors - Change CLAWDBOT_DEV_DIR to OPENCLAW_DEV_DIR in docs and upgrade notes - Update security.md overview text - Update UPGRADE_NOTES.md section heading Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR removes macOS support from the playbook (Linux-only), makes Tailscale installation optional (disabled by default), and fixes multiple installation and user environment issues discovered during testing.
Major Changes
🔧 Platform Support
🌐 Tailscale Made Optional
tailscale_enabledvariable (default:false)🐛 Installation Fixes
Multiple critical fixes for user environment and installation flow:
🧪 Testing Infrastructure
Security Improvements
Documentation Updates
Commit Log
Testing
✅ Tested on Ubuntu 22.04 VPS
✅ Verified with Tailscale disabled (default)
✅ Verified with Tailscale enabled
✅ All installation issues resolved
✅ User environment loads correctly on login
Breaking Changes
tailscale_enabled: trueto install Tailscale🤖 Generated with Claude Code